Index: third_party/tlslite/tlslite/TLSConnection.py |
diff --git a/third_party/tlslite/tlslite/TLSConnection.py b/third_party/tlslite/tlslite/TLSConnection.py |
index d125f8f0a40f3ec2b01cdbeee63e0905416ea27f..7e38a2326877d69411eb449c87f7062fa751f958 100644 |
--- a/third_party/tlslite/tlslite/TLSConnection.py |
+++ b/third_party/tlslite/tlslite/TLSConnection.py |
@@ -931,7 +931,8 @@ class TLSConnection(TLSRecordLayer): |
def handshakeServer(self, sharedKeyDB=None, verifierDB=None, |
certChain=None, privateKey=None, reqCert=False, |
- sessionCache=None, settings=None, checker=None): |
+ sessionCache=None, settings=None, checker=None, |
+ reqCAs=None): |
"""Perform a handshake in the role of server. |
This function performs an SSL or TLS handshake. Depending on |
@@ -997,6 +998,11 @@ class TLSConnection(TLSRecordLayer): |
invoked to examine the other party's authentication |
credentials, if the handshake completes succesfully. |
+ @type reqCAs: list of L{array.array} of unsigned bytes |
+ @param reqCAs: A collection of DER-encoded DistinguishedNames that |
+ will be sent along with a certificate request. This does not affect |
+ verification. |
+ |
@raise socket.error: If a socket error occurs. |
@raise tlslite.errors.TLSAbruptCloseError: If the socket is closed |
without a preceding alert. |
@@ -1006,13 +1012,14 @@ class TLSConnection(TLSRecordLayer): |
""" |
for result in self.handshakeServerAsync(sharedKeyDB, verifierDB, |
certChain, privateKey, reqCert, sessionCache, settings, |
- checker): |
+ checker, reqCAs): |
pass |
def handshakeServerAsync(self, sharedKeyDB=None, verifierDB=None, |
certChain=None, privateKey=None, reqCert=False, |
- sessionCache=None, settings=None, checker=None): |
+ sessionCache=None, settings=None, checker=None, |
+ reqCAs=None): |
"""Start a server handshake operation on the TLS connection. |
This function returns a generator which behaves similarly to |
@@ -1028,14 +1035,15 @@ class TLSConnection(TLSRecordLayer): |
sharedKeyDB=sharedKeyDB, |
verifierDB=verifierDB, certChain=certChain, |
privateKey=privateKey, reqCert=reqCert, |
- sessionCache=sessionCache, settings=settings) |
+ sessionCache=sessionCache, settings=settings, |
+ reqCAs=reqCAs) |
for result in self._handshakeWrapperAsync(handshaker, checker): |
yield result |
def _handshakeServerAsyncHelper(self, sharedKeyDB, verifierDB, |
certChain, privateKey, reqCert, sessionCache, |
- settings): |
+ settings, reqCAs): |
self._handshakeStart(client=False) |
@@ -1045,6 +1053,8 @@ class TLSConnection(TLSRecordLayer): |
raise ValueError("Caller passed a certChain but no privateKey") |
if privateKey and not certChain: |
raise ValueError("Caller passed a privateKey but no certChain") |
+ if reqCAs and not reqCert: |
+ raise ValueError("Caller passed reqCAs but not reqCert") |
if not settings: |
settings = HandshakeSettings() |
@@ -1380,7 +1390,9 @@ class TLSConnection(TLSRecordLayer): |
msgs.append(ServerHello().create(self.version, serverRandom, |
sessionID, cipherSuite, certificateType)) |
msgs.append(Certificate(certificateType).create(serverCertChain)) |
- if reqCert: |
+ if reqCert and reqCAs: |
+ msgs.append(CertificateRequest().create([], reqCAs)) |
+ elif reqCert: |
msgs.append(CertificateRequest()) |
msgs.append(ServerHelloDone()) |
for result in self._sendMsgs(msgs): |