Move https.http_server's serve(...) function to to module top level

[jviide]

This pull request is a potential fix for #196.

trytls.bundles.https.http_server uses the multiprocessing module to run the HTTPS server in its own subprocess. On Unix systems the multiprocessing module creates subprocesses by forking. On Windows subprocesses get spawned, which requires the multiprocessing.Process target to be picklable.

The multiprocessing.Process target serve was previously defined inside http_server's scope, which made serve unpicklable. The changes in this pull request make serve picklable by moving it to the module top level and renames it to _serve to signal that it's meant for internal use.

[jviide]

I managed to reproduce #196 by forcing the multiprocessing start method to spawn on a non-Windows setup. However if someone has an actual Windows setup on which to test this it would be great 👍

[jrave]

Seems to be working now:

C:\Users\Johannes\Documents\projects\trytls>trytls https python stubs\python3-urllib\run.py
platform: Windows
runner: trytls 0.2.1 (CPython 3.5.2, OpenSSL 1.0.2h)
stub: python 'stubs\python3-urllib\run.py'
 PASS valid certificate Common Name [accept domain-match.badtls.io:10000]
 PASS valid wildcard certificate Common Name [accept wildcard-match.badtls.io:10001]
 PASS support for Subject Alternative Name (SAN) [accept san-match.badtls.io:10002]
 PASS TLS handshake with 1024 bit Diffie-Hellman (DH) [accept dh1024.badtls.io:10005]
 PASS certificate expired in year 1963 [reject expired-1963.badtls.io:11000]
 PASS certificate validity starts in future [reject future.badtls.io:11001]
 PASS mismatch in certificate's Common Name [reject domain-mismatch.badtls.io:11002]
 PASS Subject Alternative Name (SAN) mismatch [reject san-mismatch.badtls.io:11003]
 FAIL MD5 signature algorithm [reject weak-sig.badtls.io:11004]
 PASS certificate has invalid key usage for HTTPS connection [reject bad-key-usage.badtls.io:11005]
 PASS expired certificate [reject expired.badtls.io:11006]
 PASS invalid wildcard certificate Common Name [reject wildcard.mismatch.badtls.io:11007]
 PASS supports RC4 ciphers [reject rc4.badtls.io:11008]
 PASS supports RC4 with MD5 ciphers [reject rc4-md5.badtls.io:11009]
 PASS support for TLS server name indication (SNI) [accept badssl.com:443]
 PASS expired certificate [reject expired.badssl.com:443]
 PASS wrong hostname in certificate [reject wrong.host.badssl.com:443]
 PASS self-signed certificate [reject self-signed.badssl.com:443]
 PASS SHA-256 signature [accept sha256.badssl.com:443]
 PASS 1000 subjectAltNames [accept 1000-sans.badssl.com:443]
 PASS incomplete chain of trust [reject incomplete-chain.badssl.com:443]
 PASS Superfish CA [reject superfish.badssl.com:443]
 PASS eDellRoot CA [reject edellroot.badssl.com:443]
 PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443]
 PASS protect against Apple's TLS vulnerability CVE-2014-1266 [reject www.ssllabs.com:10443]
 PASS protect against the FREAK attack [reject www.ssllabs.com:10444]
 PASS protect against the Logjam attack [reject www.ssllabs.com:10445]
 PASS protect against FREAK attack (test server 1) [reject cve.freakattack.com:443]
 PASS protect against FREAK attack (test server 2) [reject cve2.freakattack.com:443]
 PASS protection against POODLE attack [reject sslv3.dshield.org:443]
 PASS eDellRoot CA #2 [reject badcert-edell.tlsfun.de:443]
 PASS valid localhost certificate [accept localhost:60228]
 PASS invalid localhost certificate [reject localhost:60239]
 PASS use only the given CA bundle, not system's [reject sha256.badssl.com:443]

Thanks for the quick fix 👍

[oherrala]

looks good to me.

[ikisusi]

Tested on the Windows 10. The original issue #196 appears to be fixed. However there was something strange with the openssl install I had in the localhost tests. See the paste below. I will merge this since this fixes the original issue and ignore the openssl issue for now.

