| OLD | NEW |
|---|
| 1 diff --git a/third_party/tlslite/tlslite/api.py b/third_party/tlslite/tlslite/ap
i.py | 1 diff --git a/third_party/tlslite/tlslite/api.py b/third_party/tlslite/tlslite/ap
i.py |
| 2 index faef6cb..562fb81 100644 | 2 index fa6a18c..aabcc14 100644 |
| 3 --- a/third_party/tlslite/tlslite/api.py | 3 --- a/third_party/tlslite/tlslite/api.py |
| 4 +++ b/third_party/tlslite/tlslite/api.py | 4 +++ b/third_party/tlslite/tlslite/api.py |
| 5 @@ -2,7 +2,8 @@ | 5 @@ -2,7 +2,8 @@ |
| 6 # See the LICENSE file for legal information regarding use of this file. | 6 # See the LICENSE file for legal information regarding use of this file. |
| 7 | 7 |
| 8 __version__ = "0.4.6" | 8 __version__ = "0.4.8" |
| 9 -from .constants import AlertLevel, AlertDescription, Fault | 9 -from .constants import AlertLevel, AlertDescription, Fault |
| 10 +from .constants import AlertLevel, AlertDescription, ClientCertificateType, \ | 10 +from .constants import AlertLevel, AlertDescription, ClientCertificateType, \ |
| 11 + Fault | 11 + Fault |
| 12 from .errors import * | 12 from .errors import * |
| 13 from .checker import Checker | 13 from .checker import Checker |
| 14 from .handshakesettings import HandshakeSettings | 14 from .handshakesettings import HandshakeSettings |
| 15 diff --git a/third_party/tlslite/tlslite/constants.py b/third_party/tlslite/tlsl
ite/constants.py | 15 diff --git a/third_party/tlslite/tlslite/constants.py b/third_party/tlslite/tlsl
ite/constants.py |
| 16 index 30d1f9f..457b339 100644 | 16 index d2d50c5..7ee70be 100644 |
| 17 --- a/third_party/tlslite/tlslite/constants.py | 17 --- a/third_party/tlslite/tlslite/constants.py |
| 18 +++ b/third_party/tlslite/tlslite/constants.py | 18 +++ b/third_party/tlslite/tlslite/constants.py |
| 19 @@ -14,10 +14,14 @@ class CertificateType: | 19 @@ -15,10 +15,14 @@ class CertificateType: |
| 20 openpgp = 1 | 20 openpgp = 1 |
| 21 | 21 |
| 22 class ClientCertificateType: | 22 class ClientCertificateType: |
| 23 + # http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-p
arameters-2 | 23 + # http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-p
arameters-2 |
| 24 rsa_sign = 1 | 24 rsa_sign = 1 |
| 25 dss_sign = 2 | 25 dss_sign = 2 |
| 26 rsa_fixed_dh = 3 | 26 rsa_fixed_dh = 3 |
| 27 dss_fixed_dh = 4 | 27 dss_fixed_dh = 4 |
| 28 + ecdsa_sign = 64 | 28 + ecdsa_sign = 64 |
| 29 + rsa_fixed_ecdh = 65 | 29 + rsa_fixed_ecdh = 65 |
| 30 + ecdsa_fixed_ecdh = 66 | 30 + ecdsa_fixed_ecdh = 66 |
| 31 | 31 |
| 32 class HandshakeType: | 32 class HandshakeType: |
| 33 hello_request = 0 | 33 hello_request = 0 |
| 34 diff --git a/third_party/tlslite/tlslite/messages.py b/third_party/tlslite/tlsli
te/messages.py | 34 diff --git a/third_party/tlslite/tlslite/messages.py b/third_party/tlslite/tlsli
te/messages.py |
| 35 index 550b387..c8a913c 100644 | 35 index 8b77ee6..e1be195 100644 |
| 36 --- a/third_party/tlslite/tlslite/messages.py | 36 --- a/third_party/tlslite/tlslite/messages.py |
| 37 +++ b/third_party/tlslite/tlslite/messages.py | 37 +++ b/third_party/tlslite/tlslite/messages.py |
| 38 @@ -454,9 +454,7 @@ class CertificateStatus(HandshakeMsg): | 38 @@ -455,17 +455,14 @@ class CertificateStatus(HandshakeMsg): |
| 39 class CertificateRequest(HandshakeMsg): | 39 class CertificateRequest(HandshakeMsg): |
| 40 def __init__(self): | 40 def __init__(self, version): |
| 41 HandshakeMsg.__init__(self, HandshakeType.certificate_request) | 41 HandshakeMsg.__init__(self, HandshakeType.certificate_request) |
| 42 - #Apple's Secure Transport library rejects empty certificate_types, so | 42 - #Apple's Secure Transport library rejects empty certificate_types, so |
