summaryrefslogtreecommitdiffstats
path: root/net/tools/testserver/testserver.py
diff options
context:
space:
mode:
Diffstat (limited to 'net/tools/testserver/testserver.py')
-rwxr-xr-xnet/tools/testserver/testserver.py26
1 files changed, 20 insertions, 6 deletions
diff --git a/net/tools/testserver/testserver.py b/net/tools/testserver/testserver.py
index 085619f..0a1f59b 100755
--- a/net/tools/testserver/testserver.py
+++ b/net/tools/testserver/testserver.py
@@ -136,7 +136,7 @@ class HTTPSServer(tlslite.api.TLSSocketServerMixIn,
def __init__(self, server_address, request_hander_class, pem_cert_and_key,
ssl_client_auth, ssl_client_cas, ssl_bulk_ciphers,
record_resume_info, tls_intolerant, signed_cert_timestamps,
- fallback_scsv_enabled):
+ fallback_scsv_enabled, ocsp_response):
self.cert_chain = tlslite.api.X509CertChain().parseChain(pem_cert_and_key)
# Force using only python implementation - otherwise behavior is different
# depending on whether m2crypto Python module is present (error is thrown
@@ -150,6 +150,7 @@ class HTTPSServer(tlslite.api.TLSSocketServerMixIn,
self.tls_intolerant = tls_intolerant
self.signed_cert_timestamps = signed_cert_timestamps
self.fallback_scsv_enabled = fallback_scsv_enabled
+ self.ocsp_response = ocsp_response
for ca_file in ssl_client_cas:
s = open(ca_file).read()
@@ -184,7 +185,8 @@ class HTTPSServer(tlslite.api.TLSSocketServerMixIn,
tlsIntolerant=self.tls_intolerant,
signedCertTimestamps=
self.signed_cert_timestamps,
- fallbackSCSV=self.fallback_scsv_enabled)
+ fallbackSCSV=self.fallback_scsv_enabled,
+ ocspResponse = self.ocsp_response)
tlsConnection.ignoreAbruptClose = True
return True
except tlslite.api.TLSAbruptCloseError:
@@ -1946,15 +1948,21 @@ class ServerRunner(testserver_base.TestServerRunner):
raise testserver_base.OptionError(
'specified trusted client CA file not found: ' + ca_cert +
' exiting...')
+
+ stapled_ocsp_response = None
+ if self.__ocsp_server and self.options.staple_ocsp_response:
+ stapled_ocsp_response = self.__ocsp_server.ocsp_response
+
server = HTTPSServer((host, port), TestPageHandler, pem_cert_and_key,
self.options.ssl_client_auth,
self.options.ssl_client_ca,
self.options.ssl_bulk_cipher,
self.options.record_resume,
self.options.tls_intolerant,
- self.options.signed_cert_timestamps.decode(
+ self.options.signed_cert_timestamps_tls_ext.decode(
"base64"),
- self.options.fallback_scsv)
+ self.options.fallback_scsv,
+ stapled_ocsp_response)
print 'HTTPS server started on %s:%d...' % (host, server.server_port)
else:
server = HTTPServer((host, port), TestPageHandler)
@@ -2092,8 +2100,8 @@ class ServerRunner(testserver_base.TestServerRunner):
'aborted. 2 means TLS 1.1 or higher will be '
'aborted. 3 means TLS 1.2 or higher will be '
'aborted.')
- self.option_parser.add_option('--signed-cert-timestamps',
- dest='signed_cert_timestamps',
+ self.option_parser.add_option('--signed-cert-timestamps-tls-ext',
+ dest='signed_cert_timestamps_tls_ext',
default='',
help='Base64 encoded SCT list. If set, '
'server will respond with a '
@@ -2106,6 +2114,12 @@ class ServerRunner(testserver_base.TestServerRunner):
'will be enabled. This causes the server to '
'reject fallback connections from compatible '
'clients (e.g. Chrome).')
+ self.option_parser.add_option('--staple-ocsp-response',
+ dest='staple_ocsp_response',
+ default=False, action='store_true',
+ help='If set, server will staple the OCSP '
+ 'response whenever OCSP is on and the client '
+ 'supports OCSP stapling.')
self.option_parser.add_option('--https-record-resume',
dest='record_resume', const=True,
default=False, action='store_const',
generated by cgit v1.1 at 2025-01-25 14:50:13 +0000