Update tlslite to 0.4.6.

third_party/tlslite/patches/ssl3_padding.patch

Index: third_party/tlslite/patches/ssl3_padding.patch
diff --git a/third_party/tlslite/patches/ssl3_padding.patch b/third_party/tlslite/patches/ssl3_padding.patch
new file mode 100644
index 0000000000000000000000000000000000000000..dbdb6421b17035fa8173f5110d3d93817bbb36fc
--- /dev/null
+++ b/third_party/tlslite/patches/ssl3_padding.patch
@@ -0,0 +1,14 @@
+diff --git a/third_party/tlslite/tlslite/tlsrecordlayer.py b/third_party/tlslite/tlslite/tlsrecordlayer.py
+index ff08cbf..fb85224 100755
+--- a/third_party/tlslite/tlslite/tlsrecordlayer.py
++++ b/third_party/tlslite/tlslite/tlsrecordlayer.py
+@@ -590,6 +590,9 @@ class TLSRecordLayer(object):
+                 currentLength = len(b) + len(macBytes) + 1
+                 blockLength = self._writeState.encContext.block_size
+                 paddingLength = blockLength-(currentLength % blockLength)
++                #SSL3 requires minimal padding. (TLS doesn't care.)
++                if paddingLength == blockLength:
++                    paddingLength = 0

[wtc, 2014/04/08 22:29:09]

This is how NSS does it:

    currentLength = len(b) + len(macBytes)
    blockLength = self._writeState.encContext.block_size
    paddingLength = blockLength-1-(currentLength % blockLength)

This code replaces lines 6-11.

[davidben, 2014/04/08 23:30:36]

Oh, that's much tidier. Done.

+ 
+                 paddingBytes = bytearray([paddingLength] * (paddingLength+1))
+                 if self.fault == Fault.badPadding: