test/with_dummyserver/test_https.py: adding intermediate CA client certificate tests

2 files changed, 21 insertions, 0 deletions

diff --git a/dummyserver/handlers.py b/dummyserver/handlers.py
index b91fe721..e133e36e 100644
--- a/dummyserver/handlers.py
+++ b/dummyserver/handlers.py
@@ -106,6 +106,12 @@ class TestingApp(RequestHandler):
         "Render simple message"
         return Response("Dummy server!")
 
+    def certificate(self, request):
+        """Return the requester's certificate."""
+        cert = request.get_ssl_certificate()
+        serial = cert['serialNumber'].strip() if cert is not None else None
+        return Response(str(serial))
+
     def source_address(self, request):
         """Return the requester's IP address."""
         return Response(request.remote_ip)
diff --git a/dummyserver/server.py b/dummyserver/server.py
index 29247a6d..530afe9a 100755
--- a/dummyserver/server.py
+++ b/dummyserver/server.py
@@ -16,6 +16,11 @@ import socket
 import warnings
 from datetime import datetime
 
+try:
+    from ssl import CERT_OPTIONAL
+except:
+    CERT_OPTIONAL = None
+
 from urllib3.exceptions import HTTPWarning
 
 from tornado.platform.auto import set_close_exec
@@ -30,6 +35,16 @@ CERTS_PATH = os.path.join(os.path.dirname(__file__), 'certs')
 DEFAULT_CERTS = {
     'certfile': os.path.join(CERTS_PATH, 'server.crt'),
     'keyfile': os.path.join(CERTS_PATH, 'server.key'),
+    'cert_reqs': CERT_OPTIONAL,
+    'ca_certs': os.path.join(CERTS_PATH, 'cacert.pem'),
+}
+DEFAULT_CLIENT_CERTS = {
+    'certfile': os.path.join(CERTS_PATH, 'client_intermediate.pem'),
+    'keyfile': os.path.join(CERTS_PATH, 'client_intermediate.key'),
+}
+DEFAULT_CLIENT_NO_INTERMEDIATE_CERTS = {
+    'certfile': os.path.join(CERTS_PATH, 'client_no_intermediate.pem'),
+    'keyfile': os.path.join(CERTS_PATH, 'client_intermediate.key'),
 }
 NO_SAN_CERTS = {
     'certfile': os.path.join(CERTS_PATH, 'server.no_san.crt'),