OLD | NEW |
1 # Authors: | 1 # Authors: |
2 # Trevor Perrin | 2 # Trevor Perrin |
3 # Google - added reqCAs parameter | 3 # Google - added reqCAs parameter |
4 # Google (adapted by Sam Rushing and Marcelo Fernandez) - NPN support | 4 # Google (adapted by Sam Rushing and Marcelo Fernandez) - NPN support |
5 # Dimitris Moraitis - Anon ciphersuites | 5 # Dimitris Moraitis - Anon ciphersuites |
6 # Martin von Loewis - python 3 port | 6 # Martin von Loewis - python 3 port |
7 # Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2 | 7 # Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2 |
8 # | 8 # |
9 # See the LICENSE file for legal information regarding use of this file. | 9 # See the LICENSE file for legal information regarding use of this file. |
10 | 10 |
(...skipping 1308 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1319 | 1319 |
1320 # Prepare a TACK Extension if requested | 1320 # Prepare a TACK Extension if requested |
1321 if clientHello.tack: | 1321 if clientHello.tack: |
1322 tackExt = TackExtension.create(tacks, activationFlags) | 1322 tackExt = TackExtension.create(tacks, activationFlags) |
1323 else: | 1323 else: |
1324 tackExt = None | 1324 tackExt = None |
1325 serverHello = ServerHello() | 1325 serverHello = ServerHello() |
1326 serverHello.create(self.version, getRandomBytes(32), sessionID, \ | 1326 serverHello.create(self.version, getRandomBytes(32), sessionID, \ |
1327 cipherSuite, CertificateType.x509, tackExt, | 1327 cipherSuite, CertificateType.x509, tackExt, |
1328 nextProtos) | 1328 nextProtos) |
1329 serverHello.channel_id = clientHello.channel_id | 1329 serverHello.channel_id = \ |
| 1330 clientHello.channel_id and settings.enableChannelID |
1330 serverHello.extended_master_secret = \ | 1331 serverHello.extended_master_secret = \ |
1331 clientHello.extended_master_secret and \ | 1332 clientHello.extended_master_secret and \ |
1332 settings.enableExtendedMasterSecret | 1333 settings.enableExtendedMasterSecret |
1333 for param in clientHello.tb_client_params: | 1334 for param in clientHello.tb_client_params: |
1334 if param in settings.supportedTokenBindingParams: | 1335 if param in settings.supportedTokenBindingParams: |
1335 serverHello.tb_params = param | 1336 serverHello.tb_params = param |
1336 break | 1337 break |
1337 if clientHello.support_signed_cert_timestamps: | 1338 if clientHello.support_signed_cert_timestamps: |
1338 serverHello.signed_cert_timestamps = signedCertTimestamps | 1339 serverHello.signed_cert_timestamps = signedCertTimestamps |
1339 if clientHello.status_request: | 1340 if clientHello.status_request: |
(...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1384 else: break | 1385 else: break |
1385 premasterSecret = result | 1386 premasterSecret = result |
1386 | 1387 |
1387 else: | 1388 else: |
1388 assert(False) | 1389 assert(False) |
1389 | 1390 |
1390 # Exchange Finished messages | 1391 # Exchange Finished messages |
1391 for result in self._serverFinished(premasterSecret, | 1392 for result in self._serverFinished(premasterSecret, |
1392 clientHello.random, serverHello.random, | 1393 clientHello.random, serverHello.random, |
1393 cipherSuite, settings.cipherImplementations, | 1394 cipherSuite, settings.cipherImplementations, |
1394 nextProtos, clientHello.channel_id, | 1395 nextProtos, serverHello.channel_id, |
1395 serverHello.extended_master_secret): | 1396 serverHello.extended_master_secret): |
1396 if result in (0,1): yield result | 1397 if result in (0,1): yield result |
1397 else: break | 1398 else: break |
1398 masterSecret = result | 1399 masterSecret = result |
1399 | 1400 |
1400 #Create the session object | 1401 #Create the session object |
1401 self.session = Session() | 1402 self.session = Session() |
1402 if cipherSuite in CipherSuite.certAllSuites: | 1403 if cipherSuite in CipherSuite.certAllSuites: |
1403 serverCertChain = certChain | 1404 serverCertChain = certChain |
1404 else: | 1405 else: |
(...skipping 600 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2005 except TLSAlert as alert: | 2006 except TLSAlert as alert: |
2006 if not self.fault: | 2007 if not self.fault: |
2007 raise | 2008 raise |
2008 if alert.description not in Fault.faultAlerts[self.fault]: | 2009 if alert.description not in Fault.faultAlerts[self.fault]: |
2009 raise TLSFaultError(str(alert)) | 2010 raise TLSFaultError(str(alert)) |
2010 else: | 2011 else: |
2011 pass | 2012 pass |
2012 except: | 2013 except: |
2013 self._shutdown(False) | 2014 self._shutdown(False) |
2014 raise | 2015 raise |
OLD | NEW |