| 43 - #default to rsa_sign. | 43 - #default to rsa_sign. |
| 44 - self.certificate_types = [ClientCertificateType.rsa_sign] | 44 - self.certificate_types = [ClientCertificateType.rsa_sign] |
| 45 + self.certificate_types = [] | 45 + self.certificate_types = [] |
| 46 self.certificate_authorities = [] | 46 self.certificate_authorities = [] |
| 47 self.version = version |
| 48 self.supported_signature_algs = [] |
| 47 | 49 |
| 48 def create(self, certificate_types, certificate_authorities): | 50 - def create(self, certificate_types, certificate_authorities, sig_algs=(), v
ersion=(3,0)): |
| 51 + def create(self, certificate_types, certificate_authorities, sig_algs=()): |
| 52 self.certificate_types = certificate_types |
| 53 self.certificate_authorities = certificate_authorities |
| 54 - self.version = version |
| 55 self.supported_signature_algs = sig_algs |
| 56 return self |
| 57 |
| 49 diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/
tlslite/tlsconnection.py | 58 diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/
tlslite/tlsconnection.py |
| 50 index e6f7820..044ad59 100644 | 59 index f6d13d4..f8547d5 100644 |
| 51 --- a/third_party/tlslite/tlslite/tlsconnection.py | 60 --- a/third_party/tlslite/tlslite/tlsconnection.py |
| 52 +++ b/third_party/tlslite/tlslite/tlsconnection.py | 61 +++ b/third_party/tlslite/tlslite/tlsconnection.py |
| 53 @@ -1062,7 +1062,7 @@ class TLSConnection(TLSRecordLayer): | 62 @@ -1070,7 +1070,7 @@ class TLSConnection(TLSRecordLayer): |
| 54 def handshakeServer(self, verifierDB=None, | 63 def handshakeServer(self, verifierDB=None, |
| 55 certChain=None, privateKey=None, reqCert=False, | 64 certChain=None, privateKey=None, reqCert=False, |
| 56 sessionCache=None, settings=None, checker=None, | 65 sessionCache=None, settings=None, checker=None, |
| 57 - reqCAs = None, | 66 - reqCAs = None, |
| 58 + reqCAs = None, reqCertTypes = None, | 67 + reqCAs = None, reqCertTypes = None, |
| 59 tacks=None, activationFlags=0, | 68 tacks=None, activationFlags=0, |
| 60 nextProtos=None, anon=False, | 69 nextProtos=None, anon=False, |
| 61 tlsIntolerant=None, signedCertTimestamps=None, | 70 tlsIntolerant=None, signedCertTimestamps=None, |
| 62 @@ -1130,6 +1130,10 @@ class TLSConnection(TLSRecordLayer): | 71 @@ -1138,6 +1138,10 @@ class TLSConnection(TLSRecordLayer): |
| 63 will be sent along with a certificate request. This does not affect | 72 will be sent along with a certificate request. This does not affect |
| 64 verification. | 73 verification. |
| 65 | 74 |
| 66 + @type reqCertTypes: list of int | 75 + @type reqCertTypes: list of int |
| 67 + @param reqCertTypes: A list of certificate_type values to be sent | 76 + @param reqCertTypes: A list of certificate_type values to be sent |
| 68 + along with a certificate request. This does not affect verification. | 77 + along with a certificate request. This does not affect verification. |
| 69 + | 78 + |
| 70 @type nextProtos: list of strings. | 79 @type nextProtos: list of strings. |
| 71 @param nextProtos: A list of upper layer protocols to expose to the | 80 @param nextProtos: A list of upper layer protocols to expose to the |
| 72 clients through the Next-Protocol Negotiation Extension, | 81 clients through the Next-Protocol Negotiation Extension, |
| 73 @@ -1169,7 +1173,7 @@ class TLSConnection(TLSRecordLayer): | 82 @@ -1177,7 +1181,7 @@ class TLSConnection(TLSRecordLayer): |
| 74 """ | 83 """ |
| 75 for result in self.handshakeServerAsync(verifierDB, | 84 for result in self.handshakeServerAsync(verifierDB, |
| 76 certChain, privateKey, reqCert, sessionCache, settings, | 85 certChain, privateKey, reqCert, sessionCache, settings, |
