diff options
author | nharper <nharper@chromium.org> | 2015-09-15 13:38:20 -0700 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2015-09-15 20:39:05 +0000 |
commit | d847891ff6043c03f71656fe735e65dcf8acc934 (patch) | |
tree | d51c1ade8e90d31ee4b675841150d6d3f3fddc2b /third_party | |
parent | 295cbb2e343a6502334110c4d64189df6f2d83fa (diff) | |
download | chromium_src-d847891ff6043c03f71656fe735e65dcf8acc934.zip chromium_src-d847891ff6043c03f71656fe735e65dcf8acc934.tar.gz chromium_src-d847891ff6043c03f71656fe735e65dcf8acc934.tar.bz2 |
Add flag to tlslite's HandshakeSettings to disable channel ID on the test server
BUG=467312
Review URL: https://codereview.chromium.org/1339193002
Cr-Commit-Position: refs/heads/master@{#348980}
Diffstat (limited to 'third_party')
-rw-r--r-- | third_party/tlslite/README.chromium | 2 | ||||
-rw-r--r-- | third_party/tlslite/patches/disable_channel_id.patch | 53 | ||||
-rw-r--r-- | third_party/tlslite/tlslite/handshakesettings.py | 5 | ||||
-rw-r--r-- | third_party/tlslite/tlslite/tlsconnection.py | 5 |
4 files changed, 63 insertions, 2 deletions
diff --git a/third_party/tlslite/README.chromium b/third_party/tlslite/README.chromium index 810565b..e995e95 100644 --- a/third_party/tlslite/README.chromium +++ b/third_party/tlslite/README.chromium @@ -43,3 +43,5 @@ Local Modifications: master secret. - patches/token_binding_negotiation.patch: Add server support for token binding negotiation TLS extension (draft-ietf-tokbind-negotiation-00) +- patches/disable_channel_id.patch: Add flag to HandshakeSettings to allow + for disabling channel id. diff --git a/third_party/tlslite/patches/disable_channel_id.patch b/third_party/tlslite/patches/disable_channel_id.patch new file mode 100644 index 0000000..339cdd9 --- /dev/null +++ b/third_party/tlslite/patches/disable_channel_id.patch @@ -0,0 +1,53 @@ +diff --git a/third_party/tlslite/tlslite/handshakesettings.py b/third_party/tlslite/tlslite/handshakesettings.py +index 8f25f62..d7be5b3 100644 +--- a/third_party/tlslite/tlslite/handshakesettings.py ++++ b/third_party/tlslite/tlslite/handshakesettings.py +@@ -112,6 +112,9 @@ class HandshakeSettings(object): + @ivar alertAfterHandshake: If true, the server will send a fatal + alert immediately after the handshake completes. + ++ @type enableChannelID: bool ++ @ivar enableChannelID: If true, the server supports channel ID. ++ + @type enableExtendedMasterSecret: bool + @ivar enableExtendedMasterSecret: If true, the server supports the extended + master secret TLS extension and will negotiated it with supporting clients. +@@ -140,6 +143,7 @@ class HandshakeSettings(object): + self.tlsIntoleranceType = 'alert' + self.useExperimentalTackExtension = False + self.alertAfterHandshake = False ++ self.enableChannelID = True + self.enableExtendedMasterSecret = True + self.supportedTokenBindingParams = [] + +@@ -159,6 +163,7 @@ class HandshakeSettings(object): + other.tlsIntolerant = self.tlsIntolerant + other.tlsIntoleranceType = self.tlsIntoleranceType + other.alertAfterHandshake = self.alertAfterHandshake ++ other.enableChannelID = self.enableChannelID + other.enableExtendedMasterSecret = self.enableExtendedMasterSecret + other.supportedTokenBindingParams = self.supportedTokenBindingParams + +diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/tlslite/tlsconnection.py +index 06404fe..7363a30 100644 +--- a/third_party/tlslite/tlslite/tlsconnection.py ++++ b/third_party/tlslite/tlslite/tlsconnection.py +@@ -1326,7 +1326,8 @@ class TLSConnection(TLSRecordLayer): + serverHello.create(self.version, getRandomBytes(32), sessionID, \ + cipherSuite, CertificateType.x509, tackExt, + nextProtos) +- serverHello.channel_id = clientHello.channel_id ++ serverHello.channel_id = \ ++ clientHello.channel_id and settings.enableChannelID + serverHello.extended_master_secret = \ + clientHello.extended_master_secret and \ + settings.enableExtendedMasterSecret +@@ -1391,7 +1392,7 @@ class TLSConnection(TLSRecordLayer): + for result in self._serverFinished(premasterSecret, + clientHello.random, serverHello.random, + cipherSuite, settings.cipherImplementations, +- nextProtos, clientHello.channel_id, ++ nextProtos, serverHello.channel_id, + serverHello.extended_master_secret): + if result in (0,1): yield result + else: break diff --git a/third_party/tlslite/tlslite/handshakesettings.py b/third_party/tlslite/tlslite/handshakesettings.py index 8f25f62..d7be5b3 100644 --- a/third_party/tlslite/tlslite/handshakesettings.py +++ b/third_party/tlslite/tlslite/handshakesettings.py @@ -112,6 +112,9 @@ class HandshakeSettings(object): @ivar alertAfterHandshake: If true, the server will send a fatal alert immediately after the handshake completes. + @type enableChannelID: bool + @ivar enableChannelID: If true, the server supports channel ID. + @type enableExtendedMasterSecret: bool @ivar enableExtendedMasterSecret: If true, the server supports the extended master secret TLS extension and will negotiated it with supporting clients. @@ -140,6 +143,7 @@ class HandshakeSettings(object): self.tlsIntoleranceType = 'alert' self.useExperimentalTackExtension = False self.alertAfterHandshake = False + self.enableChannelID = True self.enableExtendedMasterSecret = True self.supportedTokenBindingParams = [] @@ -159,6 +163,7 @@ class HandshakeSettings(object): other.tlsIntolerant = self.tlsIntolerant other.tlsIntoleranceType = self.tlsIntoleranceType other.alertAfterHandshake = self.alertAfterHandshake + other.enableChannelID = self.enableChannelID other.enableExtendedMasterSecret = self.enableExtendedMasterSecret other.supportedTokenBindingParams = self.supportedTokenBindingParams diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/tlslite/tlsconnection.py index 06404fe..7363a30 100644 --- a/third_party/tlslite/tlslite/tlsconnection.py +++ b/third_party/tlslite/tlslite/tlsconnection.py @@ -1326,7 +1326,8 @@ class TLSConnection(TLSRecordLayer): serverHello.create(self.version, getRandomBytes(32), sessionID, \ cipherSuite, CertificateType.x509, tackExt, nextProtos) - serverHello.channel_id = clientHello.channel_id + serverHello.channel_id = \ + clientHello.channel_id and settings.enableChannelID serverHello.extended_master_secret = \ clientHello.extended_master_secret and \ settings.enableExtendedMasterSecret @@ -1391,7 +1392,7 @@ class TLSConnection(TLSRecordLayer): for result in self._serverFinished(premasterSecret, clientHello.random, serverHello.random, cipherSuite, settings.cipherImplementations, - nextProtos, clientHello.channel_id, + nextProtos, serverHello.channel_id, serverHello.extended_master_secret): if result in (0,1): yield result else: break |