Add flag to tlslite's HandshakeSettings to disable channel ID on the test server

BUG=467312 Review URL: https://codereview.chromium.org/1339193002 Cr-Commit-Position: refs/heads/master@{#348980}
author: nharper <nharper@chromium.org> 2015-09-15 13:38:20 -0700
committer: Commit bot <commit-bot@chromium.org> 2015-09-15 20:39:05 +0000
commit: d847891ff6043c03f71656fe735e65dcf8acc934 (patch)
tree: d51c1ade8e90d31ee4b675841150d6d3f3fddc2b /third_party
parent: 295cbb2e343a6502334110c4d64189df6f2d83fa (diff)
download: chromium_src-d847891ff6043c03f71656fe735e65dcf8acc934.zip
chromium_src-d847891ff6043c03f71656fe735e65dcf8acc934.tar.gz
chromium_src-d847891ff6043c03f71656fe735e65dcf8acc934.tar.bz2
4 files changed, 63 insertions, 2 deletions
diff --git a/third_party/tlslite/README.chromium b/third_party/tlslite/README.chromium
index 810565b..e995e95 100644
--- a/third_party/tlslite/README.chromium
+++ b/third_party/tlslite/README.chromium
@@ -43,3 +43,5 @@ Local Modifications:
   master secret.
 - patches/token_binding_negotiation.patch: Add server support for token
   binding negotiation TLS extension (draft-ietf-tokbind-negotiation-00)
+- patches/disable_channel_id.patch: Add flag to HandshakeSettings to allow
+  for disabling channel id.
diff --git a/third_party/tlslite/patches/disable_channel_id.patch b/third_party/tlslite/patches/disable_channel_id.patch
new file mode 100644
index 0000000..339cdd9
--- /dev/null
+++ b/third_party/tlslite/patches/disable_channel_id.patch
@@ -0,0 +1,53 @@
+diff --git a/third_party/tlslite/tlslite/handshakesettings.py b/third_party/tlslite/tlslite/handshakesettings.py
+index 8f25f62..d7be5b3 100644
+--- a/third_party/tlslite/tlslite/handshakesettings.py
++++ b/third_party/tlslite/tlslite/handshakesettings.py
+@@ -112,6 +112,9 @@ class HandshakeSettings(object):
+     @ivar alertAfterHandshake: If true, the server will send a fatal
+     alert immediately after the handshake completes.
+ 
++    @type enableChannelID: bool
++    @ivar enableChannelID: If true, the server supports channel ID.
++
+     @type enableExtendedMasterSecret: bool
+     @ivar enableExtendedMasterSecret: If true, the server supports the extended
+     master secret TLS extension and will negotiated it with supporting clients.
+@@ -140,6 +143,7 @@ class HandshakeSettings(object):
+         self.tlsIntoleranceType = 'alert'
+         self.useExperimentalTackExtension = False
+         self.alertAfterHandshake = False
++        self.enableChannelID = True
+         self.enableExtendedMasterSecret = True
+         self.supportedTokenBindingParams = []
+ 
+@@ -159,6 +163,7 @@ class HandshakeSettings(object):
+         other.tlsIntolerant = self.tlsIntolerant
+         other.tlsIntoleranceType = self.tlsIntoleranceType
+         other.alertAfterHandshake = self.alertAfterHandshake
++        other.enableChannelID = self.enableChannelID
+         other.enableExtendedMasterSecret = self.enableExtendedMasterSecret
+         other.supportedTokenBindingParams = self.supportedTokenBindingParams
+ 
+diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/tlslite/tlsconnection.py
+index 06404fe..7363a30 100644
+--- a/third_party/tlslite/tlslite/tlsconnection.py
++++ b/third_party/tlslite/tlslite/tlsconnection.py
+@@ -1326,7 +1326,8 @@ class TLSConnection(TLSRecordLayer):
+         serverHello.create(self.version, getRandomBytes(32), sessionID, \
+                             cipherSuite, CertificateType.x509, tackExt,
+                             nextProtos)
+-        serverHello.channel_id = clientHello.channel_id
++        serverHello.channel_id = \
++            clientHello.channel_id and settings.enableChannelID
+         serverHello.extended_master_secret = \
+             clientHello.extended_master_secret and \
+             settings.enableExtendedMasterSecret
+@@ -1391,7 +1392,7 @@ class TLSConnection(TLSRecordLayer):
+         for result in self._serverFinished(premasterSecret, 
+                                 clientHello.random, serverHello.random,
+                                 cipherSuite, settings.cipherImplementations,
+-                                nextProtos, clientHello.channel_id,
++                                nextProtos, serverHello.channel_id,
+                                 serverHello.extended_master_secret):
+                 if result in (0,1): yield result
+                 else: break
diff --git a/third_party/tlslite/tlslite/handshakesettings.py b/third_party/tlslite/tlslite/handshakesettings.py
index 8f25f62..d7be5b3 100644
--- a/third_party/tlslite/tlslite/handshakesettings.py
+++ b/third_party/tlslite/tlslite/handshakesettings.py
@@ -112,6 +112,9 @@ class HandshakeSettings(object):
     @ivar alertAfterHandshake: If true, the server will send a fatal
     alert immediately after the handshake completes.
 
