diff options
Diffstat (limited to 'third_party')
| -rw-r--r-- | third_party/tlslite/README.chromium | 1 | ||||
| -rw-r--r-- | third_party/tlslite/patches/tls_intolerant.patch | 60 | ||||
| -rw-r--r-- | third_party/tlslite/tlslite/TLSConnection.py | 16 |
3 files changed, 72 insertions, 5 deletions
diff --git a/third_party/tlslite/README.chromium b/third_party/tlslite/README.chromium index ea99656..916fd36 100644 --- a/third_party/tlslite/README.chromium +++ b/third_party/tlslite/README.chromium @@ -30,3 +30,4 @@ Local Modifications: - patches/parse_chain.patch: tlslite/X509CertChain.py and tlslite/X509.py were updated to add a parseChain method, that can parse multiple certificates from a PEM string. +- patches/tls_intolerant.patch: allow TLSLite to simulate a TLS-intolerant server. diff --git a/third_party/tlslite/patches/tls_intolerant.patch b/third_party/tlslite/patches/tls_intolerant.patch new file mode 100644 index 0000000..506b4d3c --- /dev/null +++ b/third_party/tlslite/patches/tls_intolerant.patch @@ -0,0 +1,60 @@ +diff --git a/third_party/tlslite/tlslite/TLSConnection.py b/third_party/tlslite/tlslite/TLSConnection.py +index 7e38a23..02c7478 100644 +--- a/third_party/tlslite/tlslite/TLSConnection.py ++++ b/third_party/tlslite/tlslite/TLSConnection.py +@@ -932,7 +932,7 @@ class TLSConnection(TLSRecordLayer): + def handshakeServer(self, sharedKeyDB=None, verifierDB=None, + certChain=None, privateKey=None, reqCert=False, + sessionCache=None, settings=None, checker=None, +- reqCAs=None): ++ reqCAs=None, tlsIntolerant=False): + """Perform a handshake in the role of server. + + This function performs an SSL or TLS handshake. Depending on +@@ -1012,14 +1012,14 @@ class TLSConnection(TLSRecordLayer): + """ + for result in self.handshakeServerAsync(sharedKeyDB, verifierDB, + certChain, privateKey, reqCert, sessionCache, settings, +- checker, reqCAs): ++ checker, reqCAs, tlsIntolerant): + pass + + + def handshakeServerAsync(self, sharedKeyDB=None, verifierDB=None, + certChain=None, privateKey=None, reqCert=False, + sessionCache=None, settings=None, checker=None, +- reqCAs=None): ++ reqCAs=None, tlsIntolerant=False): + """Start a server handshake operation on the TLS connection. + + This function returns a generator which behaves similarly to +@@ -1036,14 +1036,15 @@ class TLSConnection(TLSRecordLayer): + verifierDB=verifierDB, certChain=certChain, + privateKey=privateKey, reqCert=reqCert, + sessionCache=sessionCache, settings=settings, +- reqCAs=reqCAs) ++ reqCAs=reqCAs, ++ tlsIntolerant=tlsIntolerant) + for result in self._handshakeWrapperAsync(handshaker, checker): + yield result + + + def _handshakeServerAsyncHelper(self, sharedKeyDB, verifierDB, + certChain, privateKey, reqCert, sessionCache, +- settings, reqCAs): ++ settings, reqCAs, tlsIntolerant): + + self._handshakeStart(client=False) + +@@ -1111,6 +1112,11 @@ class TLSConnection(TLSRecordLayer): + "Too old version: %s" % str(clientHello.client_version)): + yield result + ++ if tlsIntolerant and clientHello.client_version > (3, 0): ++ for result in self._sendError(\ ++ AlertDescription.handshake_failure): ++ yield result ++ + #If client's version is too high, propose my highest version + elif clientHello.client_version > settings.maxVersion: + self.version = settings.maxVersion diff --git a/third_party/tlslite/tlslite/TLSConnection.py b/third_party/tlslite/tlslite/TLSConnection.py index 7e38a23..02c7478 100644 --- a/third_party/tlslite/tlslite/TLSConnection.py +++ b/third_party/tlslite/tlslite/TLSConnection.py @@ -932,7 +932,7 @@ class TLSConnection(TLSRecordLayer): def handshakeServer(self, sharedKeyDB=None, verifierDB=None, certChain=None, privateKey=None, reqCert=False, sessionCache=None, settings=None, checker=None, - reqCAs=None): + reqCAs=None, tlsIntolerant=False): """Perform a handshake in the role of server. This function performs an SSL or TLS handshake. Depending on @@ -1012,14 +1012,14 @@ class TLSConnection(TLSRecordLayer): """ for result in self.handshakeServerAsync(sharedKeyDB, verifierDB, certChain, privateKey, reqCert, sessionCache, settings, - checker, reqCAs): + checker, reqCAs, tlsIntolerant): pass def handshakeServerAsync(self, sharedKeyDB=None, verifierDB=None, certChain=None, privateKey=None, reqCert=False, sessionCache=None, settings=None, checker=None, - reqCAs=None): + reqCAs=None, tlsIntolerant=False): """Start a server handshake operation on the TLS connection. This function returns a generator which behaves similarly to @@ -1036,14 +1036,15 @@ class TLSConnection(TLSRecordLayer): verifierDB=verifierDB, certChain=certChain, privateKey=privateKey, reqCert=reqCert, sessionCache=sessionCache, settings=settings, - reqCAs=reqCAs) + reqCAs=reqCAs, + tlsIntolerant=tlsIntolerant) for result in self._handshakeWrapperAsync(handshaker, checker): yield result def _handshakeServerAsyncHelper(self, sharedKeyDB, verifierDB, certChain, privateKey, reqCert, sessionCache, - settings, reqCAs): + settings, reqCAs, tlsIntolerant): self._handshakeStart(client=False) @@ -1111,6 +1112,11 @@ class TLSConnection(TLSRecordLayer): "Too old version: %s" % str(clientHello.client_version)): yield result + if tlsIntolerant and clientHello.client_version > (3, 0): + for result in self._sendError(\ + AlertDescription.handshake_failure): + yield result + #If client's version is too high, propose my highest version elif clientHello.client_version > settings.maxVersion: self.version = settings.maxVersion |