Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(111)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/tlslite/tlslite/TLSConnection.py

Issue 10412042: Improve the TLS intolerant server testing support added in r134129 (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Tweak enumerator names Created 8 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « third_party/tlslite/patches/tls_intolerant.patch ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 """ 1 """
2 MAIN CLASS FOR TLS LITE (START HERE!). 2 MAIN CLASS FOR TLS LITE (START HERE!).
3 """ 3 """
4 from __future__ import generators 4 from __future__ import generators
5 5
6 import socket 6 import socket
7 from utils.compat import formatExceptionTrace 7 from utils.compat import formatExceptionTrace
8 from TLSRecordLayer import TLSRecordLayer 8 from TLSRecordLayer import TLSRecordLayer
9 from Session import Session 9 from Session import Session
10 from constants import * 10 from constants import *
(...skipping 914 matching lines...) Expand 10 before | Expand all | Expand 10 after
925 925
926 #Mark the connection as open 926 #Mark the connection as open
927 self.session._setResumable(True) 927 self.session._setResumable(True)
928 self._handshakeDone(resumed=False) 928 self._handshakeDone(resumed=False)
929 929
930 930
931 931
932 def handshakeServer(self, sharedKeyDB=None, verifierDB=None, 932 def handshakeServer(self, sharedKeyDB=None, verifierDB=None,
933 certChain=None, privateKey=None, reqCert=False, 933 certChain=None, privateKey=None, reqCert=False,
934 sessionCache=None, settings=None, checker=None, 934 sessionCache=None, settings=None, checker=None,
935 reqCAs=None, tlsIntolerant=False): 935 reqCAs=None, tlsIntolerant=0):
936 """Perform a handshake in the role of server. 936 """Perform a handshake in the role of server.
937 937
938 This function performs an SSL or TLS handshake. Depending on 938 This function performs an SSL or TLS handshake. Depending on
939 the arguments and the behavior of the client, this function can 939 the arguments and the behavior of the client, this function can
940 perform a shared-key, SRP, or certificate-based handshake. It 940 perform a shared-key, SRP, or certificate-based handshake. It
941 can also perform a combined SRP and server-certificate 941 can also perform a combined SRP and server-certificate
942 handshake. 942 handshake.
943 943
944 Like any handshake function, this can be called on a closed 944 Like any handshake function, this can be called on a closed
945 TLS connection, or on a TLS connection that is already open. 945 TLS connection, or on a TLS connection that is already open.
(...skipping 66 matching lines...) Expand 10 before | Expand all | Expand 10 after
1012 """ 1012 """
1013 for result in self.handshakeServerAsync(sharedKeyDB, verifierDB, 1013 for result in self.handshakeServerAsync(sharedKeyDB, verifierDB,
1014 certChain, privateKey, reqCert, sessionCache, settings, 1014 certChain, privateKey, reqCert, sessionCache, settings,
1015 checker, reqCAs, tlsIntolerant): 1015 checker, reqCAs, tlsIntolerant):
1016 pass 1016 pass
1017 1017
1018 1018
1019 def handshakeServerAsync(self, sharedKeyDB=None, verifierDB=None, 1019 def handshakeServerAsync(self, sharedKeyDB=None, verifierDB=None,
1020 certChain=None, privateKey=None, reqCert=False, 1020 certChain=None, privateKey=None, reqCert=False,
1021 sessionCache=None, settings=None, checker=None, 1021 sessionCache=None, settings=None, checker=None,
1022 reqCAs=None, tlsIntolerant=False): 1022 reqCAs=None, tlsIntolerant=0):
1023 """Start a server handshake operation on the TLS connection. 1023 """Start a server handshake operation on the TLS connection.
1024 1024
1025 This function returns a generator which behaves similarly to 1025 This function returns a generator which behaves similarly to
1026 handshakeServer(). Successive invocations of the generator 1026 handshakeServer(). Successive invocations of the generator
1027 will return 0 if it is waiting to read from the socket, 1 if it is 1027 will return 0 if it is waiting to read from the socket, 1 if it is
1028 waiting to write to the socket, or it will raise StopIteration 1028 waiting to write to the socket, or it will raise StopIteration
1029 if the handshake operation is complete. 1029 if the handshake operation is complete.
1030 1030
1031 @rtype: iterable 1031 @rtype: iterable
1032 @return: A generator; see above for details. 1032 @return: A generator; see above for details.
(...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after
1105 clientHello = result 1105 clientHello = result
1106 1106
1107 #If client's version is too low, reject it 1107 #If client's version is too low, reject it
1108 if clientHello.client_version < settings.minVersion: 1108 if clientHello.client_version < settings.minVersion:
1109 self.version = settings.minVersion 1109 self.version = settings.minVersion
1110 for result in self._sendError(\ 1110 for result in self._sendError(\
1111 AlertDescription.protocol_version, 1111 AlertDescription.protocol_version,
1112 "Too old version: %s" % str(clientHello.client_version)): 1112 "Too old version: %s" % str(clientHello.client_version)):
1113 yield result 1113 yield result
1114 1114
1115 if tlsIntolerant and clientHello.client_version > (3, 0): 1115 #If tlsIntolerant is nonzero, reject certain TLS versions.
1116 #1: reject all TLS versions.
1117 #2: reject TLS 1.1 or higher.
1118 #3: reject TLS 1.2 or higher.
1119 if (tlsIntolerant == 1 and clientHello.client_version > (3, 0) or
1120 tlsIntolerant == 2 and clientHello.client_version > (3, 1) or
1121 tlsIntolerant == 3 and clientHello.client_version > (3, 2)):
1116 for result in self._sendError(\ 1122 for result in self._sendError(\
1117 AlertDescription.handshake_failure): 1123 AlertDescription.handshake_failure):
1118 yield result 1124 yield result
1119 1125
1120 #If client's version is too high, propose my highest version 1126 #If client's version is too high, propose my highest version
1121 elif clientHello.client_version > settings.maxVersion: 1127 elif clientHello.client_version > settings.maxVersion:
1122 self.version = settings.maxVersion 1128 self.version = settings.maxVersion
1123 1129
1124 else: 1130 else:
1125 #Set the version to the client's version 1131 #Set the version to the client's version
(...skipping 483 matching lines...) Expand 10 before | Expand all | Expand 10 after
1609 if len(publicKey) < settings.minKeySize: 1615 if len(publicKey) < settings.minKeySize:
1610 for result in self._sendError(AlertDescription.handshake_failure, 1616 for result in self._sendError(AlertDescription.handshake_failure,
1611 "Other party's public key too small: %d" % len(publicKey)): 1617 "Other party's public key too small: %d" % len(publicKey)):
1612 yield result 1618 yield result
1613 if len(publicKey) > settings.maxKeySize: 1619 if len(publicKey) > settings.maxKeySize:
1614 for result in self._sendError(AlertDescription.handshake_failure, 1620 for result in self._sendError(AlertDescription.handshake_failure,
1615 "Other party's public key too large: %d" % len(publicKey)): 1621 "Other party's public key too large: %d" % len(publicKey)):
1616 yield result 1622 yield result
1617 1623
1618 yield publicKey, certChain 1624 yield publicKey, certChain
OLDNEW
« no previous file with comments | « third_party/tlslite/patches/tls_intolerant.patch ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698