third_party/tlslite/patches/alert_after_handshake.patch - Issue 994373004: Properly handle alerts from the peer in SSL_read.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: third_party/tlslite/patches/alert_after_handshake.patch

Issue 994373004: Properly handle alerts from the peer in SSL_read. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 5 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: third_party/tlslite/patches/alert_after_handshake.patch

diff --git a/third_party/tlslite/patches/alert_after_handshake.patch b/third_party/tlslite/patches/alert_after_handshake.patch

new file mode 100644

index 0000000000000000000000000000000000000000..a400721cd3bcfc14060045dfc1383d6f5518ac78

--- /dev/null

+++ b/third_party/tlslite/patches/alert_after_handshake.patch

@@ -0,0 +1,46 @@

+diff --git a/third_party/tlslite/tlslite/handshakesettings.py b/third_party/tlslite/tlslite/handshakesettings.py

+index 2f11aaa..e752834 100644

+--- a/third_party/tlslite/tlslite/handshakesettings.py

++++ b/third_party/tlslite/tlslite/handshakesettings.py

+@@ -107,6 +107,10 @@ class HandshakeSettings(object):

+ @type useExperimentalTackExtension: bool

+ @ivar useExperimentalTackExtension: Whether to enabled TACK support.

++ @type alertAfterHandshake: bool

++ @ivar alertAfterHandshake: If true, the server will send a fatal

++ alert immediately after the handshake completes.

+ Note that TACK support is not standardized by IETF and uses a temporary

+ TLS Extension number, so should NOT be used in production software.

+@@ -124,6 +128,7 @@ class HandshakeSettings(object):

+ self.tlsIntolerant = None

+ self.tlsIntoleranceType = 'alert'

+ self.useExperimentalTackExtension = False

++ self.alertAfterHandshake = False

+ # Validates the min/max fields, and certificateTypes

+ # Filters out unsupported cipherNames and cipherImplementations

+@@ -140,6 +145,7 @@ class HandshakeSettings(object):

+ other.maxVersion = self.maxVersion

+ other.tlsIntolerant = self.tlsIntolerant

+ other.tlsIntoleranceType = self.tlsIntoleranceType

++ other.alertAfterHandshake = self.alertAfterHandshake

+ if not cipherfactory.tripleDESPresent:

+ other.cipherNames = [e for e in self.cipherNames if e != "3des"]

+diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/tlslite/tlsconnection.py

+index 0e13a78..eb850e9 100644

+--- a/third_party/tlslite/tlslite/tlsconnection.py

++++ b/third_party/tlslite/tlslite/tlsconnection.py

+@@ -1221,6 +1221,10 @@ class TLSConnection(TLSRecordLayer):

+ ocspResponse=ocspResponse)

+ for result in self._handshakeWrapperAsync(handshaker, checker):

+ yield result

++ if settings.alertAfterHandshake:

++ for result in self._sendError(AlertDescription.internal_error,

++ "Spurious alert"):

++ yield result

+ def _handshakeServerAsyncHelper(self, verifierDB,

« net/ssl/openssl_ssl_util.h ('K') | « third_party/tlslite/README.chromium ('k') | third_party/tlslite/tlslite/handshakesettings.py » ('j') | no next file with comments »