commit 5fb33bd1a01fc8cdaca6b40c022d2d4a55a6667c
author bnc <bnc@chromium.org> Fri Aug 05 12:09:21 2016 -0700
committer Commit bot <commit-bot@chromium.org> Fri Aug 05 19:11:41 2016 +0000
tree ddc5566e50f7575362c750645f46b84c2b75c0c0
parent 9a07cc959c631722f8122d83a9f58e06cc15670c

Implement ALPN in tlslite.

* Update SSLClientSocketFalseStartTests to use ALPN.
* Add SSLClientSocketTest test cases for ALPN.
* Implement ALPN in tlslite.
* Plumb ALPN through SpawnedTestServer.
* Configure server ALPN for URLRequest tests so that
  connection does not fail.

Note that the ALPN implementation introduced by this CL does not conform to the
RFC: if there is no overlap between client and server supported protocols, ALPN
is ignored, whereas the specification prescribes an Alert to be sent.  This by
the way matches BoringSSL's implementation.  Also, it is simpler for tests: most
net_unittests against tlslite do not worry about the actual protocol negotiated,
and this way there is no need to configure the server ALPN list.

BUG=547867

Review-Url: https://codereview.chromium.org/2205433002
Cr-Original-Commit-Position: refs/heads/master@{#410127}
Cr-Mirrored-From: https://chromium.googlesource.com/chromium/src
Cr-Mirrored-Commit: b784c2f5e0e4041f2ccb4949c3a8b4c45a30b16c

testserver.py

diff --git a/testserver.py b/testserver.py
index 14c5abc..e8241cb 100755
--- a/testserver.py
+++ b/testserver.py
@@ -161,8 +161,8 @@
 
   def __init__(self, server_address, request_hander_class, pem_cert_and_key,
                ssl_client_auth, ssl_client_cas, ssl_client_cert_types,
-               ssl_bulk_ciphers, ssl_key_exchanges, npn_protocols,
-               record_resume_info, tls_intolerant,
+               ssl_bulk_ciphers, ssl_key_exchanges, alpn_protocols,
+               npn_protocols, record_resume_info, tls_intolerant,
                tls_intolerance_type, signed_cert_timestamps,
                fallback_scsv_enabled, ocsp_response,
                alert_after_handshake, disable_channel_id, disable_ems,
@@ -215,6 +215,7 @@
       self.ssl_handshake_settings.enableExtendedMasterSecret = False
     self.ssl_handshake_settings.supportedTokenBindingParams = \
         token_binding_params
+    self.ssl_handshake_settings.alpnProtos=alpn_protocols;
 
     if record_resume_info:
       # If record_resume_info is true then we'll replace the session cache with
@@ -1992,6 +1993,7 @@
                              self.options.ssl_client_cert_type,
                              self.options.ssl_bulk_cipher,
                              self.options.ssl_key_exchange,
+                             self.options.alpn_protocols,
                              self.options.npn_protocols,
                              self.options.record_resume,
                              self.options.tls_intolerant,
@@ -2226,9 +2228,13 @@
                                   'will be used. This option may appear '
                                   'multiple times, indicating multiple '
                                   'algorithms should be enabled.');
-    # TODO(davidben): Add ALPN support to tlslite.
+    self.option_parser.add_option('--alpn-protocols', action='append',
+                                  help='Specify the list of ALPN protocols.  '
+                                  'The server will not send an ALPN response '
+                                  'if this list does not overlap with the '
+                                  'list of protocols the client advertises.')
     self.option_parser.add_option('--npn-protocols', action='append',
-                                  help='Specify the list of protocols sent in'
+                                  help='Specify the list of protocols sent in '
                                   'an NPN response.  The server will not'
                                   'support NPN if the list is empty.')
     self.option_parser.add_option('--file-root-url', default='/files/',