OLD | NEW |
1 # Authors: | 1 # Authors: |
2 # Trevor Perrin | 2 # Trevor Perrin |
3 # Google - added reqCAs parameter | 3 # Google - added reqCAs parameter |
4 # Google (adapted by Sam Rushing and Marcelo Fernandez) - NPN support | 4 # Google (adapted by Sam Rushing and Marcelo Fernandez) - NPN support |
5 # Dimitris Moraitis - Anon ciphersuites | 5 # Dimitris Moraitis - Anon ciphersuites |
6 # Martin von Loewis - python 3 port | 6 # Martin von Loewis - python 3 port |
7 # Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2 | 7 # Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2 |
8 # | 8 # |
9 # See the LICENSE file for legal information regarding use of this file. | 9 # See the LICENSE file for legal information regarding use of this file. |
10 | 10 |
(...skipping 1367 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1378 | 1378 |
1379 #Add the session object to the session cache | 1379 #Add the session object to the session cache |
1380 if sessionCache and sessionID: | 1380 if sessionCache and sessionID: |
1381 sessionCache[sessionID] = self.session | 1381 sessionCache[sessionID] = self.session |
1382 | 1382 |
1383 self._handshakeDone(resumed=False) | 1383 self._handshakeDone(resumed=False) |
1384 | 1384 |
1385 | 1385 |
1386 def _serverGetClientHello(self, settings, certChain, verifierDB, | 1386 def _serverGetClientHello(self, settings, certChain, verifierDB, |
1387 sessionCache, anon, fallbackSCSV): | 1387 sessionCache, anon, fallbackSCSV): |
1388 #Initialize acceptable cipher suites | |
1389 cipherSuites = [] | |
1390 if verifierDB: | |
1391 if certChain: | |
1392 cipherSuites += \ | |
1393 CipherSuite.getSrpCertSuites(settings) | |
1394 cipherSuites += CipherSuite.getSrpSuites(settings) | |
1395 elif certChain: | |
1396 cipherSuites += CipherSuite.getDheCertSuites(settings) | |
1397 cipherSuites += CipherSuite.getCertSuites(settings) | |
1398 elif anon: | |
1399 cipherSuites += CipherSuite.getAnonSuites(settings) | |
1400 else: | |
1401 assert(False) | |
1402 | |
1403 #Tentatively set version to most-desirable version, so if an error | 1388 #Tentatively set version to most-desirable version, so if an error |
1404 #occurs parsing the ClientHello, this is what we'll use for the | 1389 #occurs parsing the ClientHello, this is what we'll use for the |
1405 #error alert | 1390 #error alert |
1406 self.version = settings.maxVersion | 1391 self.version = settings.maxVersion |
1407 | 1392 |
1408 #Get ClientHello | 1393 #Get ClientHello |
1409 for result in self._getMsg(ContentType.handshake, | 1394 for result in self._getMsg(ContentType.handshake, |
1410 HandshakeType.client_hello): | 1395 HandshakeType.client_hello): |
1411 if result in (0,1): yield result | 1396 if result in (0,1): yield result |
1412 else: break | 1397 else: break |
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1444 #Detect if the client performed an inappropriate fallback. | 1429 #Detect if the client performed an inappropriate fallback. |
1445 elif fallbackSCSV and clientHello.client_version < settings.maxVersion: | 1430 elif fallbackSCSV and clientHello.client_version < settings.maxVersion: |
1446 self.version = clientHello.client_version | 1431 self.version = clientHello.client_version |
1447 if CipherSuite.TLS_FALLBACK_SCSV in clientHello.cipher_suites: | 1432 if CipherSuite.TLS_FALLBACK_SCSV in clientHello.cipher_suites: |
1448 for result in self._sendError(\ | 1433 for result in self._sendError(\ |
1449 AlertDescription.inappropriate_fallback): | 1434 AlertDescription.inappropriate_fallback): |
1450 yield result | 1435 yield result |
1451 | 1436 |
1452 else: | 1437 else: |
1453 #Set the version to the client's version | 1438 #Set the version to the client's version |
1454 self.version = clientHello.client_version | 1439 self.version = clientHello.client_version |
| 1440 |
| 1441 #Initialize acceptable cipher suites |
| 1442 cipherSuites = [] |
| 1443 if verifierDB: |
| 1444 if certChain: |
| 1445 cipherSuites += \ |
| 1446 CipherSuite.getSrpCertSuites(settings, self.version) |
| 1447 cipherSuites += CipherSuite.getSrpSuites(settings, self.version) |
| 1448 elif certChain: |
| 1449 cipherSuites += CipherSuite.getDheCertSuites(settings, self.version) |
| 1450 cipherSuites += CipherSuite.getCertSuites(settings, self.version) |
| 1451 elif anon: |
| 1452 cipherSuites += CipherSuite.getAnonSuites(settings, self.version) |
| 1453 else: |
| 1454 assert(False) |
1455 | 1455 |
1456 #If resumption was requested and we have a session cache... | 1456 #If resumption was requested and we have a session cache... |
1457 if clientHello.session_id and sessionCache: | 1457 if clientHello.session_id and sessionCache: |
1458 session = None | 1458 session = None |
1459 | 1459 |
1460 #Check in the session cache | 1460 #Check in the session cache |
1461 if sessionCache and not session: | 1461 if sessionCache and not session: |
1462 try: | 1462 try: |
1463 session = sessionCache[clientHello.session_id] | 1463 session = sessionCache[clientHello.session_id] |
1464 if not session.resumable: | 1464 if not session.resumable: |
(...skipping 496 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1961 except TLSAlert as alert: | 1961 except TLSAlert as alert: |
1962 if not self.fault: | 1962 if not self.fault: |
1963 raise | 1963 raise |
1964 if alert.description not in Fault.faultAlerts[self.fault]: | 1964 if alert.description not in Fault.faultAlerts[self.fault]: |
1965 raise TLSFaultError(str(alert)) | 1965 raise TLSFaultError(str(alert)) |
1966 else: | 1966 else: |
1967 pass | 1967 pass |
1968 except: | 1968 except: |
1969 self._shutdown(False) | 1969 self._shutdown(False) |
1970 raise | 1970 raise |
OLD | NEW |