| Index: third_party/tlslite/patches/ca_request.patch
|
| diff --git a/third_party/tlslite/patches/ca_request.patch b/third_party/tlslite/patches/ca_request.patch
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..c1270c05c02c2e94a2aaca888a328a57d7853e0b
|
| --- /dev/null
|
| +++ b/third_party/tlslite/patches/ca_request.patch
|
| @@ -0,0 +1,176 @@
|
| +Only in chromium: patches
|
| +diff -aur tlslite-0.3.8/tlslite/TLSConnection.py chromium/tlslite/TLSConnection.py
|
| +--- tlslite-0.3.8/tlslite/TLSConnection.py 2004-10-06 01:55:37.000000000 -0400
|
| ++++ chromium/tlslite/TLSConnection.py 2010-08-18 22:17:30.962786700 -0400
|
| +@@ -931,7 +931,8 @@
|
| +
|
| + def handshakeServer(self, sharedKeyDB=None, verifierDB=None,
|
| + certChain=None, privateKey=None, reqCert=False,
|
| +- sessionCache=None, settings=None, checker=None):
|
| ++ sessionCache=None, settings=None, checker=None,
|
| ++ reqCAs=None):
|
| + """Perform a handshake in the role of server.
|
| +
|
| + This function performs an SSL or TLS handshake. Depending on
|
| +@@ -997,6 +998,11 @@
|
| + invoked to examine the other party's authentication
|
| + credentials, if the handshake completes succesfully.
|
| +
|
| ++ @type reqCAs: list of L{array.array} of unsigned bytes
|
| ++ @param reqCAs: A collection of DER-encoded DistinguishedNames that
|
| ++ will be sent along with a certificate request. This does not affect
|
| ++ verification.
|
| ++
|
| + @raise socket.error: If a socket error occurs.
|
| + @raise tlslite.errors.TLSAbruptCloseError: If the socket is closed
|
| + without a preceding alert.
|
| +@@ -1006,13 +1012,14 @@
|
| + """
|
| + for result in self.handshakeServerAsync(sharedKeyDB, verifierDB,
|
| + certChain, privateKey, reqCert, sessionCache, settings,
|
| +- checker):
|
| ++ checker, reqCAs):
|
| + pass
|
| +
|
| +
|
| + def handshakeServerAsync(self, sharedKeyDB=None, verifierDB=None,
|
| + certChain=None, privateKey=None, reqCert=False,
|
| +- sessionCache=None, settings=None, checker=None):
|
| ++ sessionCache=None, settings=None, checker=None,
|
| ++ reqCAs=None):
|
| + """Start a server handshake operation on the TLS connection.
|
| +
|
| + This function returns a generator which behaves similarly to
|
| +@@ -1028,14 +1035,15 @@
|
| + sharedKeyDB=sharedKeyDB,
|
| + verifierDB=verifierDB, certChain=certChain,
|
| + privateKey=privateKey, reqCert=reqCert,
|
| +- sessionCache=sessionCache, settings=settings)
|
| ++ sessionCache=sessionCache, settings=settings,
|
| ++ reqCAs=reqCAs)
|
| + for result in self._handshakeWrapperAsync(handshaker, checker):
|
| + yield result
|
| +
|
| +
|
| + def _handshakeServerAsyncHelper(self, sharedKeyDB, verifierDB,
|
| + certChain, privateKey, reqCert, sessionCache,
|
| +- settings):
|
| ++ settings, reqCAs):
|
| +
|
| + self._handshakeStart(client=False)
|
| +
|
| +@@ -1045,6 +1053,8 @@
|
| + raise ValueError("Caller passed a certChain but no privateKey")
|
| + if privateKey and not certChain:
|
| + raise ValueError("Caller passed a privateKey but no certChain")
|
| ++ if reqCAs and not reqCert:
|
| ++ raise ValueError("Caller passed reqCAs but not reqCert")
|
| +
|
| + if not settings:
|
| + settings = HandshakeSettings()
|
| +@@ -1380,7 +1390,9 @@
|
| + msgs.append(ServerHello().create(self.version, serverRandom,
|
| + sessionID, cipherSuite, certificateType))
|
| + msgs.append(Certificate(certificateType).create(serverCertChain))
|
| +- if reqCert:
|
| ++ if reqCert and reqCAs:
|
| ++ msgs.append(CertificateRequest().create([], reqCAs))
|
| ++ elif reqCert:
|
| + msgs.append(CertificateRequest())
|
| + msgs.append(ServerHelloDone())
|
| + for result in self._sendMsgs(msgs):
|
| +diff -aur tlslite-0.3.8/tlslite/X509.py chromium/tlslite/X509.py
|
| +--- tlslite-0.3.8/tlslite/X509.py 2004-03-19 21:43:19.000000000 -0400
|
| ++++ chromium/tlslite/X509.py 2010-08-18 22:17:30.967787000 -0400
|
| +@@ -13,11 +13,15 @@
|
| +
|
| + @type publicKey: L{tlslite.utils.RSAKey.RSAKey}
|
| + @ivar publicKey: The subject public key from the certificate.
