Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(62)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/tlslite/patches/fallback_scsv.patch

Issue 418553003: Implement TLS_FALLBACK_SCSV for SSLClientSocketOpenSSL. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: rebase Created 6 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/url_request/url_request_unittest.cc ('k') | third_party/tlslite/tlslite/tlsconnection.py » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 diff --git a/third_party/tlslite/tlslite/constants.py b/third_party/tlslite/tlsl ite/constants.py 1 diff --git a/third_party/tlslite/tlslite/constants.py b/third_party/tlslite/tlsl ite/constants.py
2 index b3bad2d..d132b78 100755 2 index b3bad2d..d132b78 100755
3 --- a/third_party/tlslite/tlslite/constants.py 3 --- a/third_party/tlslite/tlslite/constants.py
4 +++ b/third_party/tlslite/tlslite/constants.py 4 +++ b/third_party/tlslite/tlslite/constants.py
5 @@ -106,6 +106,7 @@ class AlertDescription: 5 @@ -106,6 +106,7 @@ class AlertDescription:
6 protocol_version = 70 6 protocol_version = 70
7 insufficient_security = 71 7 insufficient_security = 71
8 internal_error = 80 8 internal_error = 80
9 + inappropriate_fallback = 86 9 + inappropriate_fallback = 86
10 user_canceled = 90 10 user_canceled = 90
(...skipping 97 matching lines...) Expand 10 before | Expand all | Expand 10 after
108 self._handshakeDone(resumed=True) 108 self._handshakeDone(resumed=True)
109 @@ -1234,7 +1243,7 @@ class TLSConnection(TLSRecordLayer): 109 @@ -1234,7 +1243,7 @@ class TLSConnection(TLSRecordLayer):
110 110
111 111
112 def _serverGetClientHello(self, settings, certChain, verifierDB, 112 def _serverGetClientHello(self, settings, certChain, verifierDB,
113 - sessionCache, anon, tlsIntolerant): 113 - sessionCache, anon, tlsIntolerant):
114 + sessionCache, anon, tlsIntolerant, fallbackSCSV ): 114 + sessionCache, anon, tlsIntolerant, fallbackSCSV ):
115 #Initialize acceptable cipher suites 115 #Initialize acceptable cipher suites
116 cipherSuites = [] 116 cipherSuites = []
117 if verifierDB: 117 if verifierDB:
118 @@ -1280,6 +1289,13 @@ class TLSConnection(TLSRecordLayer): 118 @@ -1280,6 +1289,14 @@ class TLSConnection(TLSRecordLayer):
119 elif clientHello.client_version > settings.maxVersion: 119 elif clientHello.client_version > settings.maxVersion:
120 self.version = settings.maxVersion 120 self.version = settings.maxVersion
121 121
122 + #Detect if the client performed an inappropriate fallback. 122 + #Detect if the client performed an inappropriate fallback.
123 + elif fallbackSCSV and clientHello.client_version < settings.maxVersion: 123 + elif fallbackSCSV and clientHello.client_version < settings.maxVersion:
124 + self.version = clientHello.client_version
124 + if CipherSuite.TLS_FALLBACK_SCSV in clientHello.cipher_suites: 125 + if CipherSuite.TLS_FALLBACK_SCSV in clientHello.cipher_suites:
125 + for result in self._sendError(\ 126 + for result in self._sendError(\
126 + AlertDescription.inappropriate_fallback): 127 + AlertDescription.inappropriate_fallback):
127 + yield result 128 + yield result
128 + 129 +
129 else: 130 else:
130 #Set the version to the client's version 131 #Set the version to the client's version
131 self.version = clientHello.client_version 132 self.version = clientHello.client_version
OLDNEW
« no previous file with comments | « net/url_request/url_request_unittest.cc ('k') | third_party/tlslite/tlslite/tlsconnection.py » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698