| Index: third_party/tlslite/tlslite/messages.py
|
| diff --git a/third_party/tlslite/tlslite/messages.py b/third_party/tlslite/tlslite/messages.py
|
| index 497ef6048df786d96f62b317c24e933019f35219..296f422b33743cff288a39fbdf3ea567a2337340 100644
|
| --- a/third_party/tlslite/tlslite/messages.py
|
| +++ b/third_party/tlslite/tlslite/messages.py
|
| @@ -132,7 +132,6 @@
|
| self.srp_username = None # a string
|
| self.channel_id = False
|
| self.support_signed_cert_timestamps = False
|
| - self.status_request = False
|
|
|
| def create(self, version, random, session_id, cipher_suites,
|
| certificate_types=None, srp_username=None):
|
| @@ -183,19 +182,6 @@
|
| if extLength:
|
| raise SyntaxError()
|
| self.support_signed_cert_timestamps = True
|
| - elif extType == ExtensionType.status_request:
|
| - # Extension contents are currently ignored.
|
| - # According to RFC 6066, this is not strictly forbidden
|
| - # (although it is suboptimal):
|
| - # Servers that receive a client hello containing the
|
| - # "status_request" extension MAY return a suitable
|
| - # certificate status response to the client along with
|
| - # their certificate. If OCSP is requested, they
|
| - # SHOULD use the information contained in the extension
|
| - # when selecting an OCSP responder and SHOULD include
|
| - # request_extensions in the OCSP request.
|
| - p.getFixBytes(extLength)
|
| - self.status_request = True
|
| else:
|
| p.getFixBytes(extLength)
|
| soFar += 4 + extLength
|
| @@ -244,7 +230,6 @@
|
| self.compression_method = 0
|
| self.channel_id = False
|
| self.signed_cert_timestamps = None
|
| - self.status_request = False
|
|
|
| def create(self, version, random, session_id, cipher_suite,
|
| certificate_type):
|
| @@ -297,9 +282,6 @@
|
| if self.signed_cert_timestamps:
|
| extLength += 4 + len(self.signed_cert_timestamps)
|
|
|
| - if self.status_request:
|
| - extLength += 4
|
| -
|
| if extLength != 0:
|
| w.add(extLength, 2)
|
|
|
| @@ -316,10 +298,6 @@
|
| if self.signed_cert_timestamps:
|
| w.add(ExtensionType.signed_cert_timestamps, 2)
|
| w.addVarSeq(stringToBytes(self.signed_cert_timestamps), 1, 2)
|
| -
|
| - if self.status_request:
|
| - w.add(ExtensionType.status_request, 2)
|
| - w.add(0, 2)
|
|
|
| return HandshakeMsg.postWrite(self, w, trial)
|
|
|
| @@ -389,37 +367,6 @@
|
| raise AssertionError()
|
| return HandshakeMsg.postWrite(self, w, trial)
|
|
|
| -class CertificateStatus(HandshakeMsg):
|
| - def __init__(self):
|
| - self.contentType = ContentType.handshake
|
| -
|
| - def create(self, ocsp_response):
|
| - self.ocsp_response = ocsp_response
|
| - return self
|
| -
|
| - # Defined for the sake of completeness, even though we currently only
|
| - # support sending the status message (server-side), not requesting
|
| - # or receiving it (client-side).
|
| - def parse(self, p):
|
| - p.startLengthCheck(3)
|
| - status_type = p.get(1)
|
| - # Only one type is specified, so hardwire it.
|
| - if status_type != CertificateStatusType.ocsp:
|
| - raise SyntaxError()
|
| - ocsp_response = p.getVarBytes(3)
|
| - if not ocsp_response:
|
| - # Can't be empty
|
| - raise SyntaxError()
|
| - self.ocsp_response = ocsp_response
|
| - return self
|
| -
|
| - def write(self, trial=False):
|
| - w = HandshakeMsg.preWrite(self, HandshakeType.certificate_status,
|
| - trial)
|
| - w.add(CertificateStatusType.ocsp, 1)
|
| - w.addVarSeq(stringToBytes(self.ocsp_response), 1, 3)
|
| - return HandshakeMsg.postWrite(self, w, trial)
|
| -
|
| class CertificateRequest(HandshakeMsg):
|
| def __init__(self):
|
| self.contentType = ContentType.handshake
|
|
|
Chromium Code Reviews
Issue 108113006:
Revert of Extract Certificate Transparency SCTs from stapled OCSP responses (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@extract_scts