OLD | NEW |
| (Empty) |
1 Only in chromium: patches | |
2 diff -aur tlslite-0.3.8/tlslite/TLSConnection.py chromium/tlslite/TLSConnection.
py | |
3 --- tlslite-0.3.8/tlslite/TLSConnection.py 2004-10-06 01:55:37.000000000 -0
400 | |
4 +++ chromium/tlslite/TLSConnection.py 2010-08-18 22:17:30.962786700 -0400 | |
5 @@ -931,7 +931,8 @@ | |
6 | |
7 def handshakeServer(self, sharedKeyDB=None, verifierDB=None, | |
8 certChain=None, privateKey=None, reqCert=False, | |
9 - sessionCache=None, settings=None, checker=None): | |
10 + sessionCache=None, settings=None, checker=None, | |
11 + reqCAs=None): | |
12 """Perform a handshake in the role of server. | |
13 | |
14 This function performs an SSL or TLS handshake. Depending on | |
15 @@ -997,6 +998,11 @@ | |
16 invoked to examine the other party's authentication | |
17 credentials, if the handshake completes succesfully. | |
18 | |
19 + @type reqCAs: list of L{array.array} of unsigned bytes | |
20 + @param reqCAs: A collection of DER-encoded DistinguishedNames that | |
21 + will be sent along with a certificate request. This does not affect | |
22 + verification. | |
23 + | |
24 @raise socket.error: If a socket error occurs. | |
25 @raise tlslite.errors.TLSAbruptCloseError: If the socket is closed | |
26 without a preceding alert. | |
27 @@ -1006,13 +1012,14 @@ | |
28 """ | |
29 for result in self.handshakeServerAsync(sharedKeyDB, verifierDB, | |
30 certChain, privateKey, reqCert, sessionCache, settings, | |
31 - checker): | |
32 + checker, reqCAs): | |
33 pass | |
34 | |
35 | |
36 def handshakeServerAsync(self, sharedKeyDB=None, verifierDB=None, | |
37 certChain=None, privateKey=None, reqCert=False, | |
38 - sessionCache=None, settings=None, checker=None): | |
39 + sessionCache=None, settings=None, checker=None, | |
40 + reqCAs=None): | |
41 """Start a server handshake operation on the TLS connection. | |
42 | |
43 This function returns a generator which behaves similarly to | |
44 @@ -1028,14 +1035,15 @@ | |
45 sharedKeyDB=sharedKeyDB, | |
46 verifierDB=verifierDB, certChain=certChain, | |
47 privateKey=privateKey, reqCert=reqCert, | |
48 - sessionCache=sessionCache, settings=settings) | |
49 + sessionCache=sessionCache, settings=settings, | |
50 + reqCAs=reqCAs) | |
51 for result in self._handshakeWrapperAsync(handshaker, checker): | |
52 yield result | |
53 | |
54 | |
55 def _handshakeServerAsyncHelper(self, sharedKeyDB, verifierDB, | |
56 certChain, privateKey, reqCert, sessionCache, | |
57 - settings): | |
58 + settings, reqCAs): | |
59 | |
60 self._handshakeStart(client=False) | |
61 | |
62 @@ -1045,6 +1053,8 @@ | |
63 raise ValueError("Caller passed a certChain but no privateKey") | |
64 if privateKey and not certChain: | |
65 raise ValueError("Caller passed a privateKey but no certChain") | |
66 + if reqCAs and not reqCert: | |
67 + raise ValueError("Caller passed reqCAs but not reqCert") | |
68 | |
69 if not settings: | |
70 settings = HandshakeSettings() | |
71 @@ -1380,7 +1390,9 @@ | |
72 msgs.append(ServerHello().create(self.version, serverRandom, | |
73 sessionID, cipherSuite, certificateType)) | |
74 msgs.append(Certificate(certificateType).create(serverCertChain)) | |
75 - if reqCert: | |
76 + if reqCert and reqCAs: | |
77 + msgs.append(CertificateRequest().create([], reqCAs)) | |
78 + elif reqCert: | |
79 msgs.append(CertificateRequest()) | |
80 msgs.append(ServerHelloDone()) | |
81 for result in self._sendMsgs(msgs): | |
82 diff -aur tlslite-0.3.8/tlslite/X509.py chromium/tlslite/X509.py | |
83 --- tlslite-0.3.8/tlslite/X509.py 2004-03-19 21:43:19.000000000 -0400 | |
