| OLD | NEW |
|---|
| 1 diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/
tlslite/tlsconnection.py | 1 diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/
tlslite/tlsconnection.py |
| 2 index e8dd859..8415592 100755 | 2 index e7c6834..0e78753 100644 |
| 3 --- a/third_party/tlslite/tlslite/tlsconnection.py | 3 --- a/third_party/tlslite/tlslite/tlsconnection.py |
| 4 +++ b/third_party/tlslite/tlslite/tlsconnection.py | 4 +++ b/third_party/tlslite/tlslite/tlsconnection.py |
| 5 @@ -965,7 +965,8 @@ class TLSConnection(TLSRecordLayer): | 5 @@ -968,7 +968,8 @@ class TLSConnection(TLSRecordLayer): |
| 6 sessionCache=None, settings=None, checker=None, | 6 sessionCache=None, settings=None, checker=None, |
| 7 reqCAs = None, | 7 reqCAs = None, |
| 8 tacks=None, activationFlags=0, | 8 tacks=None, activationFlags=0, |
| 9 - nextProtos=None, anon=False): | 9 - nextProtos=None, anon=False): |
| 10 + nextProtos=None, anon=False, | 10 + nextProtos=None, anon=False, |
| 11 + tlsIntolerant=None): | 11 + tlsIntolerant=None): |
| 12 """Perform a handshake in the role of server. | 12 """Perform a handshake in the role of server. |
| 13 | 13 |
| 14 This function performs an SSL or TLS handshake. Depending on | 14 This function performs an SSL or TLS handshake. Depending on |
| 15 @@ -1034,6 +1035,11 @@ class TLSConnection(TLSRecordLayer): | 15 @@ -1037,6 +1038,11 @@ class TLSConnection(TLSRecordLayer): |
| 16 clients through the Next-Protocol Negotiation Extension, | 16 clients through the Next-Protocol Negotiation Extension, |
| 17 if they support it. | 17 if they support it. |
| 18 | 18 |
| 19 + @type tlsIntolerant: (int, int) or None | 19 + @type tlsIntolerant: (int, int) or None |
| 20 + @param tlsIntolerant: If tlsIntolerant is not None, the server will | 20 + @param tlsIntolerant: If tlsIntolerant is not None, the server will |
| 21 + simulate TLS version intolerance by returning a fatal handshake_failure | 21 + simulate TLS version intolerance by returning a fatal handshake_failure |
| 22 + alert to all TLS versions tlsIntolerant or higher. | 22 + alert to all TLS versions tlsIntolerant or higher. |
| 23 + | 23 + |
| 24 @raise socket.error: If a socket error occurs. | 24 @raise socket.error: If a socket error occurs. |
| 25 @raise tlslite.errors.TLSAbruptCloseError: If the socket is closed | 25 @raise tlslite.errors.TLSAbruptCloseError: If the socket is closed |
| 26 without a preceding alert. | 26 without a preceding alert. |
| 27 @@ -1045,7 +1051,7 @@ class TLSConnection(TLSRecordLayer): | 27 @@ -1048,7 +1054,7 @@ class TLSConnection(TLSRecordLayer): |
| 28 certChain, privateKey, reqCert, sessionCache, settings, | 28 certChain, privateKey, reqCert, sessionCache, settings, |
| 29 checker, reqCAs, | 29 checker, reqCAs, |
| 30 tacks=tacks, activationFlags=activationFlags, | 30 tacks=tacks, activationFlags=activationFlags, |
| 31 - nextProtos=nextProtos, anon=anon): | 31 - nextProtos=nextProtos, anon=anon): |
| 32 + nextProtos=nextProtos, anon=anon, tlsIntolerant=tlsIntolerant): | 32 + nextProtos=nextProtos, anon=anon, tlsIntolerant=tlsIntolerant): |
| 33 pass | 33 pass |
| 34 | 34 |
| 35 | 35 |
| 36 @@ -1054,7 +1060,8 @@ class TLSConnection(TLSRecordLayer): | 36 @@ -1057,7 +1063,8 @@ class TLSConnection(TLSRecordLayer): |
| 37 sessionCache=None, settings=None, checker=None, | 37 sessionCache=None, settings=None, checker=None, |
| 38 reqCAs=None, | 38 reqCAs=None, |
| 39 tacks=None, activationFlags=0, | 39 tacks=None, activationFlags=0, |
| 40 - nextProtos=None, anon=False | 40 - nextProtos=None, anon=False |
| 41 + nextProtos=None, anon=False, | 41 + nextProtos=None, anon=False, |
| 42 + tlsIntolerant=None | 42 + tlsIntolerant=None |
| 43 ): | 43 ): |
| 44 """Start a server handshake operation on the TLS connection. | 44 """Start a server handshake operation on the TLS connection. |
| 45 | 45 |
| 46 @@ -1073,7 +1080,8 @@ class TLSConnection(TLSRecordLayer): | 46 @@ -1076,7 +1083,8 @@ class TLSConnection(TLSRecordLayer): |
