OLD | NEW |
(Empty) | |
| 1 diff --git a/third_party/tlslite/tlslite/TLSConnection.py b/third_party/tlslite/
tlslite/TLSConnection.py |
| 2 index 7e38a23..02c7478 100644 |
| 3 --- a/third_party/tlslite/tlslite/TLSConnection.py |
| 4 +++ b/third_party/tlslite/tlslite/TLSConnection.py |
| 5 @@ -932,7 +932,7 @@ class TLSConnection(TLSRecordLayer): |
| 6 def handshakeServer(self, sharedKeyDB=None, verifierDB=None, |
| 7 certChain=None, privateKey=None, reqCert=False, |
| 8 sessionCache=None, settings=None, checker=None, |
| 9 - reqCAs=None): |
| 10 + reqCAs=None, tlsIntolerant=False): |
| 11 """Perform a handshake in the role of server. |
| 12 |
| 13 This function performs an SSL or TLS handshake. Depending on |
| 14 @@ -1012,14 +1012,14 @@ class TLSConnection(TLSRecordLayer): |
| 15 """ |
| 16 for result in self.handshakeServerAsync(sharedKeyDB, verifierDB, |
| 17 certChain, privateKey, reqCert, sessionCache, settings, |
| 18 - checker, reqCAs): |
| 19 + checker, reqCAs, tlsIntolerant): |
| 20 pass |
| 21 |
| 22 |
| 23 def handshakeServerAsync(self, sharedKeyDB=None, verifierDB=None, |
| 24 certChain=None, privateKey=None, reqCert=False, |
| 25 sessionCache=None, settings=None, checker=None, |
| 26 - reqCAs=None): |
| 27 + reqCAs=None, tlsIntolerant=False): |
| 28 """Start a server handshake operation on the TLS connection. |
| 29 |
| 30 This function returns a generator which behaves similarly to |
| 31 @@ -1036,14 +1036,15 @@ class TLSConnection(TLSRecordLayer): |
| 32 verifierDB=verifierDB, certChain=certChain, |
| 33 privateKey=privateKey, reqCert=reqCert, |
| 34 sessionCache=sessionCache, settings=settings, |
| 35 - reqCAs=reqCAs) |
| 36 + reqCAs=reqCAs, |
| 37 + tlsIntolerant=tlsIntolerant) |
| 38 for result in self._handshakeWrapperAsync(handshaker, checker): |
| 39 yield result |
| 40 |
| 41 |
| 42 def _handshakeServerAsyncHelper(self, sharedKeyDB, verifierDB, |
| 43 certChain, privateKey, reqCert, sessionCache, |
| 44 - settings, reqCAs): |
| 45 + settings, reqCAs, tlsIntolerant): |
| 46 |
| 47 self._handshakeStart(client=False) |
| 48 |
| 49 @@ -1111,6 +1112,11 @@ class TLSConnection(TLSRecordLayer): |
| 50 "Too old version: %s" % str(clientHello.client_version)): |
| 51 yield result |
| 52 |
| 53 + if tlsIntolerant and clientHello.client_version > (3, 0): |
| 54 + for result in self._sendError(\ |
| 55 + AlertDescription.handshake_failure): |
| 56 + yield result |
| 57 + |
| 58 #If client's version is too high, propose my highest version |
| 59 elif clientHello.client_version > settings.maxVersion: |
| 60 self.version = settings.maxVersion |
OLD | NEW |