| OLD | NEW |
|---|
| 1 #!/usr/bin/env python | 1 #!/usr/bin/env python |
| 2 # Copyright 2013 The Chromium Authors. All rights reserved. | 2 # Copyright 2013 The Chromium Authors. All rights reserved. |
| 3 # Use of this source code is governed by a BSD-style license that can be | 3 # Use of this source code is governed by a BSD-style license that can be |
| 4 # found in the LICENSE file. | 4 # found in the LICENSE file. |
| 5 | 5 |
| 6 """This is a simple HTTP/FTP/TCP/UDP/BASIC_AUTH_PROXY/WEBSOCKET server used for | 6 """This is a simple HTTP/FTP/TCP/UDP/BASIC_AUTH_PROXY/WEBSOCKET server used for |
| 7 testing Chrome. | 7 testing Chrome. |
| 8 | 8 |
| 9 It supports several test URLs, as specified by the handlers in TestPageHandler. | 9 It supports several test URLs, as specified by the handlers in TestPageHandler. |
| 10 By default, it listens on an ephemeral port and sends the port number back to | 10 By default, it listens on an ephemeral port and sends the port number back to |
| (...skipping 139 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 150 testserver_base.BrokenPipeHandlerMixIn, | 150 testserver_base.BrokenPipeHandlerMixIn, |
| 151 testserver_base.StoppableHTTPServer): | 151 testserver_base.StoppableHTTPServer): |
| 152 """This is a specialization of StoppableHTTPServer that add https support and | 152 """This is a specialization of StoppableHTTPServer that add https support and |
| 153 client verification.""" | 153 client verification.""" |
| 154 | 154 |
| 155 def __init__(self, server_address, request_hander_class, pem_cert_and_key, | 155 def __init__(self, server_address, request_hander_class, pem_cert_and_key, |
| 156 ssl_client_auth, ssl_client_cas, ssl_client_cert_types, | 156 ssl_client_auth, ssl_client_cas, ssl_client_cert_types, |
| 157 ssl_bulk_ciphers, ssl_key_exchanges, enable_npn, | 157 ssl_bulk_ciphers, ssl_key_exchanges, enable_npn, |
| 158 record_resume_info, tls_intolerant, | 158 record_resume_info, tls_intolerant, |
| 159 tls_intolerance_type, signed_cert_timestamps, | 159 tls_intolerance_type, signed_cert_timestamps, |
| 160 fallback_scsv_enabled, ocsp_response, disable_session_cache): | 160 fallback_scsv_enabled, ocsp_response, disable_session_cache, |
| 161 alert_after_handshake): |
| 161 self.cert_chain = tlslite.api.X509CertChain() | 162 self.cert_chain = tlslite.api.X509CertChain() |
| 162 self.cert_chain.parsePemList(pem_cert_and_key) | 163 self.cert_chain.parsePemList(pem_cert_and_key) |
| 163 # Force using only python implementation - otherwise behavior is different | 164 # Force using only python implementation - otherwise behavior is different |
| 164 # depending on whether m2crypto Python module is present (error is thrown | 165 # depending on whether m2crypto Python module is present (error is thrown |
| 165 # when it is). m2crypto uses a C (based on OpenSSL) implementation under | 166 # when it is). m2crypto uses a C (based on OpenSSL) implementation under |
| 166 # the hood. | 167 # the hood. |
| 167 self.private_key = tlslite.api.parsePEMKey(pem_cert_and_key, | 168 self.private_key = tlslite.api.parsePEMKey(pem_cert_and_key, |
| 168 private=True, | 169 private=True, |
| 169 implementations=['python']) | 170 implementations=['python']) |
| 170 self.ssl_client_auth = ssl_client_auth | 171 self.ssl_client_auth = ssl_client_auth |
| (...skipping 24 matching lines...) Expand all Loading... |
| 195 self.ssl_handshake_settings = tlslite.api.HandshakeSettings() | 196 self.ssl_handshake_settings = tlslite.api.HandshakeSettings() |
| 196 # Enable SSLv3 for testing purposes. | 197 # Enable SSLv3 for testing purposes. |
| 197 self.ssl_handshake_settings.minVersion = (3, 0) | 198 self.ssl_handshake_settings.minVersion = (3, 0) |
| 198 if ssl_bulk_ciphers is not None: | 199 if ssl_bulk_ciphers is not None: |
| 199 self.ssl_handshake_settings.cipherNames = ssl_bulk_ciphers | 200 self.ssl_handshake_settings.cipherNames = ssl_bulk_ciphers |
| 200 if ssl_key_exchanges is not None: | 201 if ssl_key_exchanges is not None: |
| 201 self.ssl_handshake_settings.keyExchangeNames = ssl_key_exchanges | 202 self.ssl_handshake_settings.keyExchangeNames = ssl_key_exchanges |
| 202 if tls_intolerant != 0: | 203 if tls_intolerant != 0: |
| 203 self.ssl_handshake_settings.tlsIntolerant = (3, tls_intolerant) | 204 self.ssl_handshake_settings.tlsIntolerant = (3, tls_intolerant) |
