Index: third_party/tlslite/patches/send_certificate_types.patch |
diff --git a/third_party/tlslite/patches/send_certificate_types.patch b/third_party/tlslite/patches/send_certificate_types.patch |
new file mode 100644 |
index 0000000000000000000000000000000000000000..14b293587f830a6849c8c07776aef1270e87eea2 |
--- /dev/null |
+++ b/third_party/tlslite/patches/send_certificate_types.patch |
@@ -0,0 +1,32 @@ |
+diff --git a/tlslite/constants.py b/tlslite/constants.py |
+index 8f2d559..04302c0 100644 |
+--- a/tlslite/constants.py |
++++ b/tlslite/constants.py |
+@@ -5,6 +5,12 @@ class CertificateType: |
+ openpgp = 1 |
+ cryptoID = 2 |
+ |
++class ClientCertificateType: |
++ rsa_sign = 1 |
++ dss_sign = 2 |
++ rsa_fixed_dh = 3 |
++ dss_fixed_dh = 4 |
++ |
+ class HandshakeType: |
+ hello_request = 0 |
+ client_hello = 1 |
+diff --git a/tlslite/messages.py b/tlslite/messages.py |
+index 06c46b9..8bcec2c 100644 |
+--- a/tlslite/messages.py |
++++ b/tlslite/messages.py |
+@@ -346,7 +346,9 @@ class Certificate(HandshakeMsg): |
+ class CertificateRequest(HandshakeMsg): |
+ def __init__(self): |
+ self.contentType = ContentType.handshake |
+- self.certificate_types = [] |
++ #Apple's implementation rejects empty certificate_types, so |
++ #default to rsa_sign. |
++ self.certificate_types = [ClientCertificateType.rsa_sign] |
+ #treat as opaque bytes for now |
+ self.certificate_authorities = createByteArraySequence([]) |
+ |