> C:\tools\python\Scripts\trytls https C:\tools\python2\python.exe .\stubs\python-urllib2\run.py
platform: Windows
runner: trytls 0.2.1 (CPython 3.4.1, OpenSSL 1.0.2h)
stub: 'C:\tools\python2\python.exe' '.\stubs\python-urllib2\run.py'
 PASS valid certificate Common Name [accept domain-match.badtls.io:10000]
 PASS valid wildcard certificate Common Name [accept wildcard-match.badtls.io:10001]
 PASS support for Subject Alternative Name (SAN) [accept san-match.badtls.io:10002]
 PASS TLS handshake with 1024 bit Diffie-Hellman (DH) [accept dh1024.badtls.io:10005]
 PASS certificate expired in year 1963 [reject expired-1963.badtls.io:11000]
 PASS certificate validity starts in future [reject future.badtls.io:11001]
 PASS mismatch in certificate's Common Name [reject domain-mismatch.badtls.io:11002]
 PASS Subject Alternative Name (SAN) mismatch [reject san-mismatch.badtls.io:11003]
 FAIL MD5 signature algorithm [reject weak-sig.badtls.io:11004]
 PASS certificate has invalid key usage for HTTPS connection [reject bad-key-usage.badtls.io:11005]
 PASS expired certificate [reject expired.badtls.io:11006]
 PASS invalid wildcard certificate Common Name [reject wildcard.mismatch.badtls.io:11007]
 PASS supports RC4 ciphers [reject rc4.badtls.io:11008]
 PASS supports RC4 with MD5 ciphers [reject rc4-md5.badtls.io:11009]
 PASS support for TLS server name indication (SNI) [accept badssl.com:443]
 PASS expired certificate [reject expired.badssl.com:443]
 PASS wrong hostname in certificate [reject wrong.host.badssl.com:443]
 PASS self-signed certificate [reject self-signed.badssl.com:443]
 PASS SHA-256 signature [accept sha256.badssl.com:443]
 PASS 1000 subjectAltNames [accept 1000-sans.badssl.com:443]
 PASS incomplete chain of trust [reject incomplete-chain.badssl.com:443]
 PASS Superfish CA [reject superfish.badssl.com:443]
 PASS eDellRoot CA [reject edellroot.badssl.com:443]
 PASS DSDTestProvider CA [reject dsdtestprovider.badssl.com:443]
 PASS protect against Apple's TLS vulnerability CVE-2014-1266 [reject www.ssllabs.com:10443]
 PASS protect against the FREAK attack [reject www.ssllabs.com:10444]
 PASS protect against the Logjam attack [reject www.ssllabs.com:10445]
 PASS protect against FREAK attack (test server 1) [reject cve.freakattack.com:443]
 PASS protect against FREAK attack (test server 2) [reject cve2.freakattack.com:443]
 PASS protection against POODLE attack [reject sslv3.dshield.org:443]
 PASS eDellRoot CA #2 [reject badcert-edell.tlsfun.de:443]
Traceback (most recent call last):
  File "C:\tools\python\Scripts\trytls-script.py", line 9, in <module>
    load_entry_point('trytls==0.2.1', 'console_scripts', 'trytls')()
  File "C:\tools\python\lib\site-packages\trytls\runner.py", line 249, in main
    if not run(command, bundle):
  File "C:\tools\python\lib\site-packages\trytls\runner.py", line 200, in run
    for test, res in collect(args, tests):
  File "C:\tools\python\lib\site-packages\trytls\runner.py", line 108, in collect
    with env() as test:
  File "C:\tools\python\lib\contextlib.py", line 59, in __enter__
    return next(self.gen)
  File "C:\tools\python\lib\site-packages\trytls\bundles\https.py", line 230, in local
    certdata, keydata, cadata = gencert(cn)
  File "C:\tools\python\lib\site-packages\trytls\gencert.py", line 51, in gencert
    ca_data = openssl(["req", "-new", "-key", ca_keyfile, "-x509", "-subj", "/O=Fake Certificate Authority"])
  File "C:\tools\python\lib\site-packages\trytls\gencert.py", line 25, in openssl
    raise RuntimeError()
RuntimeError