1 files changed, 14 insertions, 1 deletions

diff --git a/net/tools/testserver/testserver.py b/net/tools/testserver/testserver.py
index 2b0c36c..9e86cf2 100755
--- a/net/tools/testserver/testserver.py
+++ b/net/tools/testserver/testserver.py
@@ -153,7 +153,7 @@ class HTTPSServer(tlslite.api.TLSSocketServerMixIn,
 
   def __init__(self, server_address, request_hander_class, pem_cert_and_key,
                ssl_client_auth, ssl_client_cas,
-               ssl_bulk_ciphers, ssl_key_exchanges,
+               ssl_bulk_ciphers, ssl_key_exchanges, enable_npn,
                record_resume_info, tls_intolerant, signed_cert_timestamps,
                fallback_scsv_enabled, ocsp_response):
     self.cert_chain = tlslite.api.X509CertChain()
@@ -167,6 +167,10 @@ class HTTPSServer(tlslite.api.TLSSocketServerMixIn,
                                                implementations=['python'])
     self.ssl_client_auth = ssl_client_auth
     self.ssl_client_cas = []
+    if enable_npn:
+      self.next_protos = ['http/1.1']
+    else:
+      self.next_protos = None
     if tls_intolerant == 0:
       self.tls_intolerant = None
     else:
@@ -207,6 +211,7 @@ class HTTPSServer(tlslite.api.TLSSocketServerMixIn,
                                     reqCert=self.ssl_client_auth,
                                     settings=self.ssl_handshake_settings,
                                     reqCAs=self.ssl_client_cas,
+                                    nextProtos=self.next_protos,
                                     tlsIntolerant=self.tls_intolerant,
                                     signedCertTimestamps=
                                     self.signed_cert_timestamps,
@@ -1986,6 +1991,7 @@ class ServerRunner(testserver_base.TestServerRunner):
                              self.options.ssl_client_ca,
                              self.options.ssl_bulk_cipher,
                              self.options.ssl_key_exchange,
+                             self.options.enable_npn,
                              self.options.record_resume,
                              self.options.tls_intolerant,
                              self.options.signed_cert_timestamps_tls_ext.decode(
@@ -2182,6 +2188,13 @@ class ServerRunner(testserver_base.TestServerRunner):
                                   'option may appear multiple times, '
                                   'indicating multiple algorithms should be '
                                   'enabled.');
+    # TODO(davidben): Add ALPN support to tlslite.
+    self.option_parser.add_option('--enable-npn', dest='enable_npn',
+                                  default=False, const=True,
+                                  action='store_const',
+                                  help='Enable server support for the NPN '
+                                  'extension. The server will advertise '
+                                  'support for exactly one protocol, http/1.1')
     self.option_parser.add_option('--file-root-url', default='/files/',
                                   help='Specify a root URL for files served.')