Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(549)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/tlslite/patches/tls_intolerant.patch

Issue 210323002: Update tlslite to 0.4.6. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Executable bit and --similarity=80 Created 6 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « third_party/tlslite/patches/status_request.patch ('k') | third_party/tlslite/readme.txt » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 Index: third_party/tlslite/tlslite/TLSConnection.py 1 diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/ tlslite/tlsconnection.py
2 =================================================================== 2 index e8dd859..8415592 100755
3 --- third_party/tlslite/tlslite/TLSConnection.py» (revision 134128) 3 --- a/third_party/tlslite/tlslite/tlsconnection.py
4 +++ third_party/tlslite/tlslite/TLSConnection.py» (working copy) 4 +++ b/third_party/tlslite/tlslite/tlsconnection.py
5 @@ -932,7 +932,7 @@ 5 @@ -965,7 +965,8 @@ class TLSConnection(TLSRecordLayer):
6 def handshakeServer(self, sharedKeyDB=None, verifierDB=None,
7 certChain=None, privateKey=None, reqCert=False,
8 sessionCache=None, settings=None, checker=None, 6 sessionCache=None, settings=None, checker=None,
9 - reqCAs=None): 7 reqCAs = None,
10 + reqCAs=None, tlsIntolerant=0): 8 tacks=None, activationFlags=0,
9 - nextProtos=None, anon=False):
10 + nextProtos=None, anon=False,
11 + tlsIntolerant=None):
11 """Perform a handshake in the role of server. 12 """Perform a handshake in the role of server.
12 13
13 This function performs an SSL or TLS handshake. Depending on 14 This function performs an SSL or TLS handshake. Depending on
14 @@ -1012,14 +1012,14 @@ 15 @@ -1034,6 +1035,11 @@ class TLSConnection(TLSRecordLayer):
15 """ 16 clients through the Next-Protocol Negotiation Extension,
16 for result in self.handshakeServerAsync(sharedKeyDB, verifierDB, 17 if they support it.
18
19 + @type tlsIntolerant: (int, int) or None
20 + @param tlsIntolerant: If tlsIntolerant is not None, the server will
21 + simulate TLS version intolerance by returning a fatal handshake_failure
22 + alert to all TLS versions tlsIntolerant or higher.
23 +
24 @raise socket.error: If a socket error occurs.
25 @raise tlslite.errors.TLSAbruptCloseError: If the socket is closed
26 without a preceding alert.
27 @@ -1045,7 +1051,7 @@ class TLSConnection(TLSRecordLayer):
17 certChain, privateKey, reqCert, sessionCache, settings, 28 certChain, privateKey, reqCert, sessionCache, settings,
18 - checker, reqCAs): 29 checker, reqCAs,
19 + checker, reqCAs, tlsIntolerant): 30 tacks=tacks, activationFlags=activationFlags,
31 - nextProtos=nextProtos, anon=anon):
32 + nextProtos=nextProtos, anon=anon, tlsIntolerant=tlsIntolerant):
20 pass 33 pass
21 34
22 35
23 def handshakeServerAsync(self, sharedKeyDB=None, verifierDB=None, 36 @@ -1054,7 +1060,8 @@ class TLSConnection(TLSRecordLayer):
24 certChain=None, privateKey=None, reqCert=False,
25 sessionCache=None, settings=None, checker=None, 37 sessionCache=None, settings=None, checker=None,
26 - reqCAs=None): 38 reqCAs=None,
27 + reqCAs=None, tlsIntolerant=0): 39 tacks=None, activationFlags=0,
40 - nextProtos=None, anon=False
41 + nextProtos=None, anon=False,
42 + tlsIntolerant=None
43 ):
28 """Start a server handshake operation on the TLS connection. 44 """Start a server handshake operation on the TLS connection.
