Index: third_party/tlslite/patches/tls_intolerant.patch |
diff --git a/third_party/tlslite/patches/tls_intolerant.patch b/third_party/tlslite/patches/tls_intolerant.patch |
new file mode 100644 |
index 0000000000000000000000000000000000000000..506b4d3c3f26ec8a7c769485cfb5a183c869ff2c |
--- /dev/null |
+++ b/third_party/tlslite/patches/tls_intolerant.patch |
@@ -0,0 +1,60 @@ |
+diff --git a/third_party/tlslite/tlslite/TLSConnection.py b/third_party/tlslite/tlslite/TLSConnection.py |
+index 7e38a23..02c7478 100644 |
+--- a/third_party/tlslite/tlslite/TLSConnection.py |
++++ b/third_party/tlslite/tlslite/TLSConnection.py |
+@@ -932,7 +932,7 @@ class TLSConnection(TLSRecordLayer): |
+ def handshakeServer(self, sharedKeyDB=None, verifierDB=None, |
+ certChain=None, privateKey=None, reqCert=False, |
+ sessionCache=None, settings=None, checker=None, |
+- reqCAs=None): |
++ reqCAs=None, tlsIntolerant=False): |
+ """Perform a handshake in the role of server. |
+ |
+ This function performs an SSL or TLS handshake. Depending on |
+@@ -1012,14 +1012,14 @@ class TLSConnection(TLSRecordLayer): |
+ """ |
+ for result in self.handshakeServerAsync(sharedKeyDB, verifierDB, |
+ certChain, privateKey, reqCert, sessionCache, settings, |
+- checker, reqCAs): |
++ checker, reqCAs, tlsIntolerant): |
+ pass |
+ |
+ |
+ def handshakeServerAsync(self, sharedKeyDB=None, verifierDB=None, |
+ certChain=None, privateKey=None, reqCert=False, |
+ sessionCache=None, settings=None, checker=None, |
+- reqCAs=None): |
++ reqCAs=None, tlsIntolerant=False): |
+ """Start a server handshake operation on the TLS connection. |
+ |
+ This function returns a generator which behaves similarly to |
+@@ -1036,14 +1036,15 @@ class TLSConnection(TLSRecordLayer): |
+ verifierDB=verifierDB, certChain=certChain, |
+ privateKey=privateKey, reqCert=reqCert, |
+ sessionCache=sessionCache, settings=settings, |
+- reqCAs=reqCAs) |
++ reqCAs=reqCAs, |
++ tlsIntolerant=tlsIntolerant) |
+ for result in self._handshakeWrapperAsync(handshaker, checker): |
+ yield result |
+ |
+ |
+ def _handshakeServerAsyncHelper(self, sharedKeyDB, verifierDB, |
+ certChain, privateKey, reqCert, sessionCache, |
+- settings, reqCAs): |
++ settings, reqCAs, tlsIntolerant): |
+ |
+ self._handshakeStart(client=False) |
+ |
+@@ -1111,6 +1112,11 @@ class TLSConnection(TLSRecordLayer): |
+ "Too old version: %s" % str(clientHello.client_version)): |
+ yield result |
+ |
++ if tlsIntolerant and clientHello.client_version > (3, 0): |
++ for result in self._sendError(\ |
++ AlertDescription.handshake_failure): |
++ yield result |
++ |
+ #If client's version is too high, propose my highest version |
+ elif clientHello.client_version > settings.maxVersion: |
+ self.version = settings.maxVersion |