third_party/tlslite/patches/req_cert_types.patch - Issue 257513008: Populate cert_key_types on OpenSSL.

Side by Side Diff: third_party/tlslite/patches/req_cert_types.patch

Issue 257513008: Populate cert_key_types on OpenSSL. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Line length (try jobs on #8) Created 6 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
(Empty)
	1 diff --git a/third_party/tlslite/tlslite/api.py b/third_party/tlslite/tlslite/ap i.py

	2 index faef6cb..562fb81 100644

	3 --- a/third_party/tlslite/tlslite/api.py

	4 +++ b/third_party/tlslite/tlslite/api.py

	5 @@ -2,7 +2,8 @@

	6 # See the LICENSE file for legal information regarding use of this file.

	7

	8 __version__ = "0.4.6"

	9 -from .constants import AlertLevel, AlertDescription, Fault

	10 +from .constants import AlertLevel, AlertDescription, ClientCertificateType, \

	11 + Fault

	12 from .errors import *

	13 from .checker import Checker

	14 from .handshakesettings import HandshakeSettings

	15 diff --git a/third_party/tlslite/tlslite/constants.py b/third_party/tlslite/tlsl ite/constants.py

	16 index 30d1f9f..457b339 100644

	17 --- a/third_party/tlslite/tlslite/constants.py

	18 +++ b/third_party/tlslite/tlslite/constants.py

	19 @@ -14,10 +14,14 @@ class CertificateType:

	20 openpgp = 1

	21

	22 class ClientCertificateType:

	23 + # http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-p arameters-2

	24 rsa_sign = 1

	25 dss_sign = 2

	26 rsa_fixed_dh = 3

	27 dss_fixed_dh = 4

	28 + ecdsa_sign = 64

	29 + rsa_fixed_ecdh = 65

	30 + ecdsa_fixed_ecdh = 66

	31

	32 class HandshakeType:

	33 hello_request = 0

	34 diff --git a/third_party/tlslite/tlslite/messages.py b/third_party/tlslite/tlsli te/messages.py

	35 index 550b387..c8a913c 100644

	36 --- a/third_party/tlslite/tlslite/messages.py

	37 +++ b/third_party/tlslite/tlslite/messages.py

	38 @@ -454,9 +454,7 @@ class CertificateStatus(HandshakeMsg):

	39 class CertificateRequest(HandshakeMsg):

	40 def __init__(self):

	41 HandshakeMsg.__init__(self, HandshakeType.certificate_request)

	42 - #Apple's Secure Transport library rejects empty certificate_types, so

	43 - #default to rsa_sign.

	44 - self.certificate_types = [ClientCertificateType.rsa_sign]

	45 + self.certificate_types = []

	46 self.certificate_authorities = []

	47

	48 def create(self, certificate_types, certificate_authorities):

	49 diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/ tlslite/tlsconnection.py

	50 index e6f7820..044ad59 100644

	51 --- a/third_party/tlslite/tlslite/tlsconnection.py

	52 +++ b/third_party/tlslite/tlslite/tlsconnection.py

	53 @@ -1062,7 +1062,7 @@ class TLSConnection(TLSRecordLayer):

	54 def handshakeServer(self, verifierDB=None,

	55 certChain=None, privateKey=None, reqCert=False,

	56 sessionCache=None, settings=None, checker=None,

	57 - reqCAs = None,

	58 + reqCAs = None, reqCertTypes = None,

	59 tacks=None, activationFlags=0,

	60 nextProtos=None, anon=False,

	61 tlsIntolerant=None, signedCertTimestamps=None,

	62 @@ -1130,6 +1130,10 @@ class TLSConnection(TLSRecordLayer):

	63 will be sent along with a certificate request. This does not affect

	64 verification.

	65

	66 + @type reqCertTypes: list of int

	67 + @param reqCertTypes: A list of certificate_type values to be sent

	68 + along with a certificate request. This does not affect verification.

	69 +

	70 @type nextProtos: list of strings.

