diff options
| -rwxr-xr-x | net/tools/testserver/testserver.py | 4 | ||||
| -rw-r--r-- | third_party/tlslite/README.chromium | 6 | ||||
| -rw-r--r-- | third_party/tlslite/patches/parse_chain.patch | 89 | ||||
| -rw-r--r-- | third_party/tlslite/tlslite/X509.py | 1 | ||||
| -rw-r--r-- | third_party/tlslite/tlslite/X509CertChain.py | 61 |
5 files changed, 157 insertions, 4 deletions
diff --git a/net/tools/testserver/testserver.py b/net/tools/testserver/testserver.py index f4442ed..48defa3 100755 --- a/net/tools/testserver/testserver.py +++ b/net/tools/testserver/testserver.py @@ -120,9 +120,7 @@ class HTTPSServer(tlslite.api.TLSSocketServerMixIn, ssl_client_auth, ssl_client_cas, ssl_bulk_ciphers, record_resume_info): s = open(cert_path).read() - x509 = tlslite.api.X509() - x509.parse(s) - self.cert_chain = tlslite.api.X509CertChain([x509]) + self.cert_chain = tlslite.api.X509CertChain().parseChain(s) s = open(cert_path).read() self.private_key = tlslite.api.parsePEMKey(s, private=True) self.ssl_client_auth = ssl_client_auth diff --git a/third_party/tlslite/README.chromium b/third_party/tlslite/README.chromium index bf8eb36..ea99656 100644 --- a/third_party/tlslite/README.chromium +++ b/third_party/tlslite/README.chromium @@ -1,6 +1,7 @@ Name: tlslite URL: http://trevp.net/tlslite/ -Version: unknown +Version: 0.3.8 +Security Critical: No Local Modifications: @@ -26,3 +27,6 @@ Local Modifications: default to a certificate_types of [rsa_sign] in CertificateRequest. Apple's Secure Transport library rejects an empty list and raises an SSL protocol error. +- patches/parse_chain.patch: tlslite/X509CertChain.py and tlslite/X509.py were + updated to add a parseChain method, that can parse multiple certificates from + a PEM string. diff --git a/third_party/tlslite/patches/parse_chain.patch b/third_party/tlslite/patches/parse_chain.patch new file mode 100644 index 0000000..3a54733 --- /dev/null +++ b/third_party/tlslite/patches/parse_chain.patch @@ -0,0 +1,89 @@ +diff -aurb tlslite-0.3.8/tlslite/X509.py chromium/tlslite/X509.py +--- tlslite-0.3.8/tlslite/X509.py Fri Mar 19 18:43:19 2004 ++++ chromium/tlslite/X509.py Wed Feb 29 11:53:54 2012 +@@ -91,6 +91,7 @@ + + #Create a public key instance + self.publicKey = _createPublicRSAKey(n, e) ++ return self + + def getFingerprint(self): + """Get the hex-encoded fingerprint of this certificate. +diff -aurb tlslite-0.3.8/tlslite/X509CertChain.py chromium/tlslite/X509CertChain.py +--- tlslite-0.3.8/tlslite/X509CertChain.py Fri Mar 19 18:49:58 2004 ++++ chromium/tlslite/X509CertChain.py Wed Feb 29 11:53:42 2012 +@@ -1,6 +1,7 @@ + """Class representing an X.509 certificate chain.""" + + from utils import cryptomath ++from X509 import X509 + + class X509CertChain: + """This class represents a chain of X.509 certificates. +@@ -23,6 +24,66 @@ + self.x509List = x509List + else: + self.x509List = [] ++ ++ def parseChain(self, s): ++ """Parse a PEM-encoded X.509 certificate file chain file. ++ ++ @type s: str ++ @param s: A PEM-encoded (eg: Base64) X.509 certificate file, with every ++ certificate wrapped within "-----BEGIN CERTIFICATE-----" and ++ "-----END CERTIFICATE-----" tags). Extraneous data outside such tags, ++ such as human readable representations, will be ignored. ++ """ ++ ++ class PEMIterator(object): ++ """Simple iterator over PEM-encoded certificates within a string. ++ ++ @type data: string ++ @ivar data: A string containing PEM-encoded (Base64) certificates, ++ with every certificate wrapped within "-----BEGIN CERTIFICATE-----" ++ and "-----END CERTIFICATE-----" tags). Extraneous data outside such ++ tags, such as human readable representations, will be ignored. ++ ++ @type index: integer ++ @ivar index: The current offset within data to begin iterating from. ++ """ ++ ++ _CERTIFICATE_HEADER = "----BEGIN