Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(7)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/tlslite/patches/signed_certificate_timestamps.patch

Issue 858373002: Update third_party/tlslite to 0.4.8. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Finish fixing client auth Created 5 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/tlslite/patches/save_client_hello.patch ('k') | third_party/tlslite/patches/srp_cert.patch » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 diff --git a/third_party/tlslite/tlslite/constants.py b/third_party/tlslite/tlsl ite/constants.py 1 diff --git a/third_party/tlslite/tlslite/constants.py b/third_party/tlslite/tlsl ite/constants.py
2 index 79ad145..b3bad2d 100755 2 index 6429c66..8720de6 100644
3 --- a/third_party/tlslite/tlslite/constants.py 3 --- a/third_party/tlslite/tlslite/constants.py
4 +++ b/third_party/tlslite/tlslite/constants.py 4 +++ b/third_party/tlslite/tlslite/constants.py
5 @@ -44,6 +44,7 @@ class ExtensionType: # RFC 6066 / 4366 5 @@ -45,6 +45,7 @@ class ExtensionType: # RFC 6066 / 4366
6 server_name = 0 # RFC 6066 / 4366 6 server_name = 0 # RFC 6066 / 4366
7 srp = 12 # RFC 5054 7 srp = 12 # RFC 5054
8 cert_type = 9 # RFC 6091 8 cert_type = 9 # RFC 6091
9 + signed_cert_timestamps = 18 # RFC 6962 9 + signed_cert_timestamps = 18 # RFC 6962
10 tack = 0xF300 10 tack = 0xF300
11 supports_npn = 13172 11 supports_npn = 13172
12 channel_id = 30031 12 channel_id = 30032
13 diff --git a/third_party/tlslite/tlslite/messages.py b/third_party/tlslite/tlsli te/messages.py 13 diff --git a/third_party/tlslite/tlslite/messages.py b/third_party/tlslite/tlsli te/messages.py
14 index 246082e..5a2cd6c 100755 14 index 4fa9d96..876b033 100644
15 --- a/third_party/tlslite/tlslite/messages.py 15 --- a/third_party/tlslite/tlslite/messages.py
16 +++ b/third_party/tlslite/tlslite/messages.py 16 +++ b/third_party/tlslite/tlslite/messages.py
17 @@ -113,6 +113,7 @@ class ClientHello(HandshakeMsg): 17 @@ -114,6 +114,7 @@ class ClientHello(HandshakeMsg):
18 self.supports_npn = False 18 self.supports_npn = False
19 self.server_name = bytearray(0) 19 self.server_name = bytearray(0)
20 self.channel_id = False 20 self.channel_id = False
21 + self.support_signed_cert_timestamps = False 21 + self.support_signed_cert_timestamps = False
22 22
23 def create(self, version, random, session_id, cipher_suites, 23 def create(self, version, random, session_id, cipher_suites,
24 certificate_types=None, srpUsername=None, 24 certificate_types=None, srpUsername=None,
25 @@ -182,6 +183,10 @@ class ClientHello(HandshakeMsg): 25 @@ -183,6 +184,10 @@ class ClientHello(HandshakeMsg):
26 break 26 break
27 elif extType == ExtensionType.channel_id: 27 elif extType == ExtensionType.channel_id:
28 self.channel_id = True 28 self.channel_id = True
29 + elif extType == ExtensionType.signed_cert_timestamps: 29 + elif extType == ExtensionType.signed_cert_timestamps:
30 + if extLength: 30 + if extLength:
31 + raise SyntaxError() 31 + raise SyntaxError()
32 + self.support_signed_cert_timestamps = True 32 + self.support_signed_cert_timestamps = True
33 else: 33 else:
34 _ = p.getFixBytes(extLength) 34 _ = p.getFixBytes(extLength)
35 index2 = p.index 35 index2 = p.index
36 @@ -247,6 +252,7 @@ class ServerHello(HandshakeMsg): 36 @@ -248,6 +253,7 @@ class ServerHello(HandshakeMsg):
37 self.next_protos_advertised = None 37 self.next_protos_advertised = None
38 self.next_protos = None 38 self.next_protos = None
39 self.channel_id = False 39 self.channel_id = False
40 + self.signed_cert_timestamps = None 40 + self.signed_cert_timestamps = None
41 41
42 def create(self, version, random, session_id, cipher_suite, 42 def create(self, version, random, session_id, cipher_suite,
43 certificate_type, tackExt, next_protos_advertised): 43 certificate_type, tackExt, next_protos_advertised):
44 @@ -336,6 +342,9 @@ class ServerHello(HandshakeMsg): 44 @@ -337,6 +343,9 @@ class ServerHello(HandshakeMsg):
45 if self.channel_id: 45 if self.channel_id:
46 w2.add(ExtensionType.channel_id, 2) 46 w2.add(ExtensionType.channel_id, 2)
47 w2.add(0, 2) 47 w2.add(0, 2)
