| Index: third_party/tlslite/tlslite/TLSConnection.py
|
| diff --git a/third_party/tlslite/tlslite/TLSConnection.py b/third_party/tlslite/tlslite/TLSConnection.py
|
| index 94ee5eb7bf3e3b8a1ff5118dcf18e449c39f08fc..e6ce1870de4781f627dc761c517f735f2ff5da99 100644
|
| --- a/third_party/tlslite/tlslite/TLSConnection.py
|
| +++ b/third_party/tlslite/tlslite/TLSConnection.py
|
| @@ -937,8 +937,8 @@
|
| certChain=None, privateKey=None, reqCert=False,
|
| sessionCache=None, settings=None, checker=None,
|
| reqCAs=None, tlsIntolerant=0,
|
| - signedCertTimestamps=None, fallbackSCSV=False,
|
| - ocspResponse=None):
|
| + signedCertTimestamps=None,
|
| + fallbackSCSV=False):
|
| """Perform a handshake in the role of server.
|
|
|
| This function performs an SSL or TLS handshake. Depending on
|
| @@ -1013,16 +1013,6 @@
|
| @param signedCertTimestamps: A SignedCertificateTimestampList (as a
|
| binary 8-bit string) that will be sent as a TLS extension whenever
|
| the client announces support for the extension.
|
| -
|
| - @type ocspResponse: str
|
| - @param ocspResponse: An OCSP response (as a binary 8-bit string) that
|
| - will be sent stapled in the handshake whenever the client announces
|
| - support for the status_request extension.
|
| - Note that the response is sent independent of the ClientHello
|
| - status_request extension contents, and is thus only meant for testing
|
| - environments. Real OCSP stapling is more complicated as it requires
|
| - choosing a suitable response based on the ClientHello status_request
|
| - extension contents.
|
|
|
| @raise socket.error: If a socket error occurs.
|
| @raise tlslite.errors.TLSAbruptCloseError: If the socket is closed
|
| @@ -1034,7 +1024,7 @@
|
| for result in self.handshakeServerAsync(sharedKeyDB, verifierDB,
|
| certChain, privateKey, reqCert, sessionCache, settings,
|
| checker, reqCAs, tlsIntolerant, signedCertTimestamps,
|
| - fallbackSCSV, ocspResponse):
|
| + fallbackSCSV):
|
| pass
|
|
|
|
|
| @@ -1043,7 +1033,7 @@
|
| sessionCache=None, settings=None, checker=None,
|
| reqCAs=None, tlsIntolerant=0,
|
| signedCertTimestamps=None,
|
| - fallbackSCSV=False, ocspResponse=None):
|
| + fallbackSCSV=False):
|
| """Start a server handshake operation on the TLS connection.
|
|
|
| This function returns a generator which behaves similarly to
|
| @@ -1063,8 +1053,7 @@
|
| reqCAs=reqCAs,
|
| tlsIntolerant=tlsIntolerant,
|
| signedCertTimestamps=signedCertTimestamps,
|
| - fallbackSCSV=fallbackSCSV, ocspResponse=ocspResponse)
|
| -
|
| + fallbackSCSV=fallbackSCSV)
|
| for result in self._handshakeWrapperAsync(handshaker, checker):
|
| yield result
|
|
|
| @@ -1073,7 +1062,7 @@
|
| certChain, privateKey, reqCert,
|
| sessionCache, settings, reqCAs,
|
| tlsIntolerant, signedCertTimestamps,
|
| - fallbackSCSV, ocspResponse):
|
| + fallbackSCSV):
|
|
|
| self._handshakeStart(client=False)
|
|
|
| @@ -1450,14 +1439,10 @@
|
| sessionID, cipherSuite, certificateType)
|
| serverHello.channel_id = clientHello.channel_id
|
| if clientHello.support_signed_cert_timestamps:
|
| - serverHello.signed_cert_timestamps = signedCertTimestamps
|
| - serverHello.status_request = (clientHello.status_request and
|
| - ocspResponse)
|
| + serverHello.signed_cert_timestamps = signedCertTimestamps
|
| doingChannelID = clientHello.channel_id
|
| msgs.append(serverHello)
|
| msgs.append(Certificate(certificateType).create(serverCertChain))
|
| - if serverHello.status_request:
|
| - msgs.append(CertificateStatus().create(ocspResponse))
|
| if reqCert and reqCAs:
|
| msgs.append(CertificateRequest().create([], reqCAs))
|
| elif reqCert:
|
|
|
Chromium Code Reviews
Issue 108113006:
Revert of Extract Certificate Transparency SCTs from stapled OCSP responses (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@extract_scts