CERTIFICATE-----" ++ """The PEM encoding block header for X.509 certificates.""" ++ ++ _CERTIFICATE_FOOTER = "----END CERTIFICATE-----" ++ """The PEM encoding block footer for X.509 certificates.""" ++ ++ def __init__(self, s): ++ self.data = s ++ self.index = 0 ++ ++ def __iter__(self): ++ return self ++ ++ def next(self): ++ """Iterates and returns the next L{tlslite.X509.X509} ++ certificate in data. ++ ++ @rtype tlslite.X509.X509 ++ """ ++ ++ self.index = self.data.find(self._CERTIFICATE_HEADER, ++ self.index) ++ if self.index == -1: ++ raise StopIteration ++ end = self.data.find(self._CERTIFICATE_FOOTER, self.index) ++ if end == -1: ++ raise StopIteration ++ ++ certStr = self.data[self.index+len(self._CERTIFICATE_HEADER) : ++ end] ++ self.index = end + len(self._CERTIFICATE_FOOTER) ++ bytes = cryptomath.base64ToBytes(certStr) ++ return X509().parseBinary(bytes) ++ ++ self.x509List = list(PEMIterator(s)) ++ return self + + def getNumCerts(self): + """Get the number of certificates in this chain. diff --git a/third_party/tlslite/tlslite/X509.py b/third_party/tlslite/tlslite/X509.py index d8b8bcc..a32d879 100644 --- a/third_party/tlslite/tlslite/X509.py +++ b/third_party/tlslite/tlslite/X509.py @@ -99,6 +99,7 @@ class X509: #Create a public key instance self.publicKey = _createPublicRSAKey(n, e) + return self def getFingerprint(self): """Get the hex-encoded fingerprint of this certificate. diff --git a/third_party/tlslite/tlslite/X509CertChain.py b/third_party/tlslite/tlslite/X509CertChain.py index 6bb503e..db55fa5 100644 --- a/third_party/tlslite/tlslite/X509CertChain.py +++ b/third_party/tlslite/tlslite/X509CertChain.py @@ -1,6 +1,7 @@ """Class representing an X.509 certificate chain.""" from utils import cryptomath +from X509 import X509 class X509CertChain: """This class represents a chain of X.509 certificates. @@ -24,6 +25,66 @@ class X509CertChain: else: self.x509List = [] + def parseChain(self, s): + """Parse a PEM-encoded X.509 certificate file chain file. + + @type s: str + @param s: A PEM-encoded (eg: Base64) X.509 certificate file, with every + certificate wrapped within "-----BEGIN CERTIFICATE-----" and + "-----END CERTIFICATE-----" tags). Extraneous data outside such tags, + such as human readable representations, will be ignored. + """ + + class PEMIterator(object): + """Simple iterator over PEM-encoded certificates within a string. + + @type data: string + @ivar data: A string containing PEM-encoded (Base64) certificates, + with every certificate wrapped within "-----BEGIN CERTIFICATE-----" + and "-----END CERTIFICATE-----" tags). Extraneous data outside such + tags, such as human readable representations, will be ignored. + + @type index: integer + @ivar index: The current offset within data to begin iterating from. + """ + + _CERTIFICATE_HEADER = "-----BEGIN CERTIFICATE-----" + """The PEM encoding block header for X.509 certificates.""" + + _CERTIFICATE_FOOTER = "-----END CERTIFICATE-----" + """The PEM encoding block footer for X.509 certificates.""" + + def __init__(self, s): + self.data = s + self.index = 0 + + def __iter__(self): + return self + + def next(self): + """Iterates and returns the next L{tlslite.X509.X509} + certificate in data. + + @rtype tlslite.X509.X509 + """ + + self.index = self.data.find(self._CERTIFICATE_HEADER, + self.index) + if self.index == -1: + raise StopIteration + end = self.data.find(self._CERTIFICATE_FOOTER, self.index) + if end == -1: + raise StopIteration + + certStr = self.data[self.index+len(self._CERTIFICATE_HEADER) : + end] + self.index = end + len(self._CERTIFICATE_FOOTER) + bytes = cryptomath.base64ToBytes(certStr) + return X509().parseBinary(bytes) + + self.x509List = list(PEMIterator(s)) + return self + def getNumCerts(self): """Get the number of certificates in this chain. |