| Index: third_party/tlslite/tlslite/integration/smtp_tls.py
|
| diff --git a/third_party/tlslite/tlslite/integration/smtp_tls.py b/third_party/tlslite/tlslite/integration/smtp_tls.py
|
| index 05a9d1a990d6fcefaf005065ee6d124a7aeb836b..d42147324bdd38d9571a468273593ac4ce41e8cd 100644
|
| --- a/third_party/tlslite/tlslite/integration/smtp_tls.py
|
| +++ b/third_party/tlslite/tlslite/integration/smtp_tls.py
|
| @@ -1,3 +1,6 @@
|
| +# Author: Trevor Perrin
|
| +# See the LICENSE file for legal information regarding use of this file.
|
| +
|
| """TLS Lite + smtplib."""
|
|
|
| from smtplib import SMTP
|
| @@ -8,11 +11,9 @@ class SMTP_TLS(SMTP):
|
| """This class extends L{smtplib.SMTP} with TLS support."""
|
|
|
| def starttls(self,
|
| - username=None, password=None, sharedKey=None,
|
| + username=None, password=None,
|
| certChain=None, privateKey=None,
|
| - cryptoID=None, protocol=None,
|
| - x509Fingerprint=None,
|
| - x509TrustList=None, x509CommonName=None,
|
| + checker=None,
|
| settings=None):
|
| """Puts the connection to the SMTP server into TLS mode.
|
|
|
| @@ -22,20 +23,16 @@ class SMTP_TLS(SMTP):
|
| For client authentication, use one of these argument
|
| combinations:
|
| - username, password (SRP)
|
| - - username, sharedKey (shared-key)
|
| - certChain, privateKey (certificate)
|
|
|
| For server authentication, you can either rely on the
|
| implicit mutual authentication performed by SRP or
|
| - shared-keys, or you can do certificate-based server
|
| + you can do certificate-based server
|
| authentication with one of these argument combinations:
|
| - - cryptoID[, protocol] (requires cryptoIDlib)
|
| - x509Fingerprint
|
| - - x509TrustList[, x509CommonName] (requires cryptlib_py)
|
|
|
| Certificate-based server authentication is compatible with
|
| - SRP or certificate-based client authentication. It is
|
| - not compatible with shared-keys.
|
| + SRP or certificate-based client authentication.
|
|
|
| The caller should be prepared to handle TLS-specific
|
| exceptions. See the client handshake functions in
|
| @@ -43,56 +40,26 @@ class SMTP_TLS(SMTP):
|
| exceptions might be raised.
|
|
|
| @type username: str
|
| - @param username: SRP or shared-key username. Requires the
|
| - 'password' or 'sharedKey' argument.
|
| + @param username: SRP username. Requires the
|
| + 'password' argument.
|
|
|
| @type password: str
|
| @param password: SRP password for mutual authentication.
|
| Requires the 'username' argument.
|
|
|
| - @type sharedKey: str
|
| - @param sharedKey: Shared key for mutual authentication.
|
| - Requires the 'username' argument.
|
| -
|
| - @type certChain: L{tlslite.X509CertChain.X509CertChain} or
|
| - L{cryptoIDlib.CertChain.CertChain}
|
| + @type certChain: L{tlslite.x509certchain.X509CertChain}
|
| @param certChain: Certificate chain for client authentication.
|
| - Requires the 'privateKey' argument. Excludes the SRP or
|
| - shared-key related arguments.
|
| + Requires the 'privateKey' argument. Excludes the SRP arguments.
|
|
|
| - @type privateKey: L{tlslite.utils.RSAKey.RSAKey}
|
| + @type privateKey: L{tlslite.utils.rsakey.RSAKey}
|
| @param privateKey: Private key for client authentication.
|
| - Requires the 'certChain' argument. Excludes the SRP or
|
| - shared-key related arguments.
|
| -
|
| - @type cryptoID: str
|
| - @param cryptoID: cryptoID for server authentication. Mutually
|
| - exclusive with the 'x509...' arguments.
|
| -
|
| - @type protocol: str
|
| - @param protocol: cryptoID protocol URI for server
|
| - authentication. Requires the 'cryptoID' argument.
|
| -
|
| - @type x509Fingerprint: str
|
| - @param x509Fingerprint: Hex-encoded X.509 fingerprint for
|
| - server authentication. Mutually exclusive with the 'cryptoID'
|
| - and 'x509TrustList' arguments.
|
| -
|
| - @type x509TrustList: list of L{tlslite.X509.X509}
|
| - @param x509TrustList: A list of trusted root certificates. The
|
| - other party must present a certificate chain which extends to
|
| - one of these root certificates. The cryptlib_py module must be
|
| - installed to use this parameter. Mutually exclusive with the
|
| - 'cryptoID' and 'x509Fingerprint' arguments.
|
| + Requires the 'certChain' argument. Excludes the SRP arguments.
|
|
|
| - @type x509CommonName: str
|
| - @param x509CommonName: The end-entity certificate's 'CN' field
|
| - must match this value. For a web server, this is typically a
|
| - server name such as 'www.amazon.com'. Mutually exclusive with
|
| - the 'cryptoID' and 'x509Fingerprint' arguments. Requires the
|
| - 'x509TrustList' argument.
|
| + @type checker: L{tlslite.checker.Checker}
|
| + @param checker: Callable object called after handshaking to
|
| + evaluate the connection and raise an Exception if necessary.
|
|
|
| - @type settings: L{tlslite.HandshakeSettings.HandshakeSettings}
|
| + @type settings: L{tlslite.handshakesettings.HandshakeSettings}
|
| @param settings: Various settings which can be used to control
|
| the ciphersuites, certificate types, and SSL/TLS versions
|
| offered by the client.
|
| @@ -100,15 +67,12 @@ class SMTP_TLS(SMTP):
|
| (resp, reply) = self.docmd("STARTTLS")
|
| if resp == 220:
|
| helper = ClientHelper(
|
| - username, password, sharedKey,
|
| + username, password,
|
| certChain, privateKey,
|
| - cryptoID, protocol,
|
| - x509Fingerprint,
|
| - x509TrustList, x509CommonName,
|
| + checker,
|
| settings)
|
| conn = TLSConnection(self.sock)
|
| - conn.closeSocket = True
|
| helper._handshake(conn)
|
| self.sock = conn
|
| self.file = conn.makefile('rb')
|
| - return (resp, reply)
|
| + return (resp, reply)
|
|
|
Chromium Code Reviews
Issue 210323002:
Update tlslite to 0.4.6. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src