third_party/tlslite/patches/disable_channel_id.patch - chromium/src - Git at Google

 diff --git a/third_party/tlslite/tlslite/handshakesettings.py b/third_party/tlslite/tlslite/handshakesettings.py
 index 8f25f62..d7be5b3 100644
 --- a/third_party/tlslite/tlslite/handshakesettings.py
 +++ b/third_party/tlslite/tlslite/handshakesettings.py
 @@ -112,6 +112,9 @@ class HandshakeSettings(object):
      @ivar alertAfterHandshake: If true, the server will send a fatal
      alert immediately after the handshake completes.

 +    @type enableChannelID: bool
 +    @ivar enableChannelID: If true, the server supports channel ID.
 +
      @type enableExtendedMasterSecret: bool
      @ivar enableExtendedMasterSecret: If true, the server supports the extended
      master secret TLS extension and will negotiated it with supporting clients.
 @@ -140,6 +143,7 @@ class HandshakeSettings(object):
          self.tlsIntoleranceType = 'alert'
          self.useExperimentalTackExtension = False
          self.alertAfterHandshake = False
 +        self.enableChannelID = True
          self.enableExtendedMasterSecret = True
          self.supportedTokenBindingParams = []

 @@ -159,6 +163,7 @@ class HandshakeSettings(object):
          other.tlsIntolerant = self.tlsIntolerant
          other.tlsIntoleranceType = self.tlsIntoleranceType
          other.alertAfterHandshake = self.alertAfterHandshake
 +        other.enableChannelID = self.enableChannelID
          other.enableExtendedMasterSecret = self.enableExtendedMasterSecret
          other.supportedTokenBindingParams = self.supportedTokenBindingParams

 diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/tlslite/tlsconnection.py
 index 06404fe..7363a30 100644
 --- a/third_party/tlslite/tlslite/tlsconnection.py
 +++ b/third_party/tlslite/tlslite/tlsconnection.py
 @@ -1326,7 +1326,8 @@ class TLSConnection(TLSRecordLayer):
          serverHello.create(self.version, getRandomBytes(32), sessionID, \
                              cipherSuite, CertificateType.x509, tackExt,
                              nextProtos)
 -        serverHello.channel_id = clientHello.channel_id
 +        serverHello.channel_id = \
 +            clientHello.channel_id and settings.enableChannelID
          serverHello.extended_master_secret = \
              clientHello.extended_master_secret and \
              settings.enableExtendedMasterSecret
 @@ -1391,7 +1392,7 @@ class TLSConnection(TLSRecordLayer):
          for result in self._serverFinished(premasterSecret,
                                  clientHello.random, serverHello.random,
                                  cipherSuite, settings.cipherImplementations,
 -                                nextProtos, clientHello.channel_id,
 +                                nextProtos, serverHello.channel_id,
                                  serverHello.extended_master_secret):
                  if result in (0,1): yield result
                  else: break
	diff --git a/third_party/tlslite/tlslite/handshakesettings.py b/third_party/tlslite/tlslite/handshakesettings.py
	index 8f25f62..d7be5b3 100644
	--- a/third_party/tlslite/tlslite/handshakesettings.py
	+++ b/third_party/tlslite/tlslite/handshakesettings.py
	@@ -112,6 +112,9 @@ class HandshakeSettings(object):
	@ivar alertAfterHandshake: If true, the server will send a fatal
	alert immediately after the handshake completes.

	+ @type enableChannelID: bool
	+ @ivar enableChannelID: If true, the server supports channel ID.
	+
	@type enableExtendedMasterSecret: bool
	@ivar enableExtendedMasterSecret: If true, the server supports the extended
	master secret TLS extension and will negotiated it with supporting clients.
	@@ -140,6 +143,7 @@ class HandshakeSettings(object):
	self.tlsIntoleranceType = 'alert'
	self.useExperimentalTackExtension = False
	self.alertAfterHandshake = False
	+ self.enableChannelID = True
	self.enableExtendedMasterSecret = True
	self.supportedTokenBindingParams = []

	@@ -159,6 +163,7 @@ class HandshakeSettings(object):
	other.tlsIntolerant = self.tlsIntolerant
	other.tlsIntoleranceType = self.tlsIntoleranceType
	other.alertAfterHandshake = self.alertAfterHandshake
	+ other.enableChannelID = self.enableChannelID
	other.enableExtendedMasterSecret = self.enableExtendedMasterSecret
	other.supportedTokenBindingParams = self.supportedTokenBindingParams

	diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/tlslite/tlsconnection.py
	index 06404fe..7363a30 100644
	--- a/third_party/tlslite/tlslite/tlsconnection.py
	+++ b/third_party/tlslite/tlslite/tlsconnection.py
	@@ -1326,7 +1326,8 @@ class TLSConnection(TLSRecordLayer):
	serverHello.create(self.version, getRandomBytes(32), sessionID, \
	cipherSuite, CertificateType.x509, tackExt,
	nextProtos)
	- serverHello.channel_id = clientHello.channel_id
	+ serverHello.channel_id = \
	+ clientHello.channel_id and settings.enableChannelID
	serverHello.extended_master_secret = \
	clientHello.extended_master_secret and \
	settings.enableExtendedMasterSecret
	@@ -1391,7 +1392,7 @@ class TLSConnection(TLSRecordLayer):
	for result in self._serverFinished(premasterSecret,
	clientHello.random, serverHello.random,
	cipherSuite, settings.cipherImplementations,
	- nextProtos, clientHello.channel_id,
	+ nextProtos, serverHello.channel_id,
	serverHello.extended_master_secret):
	if result in (0,1): yield result
	else: break