def _get_ssl_options(self, scheme):
options = super(_HTTP2ClientConnection, self)._get_ssl_options(scheme)
if options is not None:
if isinstance(options, dict):
options = ssl_options_to_context(options)
options.set_alpn_protocols([constants.HTTP2_TLS])
return options
def _make_server_iostream(self, connection, **kwargs):
ssl_ctx = ssl_options_to_context(_server_ssl_options(),
server_side=True)
connection = ssl_ctx.wrap_socket(
connection,
server_side=True,
do_handshake_on_connect=False,
)
return SSLIOStream(connection, **kwargs)
def initialize(self, request_callback, ssl_options=None, **kwargs):
if ssl_options is not None:
if isinstance(ssl_options, dict):
if 'certfile' not in ssl_options:
raise KeyError('missing key "certfile" in ssl_options')
ssl_options = ssl_options_to_context(ssl_options)
ssl_options.set_alpn_protocols([constants.HTTP2_TLS])
# TODO: add h2-specific parameters like frame size instead of header size.
self.http2_params = Params(
max_header_size=kwargs.get('max_header_size'),
decompress=kwargs.get('decompress_request', False),
)
super(Server, self).initialize(
request_callback, ssl_options=ssl_options, **kwargs)
def _get_ssl_options(cls, cert_options):
ssl_options = {}
if cert_options['validate_cert']:
ssl_options["cert_reqs"] = ssl.CERT_REQUIRED
if cert_options['ca_certs'] is not None:
ssl_options["ca_certs"] = cert_options['ca_certs']
else:
ssl_options["ca_certs"] = simple_httpclient._default_ca_certs()
if cert_options['client_key'] is not None:
ssl_options["keyfile"] = cert_options['client_key']
if cert_options['client_cert'] is not None:
ssl_options["certfile"] = cert_options['client_cert']
# according to REC 7540:
# deployments of HTTP/2 that use TLS 1.2 MUST
# support TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
ssl_options["ciphers"] = "ECDH+AESGCM"
ssl_options["ssl_version"] = ssl.PROTOCOL_TLSv1_2
ssl_options = netutil.ssl_options_to_context(ssl_options)
ssl_options.set_alpn_protocols(['h2'])
return ssl_options
def _get_ssl_options(cls, cert_options):
ssl_options = {}
if cert_options["validate_cert"]:
ssl_options["cert_reqs"] = ssl.CERT_REQUIRED
if cert_options["ca_certs"] is not None:
ssl_options["ca_certs"] = cert_options["ca_certs"]
else:
ssl_options["ca_certs"] = simple_httpclient._default_ca_certs()
if cert_options["client_key"] is not None:
ssl_options["keyfile"] = cert_options["client_key"]
if cert_options["client_cert"] is not None:
ssl_options["certfile"] = cert_options["client_cert"]
# according to REC 7540:
# deployments of HTTP/2 that use TLS 1.2 MUST
# support TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
ssl_options["ciphers"] = "ECDH+AESGCM"
ssl_options["ssl_version"] = ssl.PROTOCOL_TLSv1_2
ssl_options = netutil.ssl_options_to_context(ssl_options)
ssl_options.set_alpn_protocols(["h2"])
return ssl_options
def get_ssl_options(self):
context = ssl_options_to_context(
AsyncHTTPSTestCase.get_ssl_options(self))
assert isinstance(context, ssl.SSLContext)
return context
def get_ssl_options(self):
context = ssl_options_to_context(
AsyncHTTPSTestCase.get_ssl_options(self))
assert isinstance(context, ssl.SSLContext)
return context
