def _get_ssl_options(self, scheme): options = super(_HTTP2ClientConnection, self)._get_ssl_options(scheme) if options is not None: if isinstance(options, dict): options = ssl_options_to_context(options) options.set_alpn_protocols([constants.HTTP2_TLS]) return options
def _make_server_iostream(self, connection, **kwargs): ssl_ctx = ssl_options_to_context(_server_ssl_options(), server_side=True) connection = ssl_ctx.wrap_socket( connection, server_side=True, do_handshake_on_connect=False, ) return SSLIOStream(connection, **kwargs)
def initialize(self, request_callback, ssl_options=None, **kwargs): if ssl_options is not None: if isinstance(ssl_options, dict): if 'certfile' not in ssl_options: raise KeyError('missing key "certfile" in ssl_options') ssl_options = ssl_options_to_context(ssl_options) ssl_options.set_alpn_protocols([constants.HTTP2_TLS]) # TODO: add h2-specific parameters like frame size instead of header size. self.http2_params = Params( max_header_size=kwargs.get('max_header_size'), decompress=kwargs.get('decompress_request', False), ) super(Server, self).initialize( request_callback, ssl_options=ssl_options, **kwargs)
def _get_ssl_options(cls, cert_options): ssl_options = {} if cert_options['validate_cert']: ssl_options["cert_reqs"] = ssl.CERT_REQUIRED if cert_options['ca_certs'] is not None: ssl_options["ca_certs"] = cert_options['ca_certs'] else: ssl_options["ca_certs"] = simple_httpclient._default_ca_certs() if cert_options['client_key'] is not None: ssl_options["keyfile"] = cert_options['client_key'] if cert_options['client_cert'] is not None: ssl_options["certfile"] = cert_options['client_cert'] # according to REC 7540: # deployments of HTTP/2 that use TLS 1.2 MUST # support TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ssl_options["ciphers"] = "ECDH+AESGCM" ssl_options["ssl_version"] = ssl.PROTOCOL_TLSv1_2 ssl_options = netutil.ssl_options_to_context(ssl_options) ssl_options.set_alpn_protocols(['h2']) return ssl_options
def _get_ssl_options(cls, cert_options): ssl_options = {} if cert_options["validate_cert"]: ssl_options["cert_reqs"] = ssl.CERT_REQUIRED if cert_options["ca_certs"] is not None: ssl_options["ca_certs"] = cert_options["ca_certs"] else: ssl_options["ca_certs"] = simple_httpclient._default_ca_certs() if cert_options["client_key"] is not None: ssl_options["keyfile"] = cert_options["client_key"] if cert_options["client_cert"] is not None: ssl_options["certfile"] = cert_options["client_cert"] # according to REC 7540: # deployments of HTTP/2 that use TLS 1.2 MUST # support TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ssl_options["ciphers"] = "ECDH+AESGCM" ssl_options["ssl_version"] = ssl.PROTOCOL_TLSv1_2 ssl_options = netutil.ssl_options_to_context(ssl_options) ssl_options.set_alpn_protocols(["h2"]) return ssl_options
def get_ssl_options(self): context = ssl_options_to_context( AsyncHTTPSTestCase.get_ssl_options(self)) assert isinstance(context, ssl.SSLContext) return context