84 +++ chromium/tlslite/X509.py 2010-08-18 22:17:30.967787000 -0400 | |
85 @@ -13,11 +13,15 @@ | |
86 | |
87 @type publicKey: L{tlslite.utils.RSAKey.RSAKey} | |
88 @ivar publicKey: The subject public key from the certificate. | |
89 + | |
90 + @type subject: L{array.array} of unsigned bytes | |
91 + @ivar subject: The DER-encoded ASN.1 subject distinguished name. | |
92 """ | |
93 | |
94 def __init__(self): | |
95 self.bytes = createByteArraySequence([]) | |
96 self.publicKey = None | |
97 + self.subject = None | |
98 | |
99 def parse(self, s): | |
100 """Parse a PEM-encoded X.509 certificate. | |
101 @@ -63,6 +67,10 @@ | |
102 else: | |
103 subjectPublicKeyInfoIndex = 5 | |
104 | |
105 + #Get the subject | |
106 + self.subject = tbsCertificateP.getChildBytes(\ | |
107 + subjectPublicKeyInfoIndex - 1) | |
108 + | |
109 #Get the subjectPublicKeyInfo | |
110 subjectPublicKeyInfoP = tbsCertificateP.getChild(\ | |
111 subjectPublicKeyInfoIndex) | |
112 diff -aur tlslite-0.3.8/tlslite/messages.py chromium/tlslite/messages.py | |
113 --- tlslite-0.3.8/tlslite/messages.py 2004-10-06 01:01:24.000000000 -0400 | |
114 +++ chromium/tlslite/messages.py 2010-08-18 22:17:30.976787500 -0400 | |
115 @@ -338,8 +338,7 @@ | |
116 def __init__(self): | |
117 self.contentType = ContentType.handshake | |
118 self.certificate_types = [] | |
119 - #treat as opaque bytes for now | |
120 - self.certificate_authorities = createByteArraySequence([]) | |
121 + self.certificate_authorities = [] | |
122 | |
123 def create(self, certificate_types, certificate_authorities): | |
124 self.certificate_types = certificate_types | |
125 @@ -349,7 +348,13 @@ | |
126 def parse(self, p): | |
127 p.startLengthCheck(3) | |
128 self.certificate_types = p.getVarList(1, 1) | |
129 - self.certificate_authorities = p.getVarBytes(2) | |
130 + ca_list_length = p.get(2) | |
131 + index = 0 | |
132 + self.certificate_authorities = [] | |
133 + while index != ca_list_length: | |
134 + ca_bytes = p.getVarBytes(2) | |
135 + self.certificate_authorities.append(ca_bytes) | |
136 + index += len(ca_bytes)+2 | |
137 p.stopLengthCheck() | |
138 return self | |
139 | |
140 @@ -357,7 +362,14 @@ | |
141 w = HandshakeMsg.preWrite(self, HandshakeType.certificate_request, | |
142 trial) | |
143 w.addVarSeq(self.certificate_types, 1, 1) | |
144 - w.addVarSeq(self.certificate_authorities, 1, 2) | |
145 + caLength = 0 | |
146 + #determine length | |
147 + for ca_dn in self.certificate_authorities: | |
148 + caLength += len(ca_dn)+2 | |
149 + w.add(caLength, 2) | |
150 + #add bytes | |
151 + for ca_dn in self.certificate_authorities: | |
152 + w.addVarSeq(ca_dn, 1, 2) | |
153 return HandshakeMsg.postWrite(self, w, trial) | |
154 | |
155 class ServerKeyExchange(HandshakeMsg): | |
156 diff -aur tlslite-0.3.8/tlslite/utils/ASN1Parser.py chromium/tlslite/utils/ASN1P
arser.py | |
157 --- tlslite-0.3.8/tlslite/utils/ASN1Parser.py 2004-10-06 01:02:40.000000000 -0
400 | |
158 +++ chromium/tlslite/utils/ASN1Parser.py 2010-08-18 22:17:30.979787700 -0
400 | |
159 @@ -16,13 +16,16 @@ | |
160 | |
161 #Assuming this is a sequence... | |
162 def getChild(self, which): | |
163 + return ASN1Parser(self.getChildBytes(which)) | |
164 + | |
165 + def getChildBytes(self, which): | |
166 p = Parser(self.value) | |
167 for x in range(which+1): | |
168 markIndex = p.index | |
169 p.get(1) #skip Type | |
170 length = self._getASN1Length(p) | |
171 p.getFixBytes(length) | |
172 - return ASN1Parser(p.bytes[markIndex : p.index]) | |
173 + return p.bytes[markIndex : p.index] | |
174 | |
175 #Decode the ASN.1 DER length field | |
176 def _getASN1Length(self, p): | |
OLD | NEW |