OLD | NEW |
(Empty) | |
| 1 Only in chromium: patches |
| 2 diff -aur tlslite-0.3.8/tlslite/TLSConnection.py chromium/tlslite/TLSConnection.
py |
| 3 --- tlslite-0.3.8/tlslite/TLSConnection.py 2004-10-06 01:55:37.000000000 -0
400 |
| 4 +++ chromium/tlslite/TLSConnection.py 2010-08-18 22:17:30.962786700 -0400 |
| 5 @@ -931,7 +931,8 @@ |
| 6 |
| 7 def handshakeServer(self, sharedKeyDB=None, verifierDB=None, |
| 8 certChain=None, privateKey=None, reqCert=False, |
| 9 - sessionCache=None, settings=None, checker=None): |
| 10 + sessionCache=None, settings=None, checker=None, |
| 11 + reqCAs=None): |
| 12 """Perform a handshake in the role of server. |
| 13 |
| 14 This function performs an SSL or TLS handshake. Depending on |
| 15 @@ -997,6 +998,11 @@ |
| 16 invoked to examine the other party's authentication |
| 17 credentials, if the handshake completes succesfully. |
| 18 |
| 19 + @type reqCAs: list of L{array.array} of unsigned bytes |
| 20 + @param reqCAs: A collection of DER-encoded DistinguishedNames that |
| 21 + will be sent along with a certificate request. This does not affect |
| 22 + verification. |
| 23 + |
| 24 @raise socket.error: If a socket error occurs. |
| 25 @raise tlslite.errors.TLSAbruptCloseError: If the socket is closed |
| 26 without a preceding alert. |
| 27 @@ -1006,13 +1012,14 @@ |
| 28 """ |
| 29 for result in self.handshakeServerAsync(sharedKeyDB, verifierDB, |
| 30 certChain, privateKey, reqCert, sessionCache, settings, |
| 31 - checker): |
| 32 + checker, reqCAs): |
| 33 pass |
| 34 |
| 35 |
| 36 def handshakeServerAsync(self, sharedKeyDB=None, verifierDB=None, |
| 37 certChain=None, privateKey=None, reqCert=False, |
| 38 - sessionCache=None, settings=None, checker=None): |
| 39 + sessionCache=None, settings=None, checker=None, |
| 40 + reqCAs=None): |
| 41 """Start a server handshake operation on the TLS connection. |
| 42 |
| 43 This function returns a generator which behaves similarly to |
| 44 @@ -1028,14 +1035,15 @@ |
| 45 sharedKeyDB=sharedKeyDB, |
| 46 verifierDB=verifierDB, certChain=certChain, |
| 47 privateKey=privateKey, reqCert=reqCert, |
| 48 - sessionCache=sessionCache, settings=settings) |
| 49 + sessionCache=sessionCache, settings=settings, |
| 50 + reqCAs=reqCAs) |
| 51 for result in self._handshakeWrapperAsync(handshaker, checker): |
| 52 yield result |
| 53 |
| 54 |
| 55 def _handshakeServerAsyncHelper(self, sharedKeyDB, verifierDB, |
| 56 certChain, privateKey, reqCert, sessionCache, |
| 57 - settings): |
| 58 + settings, reqCAs): |
| 59 |
| 60 self._handshakeStart(client=False) |
| 61 |
| 62 @@ -1045,6 +1053,8 @@ |
| 63 raise ValueError("Caller passed a certChain but no privateKey") |
| 64 if privateKey and not certChain: |
| 65 raise ValueError("Caller passed a privateKey but no certChain") |
| 66 + if reqCAs and not reqCert: |
| 67 + raise ValueError("Caller passed reqCAs but not reqCert") |
| 68 |
| 69 if not settings: |
| 70 settings = HandshakeSettings() |
| 71 @@ -1380,7 +1390,9 @@ |
| 72 msgs.append(ServerHello().create(self.version, serverRandom, |
| 73 sessionID, cipherSuite, certificateType)) |
| 74 msgs.append(Certificate(certificateType).create(serverCertChain)) |
| 75 - if reqCert: |
| 76 + if reqCert and reqCAs: |
| 77 + msgs.append(CertificateRequest().create([], reqCAs)) |
| 78 + elif reqCert: |
| 79 msgs.append(CertificateRequest()) |
| 80 msgs.append(ServerHelloDone()) |
| 81 for result in self._sendMsgs(msgs): |
| 82 diff -aur tlslite-0.3.8/tlslite/X509.py chromium/tlslite/X509.py |
| 83 --- tlslite-0.3.8/tlslite/X509.py 2004-03-19 21:43:19.000000000 -0400 |