| 77 - checker, reqCAs, | 86 - checker, reqCAs, |
| 78 + checker, reqCAs, reqCertTypes, | 87 + checker, reqCAs, reqCertTypes, |
| 79 tacks=tacks, activationFlags=activationFlags, | 88 tacks=tacks, activationFlags=activationFlags, |
| 80 nextProtos=nextProtos, anon=anon, tlsIntolerant=tlsIntolerant, | 89 nextProtos=nextProtos, anon=anon, tlsIntolerant=tlsIntolerant, |
| 81 signedCertTimestamps=signedCertTimestamps, | 90 signedCertTimestamps=signedCertTimestamps, |
| 82 @@ -1180,7 +1184,7 @@ class TLSConnection(TLSRecordLayer): | 91 @@ -1188,7 +1192,7 @@ class TLSConnection(TLSRecordLayer): |
| 83 def handshakeServerAsync(self, verifierDB=None, | 92 def handshakeServerAsync(self, verifierDB=None, |
| 84 certChain=None, privateKey=None, reqCert=False, | 93 certChain=None, privateKey=None, reqCert=False, |
| 85 sessionCache=None, settings=None, checker=None, | 94 sessionCache=None, settings=None, checker=None, |
| 86 - reqCAs=None, | 95 - reqCAs=None, |
| 87 + reqCAs=None, reqCertTypes=None, | 96 + reqCAs=None, reqCertTypes=None, |
| 88 tacks=None, activationFlags=0, | 97 tacks=None, activationFlags=0, |
| 89 nextProtos=None, anon=False, | 98 nextProtos=None, anon=False, |
| 90 tlsIntolerant=None, | 99 tlsIntolerant=None, |
| 91 @@ -1203,7 +1207,7 @@ class TLSConnection(TLSRecordLayer): | 100 @@ -1211,7 +1215,7 @@ class TLSConnection(TLSRecordLayer): |
| 92 verifierDB=verifierDB, certChain=certChain, | 101 verifierDB=verifierDB, certChain=certChain, |
| 93 privateKey=privateKey, reqCert=reqCert, | 102 privateKey=privateKey, reqCert=reqCert, |
| 94 sessionCache=sessionCache, settings=settings, | 103 sessionCache=sessionCache, settings=settings, |
| 95 - reqCAs=reqCAs, | 104 - reqCAs=reqCAs, |
| 96 + reqCAs=reqCAs, reqCertTypes=reqCertTypes, | 105 + reqCAs=reqCAs, reqCertTypes=reqCertTypes, |
| 97 tacks=tacks, activationFlags=activationFlags, | 106 tacks=tacks, activationFlags=activationFlags, |
| 98 nextProtos=nextProtos, anon=anon, | 107 nextProtos=nextProtos, anon=anon, |
| 99 tlsIntolerant=tlsIntolerant, | 108 tlsIntolerant=tlsIntolerant, |
| 100 @@ -1216,7 +1220,7 @@ class TLSConnection(TLSRecordLayer): | 109 @@ -1224,7 +1228,7 @@ class TLSConnection(TLSRecordLayer): |
| 101 | 110 |
| 102 def _handshakeServerAsyncHelper(self, verifierDB, | 111 def _handshakeServerAsyncHelper(self, verifierDB, |
| 103 certChain, privateKey, reqCert, sessionCache, | 112 certChain, privateKey, reqCert, sessionCache, |
| 104 - settings, reqCAs, | 113 - settings, reqCAs, |
| 105 + settings, reqCAs, reqCertTypes, | 114 + settings, reqCAs, reqCertTypes, |
| 106 tacks, activationFlags, | 115 tacks, activationFlags, |
| 107 nextProtos, anon, | 116 nextProtos, anon, |
| 108 tlsIntolerant, signedCertTimestamps, fallbackSCSV, | 117 tlsIntolerant, signedCertTimestamps, fallbackSCSV, |
| 109 @@ -1232,6 +1236,8 @@ class TLSConnection(TLSRecordLayer): | 118 @@ -1240,6 +1244,8 @@ class TLSConnection(TLSRecordLayer): |
| 110 raise ValueError("Caller passed a privateKey but no certChain") | 119 raise ValueError("Caller passed a privateKey but no certChain") |
| 111 if reqCAs and not reqCert: | 120 if reqCAs and not reqCert: |
| 112 raise ValueError("Caller passed reqCAs but not reqCert")
| 121 raise ValueError("Caller passed reqCAs but not reqCert")
|
| 113 + if reqCertTypes and not reqCert: | 122 + if reqCertTypes and not reqCert: |
| 114 + raise ValueError("Caller passed reqCertTypes but not reqCert") | 123 + raise ValueError("Caller passed reqCertTypes but not reqCert") |
| 115 if certChain and not isinstance(certChain, X509CertChain): | 124 if certChain and not isinstance(certChain, X509CertChain): |
