summaryrefslogtreecommitdiffstats
path: root/third_party/tlslite/README.chromium
blob: ed0d793eedd3cd75c337571574e35d68cb5247c7 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
Name: tlslite
URL: http://trevp.net/tlslite/
Version: 0.3.8
Security Critical: No
License: Public domain

Local Modifications:

- patches/close_notify.patch: tlslite/TLSRecordLayer.py was changed to force
  the socket to be closed when the SSL connection is closed. This is is
  necessary at this point since WinHTTP does not seem to react to the SSL
  close notify. It's also needed to prevent a hang on Linux.  See also 
  http://sourceforge.net/mailarchive/forum.php?thread_name=41C9B18B.2010201%40ag.com&forum_name=tlslite-users
- patches/python26.patch: Replace sha, md5 module imports with hashlib, as
  they are deprecated in Python 2.6
- patches/ca_request.patch: tlslite/X509.py was changed to obtain the
  DER-encoded distinguished name for a certificate, without requiring any
  addition libraries.
  tlslite/utils/ASN1Parser.py was changed to allow obtaining the unparsed
  data for an element in a SEQUENCE, in addition to providing the parsed
  value (tag and length removed)
  tlslite/messages.py was changed from accepting/returning a single byte
  array in the CertificateRequest message for the CA names to accept a list
  of byte arrays, each containing a DER-encoded distinguished name.
  tlslite/TLSConnection.py was changed to take a list of such byte arrays
  when creating a TLS server that will request client authentication.
- patches/send_certificate_types.patch: tlslite/message.py was changed to
  default to a certificate_types of [rsa_sign] in CertificateRequest. Apple's
  Secure Transport library rejects an empty list and raises an SSL protocol
  error.
- patches/parse_chain.patch: tlslite/X509CertChain.py and tlslite/X509.py were
  updated to add a parseChain method, that can parse multiple certificates from
  a PEM string.
- patches/tls_intolerant.patch: allow TLSLite to simulate a TLS-intolerant server.
- patches/channel_id.patch: add basic ChannelID support. (Signatures are not
  checked.)
- patches/signed_certificate_timestamps.patch: add support for sending Signed
  Certificate Timestamps over a TLS extension.
- patches/fallback_scsv.patch: add support for TLS_FALLBACK_SCSV. See
  https://tools.ietf.org/html/draft-bmoeller-tls-downgrade-scsv-01
- patches/status_request.patch: add support for sending stapled OCSP responses.