Name: tlslite URL: http://trevp.net/tlslite/ Version: 0.3.8 Security Critical: No License: Public domain Local Modifications: - patches/close_notify.patch: tlslite/TLSRecordLayer.py was changed to force the socket to be closed when the SSL connection is closed. This is is necessary at this point since WinHTTP does not seem to react to the SSL close notify. It's also needed to prevent a hang on Linux. See also http://sourceforge.net/mailarchive/forum.php?thread_name=41C9B18B.2010201%40ag.com&forum_name=tlslite-users - patches/python26.patch: Replace sha, md5 module imports with hashlib, as they are deprecated in Python 2.6 - patches/ca_request.patch: tlslite/X509.py was changed to obtain the DER-encoded distinguished name for a certificate, without requiring any addition libraries. tlslite/utils/ASN1Parser.py was changed to allow obtaining the unparsed data for an element in a SEQUENCE, in addition to providing the parsed value (tag and length removed) tlslite/messages.py was changed from accepting/returning a single byte array in the CertificateRequest message for the CA names to accept a list of byte arrays, each containing a DER-encoded distinguished name. tlslite/TLSConnection.py was changed to take a list of such byte arrays when creating a TLS server that will request client authentication. - patches/send_certificate_types.patch: tlslite/message.py was changed to default to a certificate_types of [rsa_sign] in CertificateRequest. Apple's Secure Transport library rejects an empty list and raises an SSL protocol error. - patches/parse_chain.patch: tlslite/X509CertChain.py and tlslite/X509.py were updated to add a parseChain method, that can parse multiple certificates from a PEM string. - patches/tls_intolerant.patch: allow TLSLite to simulate a TLS-intolerant server. - patches/channel_id.patch: add basic ChannelID support. (Signatures are not checked.) - patches/signed_certificate_timestamps.patch: add support for sending Signed Certificate Timestamps over a TLS extension. - patches/fallback_scsv.patch: add support for TLS_FALLBACK_SCSV. See https://tools.ietf.org/html/draft-bmoeller-tls-downgrade-scsv-01 - patches/status_request.patch: add support for sending stapled OCSP responses. - patches/rsa_signature_length.patch: Ensure that RSA signatures have the correct length.