| OLD | NEW |
|---|
| 1 #!/usr/bin/env python | 1 #!/usr/bin/env python |
| 2 # Copyright 2013 The Chromium Authors. All rights reserved. | 2 # Copyright 2013 The Chromium Authors. All rights reserved. |
| 3 # Use of this source code is governed by a BSD-style license that can be | 3 # Use of this source code is governed by a BSD-style license that can be |
| 4 # found in the LICENSE file. | 4 # found in the LICENSE file. |
| 5 | 5 |
| 6 """This is a simple HTTP/FTP/TCP/UDP/BASIC_AUTH_PROXY/WEBSOCKET server used for | 6 """This is a simple HTTP/FTP/TCP/UDP/BASIC_AUTH_PROXY/WEBSOCKET server used for |
| 7 testing Chrome. | 7 testing Chrome. |
| 8 | 8 |
| 9 It supports several test URLs, as specified by the handlers in TestPageHandler. | 9 It supports several test URLs, as specified by the handlers in TestPageHandler. |
| 10 By default, it listens on an ephemeral port and sends the port number back to | 10 By default, it listens on an ephemeral port and sends the port number back to |
| (...skipping 139 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 150 testserver_base.BrokenPipeHandlerMixIn, | 150 testserver_base.BrokenPipeHandlerMixIn, |
| 151 testserver_base.StoppableHTTPServer): | 151 testserver_base.StoppableHTTPServer): |
| 152 """This is a specialization of StoppableHTTPServer that add https support and | 152 """This is a specialization of StoppableHTTPServer that add https support and |
| 153 client verification.""" | 153 client verification.""" |
| 154 | 154 |
| 155 def __init__(self, server_address, request_hander_class, pem_cert_and_key, | 155 def __init__(self, server_address, request_hander_class, pem_cert_and_key, |
| 156 ssl_client_auth, ssl_client_cas, ssl_client_cert_types, | 156 ssl_client_auth, ssl_client_cas, ssl_client_cert_types, |
| 157 ssl_bulk_ciphers, ssl_key_exchanges, enable_npn, | 157 ssl_bulk_ciphers, ssl_key_exchanges, enable_npn, |
| 158 record_resume_info, tls_intolerant, | 158 record_resume_info, tls_intolerant, |
| 159 tls_intolerance_type, signed_cert_timestamps, | 159 tls_intolerance_type, signed_cert_timestamps, |
| 160 fallback_scsv_enabled, ocsp_response): | 160 fallback_scsv_enabled, ocsp_response, |
| 161 alert_after_handshake): |
| 161 self.cert_chain = tlslite.api.X509CertChain() | 162 self.cert_chain = tlslite.api.X509CertChain() |
| 162 self.cert_chain.parsePemList(pem_cert_and_key) | 163 self.cert_chain.parsePemList(pem_cert_and_key) |
| 163 # Force using only python implementation - otherwise behavior is different | 164 # Force using only python implementation - otherwise behavior is different |
| 164 # depending on whether m2crypto Python module is present (error is thrown | 165 # depending on whether m2crypto Python module is present (error is thrown |
| 165 # when it is). m2crypto uses a C (based on OpenSSL) implementation under | 166 # when it is). m2crypto uses a C (based on OpenSSL) implementation under |
| 166 # the hood. | 167 # the hood. |
| 167 self.private_key = tlslite.api.parsePEMKey(pem_cert_and_key, | 168 self.private_key = tlslite.api.parsePEMKey(pem_cert_and_key, |
| 168 private=True, | 169 private=True, |
| 169 implementations=['python']) | 170 implementations=['python']) |
| 170 self.ssl_client_auth = ssl_client_auth | 171 self.ssl_client_auth = ssl_client_auth |
| (...skipping 24 matching lines...) Expand all Loading... |
| 195 self.ssl_handshake_settings = tlslite.api.HandshakeSettings() | 196 self.ssl_handshake_settings = tlslite.api.HandshakeSettings() |
| 196 # Enable SSLv3 for testing purposes. | 197 # Enable SSLv3 for testing purposes. |
| 197 self.ssl_handshake_settings.minVersion = (3, 0) | 198 self.ssl_handshake_settings.minVersion = (3, 0) |
| 198 if ssl_bulk_ciphers is not None: | 199 if ssl_bulk_ciphers is not None: |
| 199 self.ssl_handshake_settings.cipherNames = ssl_bulk_ciphers | 200 self.ssl_handshake_settings.cipherNames = ssl_bulk_ciphers |
| 200 if ssl_key_exchanges is not None: | 201 if ssl_key_exchanges is not None: |
| 201 self.ssl_handshake_settings.keyExchangeNames = ssl_key_exchanges | 202 self.ssl_handshake_settings.keyExchangeNames = ssl_key_exchanges |
| 202 if tls_intolerant != 0: | 203 if tls_intolerant != 0: |
| 203 self.ssl_handshake_settings.tlsIntolerant = (3, tls_intolerant) | 204 self.ssl_handshake_settings.tlsIntolerant = (3, tls_intolerant) |
| 204 self.ssl_handshake_settings.tlsIntoleranceType = tls_intolerance_type | 205 self.ssl_handshake_settings.tlsIntoleranceType = tls_intolerance_type |
