| Index: net/tools/testserver/testserver.py
|
| diff --git a/net/tools/testserver/testserver.py b/net/tools/testserver/testserver.py
|
| index 33faf463d3a8c83c78cc7d1d14cc2a69d4ac3089..83920d8dd95fb5c5b0bf85bba79598b07e4c426f 100755
|
| --- a/net/tools/testserver/testserver.py
|
| +++ b/net/tools/testserver/testserver.py
|
| @@ -154,7 +154,8 @@ class HTTPSServer(tlslite.api.TLSSocketServerMixIn,
|
| def __init__(self, server_address, request_hander_class, pem_cert_and_key,
|
| ssl_client_auth, ssl_client_cas, ssl_client_cert_types,
|
| ssl_bulk_ciphers, ssl_key_exchanges, enable_npn,
|
| - record_resume_info, tls_intolerant, signed_cert_timestamps,
|
| + record_resume_info, tls_intolerant,
|
| + tls_intolerance_type, signed_cert_timestamps,
|
| fallback_scsv_enabled, ocsp_response):
|
| self.cert_chain = tlslite.api.X509CertChain()
|
| self.cert_chain.parsePemList(pem_cert_and_key)
|
| @@ -172,10 +173,6 @@ class HTTPSServer(tlslite.api.TLSSocketServerMixIn,
|
| self.next_protos = ['http/1.1']
|
| else:
|
| self.next_protos = None
|
| - if tls_intolerant == 0:
|
| - self.tls_intolerant = None
|
| - else:
|
| - self.tls_intolerant = (3, tls_intolerant)
|
| self.signed_cert_timestamps = signed_cert_timestamps
|
| self.fallback_scsv_enabled = fallback_scsv_enabled
|
| self.ocsp_response = ocsp_response
|
| @@ -199,6 +196,9 @@ class HTTPSServer(tlslite.api.TLSSocketServerMixIn,
|
| self.ssl_handshake_settings.cipherNames = ssl_bulk_ciphers
|
| if ssl_key_exchanges is not None:
|
| self.ssl_handshake_settings.keyExchangeNames = ssl_key_exchanges
|
| + if tls_intolerant != 0:
|
| + self.ssl_handshake_settings.tlsIntolerant = (3, tls_intolerant)
|
| + self.ssl_handshake_settings.tlsIntoleranceType = tls_intolerance_type
|
|
|
| if record_resume_info:
|
| # If record_resume_info is true then we'll replace the session cache with
|
| @@ -223,7 +223,6 @@ class HTTPSServer(tlslite.api.TLSSocketServerMixIn,
|
| reqCAs=self.ssl_client_cas,
|
| reqCertTypes=self.ssl_client_cert_types,
|
| nextProtos=self.next_protos,
|
| - tlsIntolerant=self.tls_intolerant,
|
| signedCertTimestamps=
|
| self.signed_cert_timestamps,
|
| fallbackSCSV=self.fallback_scsv_enabled,
|
| @@ -1982,6 +1981,7 @@ class ServerRunner(testserver_base.TestServerRunner):
|
| self.options.enable_npn,
|
| self.options.record_resume,
|
| self.options.tls_intolerant,
|
| + self.options.tls_intolerance_type,
|
| self.options.signed_cert_timestamps_tls_ext.decode(
|
| "base64"),
|
| self.options.fallback_scsv,
|
| @@ -2128,6 +2128,12 @@ class ServerRunner(testserver_base.TestServerRunner):
|
| 'aborted. 2 means TLS 1.1 or higher will be '
|
| 'aborted. 3 means TLS 1.2 or higher will be '
|
| 'aborted.')
|
| + self.option_parser.add_option('--tls-intolerance-type',
|
| + dest='tls_intolerance_type',
|
| + default="alert",
|
| + help='Controls how the server reacts to a '
|
| + 'TLS version it is intolerant to. Valid '
|
| + 'values are "alert", "close", and "reset".')
|
| self.option_parser.add_option('--signed-cert-timestamps-tls-ext',
|
| dest='signed_cert_timestamps_tls_ext',
|
| default='',
|
|
|
Chromium Code Reviews
Issue 342793003:
Add tests for TLS fallback on connection reset and close. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src