| 204 self.ssl_handshake_settings.tlsIntoleranceType = tls_intolerance_type | 205 self.ssl_handshake_settings.tlsIntoleranceType = tls_intolerance_type |
| 206 if alert_after_handshake: |
| 207 self.ssl_handshake_settings.alertAfterHandshake = True |
| 205 | 208 |
| 206 | 209 |
| 207 if disable_session_cache: | 210 if disable_session_cache: |
| 208 self.session_cache = None | 211 self.session_cache = None |
| 209 elif record_resume_info: | 212 elif record_resume_info: |
| 210 # If record_resume_info is true then we'll replace the session cache with | 213 # If record_resume_info is true then we'll replace the session cache with |
| 211 # an object that records the lookups and inserts that it sees. | 214 # an object that records the lookups and inserts that it sees. |
| 212 self.session_cache = RecordingSSLSessionCache() | 215 self.session_cache = RecordingSSLSessionCache() |
| 213 else: | 216 else: |
| 214 self.session_cache = tlslite.api.SessionCache() | 217 self.session_cache = tlslite.api.SessionCache() |
| (...skipping 1827 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2042 self.options.ssl_bulk_cipher, | 2045 self.options.ssl_bulk_cipher, |
| 2043 self.options.ssl_key_exchange, | 2046 self.options.ssl_key_exchange, |
| 2044 self.options.enable_npn, | 2047 self.options.enable_npn, |
| 2045 self.options.record_resume, | 2048 self.options.record_resume, |
| 2046 self.options.tls_intolerant, | 2049 self.options.tls_intolerant, |
| 2047 self.options.tls_intolerance_type, | 2050 self.options.tls_intolerance_type, |
| 2048 self.options.signed_cert_timestamps_tls_ext.decode( | 2051 self.options.signed_cert_timestamps_tls_ext.decode( |
| 2049 "base64"), | 2052 "base64"), |
| 2050 self.options.fallback_scsv, | 2053 self.options.fallback_scsv, |
| 2051 stapled_ocsp_response, | 2054 stapled_ocsp_response, |
| 2052 self.options.disable_session_cache) | 2055 self.options.disable_session_cache, |
| 2056 self.options.alert_after_handshake) |
| 2053 print 'HTTPS server started on https://%s:%d...' % \ | 2057 print 'HTTPS server started on https://%s:%d...' % \ |
| 2054 (host, server.server_port) | 2058 (host, server.server_port) |
| 2055 else: | 2059 else: |
| 2056 server = HTTPServer((host, port), TestPageHandler) | 2060 server = HTTPServer((host, port), TestPageHandler) |
| 2057 print 'HTTP server started on http://%s:%d...' % \ | 2061 print 'HTTP server started on http://%s:%d...' % \ |
| 2058 (host, server.server_port) | 2062 (host, server.server_port) |
| 2059 | 2063 |
| 2060 server.data_dir = self.__make_data_dir() | 2064 server.data_dir = self.__make_data_dir() |
| 2061 server.file_root_url = self.options.file_root_url | 2065 server.file_root_url = self.options.file_root_url |
| 2062 server_data['port'] = server.server_port | 2066 server_data['port'] = server.server_port |
| (...skipping 217 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2280 # TODO(ricea): Generalize this to support basic auth for HTTP too. | 2284 # TODO(ricea): Generalize this to support basic auth for HTTP too. |
| 2281 self.option_parser.add_option('--ws-basic-auth', action='store_true', | 2285 self.option_parser.add_option('--ws-basic-auth', action='store_true', |
| 2282 dest='ws_basic_auth', | 2286 dest='ws_basic_auth', |
| 2283 help='Enable basic-auth for WebSocket') | 2287 help='Enable basic-auth for WebSocket') |
| 2284 self.option_parser.add_option('--ocsp-server-unavailable', | 2288 self.option_parser.add_option('--ocsp-server-unavailable', |
| 2285 dest='ocsp_server_unavailable', | 2289 dest='ocsp_server_unavailable', |
| 2286 default=False, action='store_true', | 2290 default=False, action='store_true', |
| 2287 help='If set, the OCSP server will return ' | 2291 help='If set, the OCSP server will return ' |
| 2288 'a tryLater status rather than the actual ' | 2292 'a tryLater status rather than the actual ' |
| 2289 'OCSP response.') | 2293 'OCSP response.') |
| 2294 self.option_parser.add_option('--alert-after-handshake', |
| 2295 dest='alert_after_handshake', |
| 2296 default=False, action='store_true', |
| 2297 help='If set, the server will send a fatal ' |
| 2298 'alert immediately after the handshake.') |
| 2290 | 2299 |
| 2291 | 2300 |
| 2292 if __name__ == '__main__': | 2301 if __name__ == '__main__': |
| 2293 sys.exit(ServerRunner().main()) | 2302 sys.exit(ServerRunner().main()) |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 994373004:
Properly handle alerts from the peer in SSL_read. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master