Reintegrate certificate selection in HttpNetworkTransaction DoLoop

third_party/tlslite/patches/send_certificate_types.patch

Index: third_party/tlslite/patches/send_certificate_types.patch
diff --git a/third_party/tlslite/patches/send_certificate_types.patch b/third_party/tlslite/patches/send_certificate_types.patch
new file mode 100644
index 0000000000000000000000000000000000000000..14b293587f830a6849c8c07776aef1270e87eea2
--- /dev/null
+++ b/third_party/tlslite/patches/send_certificate_types.patch
@@ -0,0 +1,32 @@
+diff --git a/tlslite/constants.py b/tlslite/constants.py
+index 8f2d559..04302c0 100644
+--- a/tlslite/constants.py
++++ b/tlslite/constants.py
+@@ -5,6 +5,12 @@ class CertificateType:
+     openpgp = 1
+     cryptoID = 2
+ 
++class ClientCertificateType:
++    rsa_sign = 1
++    dss_sign = 2
++    rsa_fixed_dh = 3
++    dss_fixed_dh = 4
++
+ class HandshakeType:
+     hello_request = 0
+     client_hello = 1
+diff --git a/tlslite/messages.py b/tlslite/messages.py
+index 06c46b9..8bcec2c 100644
+--- a/tlslite/messages.py
++++ b/tlslite/messages.py
+@@ -346,7 +346,9 @@ class Certificate(HandshakeMsg):
+ class CertificateRequest(HandshakeMsg):
+     def __init__(self):
+         self.contentType = ContentType.handshake
+-        self.certificate_types = []
++        #Apple's implementation rejects empty certificate_types, so
++        #default to rsa_sign.
++        self.certificate_types = [ClientCertificateType.rsa_sign]
+         #treat as opaque bytes for now
+         self.certificate_authorities = createByteArraySequence([])
+