|
| ++
|
| ++ @type subject: L{array.array} of unsigned bytes
|
| ++ @ivar subject: The DER-encoded ASN.1 subject distinguished name.
|
| + """
|
| +
|
| + def __init__(self):
|
| + self.bytes = createByteArraySequence([])
|
| + self.publicKey = None
|
| ++ self.subject = None
|
| +
|
| + def parse(self, s):
|
| + """Parse a PEM-encoded X.509 certificate.
|
| +@@ -63,6 +67,10 @@
|
| + else:
|
| + subjectPublicKeyInfoIndex = 5
|
| +
|
| ++ #Get the subject
|
| ++ self.subject = tbsCertificateP.getChildBytes(\
|
| ++ subjectPublicKeyInfoIndex - 1)
|
| ++
|
| + #Get the subjectPublicKeyInfo
|
| + subjectPublicKeyInfoP = tbsCertificateP.getChild(\
|
| + subjectPublicKeyInfoIndex)
|
| +diff -aur tlslite-0.3.8/tlslite/messages.py chromium/tlslite/messages.py
|
| +--- tlslite-0.3.8/tlslite/messages.py 2004-10-06 01:01:24.000000000 -0400
|
| ++++ chromium/tlslite/messages.py 2010-08-18 22:17:30.976787500 -0400
|
| +@@ -338,8 +338,7 @@
|
| + def __init__(self):
|
| + self.contentType = ContentType.handshake
|
| + self.certificate_types = []
|
| +- #treat as opaque bytes for now
|
| +- self.certificate_authorities = createByteArraySequence([])
|
| ++ self.certificate_authorities = []
|
| +
|
| + def create(self, certificate_types, certificate_authorities):
|
| + self.certificate_types = certificate_types
|
| +@@ -349,7 +348,13 @@
|
| + def parse(self, p):
|
| + p.startLengthCheck(3)
|
| + self.certificate_types = p.getVarList(1, 1)
|
| +- self.certificate_authorities = p.getVarBytes(2)
|
| ++ ca_list_length = p.get(2)
|
| ++ index = 0
|
| ++ self.certificate_authorities = []
|
| ++ while index != ca_list_length:
|
| ++ ca_bytes = p.getVarBytes(2)
|
| ++ self.certificate_authorities.append(ca_bytes)
|
| ++ index += len(ca_bytes)+2
|
| + p.stopLengthCheck()
|
| + return self
|
| +
|
| +@@ -357,7 +362,14 @@
|
| + w = HandshakeMsg.preWrite(self, HandshakeType.certificate_request,
|
| + trial)
|
| + w.addVarSeq(self.certificate_types, 1, 1)
|
| +- w.addVarSeq(self.certificate_authorities, 1, 2)
|
| ++ caLength = 0
|
| ++ #determine length
|
| ++ for ca_dn in self.certificate_authorities:
|
| ++ caLength += len(ca_dn)+2
|
| ++ w.add(caLength, 2)
|
| ++ #add bytes
|
| ++ for ca_dn in self.certificate_authorities:
|
| ++ w.addVarSeq(ca_dn, 1, 2)
|
| + return HandshakeMsg.postWrite(self, w, trial)
|
| +
|
| + class ServerKeyExchange(HandshakeMsg):
|
| +diff -aur tlslite-0.3.8/tlslite/utils/ASN1Parser.py chromium/tlslite/utils/ASN1Parser.py
|
| +--- tlslite-0.3.8/tlslite/utils/ASN1Parser.py 2004-10-06 01:02:40.000000000 -0400
|
| ++++ chromium/tlslite/utils/ASN1Parser.py 2010-08-18 22:17:30.979787700 -0400
|
| +@@ -16,13 +16,16 @@
|
| +
|
| + #Assuming this is a sequence...
|
| + def getChild(self, which):
|
| ++ return ASN1Parser(self.getChildBytes(which))
|
| ++
|
| ++ def getChildBytes(self, which):
|
| + p = Parser(self.value)
|
| + for x in range(which+1):
|
| + markIndex = p.index
|
| + p.get(1) #skip Type
|
| + length = self._getASN1Length(p)
|
| + p.getFixBytes(length)
|
| +- return ASN1Parser(p.bytes[markIndex : p.index])
|
| ++ return p.bytes[markIndex : p.index]
|
| +
|
| + #Decode the ASN.1 DER length field
|
| + def _getASN1Length(self, p):
|
|
|
Chromium Code Reviews
Issue 3177015:
Improve support for requesting client certs in tlslite (Closed)
