Update third_party/tlslite to 0.4.8.

third_party/tlslite/README

 
-tlslite version 0.4.6                                            Mar 20 2013
+tlslite version 0.4.8                                            Nov 12 2014
 Trevor Perrin <tlslite at trevp.net>
 http://trevp.net/tlslite/
 ============================================================================
 
 
 Table of Contents
 ==================
 1  Introduction
 2  License/Acknowledgements
 3  Installation
@@ skipping 18 matching lines @@
 API documentation is available in the 'docs' directory.
 
 If you have questions or feedback, feel free to contact me.  For discussing
 improvements to tlslite, also see 'tlslite-dev@googlegroups.com'.
 
 
 2 Licenses/Acknowledgements
 ============================
 TLS Lite is written (mostly) by Trevor Perrin. It includes code from Bram
 Cohen, Google, Kees Bos, Sam Rushing, Dimitris Moraitis, Marcelo Fernandez,
-Martin von Loewis, and Dave Baggett.
+Martin von Loewis, Dave Baggett, and Yngve N. Pettersen (ported by Paul 
+Sokolovsky).
 
 All code in TLS Lite has either been dedicated to the public domain by its
 authors, or placed under a BSD-style license. See the LICENSE file for
 details.
 
 Thanks to Edward Loper for Epydoc, which generated the API docs.
 
-
 3 Installation
 ===============
 Requirements:
   Python 2.6 or higher is required. Python 3 is supported.
 
 Options:
   - If you have the M2Crypto interface to OpenSSL, this will be used for fast
     RSA operations and fast ciphers.
 
   - If you have pycrypto this will be used for fast RSA operations and fast
@@ skipping 220 matching lines @@
   connection.session.srpUsername       # string
   connection.session.clientCertChain   # X509CertChain
   connection.session.serverCertChain   # X509CertChain
   connection.session.tackExt           # TACKpy.TACK_Extension
 
 X.509 chain objects return the end-entity fingerprint via getFingerprint(),
 and ignore the other certificates.
 
 TACK objects return the (validated) TACK ID via getTACKID().
 
-To save yourself the trouble of inspecting certificates and/or TACKs after the
-handshake, you can pass a Checker object into the handshake function. The
-checker will be called if the handshake completes successfully. If the other
-party isn't approved by the checker, a subclass of TLSAuthenticationError will
-be raised.
+To save yourself the trouble of inspecting certificates after the handshake,
+you can pass a Checker object into the handshake function. The checker will be
+called if the handshake completes successfully. If the other party isn't
+approved by the checker, a subclass of TLSAuthenticationError will be raised.
 
 If the handshake fails for any reason, including a Checker error, an exception
 will be raised and the socket will be closed. If the socket timed out or was
 unexpectedly closed, a socket.error or TLSAbruptCloseError will be raised.
 
 Otherwise, either a TLSLocalAlert or TLSRemoteAlert will be raised, depending
 on whether the local or remote implementation signalled the error. The
 exception object has a 'description' member which identifies the error based
 on the codes in RFC 2246. A TLSLocalAlert also has a 'message' string that may
 have more details.
@@ skipping 138 matching lines @@
 TLS Lite can be used with subclasses of asyncore.dispatcher.  See the comments
 in TLSAsyncDispatcherMixIn.py for details.  This is still experimental, and
 may not work with all asyncore.dispatcher subclasses.
 
 
 11 Security Considerations
 ===========================
 TLS Lite is beta-quality code. It hasn't received much security analysis. Use
 at your own risk.
 
+TLS Lite does NOT verify certificates by default.
+
+TLS Lite's pure-python ciphers are probably vulnerable to timing attacks.
+
 TLS Lite is probably vulnerable to the "Lucky 13" timing attack if AES or 3DES
-are used.  Thus, TLS Lite prefers the RC4 cipher.
+are used, or the weak cipher RC4 otherwise.  This unhappy situation will remain
+until TLS Lite implements authenticated-encryption ciphersuites (like GCM), or
+RFC 7366.
 
 
 12 History
 ===========
-0.4.6 - 3/20/2013
+0.4.8 - 11/12/2014
+ - Added more acknowledgements and security considerations
+0.4.7 - 11/12/2014
+ - Added TLS 1.2 support (Yngve Pettersen and Paul Sokolovsky)
+ - Don't offer SSLv3 by default (e.g. POODLE)
+ - Fixed bug with PyCrypto_RSA integration
+ - Fixed harmless bug that added non-prime into sieves list
+ - Added "make test" and "make test-dev" targets (Hubert Kario)
+0.4.5 - 3/20/2013
  - **API CHANGE**: TLSClosedConnectionError instead of ValueError when writing
    to a closed connection.  This inherits from socket.error, so should 
    interact better with SocketServer (see http://bugs.python.org/issue14574)
    and other things expecting a socket.error in this situation.
  - Added support for RC4-MD5 ciphersuite (if enabled in settings)
    - This is allegedly necessary to connect to some Internet servers.
  - Added TLSConnection.unread() function 
  - Switched to New-style classes (inherit from 'object')
  - Minor cleanups
- 
-0.4.5 - (release engineering problem, skipped!) 
-
 0.4.4 - 2/25/2013
  - Added Python 3 support (Martin von Loewis)
  - Added NPN client support (Marcelo Fernandez)
  - Switched to RC4 as preferred cipher
    - faster in Python, avoids "Lucky 13" timing attacks
  - Fixed bug when specifying ciphers for anon ciphersuites
  - Made RSA hashAndVerify() tolerant of sigs w/o encoded NULL AlgorithmParam
    - (this function is not used for TLS currently, and this tolerance may
       not even be necessary)
 0.4.3 - 9/27/2012
@@ skipping 162 matching lines @@
  - fixed server when it has a key, but client selects plain SRP
  - fixed server to postpone errors until it has read client's messages
  - fixed ServerHello to only include extension data if necessary
 0.1.1 - 2/02/2004
  - fixed close_notify behavior
  - fixed handling of empty application data packets
  - fixed socket reads to not consume extra bytes
  - added testing functions to tls.py
 0.1.0 - 2/01/2004
  - first release