Index: net/tools/testserver/testserver.py |
diff --git a/net/tools/testserver/testserver.py b/net/tools/testserver/testserver.py |
index 14c5abcca049166d8a64a04c2f01271ce9cb6722..bf1bb99377b64899105cd340552baadb9de30ae9 100755 |
--- a/net/tools/testserver/testserver.py |
+++ b/net/tools/testserver/testserver.py |
@@ -161,12 +161,11 @@ class HTTPSServer(tlslite.api.TLSSocketServerMixIn, |
def __init__(self, server_address, request_hander_class, pem_cert_and_key, |
ssl_client_auth, ssl_client_cas, ssl_client_cert_types, |
- ssl_bulk_ciphers, ssl_key_exchanges, npn_protocols, |
- record_resume_info, tls_intolerant, |
+ ssl_bulk_ciphers, ssl_key_exchanges, alpn_protocols, |
+ npn_protocols, record_resume_info, tls_intolerant, |
tls_intolerance_type, signed_cert_timestamps, |
- fallback_scsv_enabled, ocsp_response, |
- alert_after_handshake, disable_channel_id, disable_ems, |
- token_binding_params): |
+ fallback_scsv_enabled, ocsp_response, alert_after_handshake, |
+ disable_channel_id, disable_ems, token_binding_params): |
self.cert_chain = tlslite.api.X509CertChain() |
self.cert_chain.parsePemList(pem_cert_and_key) |
# Force using only python implementation - otherwise behavior is different |
@@ -179,7 +178,6 @@ class HTTPSServer(tlslite.api.TLSSocketServerMixIn, |
self.ssl_client_auth = ssl_client_auth |
self.ssl_client_cas = [] |
self.ssl_client_cert_types = [] |
- self.npn_protocols = npn_protocols |
self.signed_cert_timestamps = signed_cert_timestamps |
self.fallback_scsv_enabled = fallback_scsv_enabled |
self.ocsp_response = ocsp_response |
@@ -215,6 +213,8 @@ class HTTPSServer(tlslite.api.TLSSocketServerMixIn, |
self.ssl_handshake_settings.enableExtendedMasterSecret = False |
self.ssl_handshake_settings.supportedTokenBindingParams = \ |
token_binding_params |
+ self.ssl_handshake_settings.alpnProtos=alpn_protocols; |
+ self.ssl_handshake_settings.nextProtos=npn_protocols; |
if record_resume_info: |
# If record_resume_info is true then we'll replace the session cache with |
@@ -238,7 +238,6 @@ class HTTPSServer(tlslite.api.TLSSocketServerMixIn, |
settings=self.ssl_handshake_settings, |
reqCAs=self.ssl_client_cas, |
reqCertTypes=self.ssl_client_cert_types, |
- nextProtos=self.npn_protocols, |
signedCertTimestamps= |
self.signed_cert_timestamps, |
fallbackSCSV=self.fallback_scsv_enabled, |
@@ -1992,6 +1991,7 @@ class ServerRunner(testserver_base.TestServerRunner): |
self.options.ssl_client_cert_type, |
self.options.ssl_bulk_cipher, |
self.options.ssl_key_exchange, |
+ self.options.alpn_protocols, |
self.options.npn_protocols, |
self.options.record_resume, |
self.options.tls_intolerant, |
@@ -2226,9 +2226,13 @@ class ServerRunner(testserver_base.TestServerRunner): |
'will be used. This option may appear ' |
'multiple times, indicating multiple ' |
'algorithms should be enabled.'); |
- # TODO(davidben): Add ALPN support to tlslite. |
+ self.option_parser.add_option('--alpn-protocols', action='append', |
+ help='Specify the list of ALPN protocols. ' |
+ 'The server will not send an ALPN response ' |
+ 'if this list does not overlap with the ' |
+ 'list of protocols the client advertises.') |
self.option_parser.add_option('--npn-protocols', action='append', |
- help='Specify the list of protocols sent in' |
+ help='Specify the list of protocols sent in ' |
'an NPN response. The server will not' |
'support NPN if the list is empty.') |
self.option_parser.add_option('--file-root-url', default='/files/', |