| Index: third_party/tlslite/patches/req_cert_types.patch
|
| diff --git a/third_party/tlslite/patches/req_cert_types.patch b/third_party/tlslite/patches/req_cert_types.patch
|
| index 2774e777968878c3a58a75f47067b10a299d5477..4e690030f59d44caaab0a049f60ae74c05671996 100644
|
| --- a/third_party/tlslite/patches/req_cert_types.patch
|
| +++ b/third_party/tlslite/patches/req_cert_types.patch
|
| @@ -1,11 +1,11 @@
|
| diff --git a/third_party/tlslite/tlslite/api.py b/third_party/tlslite/tlslite/api.py
|
| -index faef6cb..562fb81 100644
|
| +index fa6a18c..aabcc14 100644
|
| --- a/third_party/tlslite/tlslite/api.py
|
| +++ b/third_party/tlslite/tlslite/api.py
|
| @@ -2,7 +2,8 @@
|
| # See the LICENSE file for legal information regarding use of this file.
|
|
|
| - __version__ = "0.4.6"
|
| + __version__ = "0.4.8"
|
| -from .constants import AlertLevel, AlertDescription, Fault
|
| +from .constants import AlertLevel, AlertDescription, ClientCertificateType, \
|
| + Fault
|
| @@ -13,10 +13,10 @@ index faef6cb..562fb81 100644
|
| from .checker import Checker
|
| from .handshakesettings import HandshakeSettings
|
| diff --git a/third_party/tlslite/tlslite/constants.py b/third_party/tlslite/tlslite/constants.py
|
| -index 30d1f9f..457b339 100644
|
| +index d2d50c5..7ee70be 100644
|
| --- a/third_party/tlslite/tlslite/constants.py
|
| +++ b/third_party/tlslite/tlslite/constants.py
|
| -@@ -14,10 +14,14 @@ class CertificateType:
|
| +@@ -15,10 +15,14 @@ class CertificateType:
|
| openpgp = 1
|
|
|
| class ClientCertificateType:
|
| @@ -32,25 +32,34 @@ index 30d1f9f..457b339 100644
|
| class HandshakeType:
|
| hello_request = 0
|
| diff --git a/third_party/tlslite/tlslite/messages.py b/third_party/tlslite/tlslite/messages.py
|
| -index 550b387..c8a913c 100644
|
| +index 8b77ee6..e1be195 100644
|
| --- a/third_party/tlslite/tlslite/messages.py
|
| +++ b/third_party/tlslite/tlslite/messages.py
|
| -@@ -454,9 +454,7 @@ class CertificateStatus(HandshakeMsg):
|
| +@@ -455,17 +455,14 @@ class CertificateStatus(HandshakeMsg):
|
| class CertificateRequest(HandshakeMsg):
|
| - def __init__(self):
|
| + def __init__(self, version):
|
| HandshakeMsg.__init__(self, HandshakeType.certificate_request)
|
| - #Apple's Secure Transport library rejects empty certificate_types, so
|
| - #default to rsa_sign.
|
| - self.certificate_types = [ClientCertificateType.rsa_sign]
|
| + self.certificate_types = []
|
| self.certificate_authorities = []
|
| + self.version = version
|
| + self.supported_signature_algs = []
|
| +
|
| +- def create(self, certificate_types, certificate_authorities, sig_algs=(), version=(3,0)):
|
| ++ def create(self, certificate_types, certificate_authorities, sig_algs=()):
|
| + self.certificate_types = certificate_types
|
| + self.certificate_authorities = certificate_authorities
|
| +- self.version = version
|
| + self.supported_signature_algs = sig_algs
|
| + return self
|
|
|
| - def create(self, certificate_types, certificate_authorities):
|
| diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/tlslite/tlsconnection.py
|
| -index e6f7820..044ad59 100644
|
| +index f6d13d4..f8547d5 100644
|
| --- a/third_party/tlslite/tlslite/tlsconnection.py
|
| +++ b/third_party/tlslite/tlslite/tlsconnection.py
|
| -@@ -1062,7 +1062,7 @@ class TLSConnection(TLSRecordLayer):
|
| +@@ -1070,7 +1070,7 @@ class TLSConnection(TLSRecordLayer):
|
| def handshakeServer(self, verifierDB=None,
|
| certChain=None, privateKey=None, reqCert=False,
|
| sessionCache=None, settings=None, checker=None,
|
| @@ -59,7 +68,7 @@ index e6f7820..044ad59 100644
|
| tacks=None, activationFlags=0,
|
| nextProtos=None, anon=False,
|
| tlsIntolerant=None, signedCertTimestamps=None,
|
| -@@ -1130,6 +1130,10 @@ class TLSConnection(TLSRecordLayer):
|
| +@@ -1138,6 +1138,10 @@ class TLSConnection(TLSRecordLayer):
|
| will be sent along with a certificate request. This does not affect
|
| verification.
|
|
|
| @@ -70,7 +79,7 @@ index e6f7820..044ad59 100644
|
| @type nextProtos: list of strings.