| 84 +++ chromium/tlslite/X509.py 2010-08-18 22:17:30.967787000 -0400 |
| 85 @@ -13,11 +13,15 @@ |
| 86 |
| 87 @type publicKey: L{tlslite.utils.RSAKey.RSAKey} |
| 88 @ivar publicKey: The subject public key from the certificate. |
| 89 + |
| 90 + @type subject: L{array.array} of unsigned bytes |
| 91 + @ivar subject: The DER-encoded ASN.1 subject distinguished name. |
| 92 """ |
| 93 |
| 94 def __init__(self): |
| 95 self.bytes = createByteArraySequence([]) |
| 96 self.publicKey = None |
| 97 + self.subject = None |
| 98 |
| 99 def parse(self, s): |
| 100 """Parse a PEM-encoded X.509 certificate. |
| 101 @@ -63,6 +67,10 @@ |
| 102 else: |
| 103 subjectPublicKeyInfoIndex = 5 |
| 104 |
| 105 + #Get the subject |
| 106 + self.subject = tbsCertificateP.getChildBytes(\ |
| 107 + subjectPublicKeyInfoIndex - 1) |
| 108 + |
| 109 #Get the subjectPublicKeyInfo |
| 110 subjectPublicKeyInfoP = tbsCertificateP.getChild(\ |
| 111 subjectPublicKeyInfoIndex) |
| 112 diff -aur tlslite-0.3.8/tlslite/messages.py chromium/tlslite/messages.py |
| 113 --- tlslite-0.3.8/tlslite/messages.py 2004-10-06 01:01:24.000000000 -0400 |
| 114 +++ chromium/tlslite/messages.py 2010-08-18 22:17:30.976787500 -0400 |
| 115 @@ -338,8 +338,7 @@ |
| 116 def __init__(self): |
| 117 self.contentType = ContentType.handshake |
| 118 self.certificate_types = [] |
| 119 - #treat as opaque bytes for now |
| 120 - self.certificate_authorities = createByteArraySequence([]) |
| 121 + self.certificate_authorities = [] |
| 122 |
| 123 def create(self, certificate_types, certificate_authorities): |
| 124 self.certificate_types = certificate_types |
| 125 @@ -349,7 +348,13 @@ |
| 126 def parse(self, p): |
| 127 p.startLengthCheck(3) |
| 128 self.certificate_types = p.getVarList(1, 1) |
| 129 - self.certificate_authorities = p.getVarBytes(2) |
| 130 + ca_list_length = p.get(2) |
| 131 + index = 0 |
| 132 + self.certificate_authorities = [] |
| 133 + while index != ca_list_length: |
| 134 + ca_bytes = p.getVarBytes(2) |
| 135 + self.certificate_authorities.append(ca_bytes) |
| 136 + index += len(ca_bytes)+2 |
| 137 p.stopLengthCheck() |
| 138 return self |
| 139 |
| 140 @@ -357,7 +362,14 @@ |
| 141 w = HandshakeMsg.preWrite(self, HandshakeType.certificate_request, |
| 142 trial) |
| 143 w.addVarSeq(self.certificate_types, 1, 1) |
| 144 - w.addVarSeq(self.certificate_authorities, 1, 2) |
| 145 + caLength = 0 |
| 146 + #determine length |
| 147 + for ca_dn in self.certificate_authorities: |
| 148 + caLength += len(ca_dn)+2 |
| 149 + w.add(caLength, 2) |
| 150 + #add bytes |
| 151 + for ca_dn in self.certificate_authorities: |
| 152 + w.addVarSeq(ca_dn, 1, 2) |
| 153 return HandshakeMsg.postWrite(self, w, trial) |
| 154 |
| 155 class ServerKeyExchange(HandshakeMsg): |
| 156 diff -aur tlslite-0.3.8/tlslite/utils/ASN1Parser.py chromium/tlslite/utils/ASN1P
arser.py |
| 157 --- tlslite-0.3.8/tlslite/utils/ASN1Parser.py 2004-10-06 01:02:40.000000000 -0
400 |
| 158 +++ chromium/tlslite/utils/ASN1Parser.py 2010-08-18 22:17:30.979787700 -0
400 |
| 159 @@ -16,13 +16,16 @@ |
| 160 |
| 161 #Assuming this is a sequence... |
| 162 def getChild(self, which): |
| 163 + return ASN1Parser(self.getChildBytes(which)) |
| 164 + |
| 165 + def getChildBytes(self, which): |
| 166 p = Parser(self.value) |
| 167 for x in range(which+1): |
| 168 markIndex = p.index |
| 169 p.get(1) #skip Type |
| 170 length = self._getASN1Length(p) |
| 171 p.getFixBytes(length) |
| 172 - return ASN1Parser(p.bytes[markIndex : p.index]) |
| 173 + return p.bytes[markIndex : p.index] |
| 174 |
| 175 #Decode the ASN.1 DER length field |
| 176 def _getASN1Length(self, p): |
OLD | NEW |