| 116 raise ValueError("Unrecognized certificate type") | 125 raise ValueError("Unrecognized certificate type") |
| 117 if activationFlags and not tacks: | 126 if activationFlags and not tacks: |
| 118 @@ -1320,7 +1326,7 @@ class TLSConnection(TLSRecordLayer): | 127 @@ -1328,7 +1334,7 @@ class TLSConnection(TLSRecordLayer): |
| 119 assert(False) | 128 assert(False) |
| 120 for result in self._serverCertKeyExchange(clientHello, serverHello,
| 129 for result in self._serverCertKeyExchange(clientHello, serverHello,
|
| 121 certChain, keyExchange, | 130 certChain, keyExchange, |
| 122 - reqCert, reqCAs, cipherSuite, | 131 - reqCert, reqCAs, cipherSuite, |
| 123 + reqCert, reqCAs, reqCertTypes, cipherSu
ite, | 132 + reqCert, reqCAs, reqCertTypes, cipherSu
ite, |
| 124 settings, ocspResponse): | 133 settings, ocspResponse): |
| 125 if result in (0,1): yield result | 134 if result in (0,1): yield result |
| 126 else: break | 135 else: break |
| 127 @@ -1597,7 +1603,7 @@ class TLSConnection(TLSRecordLayer): | 136 @@ -1607,7 +1613,7 @@ class TLSConnection(TLSRecordLayer): |
| 128 | 137 |
| 129 def _serverCertKeyExchange(self, clientHello, serverHello, | 138 def _serverCertKeyExchange(self, clientHello, serverHello, |
| 130 serverCertChain, keyExchange, | 139 serverCertChain, keyExchange, |
| 131 - reqCert, reqCAs, cipherSuite, | 140 - reqCert, reqCAs, cipherSuite, |
| 132 + reqCert, reqCAs, reqCertTypes, cipherSuite, | 141 + reqCert, reqCAs, reqCertTypes, cipherSuite, |
| 133 settings, ocspResponse): | 142 settings, ocspResponse): |
| 134 #Send ServerHello, Certificate[, ServerKeyExchange] | 143 #Send ServerHello, Certificate[, ServerKeyExchange] |
| 135 #[, CertificateRequest], ServerHelloDone | 144 #[, CertificateRequest], ServerHelloDone |
| 136 @@ -1613,11 +1619,12 @@ class TLSConnection(TLSRecordLayer): | 145 @@ -1623,11 +1629,13 @@ class TLSConnection(TLSRecordLayer): |
| 137 serverKeyExchange = keyExchange.makeServerKeyExchange() | 146 serverKeyExchange = keyExchange.makeServerKeyExchange() |
| 138 if serverKeyExchange is not None: | 147 if serverKeyExchange is not None: |
| 139 msgs.append(serverKeyExchange) | 148 msgs.append(serverKeyExchange) |
| 140 - if reqCert and reqCAs: | 149 - if reqCert and reqCAs: |
| 141 - msgs.append(CertificateRequest().create(\ | 150 - msgs.append(CertificateRequest().create(\ |
| 142 - [ClientCertificateType.rsa_sign], reqCAs)) | 151 - [ClientCertificateType.rsa_sign], reqCAs)) |
| 143 - elif reqCert: | 152 - elif reqCert: |
| 144 - msgs.append(CertificateRequest()) | 153 - msgs.append(CertificateRequest(self.version)) |
| 145 + if reqCert: | 154 + if reqCert: |
| 146 + reqCAs = reqCAs or [] | 155 + reqCAs = reqCAs or [] |
| 147 + #Apple's Secure Transport library rejects empty certificate_types, | 156 + #Apple's Secure Transport library rejects empty certificate_types, |
| 148 + #so default to rsa_sign. | 157 + #so default to rsa_sign. |
| 149 + reqCertTypes = reqCertTypes or [ClientCertificateType.rsa_sign] | 158 + reqCertTypes = reqCertTypes or [ClientCertificateType.rsa_sign] |
| 150 + msgs.append(CertificateRequest().create(reqCertTypes, reqCAs)) | 159 + msgs.append(CertificateRequest(self.version).create(reqCertTypes, |
| 160 + reqCAs)) |
| 151 msgs.append(ServerHelloDone()) | 161 msgs.append(ServerHelloDone()) |
| 152 for result in self._sendMsgs(msgs): | 162 for result in self._sendMsgs(msgs): |
| 153 yield result | 163 yield result |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 858373002:
Update third_party/tlslite to 0.4.8. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master