Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(335)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/tlslite/patches/tls_intolerant.patch

Issue 10412042: Improve the TLS intolerant server testing support added in r134129 (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Tweak enumerator names Created 8 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/url_request/url_request_unittest.cc ('k') | third_party/tlslite/tlslite/TLSConnection.py » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 diff --git a/third_party/tlslite/tlslite/TLSConnection.py b/third_party/tlslite/ tlslite/TLSConnection.py 1 Index: third_party/tlslite/tlslite/TLSConnection.py
2 index 7e38a23..02c7478 100644 2 ===================================================================
3 --- a/third_party/tlslite/tlslite/TLSConnection.py 3 --- third_party/tlslite/tlslite/TLSConnection.py» (revision 134128)
4 +++ b/third_party/tlslite/tlslite/TLSConnection.py 4 +++ third_party/tlslite/tlslite/TLSConnection.py» (working copy)
5 @@ -932,7 +932,7 @@ class TLSConnection(TLSRecordLayer): 5 @@ -932,7 +932,7 @@
6 def handshakeServer(self, sharedKeyDB=None, verifierDB=None, 6 def handshakeServer(self, sharedKeyDB=None, verifierDB=None,
7 certChain=None, privateKey=None, reqCert=False, 7 certChain=None, privateKey=None, reqCert=False,
8 sessionCache=None, settings=None, checker=None, 8 sessionCache=None, settings=None, checker=None,
9 - reqCAs=None): 9 - reqCAs=None):
10 + reqCAs=None, tlsIntolerant=False): 10 + reqCAs=None, tlsIntolerant=0):
11 """Perform a handshake in the role of server. 11 """Perform a handshake in the role of server.
12 12
13 This function performs an SSL or TLS handshake. Depending on 13 This function performs an SSL or TLS handshake. Depending on
14 @@ -1012,14 +1012,14 @@ class TLSConnection(TLSRecordLayer): 14 @@ -1012,14 +1012,14 @@
15 """ 15 """
16 for result in self.handshakeServerAsync(sharedKeyDB, verifierDB, 16 for result in self.handshakeServerAsync(sharedKeyDB, verifierDB,
17 certChain, privateKey, reqCert, sessionCache, settings, 17 certChain, privateKey, reqCert, sessionCache, settings,
18 - checker, reqCAs): 18 - checker, reqCAs):
19 + checker, reqCAs, tlsIntolerant): 19 + checker, reqCAs, tlsIntolerant):
20 pass 20 pass
21 21
22 22
23 def handshakeServerAsync(self, sharedKeyDB=None, verifierDB=None, 23 def handshakeServerAsync(self, sharedKeyDB=None, verifierDB=None,
24 certChain=None, privateKey=None, reqCert=False, 24 certChain=None, privateKey=None, reqCert=False,
25 sessionCache=None, settings=None, checker=None, 25 sessionCache=None, settings=None, checker=None,
26 - reqCAs=None): 26 - reqCAs=None):
27 + reqCAs=None, tlsIntolerant=False): 27 + reqCAs=None, tlsIntolerant=0):
28 """Start a server handshake operation on the TLS connection. 28 """Start a server handshake operation on the TLS connection.
29 29
30 This function returns a generator which behaves similarly to 30 This function returns a generator which behaves similarly to
31 @@ -1036,14 +1036,15 @@ class TLSConnection(TLSRecordLayer): 31 @@ -1036,14 +1036,15 @@
32 verifierDB=verifierDB, certChain=certChain, 32 verifierDB=verifierDB, certChain=certChain,
33 privateKey=privateKey, reqCert=reqCert, 33 privateKey=privateKey, reqCert=reqCert,
34 sessionCache=sessionCache, settings=settings, 34 sessionCache=sessionCache, settings=settings,
35 - reqCAs=reqCAs) 35 - reqCAs=reqCAs)
36 + reqCAs=reqCAs, 36 + reqCAs=reqCAs,
37 + tlsIntolerant=tlsIntolerant) 37 + tlsIntolerant=tlsIntolerant)
38 for result in self._handshakeWrapperAsync(handshaker, checker): 38 for result in self._handshakeWrapperAsync(handshaker, checker):
39 yield result 39 yield result
40 40
41 41
42 def _handshakeServerAsyncHelper(self, sharedKeyDB, verifierDB, 42 def _handshakeServerAsyncHelper(self, sharedKeyDB, verifierDB,
43 certChain, privateKey, reqCert, sessionCache, 43 certChain, privateKey, reqCert, sessionCache,
44 - settings, reqCAs): 44 - settings, reqCAs):
45 + settings, reqCAs, tlsIntolerant): 45 + settings, reqCAs, tlsIntolerant):
46 46
47 self._handshakeStart(client=False) 47 self._handshakeStart(client=False)
48 48
49 @@ -1111,6 +1112,11 @@ class TLSConnection(TLSRecordLayer): 49 @@ -1111,6 +1112,17 @@
50 "Too old version: %s" % str(clientHello.client_version)): 50 "Too old version: %s" % str(clientHello.client_version)):
51 yield result 51 yield result
52 52
53 + if tlsIntolerant and clientHello.client_version > (3, 0): 53 + #If tlsIntolerant is nonzero, reject certain TLS versions.
54 + #1: reject all TLS versions.
55 + #2: reject TLS 1.1 or higher.
56 + #3: reject TLS 1.2 or higher.
57 + if (tlsIntolerant == 1 and clientHello.client_version > (3, 0) or
58 + tlsIntolerant == 2 and clientHello.client_version > (3, 1) or
59 + tlsIntolerant == 3 and clientHello.client_version > (3, 2)):
54 + for result in self._sendError(\ 60 + for result in self._sendError(\
55 + AlertDescription.handshake_failure): 61 + AlertDescription.handshake_failure):
56 + yield result 62 + yield result
57 + 63 +
58 #If client's version is too high, propose my highest version 64 #If client's version is too high, propose my highest version
59 elif clientHello.client_version > settings.maxVersion: 65 elif clientHello.client_version > settings.maxVersion:
60 self.version = settings.maxVersion 66 self.version = settings.maxVersion
OLDNEW
« no previous file with comments | « net/url_request/url_request_unittest.cc ('k') | third_party/tlslite/tlslite/TLSConnection.py » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698