| 206 if alert_after_handshake: |
| 207 self.ssl_handshake_settings.alertAfterHandshake = True |
| 205 | 208 |
| 206 if record_resume_info: | 209 if record_resume_info: |
| 207 # If record_resume_info is true then we'll replace the session cache with | 210 # If record_resume_info is true then we'll replace the session cache with |
| 208 # an object that records the lookups and inserts that it sees. | 211 # an object that records the lookups and inserts that it sees. |
| 209 self.session_cache = RecordingSSLSessionCache() | 212 self.session_cache = RecordingSSLSessionCache() |
| 210 else: | 213 else: |
| 211 self.session_cache = tlslite.api.SessionCache() | 214 self.session_cache = tlslite.api.SessionCache() |
| 212 testserver_base.StoppableHTTPServer.__init__(self, | 215 testserver_base.StoppableHTTPServer.__init__(self, |
| 213 server_address, | 216 server_address, |
| 214 request_hander_class) | 217 request_hander_class) |
| (...skipping 1823 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2038 self.options.ssl_client_cert_type, | 2041 self.options.ssl_client_cert_type, |
| 2039 self.options.ssl_bulk_cipher, | 2042 self.options.ssl_bulk_cipher, |
| 2040 self.options.ssl_key_exchange, | 2043 self.options.ssl_key_exchange, |
| 2041 self.options.enable_npn, | 2044 self.options.enable_npn, |
| 2042 self.options.record_resume, | 2045 self.options.record_resume, |
| 2043 self.options.tls_intolerant, | 2046 self.options.tls_intolerant, |
| 2044 self.options.tls_intolerance_type, | 2047 self.options.tls_intolerance_type, |
| 2045 self.options.signed_cert_timestamps_tls_ext.decode( | 2048 self.options.signed_cert_timestamps_tls_ext.decode( |
| 2046 "base64"), | 2049 "base64"), |
| 2047 self.options.fallback_scsv, | 2050 self.options.fallback_scsv, |
| 2048 stapled_ocsp_response) | 2051 stapled_ocsp_response, |
| 2052 self.options.alert_after_handshake) |
| 2049 print 'HTTPS server started on https://%s:%d...' % \ | 2053 print 'HTTPS server started on https://%s:%d...' % \ |
| 2050 (host, server.server_port) | 2054 (host, server.server_port) |
| 2051 else: | 2055 else: |
| 2052 server = HTTPServer((host, port), TestPageHandler) | 2056 server = HTTPServer((host, port), TestPageHandler) |
| 2053 print 'HTTP server started on http://%s:%d...' % \ | 2057 print 'HTTP server started on http://%s:%d...' % \ |
| 2054 (host, server.server_port) | 2058 (host, server.server_port) |
| 2055 | 2059 |
| 2056 server.data_dir = self.__make_data_dir() | 2060 server.data_dir = self.__make_data_dir() |
| 2057 server.file_root_url = self.options.file_root_url | 2061 server.file_root_url = self.options.file_root_url |
| 2058 server_data['port'] = server.server_port | 2062 server_data['port'] = server.server_port |
| (...skipping 212 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2271 # TODO(ricea): Generalize this to support basic auth for HTTP too. | 2275 # TODO(ricea): Generalize this to support basic auth for HTTP too. |
| 2272 self.option_parser.add_option('--ws-basic-auth', action='store_true', | 2276 self.option_parser.add_option('--ws-basic-auth', action='store_true', |
| 2273 dest='ws_basic_auth', | 2277 dest='ws_basic_auth', |
| 2274 help='Enable basic-auth for WebSocket') | 2278 help='Enable basic-auth for WebSocket') |
| 2275 self.option_parser.add_option('--ocsp-server-unavailable', | 2279 self.option_parser.add_option('--ocsp-server-unavailable', |
| 2276 dest='ocsp_server_unavailable', | 2280 dest='ocsp_server_unavailable', |
| 2277 default=False, action='store_true', | 2281 default=False, action='store_true', |
| 2278 help='If set, the OCSP server will return ' | 2282 help='If set, the OCSP server will return ' |
| 2279 'a tryLater status rather than the actual ' | 2283 'a tryLater status rather than the actual ' |
| 2280 'OCSP response.') | 2284 'OCSP response.') |
| 2285 self.option_parser.add_option('--alert-after-handshake', |
| 2286 dest='alert_after_handshake', |
| 2287 default=False, action='store_true', |
| 2288 help='If set, the server will send a fatal ' |
| 2289 'alert immediately after the handshake.') |
| 2281 | 2290 |
| 2282 | 2291 |
| 2283 if __name__ == '__main__': | 2292 if __name__ == '__main__': |
| 2284 sys.exit(ServerRunner().main()) | 2293 sys.exit(ServerRunner().main()) |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 994373004:
Properly handle alerts from the peer in SSL_read. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master