48 + if self.signed_cert_timestamps: 48 + if self.signed_cert_timestamps:
49 + w2.add(ExtensionType.signed_cert_timestamps, 2) 49 + w2.add(ExtensionType.signed_cert_timestamps, 2)
50 + w2.addVarSeq(bytearray(self.signed_cert_timestamps), 1, 2) 50 + w2.addVarSeq(bytearray(self.signed_cert_timestamps), 1, 2)
51 if len(w2.bytes): 51 if len(w2.bytes):
52 w.add(len(w2.bytes), 2) 52 w.add(len(w2.bytes), 2)
53 w.bytes += w2.bytes 53 w.bytes += w2.bytes
54 diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/ tlslite/tlsconnection.py 54 diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/ tlslite/tlsconnection.py
55 index e7c5140..45b0bbb 100755 55 index b0400f8..4dedc5f 100644
56 --- a/third_party/tlslite/tlslite/tlsconnection.py 56 --- a/third_party/tlslite/tlslite/tlsconnection.py
57 +++ b/third_party/tlslite/tlslite/tlsconnection.py 57 +++ b/third_party/tlslite/tlslite/tlsconnection.py
58 @@ -966,7 +966,7 @@ class TLSConnection(TLSRecordLayer): 58 @@ -969,7 +969,7 @@ class TLSConnection(TLSRecordLayer):
59 reqCAs = None, 59 reqCAs = None,
60 tacks=None, activationFlags=0, 60 tacks=None, activationFlags=0,
61 nextProtos=None, anon=False, 61 nextProtos=None, anon=False,
62 - tlsIntolerant=None): 62 - tlsIntolerant=None):
63 + tlsIntolerant=None, signedCertTimestamps=None): 63 + tlsIntolerant=None, signedCertTimestamps=None):
64 """Perform a handshake in the role of server. 64 """Perform a handshake in the role of server.
65 65
66 This function performs an SSL or TLS handshake. Depending on 66 This function performs an SSL or TLS handshake. Depending on
67 @@ -1040,6 +1040,11 @@ class TLSConnection(TLSRecordLayer): 67 @@ -1043,6 +1043,11 @@ class TLSConnection(TLSRecordLayer):
68 simulate TLS version intolerance by returning a fatal handshake_failure 68 simulate TLS version intolerance by returning a fatal handshake_failure
69 alert to all TLS versions tlsIntolerant or higher. 69 alert to all TLS versions tlsIntolerant or higher.
70 70
71 + @type signedCertTimestamps: str 71 + @type signedCertTimestamps: str
72 + @param signedCertTimestamps: A SignedCertificateTimestampList (as a 72 + @param signedCertTimestamps: A SignedCertificateTimestampList (as a
73 + binary 8-bit string) that will be sent as a TLS extension whenever 73 + binary 8-bit string) that will be sent as a TLS extension whenever
74 + the client announces support for the extension. 74 + the client announces support for the extension.
75 + 75 +
76 @raise socket.error: If a socket error occurs. 76 @raise socket.error: If a socket error occurs.
77 @raise tlslite.errors.TLSAbruptCloseError: If the socket is closed 77 @raise tlslite.errors.TLSAbruptCloseError: If the socket is closed
78 without a preceding alert. 78 without a preceding alert.
79 @@ -1051,7 +1056,8 @@ class TLSConnection(TLSRecordLayer): 79 @@ -1054,7 +1059,8 @@ class TLSConnection(TLSRecordLayer):
80 certChain, privateKey, reqCert, sessionCache, settings, 80 certChain, privateKey, reqCert, sessionCache, settings,
81 checker, reqCAs, 81 checker, reqCAs,
82 tacks=tacks, activationFlags=activationFlags, 82 tacks=tacks, activationFlags=activationFlags,
83 - nextProtos=nextProtos, anon=anon, tlsIntolerant=tlsIntolerant): 83 - nextProtos=nextProtos, anon=anon, tlsIntolerant=tlsIntolerant):
84 + nextProtos=nextProtos, anon=anon, tlsIntolerant=tlsIntolerant, 84 + nextProtos=nextProtos, anon=anon, tlsIntolerant=tlsIntolerant,
85 + signedCertTimestamps=signedCertTimestamps): 85 + signedCertTimestamps=signedCertTimestamps):
86 pass 86 pass
87 87
88 88
89 @@ -1061,7 +1067,8 @@ class TLSConnection(TLSRecordLayer): 89 @@ -1064,7 +1070,8 @@ class TLSConnection(TLSRecordLayer):
90 reqCAs=None, 90 reqCAs=None,
91 tacks=None, activationFlags=0, 91 tacks=None, activationFlags=0,
92 nextProtos=None, anon=False, 92 nextProtos=None, anon=False,
93 - tlsIntolerant=None 93 - tlsIntolerant=None
94 + tlsIntolerant=None, 94 + tlsIntolerant=None,
95 + signedCertTimestamps=None 95 + signedCertTimestamps=None
96 ): 96 ):
97 """Start a server handshake operation on the TLS connection. 97 """Start a server handshake operation on the TLS connection.