|
| @param nextProtos: A list of upper layer protocols to expose to the
|
| clients through the Next-Protocol Negotiation Extension,
|
| -@@ -1169,7 +1173,7 @@ class TLSConnection(TLSRecordLayer):
|
| +@@ -1177,7 +1181,7 @@ class TLSConnection(TLSRecordLayer):
|
| """
|
| for result in self.handshakeServerAsync(verifierDB,
|
| certChain, privateKey, reqCert, sessionCache, settings,
|
| @@ -79,7 +88,7 @@ index e6f7820..044ad59 100644
|
| tacks=tacks, activationFlags=activationFlags,
|
| nextProtos=nextProtos, anon=anon, tlsIntolerant=tlsIntolerant,
|
| signedCertTimestamps=signedCertTimestamps,
|
| -@@ -1180,7 +1184,7 @@ class TLSConnection(TLSRecordLayer):
|
| +@@ -1188,7 +1192,7 @@ class TLSConnection(TLSRecordLayer):
|
| def handshakeServerAsync(self, verifierDB=None,
|
| certChain=None, privateKey=None, reqCert=False,
|
| sessionCache=None, settings=None, checker=None,
|
| @@ -88,7 +97,7 @@ index e6f7820..044ad59 100644
|
| tacks=None, activationFlags=0,
|
| nextProtos=None, anon=False,
|
| tlsIntolerant=None,
|
| -@@ -1203,7 +1207,7 @@ class TLSConnection(TLSRecordLayer):
|
| +@@ -1211,7 +1215,7 @@ class TLSConnection(TLSRecordLayer):
|
| verifierDB=verifierDB, certChain=certChain,
|
| privateKey=privateKey, reqCert=reqCert,
|
| sessionCache=sessionCache, settings=settings,
|
| @@ -97,7 +106,7 @@ index e6f7820..044ad59 100644
|
| tacks=tacks, activationFlags=activationFlags,
|
| nextProtos=nextProtos, anon=anon,
|
| tlsIntolerant=tlsIntolerant,
|
| -@@ -1216,7 +1220,7 @@ class TLSConnection(TLSRecordLayer):
|
| +@@ -1224,7 +1228,7 @@ class TLSConnection(TLSRecordLayer):
|
|
|
| def _handshakeServerAsyncHelper(self, verifierDB,
|
| certChain, privateKey, reqCert, sessionCache,
|
| @@ -106,7 +115,7 @@ index e6f7820..044ad59 100644
|
| tacks, activationFlags,
|
| nextProtos, anon,
|
| tlsIntolerant, signedCertTimestamps, fallbackSCSV,
|
| -@@ -1232,6 +1236,8 @@ class TLSConnection(TLSRecordLayer):
|
| +@@ -1240,6 +1244,8 @@ class TLSConnection(TLSRecordLayer):
|
| raise ValueError("Caller passed a privateKey but no certChain")
|
| if reqCAs and not reqCert:
|
| raise ValueError("Caller passed reqCAs but not reqCert")
|
| @@ -115,7 +124,7 @@ index e6f7820..044ad59 100644
|
| if certChain and not isinstance(certChain, X509CertChain):
|
| raise ValueError("Unrecognized certificate type")
|
| if activationFlags and not tacks:
|
| -@@ -1320,7 +1326,7 @@ class TLSConnection(TLSRecordLayer):
|
| +@@ -1328,7 +1334,7 @@ class TLSConnection(TLSRecordLayer):
|
| assert(False)
|
| for result in self._serverCertKeyExchange(clientHello, serverHello,
|
| certChain, keyExchange,
|
| @@ -124,7 +133,7 @@ index e6f7820..044ad59 100644
|
| settings, ocspResponse):
|
| if result in (0,1): yield result
|
| else: break
|
| -@@ -1597,7 +1603,7 @@ class TLSConnection(TLSRecordLayer):
|
| +@@ -1607,7 +1613,7 @@ class TLSConnection(TLSRecordLayer):
|
|
|
| def _serverCertKeyExchange(self, clientHello, serverHello,
|
| serverCertChain, keyExchange,
|
| @@ -133,7 +142,7 @@ index e6f7820..044ad59 100644
|
| settings, ocspResponse):
|
| #Send ServerHello, Certificate[, ServerKeyExchange]
|
| #[, CertificateRequest], ServerHelloDone
|
| -@@ -1613,11 +1619,12 @@ class TLSConnection(TLSRecordLayer):
|
| +@@ -1623,11 +1629,13 @@ class TLSConnection(TLSRecordLayer):
|
| serverKeyExchange = keyExchange.makeServerKeyExchange()
|
| if serverKeyExchange is not None:
|
| msgs.append(serverKeyExchange)
|
| @@ -141,13 +150,14 @@ index e6f7820..044ad59 100644
|
| - msgs.append(CertificateRequest().create(\
|
| - [ClientCertificateType.rsa_sign], reqCAs))
|
| - elif reqCert:
|
| -- msgs.append(CertificateRequest())
|
| +- msgs.append(CertificateRequest(self.version))
|
| + if reqCert:
|
| + reqCAs = reqCAs or []
|
| + #Apple's Secure Transport library rejects empty certificate_types,
|
| + #so default to rsa_sign.
|
| + reqCertTypes = reqCertTypes or [ClientCertificateType.rsa_sign]
|
| -+ msgs.append(CertificateRequest().create(reqCertTypes, reqCAs))
|
| ++ msgs.append(CertificateRequest(self.version).create(reqCertTypes,
|
| ++ reqCAs))
|
| msgs.append(ServerHelloDone())
|
| for result in self._sendMsgs(msgs):
|
| yield result
|
|
|
Chromium Code Reviews
Issue 858373002:
Update third_party/tlslite to 0.4.8. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master