+    @type enableChannelID: bool
+    @ivar enableChannelID: If true, the server supports channel ID.
+
     @type enableExtendedMasterSecret: bool
     @ivar enableExtendedMasterSecret: If true, the server supports the extended
     master secret TLS extension and will negotiated it with supporting clients.
@@ -140,6 +143,7 @@ class HandshakeSettings(object):
         self.tlsIntoleranceType = 'alert'
         self.useExperimentalTackExtension = False
         self.alertAfterHandshake = False
+        self.enableChannelID = True
         self.enableExtendedMasterSecret = True
         self.supportedTokenBindingParams = []
 
@@ -159,6 +163,7 @@ class HandshakeSettings(object):
         other.tlsIntolerant = self.tlsIntolerant
         other.tlsIntoleranceType = self.tlsIntoleranceType
         other.alertAfterHandshake = self.alertAfterHandshake
+        other.enableChannelID = self.enableChannelID
         other.enableExtendedMasterSecret = self.enableExtendedMasterSecret
         other.supportedTokenBindingParams = self.supportedTokenBindingParams
 
diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/tlslite/tlsconnection.py
index 06404fe..7363a30 100644
--- a/third_party/tlslite/tlslite/tlsconnection.py
+++ b/third_party/tlslite/tlslite/tlsconnection.py
@@ -1326,7 +1326,8 @@ class TLSConnection(TLSRecordLayer):
         serverHello.create(self.version, getRandomBytes(32), sessionID, \
                             cipherSuite, CertificateType.x509, tackExt,
                             nextProtos)
-        serverHello.channel_id = clientHello.channel_id
+        serverHello.channel_id = \
+            clientHello.channel_id and settings.enableChannelID
         serverHello.extended_master_secret = \
             clientHello.extended_master_secret and \
             settings.enableExtendedMasterSecret
@@ -1391,7 +1392,7 @@ class TLSConnection(TLSRecordLayer):
         for result in self._serverFinished(premasterSecret, 
                                 clientHello.random, serverHello.random,
                                 cipherSuite, settings.cipherImplementations,
-                                nextProtos, clientHello.channel_id,
+                                nextProtos, serverHello.channel_id,
                                 serverHello.extended_master_secret):
                 if result in (0,1): yield result
                 else: break
author	nharper <nharper@chromium.org>	2015-09-15 13:38:20 -0700
committer	Commit bot <commit-bot@chromium.org>	2015-09-15 20:39:05 +0000
commit	d847891ff6043c03f71656fe735e65dcf8acc934 (patch)
tree	d51c1ade8e90d31ee4b675841150d6d3f3fddc2b /third_party
parent	295cbb2e343a6502334110c4d64189df6f2d83fa (diff)
download	chromium_src-d847891ff6043c03f71656fe735e65dcf8acc934.zip chromium_src-d847891ff6043c03f71656fe735e65dcf8acc934.tar.gz chromium_src-d847891ff6043c03f71656fe735e65dcf8acc934.tar.bz2