| Index: third_party/tlslite/patches/fallback_scsv.patch
|
| diff --git a/third_party/tlslite/patches/fallback_scsv.patch b/third_party/tlslite/patches/fallback_scsv.patch
|
| index 8cd5f828896b623e1187deb82f89ae97abd1212e..460468b10060883dc2f0a9f201d2c46d46fb66e7 100644
|
| --- a/third_party/tlslite/patches/fallback_scsv.patch
|
| +++ b/third_party/tlslite/patches/fallback_scsv.patch
|
| @@ -1,8 +1,8 @@
|
| diff --git a/third_party/tlslite/tlslite/constants.py b/third_party/tlslite/tlslite/constants.py
|
| -index b3bad2d..d132b78 100755
|
| +index 8720de6..69e6067 100644
|
| --- a/third_party/tlslite/tlslite/constants.py
|
| +++ b/third_party/tlslite/tlslite/constants.py
|
| -@@ -106,6 +106,7 @@ class AlertDescription:
|
| +@@ -107,6 +107,7 @@ class AlertDescription:
|
| protocol_version = 70
|
| insufficient_security = 71
|
| internal_error = 80
|
| @@ -10,18 +10,18 @@ index b3bad2d..d132b78 100755
|
| user_canceled = 90
|
| no_renegotiation = 100
|
| unknown_psk_identity = 115
|
| -@@ -117,6 +118,9 @@ class CipherSuite:
|
| +@@ -118,6 +119,9 @@ class CipherSuite:
|
| # We actually don't do any renegotiation, but this
|
| # prevents renegotiation attacks
|
| TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00FF
|
| +
|
| -+ # draft-bmoeller-tls-downgrade-scsv-01
|
| ++ # draft-ietf-tls-downgrade-scsv-03
|
| + TLS_FALLBACK_SCSV = 0x5600
|
|
|
| TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA = 0xC01A
|
| TLS_SRP_SHA_WITH_AES_128_CBC_SHA = 0xC01D
|
| diff --git a/third_party/tlslite/tlslite/errors.py b/third_party/tlslite/tlslite/errors.py
|
| -index 22c298c..001ef33 100755
|
| +index 22c298c..001ef33 100644
|
| --- a/third_party/tlslite/tlslite/errors.py
|
| +++ b/third_party/tlslite/tlslite/errors.py
|
| @@ -63,6 +63,7 @@ class TLSAlert(TLSError):
|
| @@ -33,10 +33,10 @@ index 22c298c..001ef33 100755
|
| AlertDescription.no_renegotiation: "no_renegotiation",\
|
| AlertDescription.unknown_psk_identity: "unknown_psk_identity"}
|
| diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/tlslite/tlsconnection.py
|
| -index 45b0bbb..bd92161 100755
|
| +index 4dedc5f..0563fb5f 100644
|
| --- a/third_party/tlslite/tlslite/tlsconnection.py
|
| +++ b/third_party/tlslite/tlslite/tlsconnection.py
|
| -@@ -966,7 +966,8 @@ class TLSConnection(TLSRecordLayer):
|
| +@@ -969,7 +969,8 @@ class TLSConnection(TLSRecordLayer):
|
| reqCAs = None,
|
| tacks=None, activationFlags=0,
|
| nextProtos=None, anon=False,
|
| @@ -46,7 +46,7 @@ index 45b0bbb..bd92161 100755
|
| """Perform a handshake in the role of server.
|
|
|
| This function performs an SSL or TLS handshake. Depending on
|
| -@@ -1045,6 +1046,11 @@ class TLSConnection(TLSRecordLayer):
|
| +@@ -1048,6 +1049,11 @@ class TLSConnection(TLSRecordLayer):
|
| binary 8-bit string) that will be sent as a TLS extension whenever
|
| the client announces support for the extension.
|
|
|
| @@ -58,7 +58,7 @@ index 45b0bbb..bd92161 100755
|
| @raise socket.error: If a socket error occurs.
|
| @raise tlslite.errors.TLSAbruptCloseError: If the socket is closed
|
| without a preceding alert.
|
| -@@ -1057,7 +1063,8 @@ class TLSConnection(TLSRecordLayer):
|
| +@@ -1060,7 +1066,8 @@ class TLSConnection(TLSRecordLayer):
|
| checker, reqCAs,
|
| tacks=tacks, activationFlags=activationFlags,
|
| nextProtos=nextProtos, anon=anon, tlsIntolerant=tlsIntolerant,
|
| @@ -68,7 +68,7 @@ index 45b0bbb..bd92161 100755
|
| pass
|
|
|
|
|
| -@@ -1068,7 +1075,8 @@ class TLSConnection(TLSRecordLayer):
|
| +@@ -1071,7 +1078,8 @@ class TLSConnection(TLSRecordLayer):
|
| tacks=None, activationFlags=0,
|
| nextProtos=None, anon=False,
|
| tlsIntolerant=None,
|
| @@ -78,7 +78,7 @@ index 45b0bbb..bd92161 100755
|
| ):
|
| """Start a server handshake operation on the TLS connection.
|
|
|
| -@@ -1089,7 +1097,8 @@ class TLSConnection(TLSRecordLayer):
|
| +@@ -1092,7 +1100,8 @@ class TLSConnection(TLSRecordLayer):
|
| tacks=tacks, activationFlags=activationFlags,
|
| nextProtos=nextProtos, anon=anon,
|
| tlsIntolerant=tlsIntolerant,
|
| @@ -88,7 +88,7 @@ index 45b0bbb..bd92161 100755
|
| for result in self._handshakeWrapperAsync(handshaker, checker):
|
| yield result
|
|
|
| -@@ -1099,7 +1108,7 @@ class TLSConnection(TLSRecordLayer):
|
| +@@ -1102,7 +1111,7 @@ class TLSConnection(TLSRecordLayer):
|
| settings, reqCAs,
|
| tacks, activationFlags,
|
| nextProtos, anon,
|
| @@ -97,7 +97,7 @@ index 45b0bbb..bd92161 100755
|
|
|
| self._handshakeStart(client=False)
|
|
|
| -@@ -1134,7 +1143,7 @@ class TLSConnection(TLSRecordLayer):
|
| +@@ -1137,7 +1146,7 @@ class TLSConnection(TLSRecordLayer):
|
| # Handle ClientHello and resumption
|
| for result in self._serverGetClientHello(settings, certChain,\
|
| verifierDB, sessionCache,
|
| @@ -106,7 +106,7 @@ index 45b0bbb..bd92161 100755
|
| if result in (0,1): yield result
|
| elif result == None:
|
| self._handshakeDone(resumed=True)
|
| -@@ -1234,7 +1243,7 @@ class TLSConnection(TLSRecordLayer):
|
| +@@ -1237,7 +1246,7 @@ class TLSConnection(TLSRecordLayer):
|
|
|
|
|
| def _serverGetClientHello(self, settings, certChain, verifierDB,
|
| @@ -115,7 +115,7 @@ index 45b0bbb..bd92161 100755
|
| #Initialize acceptable cipher suites
|
| cipherSuites = []
|
| if verifierDB:
|
| -@@ -1280,6 +1289,14 @@ class TLSConnection(TLSRecordLayer):
|
| +@@ -1283,6 +1292,14 @@ class TLSConnection(TLSRecordLayer):
|
| elif clientHello.client_version > settings.maxVersion:
|
| self.version = settings.maxVersion
|
|
|
|
|
Chromium Code Reviews
Issue 858373002:
Update third_party/tlslite to 0.4.8. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master