| Index: net/tools/testserver/testserver.py
|
| diff --git a/net/tools/testserver/testserver.py b/net/tools/testserver/testserver.py
|
| index 085619fbf29b9841e9441a6e3e5ed426d6c1328a..0a1f59b0c59a78c69d644e1e9773b24a58d86e7b 100755
|
| --- a/net/tools/testserver/testserver.py
|
| +++ b/net/tools/testserver/testserver.py
|
| @@ -136,7 +136,7 @@ class HTTPSServer(tlslite.api.TLSSocketServerMixIn,
|
| def __init__(self, server_address, request_hander_class, pem_cert_and_key,
|
| ssl_client_auth, ssl_client_cas, ssl_bulk_ciphers,
|
| record_resume_info, tls_intolerant, signed_cert_timestamps,
|
| - fallback_scsv_enabled):
|
| + fallback_scsv_enabled, ocsp_response):
|
| self.cert_chain = tlslite.api.X509CertChain().parseChain(pem_cert_and_key)
|
| # Force using only python implementation - otherwise behavior is different
|
| # depending on whether m2crypto Python module is present (error is thrown
|
| @@ -150,6 +150,7 @@ class HTTPSServer(tlslite.api.TLSSocketServerMixIn,
|
| self.tls_intolerant = tls_intolerant
|
| self.signed_cert_timestamps = signed_cert_timestamps
|
| self.fallback_scsv_enabled = fallback_scsv_enabled
|
| + self.ocsp_response = ocsp_response
|
|
|
| for ca_file in ssl_client_cas:
|
| s = open(ca_file).read()
|
| @@ -184,7 +185,8 @@ class HTTPSServer(tlslite.api.TLSSocketServerMixIn,
|
| tlsIntolerant=self.tls_intolerant,
|
| signedCertTimestamps=
|
| self.signed_cert_timestamps,
|
| - fallbackSCSV=self.fallback_scsv_enabled)
|
| + fallbackSCSV=self.fallback_scsv_enabled,
|
| + ocspResponse = self.ocsp_response)
|
| tlsConnection.ignoreAbruptClose = True
|
| return True
|
| except tlslite.api.TLSAbruptCloseError:
|
| @@ -1946,15 +1948,21 @@ class ServerRunner(testserver_base.TestServerRunner):
|
| raise testserver_base.OptionError(
|
| 'specified trusted client CA file not found: ' + ca_cert +
|
| ' exiting...')
|
| +
|
| + stapled_ocsp_response = None
|
| + if self.__ocsp_server and self.options.staple_ocsp_response:
|
| + stapled_ocsp_response = self.__ocsp_server.ocsp_response
|
| +
|
| server = HTTPSServer((host, port), TestPageHandler, pem_cert_and_key,
|
| self.options.ssl_client_auth,
|
| self.options.ssl_client_ca,
|
| self.options.ssl_bulk_cipher,
|
| self.options.record_resume,
|
| self.options.tls_intolerant,
|
| - self.options.signed_cert_timestamps.decode(
|
| + self.options.signed_cert_timestamps_tls_ext.decode(
|
| "base64"),
|
| - self.options.fallback_scsv)
|
| + self.options.fallback_scsv,
|
| + stapled_ocsp_response)
|
| print 'HTTPS server started on %s:%d...' % (host, server.server_port)
|
| else:
|
| server = HTTPServer((host, port), TestPageHandler)
|
| @@ -2092,8 +2100,8 @@ class ServerRunner(testserver_base.TestServerRunner):
|
| 'aborted. 2 means TLS 1.1 or higher will be '
|
| 'aborted. 3 means TLS 1.2 or higher will be '
|
| 'aborted.')
|
| - self.option_parser.add_option('--signed-cert-timestamps',
|
| - dest='signed_cert_timestamps',
|
| + self.option_parser.add_option('--signed-cert-timestamps-tls-ext',
|
| + dest='signed_cert_timestamps_tls_ext',
|
| default='',
|
| help='Base64 encoded SCT list. If set, '
|
| 'server will respond with a '
|
| @@ -2106,6 +2114,12 @@ class ServerRunner(testserver_base.TestServerRunner):
|
| 'will be enabled. This causes the server to '
|
| 'reject fallback connections from compatible '
|
| 'clients (e.g. Chrome).')
|
| + self.option_parser.add_option('--staple-ocsp-response',
|
| + dest='staple_ocsp_response',
|
| + default=False, action='store_true',
|
| + help='If set, server will staple the OCSP '
|
| + 'response whenever OCSP is on and the client '
|
| + 'supports OCSP stapling.')
|
| self.option_parser.add_option('--https-record-resume',
|
| dest='record_resume', const=True,
|
| default=False, action='store_const',
|
|
|
Chromium Code Reviews
Issue 92443002:
Extract Certificate Transparency SCTs from stapled OCSP responses (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@extract_scts