| Index: third_party/tlslite/tlslite/TLSConnection.py
|
| diff --git a/third_party/tlslite/tlslite/TLSConnection.py b/third_party/tlslite/tlslite/TLSConnection.py
|
| index e882e2c8f2ac00079746760611ecbda76c4c0e1c..d2270a995f036c0478345dacee7d9e95efd68660 100644
|
| --- a/third_party/tlslite/tlslite/TLSConnection.py
|
| +++ b/third_party/tlslite/tlslite/TLSConnection.py
|
| @@ -936,7 +936,8 @@ class TLSConnection(TLSRecordLayer):
|
| def handshakeServer(self, sharedKeyDB=None, verifierDB=None,
|
| certChain=None, privateKey=None, reqCert=False,
|
| sessionCache=None, settings=None, checker=None,
|
| - reqCAs=None, tlsIntolerant=0):
|
| + reqCAs=None, tlsIntolerant=0,
|
| + signedCertTimestamps=None):
|
| """Perform a handshake in the role of server.
|
|
|
| This function performs an SSL or TLS handshake. Depending on
|
| @@ -1007,6 +1008,11 @@ class TLSConnection(TLSRecordLayer):
|
| will be sent along with a certificate request. This does not affect
|
| verification.
|
|
|
| + @type signedCertTimestamps: str
|
| + @param signedCertTimestamps: A SignedCertificateTimestampList (as a
|
| + binary 8-bit string) that will be sent as a TLS extension whenever
|
| + the client announces support for the extension.
|
| +
|
| @raise socket.error: If a socket error occurs.
|
| @raise tlslite.errors.TLSAbruptCloseError: If the socket is closed
|
| without a preceding alert.
|
| @@ -1016,14 +1022,15 @@ class TLSConnection(TLSRecordLayer):
|
| """
|
| for result in self.handshakeServerAsync(sharedKeyDB, verifierDB,
|
| certChain, privateKey, reqCert, sessionCache, settings,
|
| - checker, reqCAs, tlsIntolerant):
|
| + checker, reqCAs, tlsIntolerant, signedCertTimestamps):
|
| pass
|
|
|
|
|
| def handshakeServerAsync(self, sharedKeyDB=None, verifierDB=None,
|
| certChain=None, privateKey=None, reqCert=False,
|
| sessionCache=None, settings=None, checker=None,
|
| - reqCAs=None, tlsIntolerant=0):
|
| + reqCAs=None, tlsIntolerant=0,
|
| + signedCertTimestamps=None):
|
| """Start a server handshake operation on the TLS connection.
|
|
|
| This function returns a generator which behaves similarly to
|
| @@ -1041,14 +1048,16 @@ class TLSConnection(TLSRecordLayer):
|
| privateKey=privateKey, reqCert=reqCert,
|
| sessionCache=sessionCache, settings=settings,
|
| reqCAs=reqCAs,
|
| - tlsIntolerant=tlsIntolerant)
|
| + tlsIntolerant=tlsIntolerant,
|
| + signedCertTimestamps=signedCertTimestamps)
|
| for result in self._handshakeWrapperAsync(handshaker, checker):
|
| yield result
|
|
|
|
|
| def _handshakeServerAsyncHelper(self, sharedKeyDB, verifierDB,
|
| - certChain, privateKey, reqCert, sessionCache,
|
| - settings, reqCAs, tlsIntolerant):
|
| + certChain, privateKey, reqCert,
|
| + sessionCache, settings, reqCAs,
|
| + tlsIntolerant, signedCertTimestamps):
|
|
|
| self._handshakeStart(client=False)
|
|
|
| @@ -1060,6 +1069,9 @@ class TLSConnection(TLSRecordLayer):
|
| raise ValueError("Caller passed a privateKey but no certChain")
|
| if reqCAs and not reqCert:
|
| raise ValueError("Caller passed reqCAs but not reqCert")
|
| + if signedCertTimestamps and not certChain:
|
| + raise ValueError("Caller passed signedCertTimestamps but no "
|
| + "certChain")
|
|
|
| if not settings:
|
| settings = HandshakeSettings()
|
| @@ -1415,6 +1427,8 @@ class TLSConnection(TLSRecordLayer):
|
| self.version, serverRandom,
|
| sessionID, cipherSuite, certificateType)
|
| serverHello.channel_id = clientHello.channel_id
|
| + if clientHello.support_signed_cert_timestamps:
|
| + serverHello.signed_cert_timestamps = signedCertTimestamps
|
| doingChannelID = clientHello.channel_id
|
| msgs.append(serverHello)
|
| msgs.append(Certificate(certificateType).create(serverCertChain))
|
|
|
Chromium Code Reviews
Issue 83333003:
Add support for fetching Certificate Transparency SCTs over a TLS extension (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master