Update from https://crrev.com/304121

net/tools/testserver/testserver.py

 #!/usr/bin/env python
 # Copyright 2013 The Chromium Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 
 """This is a simple HTTP/FTP/TCP/UDP/BASIC_AUTH_PROXY/WEBSOCKET server used for
 testing Chrome.
 
 It supports several test URLs, as specified by the handlers in TestPageHandler.
 By default, it listens on an ephemeral port and sends the port number back to
@@ skipping 1958 matching lines @@
 
     return my_data_dir
 
   def create_server(self, server_data):
     port = self.options.port
     host = self.options.host
 
     if self.options.server_type == SERVER_HTTP:
       if self.options.https:
         pem_cert_and_key = None
+        ocsp_der = None
         if self.options.cert_and_key_file:
           if not os.path.isfile(self.options.cert_and_key_file):
             raise testserver_base.OptionError(
                 'specified server cert file not found: ' +
                 self.options.cert_and_key_file + ' exiting...')
           pem_cert_and_key = file(self.options.cert_and_key_file, 'r').read()
         else:
           # generate a new certificate and run an OCSP server for it.
           self.__ocsp_server = OCSPServer((host, 0), OCSPHandler)
           print ('OCSP server started on %s:%d...' %
               (host, self.__ocsp_server.server_port))
 
-          ocsp_der = None
           ocsp_state = None
 
           if self.options.ocsp == 'ok':
             ocsp_state = minica.OCSP_STATE_GOOD
           elif self.options.ocsp == 'revoked':
             ocsp_state = minica.OCSP_STATE_REVOKED
           elif self.options.ocsp == 'invalid':
             ocsp_state = minica.OCSP_STATE_INVALID
           elif self.options.ocsp == 'unauthorized':
             ocsp_state = minica.OCSP_STATE_UNAUTHORIZED
           elif self.options.ocsp == 'unknown':
             ocsp_state = minica.OCSP_STATE_UNKNOWN
           else:
             raise testserver_base.OptionError('unknown OCSP status: ' +
                 self.options.ocsp_status)
 
           (pem_cert_and_key, ocsp_der) = minica.GenerateCertKeyAndOCSP(
               subject = "127.0.0.1",
               ocsp_url = ("http://%s:%d/ocsp" %
                   (host, self.__ocsp_server.server_port)),
               ocsp_state = ocsp_state,
               serial = self.options.cert_serial)
 
-          self.__ocsp_server.ocsp_response = ocsp_der
+          if self.options.ocsp_server_unavailable:
+            # SEQUENCE containing ENUMERATED with value 3 (tryLater).
+            self.__ocsp_server.ocsp_response = '30030a0103'.decode('hex')
+          else:
+            self.__ocsp_server.ocsp_response = ocsp_der
 
         for ca_cert in self.options.ssl_client_ca:
           if not os.path.isfile(ca_cert):
             raise testserver_base.OptionError(
                 'specified trusted client CA file not found: ' + ca_cert +
                 ' exiting...')
 
         stapled_ocsp_response = None
-        if self.__ocsp_server and self.options.staple_ocsp_response:
-          stapled_ocsp_response = self.__ocsp_server.ocsp_response
+        if self.options.staple_ocsp_response:
+          stapled_ocsp_response = ocsp_der
 
         server = HTTPSServer((host, port), TestPageHandler, pem_cert_and_key,
                              self.options.ssl_client_auth,
                              self.options.ssl_client_ca,
                              self.options.ssl_client_cert_type,
                              self.options.ssl_bulk_cipher,
                              self.options.ssl_key_exchange,
                              self.options.enable_npn,
                              self.options.record_resume,
                              self.options.tls_intolerant,
@@ skipping 226 matching lines @@
                                   action='store_const',
                                   help='Enable server support for the NPN '
                                   'extension. The server will advertise '
                                   'support for exactly one protocol, http/1.1')
     self.option_parser.add_option('--file-root-url', default='/files/',
                                   help='Specify a root URL for files served.')
     # TODO(ricea): Generalize this to support basic auth for HTTP too.
     self.option_parser.add_option('--ws-basic-auth', action='store_true',
                                   dest='ws_basic_auth',
                                   help='Enable basic-auth for WebSocket')
+    self.option_parser.add_option('--ocsp-server-unavailable',
+                                  dest='ocsp_server_unavailable',
+                                  default=False, action='store_true',
+                                  help='If set, the OCSP server will return '
+                                  'a tryLater status rather than the actual '
+                                  'OCSP response.')
 
 
 if __name__ == '__main__':
   sys.exit(ServerRunner().main())