98 98
99 @@ -1081,7 +1088,8 @@ class TLSConnection(TLSRecordLayer): 99 @@ -1084,7 +1091,8 @@ class TLSConnection(TLSRecordLayer):
100 reqCAs=reqCAs, 100 reqCAs=reqCAs,
101 tacks=tacks, activationFlags=activationFlags, 101 tacks=tacks, activationFlags=activationFlags,
102 nextProtos=nextProtos, anon=anon, 102 nextProtos=nextProtos, anon=anon,
103 - tlsIntolerant=tlsIntolerant) 103 - tlsIntolerant=tlsIntolerant)
104 + tlsIntolerant=tlsIntolerant, 104 + tlsIntolerant=tlsIntolerant,
105 + signedCertTimestamps=signedCertTimestamps) 105 + signedCertTimestamps=signedCertTimestamps)
106 for result in self._handshakeWrapperAsync(handshaker, checker): 106 for result in self._handshakeWrapperAsync(handshaker, checker):
107 yield result 107 yield result
108 108
109 @@ -1091,7 +1099,7 @@ class TLSConnection(TLSRecordLayer): 109 @@ -1094,7 +1102,7 @@ class TLSConnection(TLSRecordLayer):
110 settings, reqCAs, 110 settings, reqCAs,
111 tacks, activationFlags, 111 tacks, activationFlags,
112 nextProtos, anon, 112 nextProtos, anon,
113 - tlsIntolerant): 113 - tlsIntolerant):
114 + tlsIntolerant, signedCertTimestamps): 114 + tlsIntolerant, signedCertTimestamps):
115 115
116 self._handshakeStart(client=False) 116 self._handshakeStart(client=False)
117 117
118 @@ -1112,6 +1120,9 @@ class TLSConnection(TLSRecordLayer): 118 @@ -1115,6 +1123,9 @@ class TLSConnection(TLSRecordLayer):
119 raise ValueError("tackpy is not loaded") 119 raise ValueError("tackpy is not loaded")
120 if not settings or not settings.useExperimentalTackExtension: 120 if not settings or not settings.useExperimentalTackExtension:
121 raise ValueError("useExperimentalTackExtension not enabled") 121 raise ValueError("useExperimentalTackExtension not enabled")
122 + if signedCertTimestamps and not certChain: 122 + if signedCertTimestamps and not certChain:
123 + raise ValueError("Caller passed signedCertTimestamps but no " 123 + raise ValueError("Caller passed signedCertTimestamps but no "
124 + "certChain") 124 + "certChain")
125 125
126 if not settings: 126 if not settings:
127 settings = HandshakeSettings() 127 settings = HandshakeSettings()
128 @@ -1156,6 +1167,8 @@ class TLSConnection(TLSRecordLayer): 128 @@ -1159,6 +1170,8 @@ class TLSConnection(TLSRecordLayer):
129 cipherSuite, CertificateType.x509, tackExt, 129 cipherSuite, CertificateType.x509, tackExt,
130 nextProtos) 130 nextProtos)
131 serverHello.channel_id = clientHello.channel_id 131 serverHello.channel_id = clientHello.channel_id
132 + if clientHello.support_signed_cert_timestamps: 132 + if clientHello.support_signed_cert_timestamps:
133 + serverHello.signed_cert_timestamps = signedCertTimestamps 133 + serverHello.signed_cert_timestamps = signedCertTimestamps
134 134
135 # Perform the SRP key exchange 135 # Perform the SRP key exchange
136 clientCertChain = None 136 clientCertChain = None
OLDNEW
« no previous file with comments | « third_party/tlslite/patches/save_client_hello.patch ('k') | third_party/tlslite/patches/srp_cert.patch » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698