	71 @param nextProtos: A list of upper layer protocols to expose to the

	72 clients through the Next-Protocol Negotiation Extension,

	73 @@ -1169,7 +1173,7 @@ class TLSConnection(TLSRecordLayer):

	74 """

	75 for result in self.handshakeServerAsync(verifierDB,

	76 certChain, privateKey, reqCert, sessionCache, settings,

	77 - checker, reqCAs,

	78 + checker, reqCAs, reqCertTypes,

	79 tacks=tacks, activationFlags=activationFlags,

	80 nextProtos=nextProtos, anon=anon, tlsIntolerant=tlsIntolerant,

	81 signedCertTimestamps=signedCertTimestamps,

	82 @@ -1180,7 +1184,7 @@ class TLSConnection(TLSRecordLayer):

	83 def handshakeServerAsync(self, verifierDB=None,

	84 certChain=None, privateKey=None, reqCert=False,

	85 sessionCache=None, settings=None, checker=None,

	86 - reqCAs=None,

	87 + reqCAs=None, reqCertTypes=None,

	88 tacks=None, activationFlags=0,

	89 nextProtos=None, anon=False,

	90 tlsIntolerant=None,

	91 @@ -1203,7 +1207,7 @@ class TLSConnection(TLSRecordLayer):

	92 verifierDB=verifierDB, certChain=certChain,

	93 privateKey=privateKey, reqCert=reqCert,

	94 sessionCache=sessionCache, settings=settings,

	95 - reqCAs=reqCAs,

	96 + reqCAs=reqCAs, reqCertTypes=reqCertTypes,

	97 tacks=tacks, activationFlags=activationFlags,

	98 nextProtos=nextProtos, anon=anon,

	99 tlsIntolerant=tlsIntolerant,

	100 @@ -1216,7 +1220,7 @@ class TLSConnection(TLSRecordLayer):

	101

	102 def _handshakeServerAsyncHelper(self, verifierDB,

	103 certChain, privateKey, reqCert, sessionCache,

	104 - settings, reqCAs,

	105 + settings, reqCAs, reqCertTypes,

	106 tacks, activationFlags,

	107 nextProtos, anon,

	108 tlsIntolerant, signedCertTimestamps, fallbackSCSV,

	109 @@ -1232,6 +1236,8 @@ class TLSConnection(TLSRecordLayer):

	110 raise ValueError("Caller passed a privateKey but no certChain")

	111 if reqCAs and not reqCert:

	112 raise ValueError("Caller passed reqCAs but not reqCert")

	113 + if reqCertTypes and not reqCert:

	114 + raise ValueError("Caller passed reqCertTypes but not reqCert")

	115 if certChain and not isinstance(certChain, X509CertChain):

	116 raise ValueError("Unrecognized certificate type")

	117 if activationFlags and not tacks:

	118 @@ -1320,7 +1326,7 @@ class TLSConnection(TLSRecordLayer):

	119 assert(False)

	120 for result in self._serverCertKeyExchange(clientHello, serverHello,

	121 certChain, keyExchange,

	122 - reqCert, reqCAs, cipherSuite,

	123 + reqCert, reqCAs, reqCertTypes, cipherSu ite,

	124 settings, ocspResponse):

	125 if result in (0,1): yield result

	126 else: break

	127 @@ -1597,7 +1603,7 @@ class TLSConnection(TLSRecordLayer):

	128

	129 def _serverCertKeyExchange(self, clientHello, serverHello,

	130 serverCertChain, keyExchange,

	131 - reqCert, reqCAs, cipherSuite,

	132 + reqCert, reqCAs, reqCertTypes, cipherSuite,

	133 settings, ocspResponse):

	134 #Send ServerHello, Certificate[, ServerKeyExchange]

	135 #[, CertificateRequest], ServerHelloDone

	136 @@ -1613,11 +1619,12 @@ class TLSConnection(TLSRecordLayer):

	137 serverKeyExchange = keyExchange.makeServerKeyExchange()

	138 if serverKeyExchange is not None:

	139 msgs.append(serverKeyExchange)

	140 - if reqCert and reqCAs:

	141 - msgs.append(CertificateRequest().create(\

	142 - [ClientCertificateType.rsa_sign], reqCAs))

	143 - elif reqCert:

	144 - msgs.append(CertificateRequest())

	145 + if reqCert:

	146 + reqCAs = reqCAs or []

	147 + #Apple's Secure Transport library rejects empty certificate_types,

	148 + #so default to rsa_sign.

	149 + reqCertTypes = reqCertTypes or [ClientCertificateType.rsa_sign]

	150 + msgs.append(CertificateRequest().create(reqCertTypes, reqCAs))

	151 msgs.append(ServerHelloDone())

	152 for result in self._sendMsgs(msgs):

	153 yield result

OLD	NEW

« no previous file with comments | « third_party/tlslite/README.chromium ('k') | third_party/tlslite/tlslite/api.py » ('j') | no next file with comments »