| 47 sessionCache=sessionCache, settings=settings, | 47 sessionCache=sessionCache, settings=settings, |
| 48 reqCAs=reqCAs, | 48 reqCAs=reqCAs, |
| 49 tacks=tacks, activationFlags=activationFlags, | 49 tacks=tacks, activationFlags=activationFlags, |
| 50 - nextProtos=nextProtos, anon=anon) | 50 - nextProtos=nextProtos, anon=anon) |
| 51 + nextProtos=nextProtos, anon=anon, | 51 + nextProtos=nextProtos, anon=anon, |
| 52 + tlsIntolerant=tlsIntolerant) | 52 + tlsIntolerant=tlsIntolerant) |
| 53 for result in self._handshakeWrapperAsync(handshaker, checker): | 53 for result in self._handshakeWrapperAsync(handshaker, checker): |
| 54 yield result | 54 yield result |
| 55 | 55 |
| 56 @@ -1082,7 +1090,8 @@ class TLSConnection(TLSRecordLayer): | 56 @@ -1085,7 +1093,8 @@ class TLSConnection(TLSRecordLayer): |
| 57 certChain, privateKey, reqCert, sessionCache, | 57 certChain, privateKey, reqCert, sessionCache, |
| 58 settings, reqCAs, | 58 settings, reqCAs, |
| 59 tacks, activationFlags, | 59 tacks, activationFlags, |
| 60 - nextProtos, anon): | 60 - nextProtos, anon): |
| 61 + nextProtos, anon, | 61 + nextProtos, anon, |
| 62 + tlsIntolerant): | 62 + tlsIntolerant): |
| 63 | 63 |
| 64 self._handshakeStart(client=False) | 64 self._handshakeStart(client=False) |
| 65 | 65 |
| 66 @@ -1114,7 +1123,7 @@ class TLSConnection(TLSRecordLayer): | 66 @@ -1117,7 +1126,7 @@ class TLSConnection(TLSRecordLayer): |
| 67 # Handle ClientHello and resumption | 67 # Handle ClientHello and resumption |
| 68 for result in self._serverGetClientHello(settings, certChain,\ | 68 for result in self._serverGetClientHello(settings, certChain,\ |
| 69 verifierDB, sessionCache, | 69 verifierDB, sessionCache, |
| 70 - anon): | 70 - anon): |
| 71 + anon, tlsIntolerant): | 71 + anon, tlsIntolerant): |
| 72 if result in (0,1): yield result | 72 if result in (0,1): yield result |
| 73 elif result == None: | 73 elif result == None: |
| 74 self._handshakeDone(resumed=True) | 74 self._handshakeDone(resumed=True) |
| 75 @@ -1211,7 +1220,7 @@ class TLSConnection(TLSRecordLayer): | 75 @@ -1214,7 +1223,7 @@ class TLSConnection(TLSRecordLayer): |
| 76 | 76 |
| 77 | 77 |
| 78 def _serverGetClientHello(self, settings, certChain, verifierDB, | 78 def _serverGetClientHello(self, settings, certChain, verifierDB, |
| 79 - sessionCache, anon): | 79 - sessionCache, anon): |
| 80 + sessionCache, anon, tlsIntolerant): | 80 + sessionCache, anon, tlsIntolerant): |
| 81 #Initialize acceptable cipher suites | 81 #Initialize acceptable cipher suites |
| 82 cipherSuites = [] | 82 cipherSuites = [] |
| 83 if verifierDB: | 83 if verifierDB: |
| 84 @@ -1246,6 +1255,13 @@ class TLSConnection(TLSRecordLayer): | 84 @@ -1249,6 +1258,13 @@ class TLSConnection(TLSRecordLayer): |
| 85 "Too old version: %s" % str(clientHello.client_version)): | 85 "Too old version: %s" % str(clientHello.client_version)): |
| 86 yield result | 86 yield result |
| 87 | 87 |
| 88 + #If simulating TLS intolerance, reject certain TLS versions. | 88 + #If simulating TLS intolerance, reject certain TLS versions. |
| 89 + elif (tlsIntolerant is not None and | 89 + elif (tlsIntolerant is not None and |
| 90 + clientHello.client_version >= tlsIntolerant): | 90 + clientHello.client_version >= tlsIntolerant): |
| 91 + for result in self._sendError(\ | 91 + for result in self._sendError(\ |
| 92 + AlertDescription.handshake_failure): | 92 + AlertDescription.handshake_failure): |
| 93 + yield result | 93 + yield result |
| 94 + | 94 + |
| 95 #If client's version is too high, propose my highest version | 95 #If client's version is too high, propose my highest version |
| 96 elif clientHello.client_version > settings.maxVersion: | 96 elif clientHello.client_version > settings.maxVersion: |
| 97 self.version = settings.maxVersion | 97 self.version = settings.maxVersion |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 858373002:
Update third_party/tlslite to 0.4.8. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master