Index: third_party/tlslite/tlslite/TLSConnection.py |
diff --git a/third_party/tlslite/tlslite/TLSConnection.py b/third_party/tlslite/tlslite/TLSConnection.py |
index e882e2c8f2ac00079746760611ecbda76c4c0e1c..3f6b73673e5c6031bc3863e9806a9c5a1fb442c5 100644 |
--- a/third_party/tlslite/tlslite/TLSConnection.py |
+++ b/third_party/tlslite/tlslite/TLSConnection.py |
@@ -936,7 +936,8 @@ class TLSConnection(TLSRecordLayer): |
def handshakeServer(self, sharedKeyDB=None, verifierDB=None, |
certChain=None, privateKey=None, reqCert=False, |
sessionCache=None, settings=None, checker=None, |
- reqCAs=None, tlsIntolerant=0): |
+ reqCAs=None, tlsIntolerant=0, |
+ signedCertTimestamps=None): |
"""Perform a handshake in the role of server. |
This function performs an SSL or TLS handshake. Depending on |
@@ -1016,14 +1017,15 @@ class TLSConnection(TLSRecordLayer): |
""" |
for result in self.handshakeServerAsync(sharedKeyDB, verifierDB, |
certChain, privateKey, reqCert, sessionCache, settings, |
- checker, reqCAs, tlsIntolerant): |
+ checker, reqCAs, tlsIntolerant, signedCertTimestamps): |
pass |
def handshakeServerAsync(self, sharedKeyDB=None, verifierDB=None, |
certChain=None, privateKey=None, reqCert=False, |
sessionCache=None, settings=None, checker=None, |
- reqCAs=None, tlsIntolerant=0): |
+ reqCAs=None, tlsIntolerant=0, |
+ signedCertTimestamps=None): |
"""Start a server handshake operation on the TLS connection. |
This function returns a generator which behaves similarly to |
@@ -1041,14 +1043,16 @@ class TLSConnection(TLSRecordLayer): |
privateKey=privateKey, reqCert=reqCert, |
sessionCache=sessionCache, settings=settings, |
reqCAs=reqCAs, |
- tlsIntolerant=tlsIntolerant) |
+ tlsIntolerant=tlsIntolerant, |
+ signedCertTimestamps=signedCertTimestamps) |
for result in self._handshakeWrapperAsync(handshaker, checker): |
yield result |
def _handshakeServerAsyncHelper(self, sharedKeyDB, verifierDB, |
- certChain, privateKey, reqCert, sessionCache, |
- settings, reqCAs, tlsIntolerant): |
+ certChain, privateKey, reqCert, |
+ sessionCache, settings, reqCAs, |
+ tlsIntolerant, signedCertTimestamps): |
self._handshakeStart(client=False) |
@@ -1060,6 +1064,9 @@ class TLSConnection(TLSRecordLayer): |
raise ValueError("Caller passed a privateKey but no certChain") |
if reqCAs and not reqCert: |
raise ValueError("Caller passed reqCAs but not reqCert") |
+ if signedCertTimestamps and not certChain: |
+ raise ValueError("Caller passed signedCertTimestamps but no " |
+ "certChain") |
if not settings: |
settings = HandshakeSettings() |
@@ -1415,6 +1422,8 @@ class TLSConnection(TLSRecordLayer): |
self.version, serverRandom, |
sessionID, cipherSuite, certificateType) |
serverHello.channel_id = clientHello.channel_id |
+ if clientHello.signed_cert_timestamps: |
+ serverHello.signed_cert_timestamps = signedCertTimestamps |
doingChannelID = clientHello.channel_id |
msgs.append(serverHello) |
msgs.append(Certificate(certificateType).create(serverCertChain)) |