Update third_party/tlslite to 0.4.8.

Update third_party/tlslite to 0.4.8.

This pulls in TLS 1.2 support from upstream.

Local patches:
- tls_intolerant.patch: rebased
- channel_id.patch: rebased
- signed_certificate_timestamps.patch: rebased
- fallback_scsv.patch: rebased
- status_request.patch: rebased
- pycrypto.patch: dropped; fixed upstream.
- client_cipher_preferences.patch: dropped; upstream came up with saner
  orderings.
- ssl3_padding.patch: rebased
- srp_cert.patch: dropped; no longer needed.
- fix_test_file.patch: rebased
- dhe_rsa.patch: rebased and heavily reworked to account for TLS 1.2 and
  server cipher order.
- req_cert_types.patch: rebased and tweaked to fix upstream TLS 1.2 bugs.
- ignore_write_failure.patch: rebased
- intolerance_options.patch: rebased
- save_client_hello.patch: rebased
- certificate_request.patch: newly added; fix more upstream TLS 1.2 bugs.

Other changes:
- Upstream disabled SSLv3 by default. It is re-enabled in test_server.py for
  testing purposes.

BUG=450730
Committed: https://crrev.com/72decb6a9315a7f8b3cf1780d537b349f7cb55aa
Cr-Commit-Position: refs/heads/master@{#312530}

[davidben, 2015-01-21 23:44:11]

davidben@chromium.org changed reviewers:
+ rsleevi@chromium.org

[davidben, 2015-01-21 23:44:12]

I apologize for how painful this review will be. :-)

Patch set 2 is the version (try bots willing) I'd like to land.

Patch set 1 is the same thing but with all our patches removed. It should be a
pristine copy of 0.4.8 and is uploaded to make review easier. (I expect you'll
want to look at some combination of Base -> PS2 and PS1 -> PS2.)

https://codereview.chromium.org/858373002/diff/20001/third_party/tlslite/tlsl...
File third_party/tlslite/tlslite/tlsconnection.py (right):

https://codereview.chromium.org/858373002/diff/20001/third_party/tlslite/tlsl...
third_party/tlslite/tlslite/tlsconnection.py:970: verifyBytes =
self._handshake_sha256.digest()
This completely broken for TLS 1.2. It is likewise completely broken upstream.
I've left it alone with a TODO for now, but we'll need to fix it once we can
unit test client auth in Chromium.

[davidben, 2015-01-22 00:18:35]

https://codereview.chromium.org/858373002/diff/20001/third_party/tlslite/tlsl...
File third_party/tlslite/tlslite/tlsconnection.py (right):

https://codereview.chromium.org/858373002/diff/20001/third_party/tlslite/tlsl...
third_party/tlslite/tlslite/tlsconnection.py:970: verifyBytes =
self._handshake_sha256.digest()
On 2015/01/21 23:44:11, David Benjamin wrote:
> This completely broken for TLS 1.2. It is likewise completely broken upstream.
> I've left it alone with a TODO for now, but we'll need to fix it once we can
> unit test client auth in Chromium.

Actually... we do have some tests in SSLClientSocketOpenSSLClientAuthTest. Try
jobs aren't exploding on Android though. I'll look into that and probably just
fix it.

[davidben, 2015-01-22 00:56:46]

Updated to finish fixing client auth. It only signs SHA-1 right now because
that's the only PKCS#1 prefix this code knows how to do and I didn't want to
implement the full-on negotiation dance.

I think Android triggered tests are failing to run for some reason, because the
previous try run shouldn't have been green.

https://codereview.chromium.org/858373002/diff/20001/third_party/tlslite/tlsl...
File third_party/tlslite/tlslite/tlsconnection.py (right):

https://codereview.chromium.org/858373002/diff/20001/third_party/tlslite/tlsl...
third_party/tlslite/tlslite/tlsconnection.py:970: verifyBytes =
self._handshake_sha256.digest()
On 2015/01/22 00:18:35, David Benjamin wrote:
> On 2015/01/21 23:44:11, David Benjamin wrote:
> > This completely broken for TLS 1.2. It is likewise completely broken
upstream.
> > I've left it alone with a TODO for now, but we'll need to fix it once we can
> > unit test client auth in Chromium.
> 
> Actually... we do have some tests in SSLClientSocketOpenSSLClientAuthTest. Try
> jobs aren't exploding on Android though. I'll look into that and probably just
> fix it.

Done.

[Ryan Sleevi, 2015-01-22 01:29:08]

lgtm

[davidben, 2015-01-22 02:06:56]

The CQ bit was checked by davidben@chromium.org

[commit-bot: I haz the power, 2015-01-22 02:07:53]

CQ is trying da patch. Follow status at
 https://chromium-cq-status.appspot.com/patch-status/858373002/40001

[commit-bot: I haz the power, 2015-01-22 02:21:58]

Committed patchset #3 (id:40001)

[commit-bot: I haz the power, 2015-01-22 02:23:02]

Patchset 3 (id:??) landed as
https://crrev.com/72decb6a9315a7f8b3cf1780d537b349f7cb55aa
Cr-Commit-Position: refs/heads/master@{#312530}