OLD | NEW |
1 diff --git a/third_party/tlslite/tlslite/constants.py b/third_party/tlslite/tlsl
ite/constants.py | 1 diff --git a/third_party/tlslite/tlslite/constants.py b/third_party/tlslite/tlsl
ite/constants.py |
2 index f9c8676..84bb703 100644 | 2 index f9c8676..84bb703 100644 |
3 --- a/third_party/tlslite/tlslite/constants.py | 3 --- a/third_party/tlslite/tlslite/constants.py |
4 +++ b/third_party/tlslite/tlslite/constants.py | 4 +++ b/third_party/tlslite/tlslite/constants.py |
5 @@ -59,6 +59,7 @@ class ExtensionType: # RFC 6066 / 4366 | 5 @@ -59,6 +59,7 @@ class ExtensionType: # RFC 6066 / 4366 |
6 tack = 0xF300 | 6 tack = 0xF300 |
7 supports_npn = 13172 | 7 supports_npn = 13172 |
8 channel_id = 30032 | 8 channel_id = 30032 |
9 + token_binding = 30033 | 9 + token_binding = 30033 |
10 | 10 |
(...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
58 | 58 |
59 @@ -188,6 +189,15 @@ class ClientHello(HandshakeMsg): | 59 @@ -188,6 +189,15 @@ class ClientHello(HandshakeMsg): |
60 self.channel_id = True | 60 self.channel_id = True |
61 elif extType == ExtensionType.extended_master_secret: | 61 elif extType == ExtensionType.extended_master_secret: |
62 self.extended_master_secret = True | 62 self.extended_master_secret = True |
63 + elif extType == ExtensionType.token_binding: | 63 + elif extType == ExtensionType.token_binding: |
64 + tokenBindingBytes = p.getFixBytes(extLength) | 64 + tokenBindingBytes = p.getFixBytes(extLength) |
65 + p2 = Parser(tokenBindingBytes) | 65 + p2 = Parser(tokenBindingBytes) |
66 + ver_minor = p2.get(1) | 66 + ver_minor = p2.get(1) |
67 + ver_major = p2.get(1) | 67 + ver_major = p2.get(1) |
68 + if (ver_major, ver_minor) >= (0, 2): | 68 + if (ver_major, ver_minor) >= (0, 3): |
69 + p2.startLengthCheck(1) | 69 + p2.startLengthCheck(1) |
70 + while not p2.atLengthCheck(): | 70 + while not p2.atLengthCheck(): |
71 + self.tb_client_params.append(p2.get(1)) | 71 + self.tb_client_params.append(p2.get(1)) |
72 elif extType == ExtensionType.signed_cert_timestamps: | 72 elif extType == ExtensionType.signed_cert_timestamps: |
73 if extLength: | 73 if extLength: |
74 raise SyntaxError() | 74 raise SyntaxError() |
75 @@ -271,6 +281,7 @@ class ServerHello(HandshakeMsg): | 75 @@ -271,6 +281,7 @@ class ServerHello(HandshakeMsg): |
76 self.next_protos = None | 76 self.next_protos = None |
77 self.channel_id = False | 77 self.channel_id = False |
78 self.extended_master_secret = False | 78 self.extended_master_secret = False |
79 + self.tb_params = None | 79 + self.tb_params = None |
80 self.signed_cert_timestamps = None | 80 self.signed_cert_timestamps = None |
81 self.status_request = False | 81 self.status_request = False |
82 | 82 |
83 @@ -365,6 +376,17 @@ class ServerHello(HandshakeMsg): | 83 @@ -365,6 +376,17 @@ class ServerHello(HandshakeMsg): |
84 if self.extended_master_secret: | 84 if self.extended_master_secret: |
85 w2.add(ExtensionType.extended_master_secret, 2) | 85 w2.add(ExtensionType.extended_master_secret, 2) |
86 w2.add(0, 2) | 86 w2.add(0, 2) |
87 + if self.tb_params: | 87 + if self.tb_params: |
88 + w2.add(ExtensionType.token_binding, 2) | 88 + w2.add(ExtensionType.token_binding, 2) |
89 + # length of extension | 89 + # length of extension |
90 + w2.add(4, 2) | 90 + w2.add(4, 2) |
91 + # version | 91 + # version |
92 + w2.add(0, 1) | 92 + w2.add(0, 1) |
93 + w2.add(2, 1) | 93 + w2.add(4, 1) |
94 + # length of params (defined as variable length <1..2^8-1>, but in | 94 + # length of params (defined as variable length <1..2^8-1>, but in |
95 + # this context the server can only send a single value. | 95 + # this context the server can only send a single value. |
96 + w2.add(1, 1) | 96 + w2.add(1, 1) |
97 + w2.add(self.tb_params, 1) | 97 + w2.add(self.tb_params, 1) |
98 if self.signed_cert_timestamps: | 98 if self.signed_cert_timestamps: |
99 w2.add(ExtensionType.signed_cert_timestamps, 2) | 99 w2.add(ExtensionType.signed_cert_timestamps, 2) |
100 w2.addVarSeq(bytearray(self.signed_cert_timestamps), 1, 2) | 100 w2.addVarSeq(bytearray(self.signed_cert_timestamps), 1, 2) |
101 diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/
tlslite/tlsconnection.py | 101 diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/
tlslite/tlsconnection.py |
102 index 04161513..06404fe 100644 | 102 index 04161513..06404fe 100644 |
103 --- a/third_party/tlslite/tlslite/tlsconnection.py | 103 --- a/third_party/tlslite/tlslite/tlsconnection.py |
104 +++ b/third_party/tlslite/tlslite/tlsconnection.py | 104 +++ b/third_party/tlslite/tlslite/tlsconnection.py |
105 @@ -1330,6 +1330,10 @@ class TLSConnection(TLSRecordLayer): | 105 @@ -1330,6 +1330,10 @@ class TLSConnection(TLSRecordLayer): |
106 serverHello.extended_master_secret = \ | 106 serverHello.extended_master_secret = \ |
107 clientHello.extended_master_secret and \ | 107 clientHello.extended_master_secret and \ |
108 settings.enableExtendedMasterSecret | 108 settings.enableExtendedMasterSecret |
109 + for param in clientHello.tb_client_params: | 109 + for param in clientHello.tb_client_params: |
110 + if param in settings.supportedTokenBindingParams: | 110 + if param in settings.supportedTokenBindingParams: |
111 + serverHello.tb_params = param | 111 + serverHello.tb_params = param |
112 + break | 112 + break |
113 if clientHello.support_signed_cert_timestamps: | 113 if clientHello.support_signed_cert_timestamps: |
114 serverHello.signed_cert_timestamps = signedCertTimestamps | 114 serverHello.signed_cert_timestamps = signedCertTimestamps |
115 if clientHello.status_request: | 115 if clientHello.status_request: |
OLD | NEW |