| Index: third_party/tlslite/patches/renegotiation_indication.patch
|
| diff --git a/third_party/tlslite/patches/renegotiation_indication.patch b/third_party/tlslite/patches/renegotiation_indication.patch
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..69a1d7b5940e37533e868255eac333d18cdfb250
|
| --- /dev/null
|
| +++ b/third_party/tlslite/patches/renegotiation_indication.patch
|
| @@ -0,0 +1,86 @@
|
| +diff --git a/third_party/tlslite/tlslite/constants.py b/third_party/tlslite/tlslite/constants.py
|
| +index e9743e4..82e8c07 100644
|
| +--- a/third_party/tlslite/tlslite/constants.py
|
| ++++ b/third_party/tlslite/tlslite/constants.py
|
| +@@ -61,6 +61,7 @@ class ExtensionType: # RFC 6066 / 4366
|
| + tack = 0xF300
|
| + supports_npn = 13172
|
| + channel_id = 30032
|
| ++ renegotiation_info = 0xFF01 # RFC 5746
|
| +
|
| + class HashAlgorithm:
|
| + none = 0
|
| +diff --git a/third_party/tlslite/tlslite/messages.py b/third_party/tlslite/tlslite/messages.py
|
| +index 1ce9320..ac7e563 100644
|
| +--- a/third_party/tlslite/tlslite/messages.py
|
| ++++ b/third_party/tlslite/tlslite/messages.py
|
| +@@ -140,6 +140,7 @@ class ClientHello(HandshakeMsg):
|
| + self.tb_client_params = []
|
| + self.support_signed_cert_timestamps = False
|
| + self.status_request = False
|
| ++ self.ri = False
|
| +
|
| + def create(self, version, random, session_id, cipher_suites,
|
| + certificate_types=None, srpUsername=None,
|
| +@@ -244,12 +245,20 @@ class ClientHello(HandshakeMsg):
|
| + # request_extensions in the OCSP request.
|
| + p.getFixBytes(extLength)
|
| + self.status_request = True
|
| ++ elif extType == ExtensionType.renegotiation_info:
|
| ++ # We don't support renegotiation, so if we receive this
|
| ++ # extension, it should contain a single null byte.
|
| ++ if extLength != 1 or p.getFixBytes(extLength)[0] != 0:
|
| ++ raise SyntaxError()
|
| ++ self.ri = True
|
| + else:
|
| + _ = p.getFixBytes(extLength)
|
| + index2 = p.index
|
| + if index2 - index1 != extLength:
|
| + raise SyntaxError("Bad length for extension_data")
|
| + soFar += 4 + extLength
|
| ++ if CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV in self.cipher_suites:
|
| ++ self.ri = True
|
| + p.stopLengthCheck()
|
| + return self
|
| +
|
| +@@ -327,6 +336,7 @@ class ServerHello(HandshakeMsg):
|
| + self.tb_params = None
|
| + self.signed_cert_timestamps = None
|
| + self.status_request = False
|
| ++ self.send_ri = False
|
| +
|
| + def create(self, version, random, session_id, cipher_suite,
|
| + certificate_type, tackExt, alpn_proto_selected,
|
| +@@ -432,6 +442,10 @@ class ServerHello(HandshakeMsg):
|
| + if self.status_request:
|
| + w2.add(ExtensionType.status_request, 2)
|
| + w2.add(0, 2)
|
| ++ if self.send_ri:
|
| ++ w2.add(ExtensionType.renegotiation_info, 2)
|
| ++ w2.add(1, 2)
|
| ++ w2.add(0, 1)
|
| + if len(w2.bytes):
|
| + w.add(len(w2.bytes), 2)
|
| + w.bytes += w2.bytes
|
| +diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/tlslite/tlsconnection.py
|
| +index de5d580..8ba1c6e 100644
|
| +--- a/third_party/tlslite/tlslite/tlsconnection.py
|
| ++++ b/third_party/tlslite/tlslite/tlsconnection.py
|
| +@@ -1370,6 +1370,8 @@ class TLSConnection(TLSRecordLayer):
|
| + serverHello.signed_cert_timestamps = signedCertTimestamps
|
| + if clientHello.status_request:
|
| + serverHello.status_request = ocspResponse
|
| ++ if clientHello.ri:
|
| ++ serverHello.send_ri = True
|
| +
|
| + # Perform the SRP key exchange
|
| + clientCertChain = None
|
| +@@ -1583,6 +1585,8 @@ class TLSConnection(TLSRecordLayer):
|
| + if param in settings.supportedTokenBindingParams:
|
| + serverHello.tb_params = param
|
| + break
|
| ++ if clientHello.ri:
|
| ++ serverHello.send_ri = True
|
| + for result in self._sendMsg(serverHello):
|
| + yield result
|
| +
|
|
|
Chromium Code Reviews
Issue 2337253004:
Update Token Binding code to the latest drafts (Closed)
