Index: third_party/tlslite/patches/signed_certificate_timestamps.patch |
diff --git a/third_party/tlslite/patches/signed_certificate_timestamps.patch b/third_party/tlslite/patches/signed_certificate_timestamps.patch |
index 21bcacc9bd7088cd933bcd1782cd0298c552db03..91bc06c7a18334ac99a3f9caa719378109ea0e84 100644 |
--- a/third_party/tlslite/patches/signed_certificate_timestamps.patch |
+++ b/third_party/tlslite/patches/signed_certificate_timestamps.patch |
@@ -1,20 +1,20 @@ |
diff --git a/third_party/tlslite/tlslite/constants.py b/third_party/tlslite/tlslite/constants.py |
-index 79ad145..b3bad2d 100755 |
+index 6429c66..8720de6 100644 |
--- a/third_party/tlslite/tlslite/constants.py |
+++ b/third_party/tlslite/tlslite/constants.py |
-@@ -44,6 +44,7 @@ class ExtensionType: # RFC 6066 / 4366 |
+@@ -45,6 +45,7 @@ class ExtensionType: # RFC 6066 / 4366 |
server_name = 0 # RFC 6066 / 4366 |
srp = 12 # RFC 5054 |
cert_type = 9 # RFC 6091 |
+ signed_cert_timestamps = 18 # RFC 6962 |
tack = 0xF300 |
supports_npn = 13172 |
- channel_id = 30031 |
+ channel_id = 30032 |
diff --git a/third_party/tlslite/tlslite/messages.py b/third_party/tlslite/tlslite/messages.py |
-index 246082e..5a2cd6c 100755 |
+index 4fa9d96..876b033 100644 |
--- a/third_party/tlslite/tlslite/messages.py |
+++ b/third_party/tlslite/tlslite/messages.py |
-@@ -113,6 +113,7 @@ class ClientHello(HandshakeMsg): |
+@@ -114,6 +114,7 @@ class ClientHello(HandshakeMsg): |
self.supports_npn = False |
self.server_name = bytearray(0) |
self.channel_id = False |
@@ -22,7 +22,7 @@ index 246082e..5a2cd6c 100755 |
def create(self, version, random, session_id, cipher_suites, |
certificate_types=None, srpUsername=None, |
-@@ -182,6 +183,10 @@ class ClientHello(HandshakeMsg): |
+@@ -183,6 +184,10 @@ class ClientHello(HandshakeMsg): |
break |
elif extType == ExtensionType.channel_id: |
self.channel_id = True |
@@ -33,7 +33,7 @@ index 246082e..5a2cd6c 100755 |
else: |
_ = p.getFixBytes(extLength) |
index2 = p.index |
-@@ -247,6 +252,7 @@ class ServerHello(HandshakeMsg): |
+@@ -248,6 +253,7 @@ class ServerHello(HandshakeMsg): |
self.next_protos_advertised = None |
self.next_protos = None |
self.channel_id = False |
@@ -41,7 +41,7 @@ index 246082e..5a2cd6c 100755 |
def create(self, version, random, session_id, cipher_suite, |
certificate_type, tackExt, next_protos_advertised): |
-@@ -336,6 +342,9 @@ class ServerHello(HandshakeMsg): |
+@@ -337,6 +343,9 @@ class ServerHello(HandshakeMsg): |
if self.channel_id: |
w2.add(ExtensionType.channel_id, 2) |
w2.add(0, 2) |
@@ -52,10 +52,10 @@ index 246082e..5a2cd6c 100755 |
w.add(len(w2.bytes), 2) |
w.bytes += w2.bytes |
diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/tlslite/tlsconnection.py |
-index e7c5140..45b0bbb 100755 |
+index b0400f8..4dedc5f 100644 |
--- a/third_party/tlslite/tlslite/tlsconnection.py |
+++ b/third_party/tlslite/tlslite/tlsconnection.py |
-@@ -966,7 +966,7 @@ class TLSConnection(TLSRecordLayer): |
+@@ -969,7 +969,7 @@ class TLSConnection(TLSRecordLayer): |
reqCAs = None, |
tacks=None, activationFlags=0, |
nextProtos=None, anon=False, |
@@ -64,7 +64,7 @@ index e7c5140..45b0bbb 100755 |
"""Perform a handshake in the role of server. |
This function performs an SSL or TLS handshake. Depending on |
-@@ -1040,6 +1040,11 @@ class TLSConnection(TLSRecordLayer): |
+@@ -1043,6 +1043,11 @@ class TLSConnection(TLSRecordLayer): |
simulate TLS version intolerance by returning a fatal handshake_failure |
alert to all TLS versions tlsIntolerant or higher. |
@@ -76,7 +76,7 @@ index e7c5140..45b0bbb 100755 |
@raise socket.error: If a socket error occurs. |
@raise tlslite.errors.TLSAbruptCloseError: If the socket is closed |
without a preceding alert. |
-@@ -1051,7 +1056,8 @@ class TLSConnection(TLSRecordLayer): |
+@@ -1054,7 +1059,8 @@ class TLSConnection(TLSRecordLayer): |
certChain, privateKey, reqCert, sessionCache, settings, |
checker, reqCAs, |
tacks=tacks, activationFlags=activationFlags, |
@@ -86,7 +86,7 @@ index e7c5140..45b0bbb 100755 |
pass |
-@@ -1061,7 +1067,8 @@ class TLSConnection(TLSRecordLayer): |
+@@ -1064,7 +1070,8 @@ class TLSConnection(TLSRecordLayer): |
reqCAs=None, |
tacks=None, activationFlags=0, |
nextProtos=None, anon=False, |
@@ -96,7 +96,7 @@ index e7c5140..45b0bbb 100755 |
): |
"""Start a server handshake operation on the TLS connection. |
-@@ -1081,7 +1088,8 @@ class TLSConnection(TLSRecordLayer): |
+@@ -1084,7 +1091,8 @@ class TLSConnection(TLSRecordLayer): |
reqCAs=reqCAs, |
tacks=tacks, activationFlags=activationFlags, |
nextProtos=nextProtos, anon=anon, |
@@ -106,7 +106,7 @@ index e7c5140..45b0bbb 100755 |
for result in self._handshakeWrapperAsync(handshaker, checker): |
yield result |
-@@ -1091,7 +1099,7 @@ class TLSConnection(TLSRecordLayer): |
+@@ -1094,7 +1102,7 @@ class TLSConnection(TLSRecordLayer): |
settings, reqCAs, |
tacks, activationFlags, |
nextProtos, anon, |
@@ -115,7 +115,7 @@ index e7c5140..45b0bbb 100755 |
self._handshakeStart(client=False) |
-@@ -1112,6 +1120,9 @@ class TLSConnection(TLSRecordLayer): |
+@@ -1115,6 +1123,9 @@ class TLSConnection(TLSRecordLayer): |
raise ValueError("tackpy is not loaded") |
if not settings or not settings.useExperimentalTackExtension: |
raise ValueError("useExperimentalTackExtension not enabled") |
@@ -125,7 +125,7 @@ index e7c5140..45b0bbb 100755 |
if not settings: |
settings = HandshakeSettings() |
-@@ -1156,6 +1167,8 @@ class TLSConnection(TLSRecordLayer): |
+@@ -1159,6 +1170,8 @@ class TLSConnection(TLSRecordLayer): |
cipherSuite, CertificateType.x509, tackExt, |
nextProtos) |
serverHello.channel_id = clientHello.channel_id |