Add flag to tlslite's HandshakeSettings to disable channel ID on the test server

third_party/tlslite/patches/disable_channel_id.patch

Index: third_party/tlslite/patches/disable_channel_id.patch
diff --git a/third_party/tlslite/patches/disable_channel_id.patch b/third_party/tlslite/patches/disable_channel_id.patch
new file mode 100644
index 0000000000000000000000000000000000000000..339cdd907fe8de805b2db29641ab52e128591c5e
--- /dev/null
+++ b/third_party/tlslite/patches/disable_channel_id.patch
@@ -0,0 +1,53 @@
+diff --git a/third_party/tlslite/tlslite/handshakesettings.py b/third_party/tlslite/tlslite/handshakesettings.py

[davidben, 2015/09/15 15:51:06]

[Did not review; assuming this matches the CL.]

+index 8f25f62..d7be5b3 100644
+--- a/third_party/tlslite/tlslite/handshakesettings.py
++++ b/third_party/tlslite/tlslite/handshakesettings.py
+@@ -112,6 +112,9 @@ class HandshakeSettings(object):
+     @ivar alertAfterHandshake: If true, the server will send a fatal
+     alert immediately after the handshake completes.
+ 
++    @type enableChannelID: bool
++    @ivar enableChannelID: If true, the server supports channel ID.
++
+     @type enableExtendedMasterSecret: bool
+     @ivar enableExtendedMasterSecret: If true, the server supports the extended
+     master secret TLS extension and will negotiated it with supporting clients.
+@@ -140,6 +143,7 @@ class HandshakeSettings(object):
+         self.tlsIntoleranceType = 'alert'
+         self.useExperimentalTackExtension = False
+         self.alertAfterHandshake = False
++        self.enableChannelID = True
+         self.enableExtendedMasterSecret = True
+         self.supportedTokenBindingParams = []
+ 
+@@ -159,6 +163,7 @@ class HandshakeSettings(object):
+         other.tlsIntolerant = self.tlsIntolerant
+         other.tlsIntoleranceType = self.tlsIntoleranceType
+         other.alertAfterHandshake = self.alertAfterHandshake
++        other.enableChannelID = self.enableChannelID
+         other.enableExtendedMasterSecret = self.enableExtendedMasterSecret
+         other.supportedTokenBindingParams = self.supportedTokenBindingParams
+ 
+diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/tlslite/tlsconnection.py
+index 06404fe..7363a30 100644
+--- a/third_party/tlslite/tlslite/tlsconnection.py
++++ b/third_party/tlslite/tlslite/tlsconnection.py
+@@ -1326,7 +1326,8 @@ class TLSConnection(TLSRecordLayer):
+         serverHello.create(self.version, getRandomBytes(32), sessionID, \
+                             cipherSuite, CertificateType.x509, tackExt,
+                             nextProtos)
+-        serverHello.channel_id = clientHello.channel_id
++        serverHello.channel_id = \
++            clientHello.channel_id and settings.enableChannelID
+         serverHello.extended_master_secret = \
+             clientHello.extended_master_secret and \
+             settings.enableExtendedMasterSecret
+@@ -1391,7 +1392,7 @@ class TLSConnection(TLSRecordLayer):
+         for result in self._serverFinished(premasterSecret, 
+                                 clientHello.random, serverHello.random,
+                                 cipherSuite, settings.cipherImplementations,
+-                                nextProtos, clientHello.channel_id,
++                                nextProtos, serverHello.channel_id,
+                                 serverHello.extended_master_secret):
+                 if result in (0,1): yield result
+                 else: break