29 45
30 This function returns a generator which behaves similarly to 46 @@ -1073,7 +1080,8 @@ class TLSConnection(TLSRecordLayer):
31 @@ -1036,14 +1036,15 @@ 47 sessionCache=sessionCache, settings=settings,
32 verifierDB=verifierDB, certChain=certChain, 48 reqCAs=reqCAs,
33 privateKey=privateKey, reqCert=reqCert, 49 tacks=tacks, activationFlags=activationFlags,
34 sessionCache=sessionCache, settings=settings, 50 - nextProtos=nextProtos, anon=anon)
35 - reqCAs=reqCAs) 51 + nextProtos=nextProtos, anon=anon,
36 + reqCAs=reqCAs,
37 + tlsIntolerant=tlsIntolerant) 52 + tlsIntolerant=tlsIntolerant)
38 for result in self._handshakeWrapperAsync(handshaker, checker): 53 for result in self._handshakeWrapperAsync(handshaker, checker):
39 yield result 54 yield result
40 55
41 56 @@ -1082,7 +1090,8 @@ class TLSConnection(TLSRecordLayer):
42 def _handshakeServerAsyncHelper(self, sharedKeyDB, verifierDB,
43 certChain, privateKey, reqCert, sessionCache, 57 certChain, privateKey, reqCert, sessionCache,
44 - settings, reqCAs): 58 settings, reqCAs,
45 + settings, reqCAs, tlsIntolerant): 59 tacks, activationFlags,
60 - nextProtos, anon):
61 + nextProtos, anon,
62 + tlsIntolerant):
46 63
47 self._handshakeStart(client=False) 64 self._handshakeStart(client=False)
48 65
49 @@ -1111,6 +1112,17 @@ 66 @@ -1114,7 +1123,7 @@ class TLSConnection(TLSRecordLayer):
67 # Handle ClientHello and resumption
68 for result in self._serverGetClientHello(settings, certChain,\
69 verifierDB, sessionCache,
70 - anon):
71 + anon, tlsIntolerant):
72 if result in (0,1): yield result
73 elif result == None:
74 self._handshakeDone(resumed=True)
75 @@ -1211,7 +1220,7 @@ class TLSConnection(TLSRecordLayer):
76
77
78 def _serverGetClientHello(self, settings, certChain, verifierDB,
79 - sessionCache, anon):
80 + sessionCache, anon, tlsIntolerant):
81 #Initialize acceptable cipher suites
82 cipherSuites = []
83 if verifierDB:
84 @@ -1246,6 +1255,13 @@ class TLSConnection(TLSRecordLayer):
50 "Too old version: %s" % str(clientHello.client_version)): 85 "Too old version: %s" % str(clientHello.client_version)):
51 yield result 86 yield result
52 87
53 + #If tlsIntolerant is nonzero, reject certain TLS versions. 88 + #If simulating TLS intolerance, reject certain TLS versions.
54 + #1: reject all TLS versions. 89 + elif (tlsIntolerant is not None and
55 + #2: reject TLS 1.1 or higher. 90 + clientHello.client_version >= tlsIntolerant):
56 + #3: reject TLS 1.2 or higher.
57 + if (tlsIntolerant == 1 and clientHello.client_version > (3, 0) or
58 + tlsIntolerant == 2 and clientHello.client_version > (3, 1) or
59 + tlsIntolerant == 3 and clientHello.client_version > (3, 2)):
60 + for result in self._sendError(\ 91 + for result in self._sendError(\
61 + AlertDescription.handshake_failure): 92 + AlertDescription.handshake_failure):
62 + yield result 93 + yield result
63 + 94 +
64 #If client's version is too high, propose my highest version 95 #If client's version is too high, propose my highest version
65 elif clientHello.client_version > settings.maxVersion: 96 elif clientHello.client_version > settings.maxVersion:
66 self.version = settings.maxVersion 97 self.version = settings.maxVersion
OLDNEW
« no previous file with comments | « third_party/tlslite/patches/status_request.patch ('k') | third_party/tlslite/readme.txt » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698