Index: third_party/tlslite/patches/disable_channel_id.patch |
diff --git a/third_party/tlslite/patches/disable_channel_id.patch b/third_party/tlslite/patches/disable_channel_id.patch |
new file mode 100644 |
index 0000000000000000000000000000000000000000..339cdd907fe8de805b2db29641ab52e128591c5e |
--- /dev/null |
+++ b/third_party/tlslite/patches/disable_channel_id.patch |
@@ -0,0 +1,53 @@ |
+diff --git a/third_party/tlslite/tlslite/handshakesettings.py b/third_party/tlslite/tlslite/handshakesettings.py |
davidben
2015/09/15 15:51:06
[Did not review; assuming this matches the CL.]
|
+index 8f25f62..d7be5b3 100644 |
+--- a/third_party/tlslite/tlslite/handshakesettings.py |
++++ b/third_party/tlslite/tlslite/handshakesettings.py |
+@@ -112,6 +112,9 @@ class HandshakeSettings(object): |
+ @ivar alertAfterHandshake: If true, the server will send a fatal |
+ alert immediately after the handshake completes. |
+ |
++ @type enableChannelID: bool |
++ @ivar enableChannelID: If true, the server supports channel ID. |
++ |
+ @type enableExtendedMasterSecret: bool |
+ @ivar enableExtendedMasterSecret: If true, the server supports the extended |
+ master secret TLS extension and will negotiated it with supporting clients. |
+@@ -140,6 +143,7 @@ class HandshakeSettings(object): |
+ self.tlsIntoleranceType = 'alert' |
+ self.useExperimentalTackExtension = False |
+ self.alertAfterHandshake = False |
++ self.enableChannelID = True |
+ self.enableExtendedMasterSecret = True |
+ self.supportedTokenBindingParams = [] |
+ |
+@@ -159,6 +163,7 @@ class HandshakeSettings(object): |
+ other.tlsIntolerant = self.tlsIntolerant |
+ other.tlsIntoleranceType = self.tlsIntoleranceType |
+ other.alertAfterHandshake = self.alertAfterHandshake |
++ other.enableChannelID = self.enableChannelID |
+ other.enableExtendedMasterSecret = self.enableExtendedMasterSecret |
+ other.supportedTokenBindingParams = self.supportedTokenBindingParams |
+ |
+diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/tlslite/tlsconnection.py |
+index 06404fe..7363a30 100644 |
+--- a/third_party/tlslite/tlslite/tlsconnection.py |
++++ b/third_party/tlslite/tlslite/tlsconnection.py |
+@@ -1326,7 +1326,8 @@ class TLSConnection(TLSRecordLayer): |
+ serverHello.create(self.version, getRandomBytes(32), sessionID, \ |
+ cipherSuite, CertificateType.x509, tackExt, |
+ nextProtos) |
+- serverHello.channel_id = clientHello.channel_id |
++ serverHello.channel_id = \ |
++ clientHello.channel_id and settings.enableChannelID |
+ serverHello.extended_master_secret = \ |
+ clientHello.extended_master_secret and \ |
+ settings.enableExtendedMasterSecret |
+@@ -1391,7 +1392,7 @@ class TLSConnection(TLSRecordLayer): |
+ for result in self._serverFinished(premasterSecret, |
+ clientHello.random, serverHello.random, |
+ cipherSuite, settings.cipherImplementations, |
+- nextProtos, clientHello.channel_id, |
++ nextProtos, serverHello.channel_id, |
+ serverHello.extended_master_secret): |
+ if result in (0,1): yield result |
+ else: break |