patches/alert_after_handshake.patch - chromium/src/third_party/tlslite - Git at Google

 diff --git a/third_party/tlslite/tlslite/handshakesettings.py b/third_party/tlslite/tlslite/handshakesettings.py
 index 2f11aaa..e752834 100644
 --- a/third_party/tlslite/tlslite/handshakesettings.py
 +++ b/third_party/tlslite/tlslite/handshakesettings.py
 @@ -107,6 +107,10 @@ class HandshakeSettings(object):

      @type useExperimentalTackExtension: bool
      @ivar useExperimentalTackExtension: Whether to enabled TACK support.
 +
 +    @type alertAfterHandshake: bool
 +    @ivar alertAfterHandshake: If true, the server will send a fatal
 +    alert immediately after the handshake completes.

      Note that TACK support is not standardized by IETF and uses a temporary
      TLS Extension number, so should NOT be used in production software.
 @@ -124,6 +128,7 @@ class HandshakeSettings(object):
          self.tlsIntolerant = None
          self.tlsIntoleranceType = 'alert'
          self.useExperimentalTackExtension = False
 +        self.alertAfterHandshake = False

      # Validates the min/max fields, and certificateTypes
      # Filters out unsupported cipherNames and cipherImplementations
 @@ -140,6 +145,7 @@ class HandshakeSettings(object):
          other.maxVersion = self.maxVersion
          other.tlsIntolerant = self.tlsIntolerant
          other.tlsIntoleranceType = self.tlsIntoleranceType
 +        other.alertAfterHandshake = self.alertAfterHandshake

          if not cipherfactory.tripleDESPresent:
              other.cipherNames = [e for e in self.cipherNames if e != "3des"]
 diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/tlslite/tlsconnection.py
 index 0e13a78..eb850e9 100644
 --- a/third_party/tlslite/tlslite/tlsconnection.py
 +++ b/third_party/tlslite/tlslite/tlsconnection.py
 @@ -1221,6 +1221,10 @@ class TLSConnection(TLSRecordLayer):
              ocspResponse=ocspResponse)
          for result in self._handshakeWrapperAsync(handshaker, checker):
              yield result
 +        if settings and settings.alertAfterHandshake:
 +            for result in self._sendError(AlertDescription.internal_error,
 +                                          "Spurious alert"):
 +                yield result


      def _handshakeServerAsyncHelper(self, verifierDB,
	diff --git a/third_party/tlslite/tlslite/handshakesettings.py b/third_party/tlslite/tlslite/handshakesettings.py
	index 2f11aaa..e752834 100644
	--- a/third_party/tlslite/tlslite/handshakesettings.py
	+++ b/third_party/tlslite/tlslite/handshakesettings.py
	@@ -107,6 +107,10 @@ class HandshakeSettings(object):

	@type useExperimentalTackExtension: bool
	@ivar useExperimentalTackExtension: Whether to enabled TACK support.
	+
	+ @type alertAfterHandshake: bool
	+ @ivar alertAfterHandshake: If true, the server will send a fatal
	+ alert immediately after the handshake completes.

	Note that TACK support is not standardized by IETF and uses a temporary
	TLS Extension number, so should NOT be used in production software.
	@@ -124,6 +128,7 @@ class HandshakeSettings(object):
	self.tlsIntolerant = None
	self.tlsIntoleranceType = 'alert'
	self.useExperimentalTackExtension = False
	+ self.alertAfterHandshake = False

	# Validates the min/max fields, and certificateTypes
	# Filters out unsupported cipherNames and cipherImplementations
	@@ -140,6 +145,7 @@ class HandshakeSettings(object):
	other.maxVersion = self.maxVersion
	other.tlsIntolerant = self.tlsIntolerant
	other.tlsIntoleranceType = self.tlsIntoleranceType
	+ other.alertAfterHandshake = self.alertAfterHandshake

	if not cipherfactory.tripleDESPresent:
	other.cipherNames = [e for e in self.cipherNames if e != "3des"]
	diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/tlslite/tlsconnection.py
	index 0e13a78..eb850e9 100644
	--- a/third_party/tlslite/tlslite/tlsconnection.py
	+++ b/third_party/tlslite/tlslite/tlsconnection.py
	@@ -1221,6 +1221,10 @@ class TLSConnection(TLSRecordLayer):
	ocspResponse=ocspResponse)
	for result in self._handshakeWrapperAsync(handshaker, checker):
	yield result
	+ if settings and settings.alertAfterHandshake:
	+ for result in self._sendError(AlertDescription.internal_error,
	+ "Spurious alert"):
	+ yield result


	def _handshakeServerAsyncHelper(self, verifierDB,