Index: third_party/tlslite/tlslite/tlsconnection.py |
diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/tlslite/tlsconnection.py |
index dfac274b6e939f631db5099046c9b8f89838b60a..231ba15a28a8ae9e019f84510e53b96cb8e89d17 100644 |
--- a/third_party/tlslite/tlslite/tlsconnection.py |
+++ b/third_party/tlslite/tlslite/tlsconnection.py |
@@ -981,7 +981,8 @@ class TLSConnection(TLSRecordLayer): |
masterSecret = calcMasterSecret(self.version, |
premasterSecret, |
clientRandom, |
- serverRandom) |
+ serverRandom, |
+ b"", False) |
verifyBytes = self._calcSSLHandshakeHash(masterSecret, b"") |
elif self.version in ((3,1), (3,2)): |
verifyBytes = self._handshake_md5.digest() + \ |
@@ -1036,7 +1037,7 @@ class TLSConnection(TLSRecordLayer): |
cipherSuite, cipherImplementations, nextProto): |
masterSecret = calcMasterSecret(self.version, premasterSecret, |
- clientRandom, serverRandom) |
+ clientRandom, serverRandom, b"", False) |
self._calcPendingStates(cipherSuite, masterSecret, |
clientRandom, serverRandom, |
cipherImplementations) |
@@ -1326,6 +1327,9 @@ class TLSConnection(TLSRecordLayer): |
cipherSuite, CertificateType.x509, tackExt, |
nextProtos) |
serverHello.channel_id = clientHello.channel_id |
+ serverHello.extended_master_secret = \ |
+ clientHello.extended_master_secret and \ |
+ settings.enableExtendedMasterSecret |
if clientHello.support_signed_cert_timestamps: |
serverHello.signed_cert_timestamps = signedCertTimestamps |
if clientHello.status_request: |
@@ -1383,7 +1387,8 @@ class TLSConnection(TLSRecordLayer): |
for result in self._serverFinished(premasterSecret, |
clientHello.random, serverHello.random, |
cipherSuite, settings.cipherImplementations, |
- nextProtos, clientHello.channel_id): |
+ nextProtos, clientHello.channel_id, |
+ serverHello.extended_master_secret): |
if result in (0,1): yield result |
else: break |
masterSecret = result |
@@ -1523,6 +1528,9 @@ class TLSConnection(TLSRecordLayer): |
serverHello.create(self.version, getRandomBytes(32), |
session.sessionID, session.cipherSuite, |
CertificateType.x509, None, None) |
+ serverHello.extended_master_secret = \ |
+ clientHello.extended_master_secret and \ |
+ settings.enableExtendedMasterSecret |
for result in self._sendMsg(serverHello): |
yield result |
@@ -1743,7 +1751,8 @@ class TLSConnection(TLSRecordLayer): |
if clientCertChain: |
if self.version == (3,0): |
masterSecret = calcMasterSecret(self.version, premasterSecret, |
- clientHello.random, serverHello.random) |
+ clientHello.random, serverHello.random, |
+ b"", False) |
verifyBytes = self._calcSSLHandshakeHash(masterSecret, b"") |
elif self.version in ((3,1), (3,2)): |
verifyBytes = self._handshake_md5.digest() + \ |
@@ -1827,9 +1836,11 @@ class TLSConnection(TLSRecordLayer): |
def _serverFinished(self, premasterSecret, clientRandom, serverRandom, |
cipherSuite, cipherImplementations, nextProtos, |
- doingChannelID): |
+ doingChannelID, useExtendedMasterSecret): |
masterSecret = calcMasterSecret(self.version, premasterSecret, |
- clientRandom, serverRandom) |
+ clientRandom, serverRandom, |
+ self._getHandshakeHash(), |
+ useExtendedMasterSecret) |
#Calculate pending connection states |
self._calcPendingStates(cipherSuite, masterSecret, |