| OLD | NEW |
|---|
| (Empty) | |
| 1 diff --git a/third_party/tlslite/tlslite/constants.py b/third_party/tlslite/tlsl
ite/constants.py |
| 2 index e9743e4..82e8c07 100644 |
| 3 --- a/third_party/tlslite/tlslite/constants.py |
| 4 +++ b/third_party/tlslite/tlslite/constants.py |
| 5 @@ -61,6 +61,7 @@ class ExtensionType: # RFC 6066 / 4366 |
| 6 tack = 0xF300 |
| 7 supports_npn = 13172 |
| 8 channel_id = 30032 |
| 9 + renegotiation_info = 0xFF01 # RFC 5746 |
| 10 |
| 11 class HashAlgorithm: |
| 12 none = 0 |
| 13 diff --git a/third_party/tlslite/tlslite/messages.py b/third_party/tlslite/tlsli
te/messages.py |
| 14 index 1ce9320..ac7e563 100644 |
| 15 --- a/third_party/tlslite/tlslite/messages.py |
| 16 +++ b/third_party/tlslite/tlslite/messages.py |
| 17 @@ -140,6 +140,7 @@ class ClientHello(HandshakeMsg): |
| 18 self.tb_client_params = [] |
| 19 self.support_signed_cert_timestamps = False |
| 20 self.status_request = False |
| 21 + self.ri = False |
| 22 |
| 23 def create(self, version, random, session_id, cipher_suites, |
| 24 certificate_types=None, srpUsername=None, |
| 25 @@ -244,12 +245,20 @@ class ClientHello(HandshakeMsg): |
| 26 # request_extensions in the OCSP request. |
| 27 p.getFixBytes(extLength) |
| 28 self.status_request = True |
| 29 + elif extType == ExtensionType.renegotiation_info: |
| 30 + # We don't support renegotiation, so if we receive this |
| 31 + # extension, it should contain a single null byte. |
| 32 + if extLength != 1 or p.getFixBytes(extLength)[0] != 0: |
| 33 + raise SyntaxError() |
| 34 + self.ri = True |
| 35 else: |
| 36 _ = p.getFixBytes(extLength) |
| 37 index2 = p.index |
| 38 if index2 - index1 != extLength: |
| 39 raise SyntaxError("Bad length for extension_data") |
| 40 soFar += 4 + extLength |
| 41 + if CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV in self.cipher_sui
tes: |
| 42 + self.ri = True |
| 43 p.stopLengthCheck() |
| 44 return self |
| 45 |
| 46 @@ -327,6 +336,7 @@ class ServerHello(HandshakeMsg): |
| 47 self.tb_params = None |
| 48 self.signed_cert_timestamps = None |
| 49 self.status_request = False |
| 50 + self.send_ri = False |
| 51 |
| 52 def create(self, version, random, session_id, cipher_suite, |
| 53 certificate_type, tackExt, alpn_proto_selected, |
| 54 @@ -432,6 +442,10 @@ class ServerHello(HandshakeMsg): |
| 55 if self.status_request: |
| 56 w2.add(ExtensionType.status_request, 2) |
| 57 w2.add(0, 2) |
| 58 + if self.send_ri: |
| 59 + w2.add(ExtensionType.renegotiation_info, 2) |
| 60 + w2.add(1, 2) |
| 61 + w2.add(0, 1) |
| 62 if len(w2.bytes): |
| 63 w.add(len(w2.bytes), 2) |
| 64 w.bytes += w2.bytes |
| 65 diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/
tlslite/tlsconnection.py |
| 66 index de5d580..8ba1c6e 100644 |
| 67 --- a/third_party/tlslite/tlslite/tlsconnection.py |
| 68 +++ b/third_party/tlslite/tlslite/tlsconnection.py |
| 69 @@ -1370,6 +1370,8 @@ class TLSConnection(TLSRecordLayer): |
| 70 serverHello.signed_cert_timestamps = signedCertTimestamps |
| 71 if clientHello.status_request: |
| 72 serverHello.status_request = ocspResponse |
| 73 + if clientHello.ri: |
| 74 + serverHello.send_ri = True |
| 75 |
| 76 # Perform the SRP key exchange |
| 77 clientCertChain = None |
| 78 @@ -1583,6 +1585,8 @@ class TLSConnection(TLSRecordLayer): |
| 79 if param in settings.supportedTokenBindingParams: |
| 80 serverHello.tb_params = param |
| 81 break |
| 82 + if clientHello.ri: |
| 83 + serverHello.send_ri = True |
| 84 for result in self._sendMsg(serverHello): |
| 85 yield result |
| 86 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2337253004:
Update Token Binding code to the latest drafts (Closed)
