diff --git a/third_party/tlslite/tlslite/handshakesettings.py b/third_party/tlslite/tlslite/handshakesettings.py index 2f11aaa..e752834 100644 --- a/third_party/tlslite/tlslite/handshakesettings.py +++ b/third_party/tlslite/tlslite/handshakesettings.py @@ -107,6 +107,10 @@ class HandshakeSettings(object): @type useExperimentalTackExtension: bool @ivar useExperimentalTackExtension: Whether to enabled TACK support. + + @type alertAfterHandshake: bool + @ivar alertAfterHandshake: If true, the server will send a fatal + alert immediately after the handshake completes. Note that TACK support is not standardized by IETF and uses a temporary TLS Extension number, so should NOT be used in production software. @@ -124,6 +128,7 @@ class HandshakeSettings(object): self.tlsIntolerant = None self.tlsIntoleranceType = 'alert' self.useExperimentalTackExtension = False + self.alertAfterHandshake = False # Validates the min/max fields, and certificateTypes # Filters out unsupported cipherNames and cipherImplementations @@ -140,6 +145,7 @@ class HandshakeSettings(object): other.maxVersion = self.maxVersion other.tlsIntolerant = self.tlsIntolerant other.tlsIntoleranceType = self.tlsIntoleranceType + other.alertAfterHandshake = self.alertAfterHandshake if not cipherfactory.tripleDESPresent: other.cipherNames = [e for e in self.cipherNames if e != "3des"] diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/tlslite/tlsconnection.py index 0e13a78..eb850e9 100644 --- a/third_party/tlslite/tlslite/tlsconnection.py +++ b/third_party/tlslite/tlslite/tlsconnection.py @@ -1221,6 +1221,10 @@ class TLSConnection(TLSRecordLayer): ocspResponse=ocspResponse) for result in self._handshakeWrapperAsync(handshaker, checker): yield result + if settings and settings.alertAfterHandshake: + for result in self._sendError(AlertDescription.internal_error, + "Spurious alert"): + yield result def _handshakeServerAsyncHelper(self, verifierDB,