| Index: net/tools/testserver/testserver.py
|
| diff --git a/net/tools/testserver/testserver.py b/net/tools/testserver/testserver.py
|
| index 14c5abcca049166d8a64a04c2f01271ce9cb6722..bf1bb99377b64899105cd340552baadb9de30ae9 100755
|
| --- a/net/tools/testserver/testserver.py
|
| +++ b/net/tools/testserver/testserver.py
|
| @@ -161,12 +161,11 @@ class HTTPSServer(tlslite.api.TLSSocketServerMixIn,
|
|
|
| def __init__(self, server_address, request_hander_class, pem_cert_and_key,
|
| ssl_client_auth, ssl_client_cas, ssl_client_cert_types,
|
| - ssl_bulk_ciphers, ssl_key_exchanges, npn_protocols,
|
| - record_resume_info, tls_intolerant,
|
| + ssl_bulk_ciphers, ssl_key_exchanges, alpn_protocols,
|
| + npn_protocols, record_resume_info, tls_intolerant,
|
| tls_intolerance_type, signed_cert_timestamps,
|
| - fallback_scsv_enabled, ocsp_response,
|
| - alert_after_handshake, disable_channel_id, disable_ems,
|
| - token_binding_params):
|
| + fallback_scsv_enabled, ocsp_response, alert_after_handshake,
|
| + disable_channel_id, disable_ems, token_binding_params):
|
| self.cert_chain = tlslite.api.X509CertChain()
|
| self.cert_chain.parsePemList(pem_cert_and_key)
|
| # Force using only python implementation - otherwise behavior is different
|
| @@ -179,7 +178,6 @@ class HTTPSServer(tlslite.api.TLSSocketServerMixIn,
|
| self.ssl_client_auth = ssl_client_auth
|
| self.ssl_client_cas = []
|
| self.ssl_client_cert_types = []
|
| - self.npn_protocols = npn_protocols
|
| self.signed_cert_timestamps = signed_cert_timestamps
|
| self.fallback_scsv_enabled = fallback_scsv_enabled
|
| self.ocsp_response = ocsp_response
|
| @@ -215,6 +213,8 @@ class HTTPSServer(tlslite.api.TLSSocketServerMixIn,
|
| self.ssl_handshake_settings.enableExtendedMasterSecret = False
|
| self.ssl_handshake_settings.supportedTokenBindingParams = \
|
| token_binding_params
|
| + self.ssl_handshake_settings.alpnProtos=alpn_protocols;
|
| + self.ssl_handshake_settings.nextProtos=npn_protocols;
|
|
|
| if record_resume_info:
|
| # If record_resume_info is true then we'll replace the session cache with
|
| @@ -238,7 +238,6 @@ class HTTPSServer(tlslite.api.TLSSocketServerMixIn,
|
| settings=self.ssl_handshake_settings,
|
| reqCAs=self.ssl_client_cas,
|
| reqCertTypes=self.ssl_client_cert_types,
|
| - nextProtos=self.npn_protocols,
|
| signedCertTimestamps=
|
| self.signed_cert_timestamps,
|
| fallbackSCSV=self.fallback_scsv_enabled,
|
| @@ -1992,6 +1991,7 @@ class ServerRunner(testserver_base.TestServerRunner):
|
| self.options.ssl_client_cert_type,
|
| self.options.ssl_bulk_cipher,
|
| self.options.ssl_key_exchange,
|
| + self.options.alpn_protocols,
|
| self.options.npn_protocols,
|
| self.options.record_resume,
|
| self.options.tls_intolerant,
|
| @@ -2226,9 +2226,13 @@ class ServerRunner(testserver_base.TestServerRunner):
|
| 'will be used. This option may appear '
|
| 'multiple times, indicating multiple '
|
| 'algorithms should be enabled.');
|
| - # TODO(davidben): Add ALPN support to tlslite.
|
| + self.option_parser.add_option('--alpn-protocols', action='append',
|
| + help='Specify the list of ALPN protocols. '
|
| + 'The server will not send an ALPN response '
|
| + 'if this list does not overlap with the '
|
| + 'list of protocols the client advertises.')
|
| self.option_parser.add_option('--npn-protocols', action='append',
|
| - help='Specify the list of protocols sent in'
|
| + help='Specify the list of protocols sent in '
|
| 'an NPN response. The server will not'
|
| 'support NPN if the list is empty.')
|
| self.option_parser.add_option('--file-root-url', default='/files/',
|
|
|
Chromium Code Reviews
Issue 2205433002:
Implement ALPN in tlslite. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master