reqCAs = None, reqCertTypes = None,
tacks=None, activationFlags=0,
nextProtos=None, anon=False,
- tlsIntolerant=None, signedCertTimestamps=None,
+ signedCertTimestamps=None,
fallbackSCSV=False, ocspResponse=None):
"""Perform a handshake in the role of server.
clients through the Next-Protocol Negotiation Extension,
if they support it.
- @type tlsIntolerant: (int, int) or None
- @param tlsIntolerant: If tlsIntolerant is not None, the server will
- simulate TLS version intolerance by returning a fatal handshake_failure
- alert to all TLS versions tlsIntolerant or higher.
-
@type signedCertTimestamps: str
@param signedCertTimestamps: A SignedCertificateTimestampList (as a
binary 8-bit string) that will be sent as a TLS extension whenever
certChain, privateKey, reqCert, sessionCache, settings,
checker, reqCAs, reqCertTypes,
tacks=tacks, activationFlags=activationFlags,
- nextProtos=nextProtos, anon=anon, tlsIntolerant=tlsIntolerant,
+ nextProtos=nextProtos, anon=anon,
signedCertTimestamps=signedCertTimestamps,
fallbackSCSV=fallbackSCSV, ocspResponse=ocspResponse):
pass
reqCAs=None, reqCertTypes=None,
tacks=None, activationFlags=0,
nextProtos=None, anon=False,
- tlsIntolerant=None,
signedCertTimestamps=None,
fallbackSCSV=False,
ocspResponse=None
reqCAs=reqCAs, reqCertTypes=reqCertTypes,
tacks=tacks, activationFlags=activationFlags,
nextProtos=nextProtos, anon=anon,
- tlsIntolerant=tlsIntolerant,
signedCertTimestamps=signedCertTimestamps,
fallbackSCSV=fallbackSCSV,
ocspResponse=ocspResponse)
settings, reqCAs, reqCertTypes,
tacks, activationFlags,
nextProtos, anon,
- tlsIntolerant, signedCertTimestamps, fallbackSCSV,
+ signedCertTimestamps, fallbackSCSV,
ocspResponse):
self._handshakeStart(client=False)
# Handle ClientHello and resumption
for result in self._serverGetClientHello(settings, certChain,\
verifierDB, sessionCache,
- anon, tlsIntolerant, fallbackSCSV):
+ anon, fallbackSCSV):
if result in (0,1): yield result
elif result == None:
self._handshakeDone(resumed=True)
def _serverGetClientHello(self, settings, certChain, verifierDB,
- sessionCache, anon, tlsIntolerant, fallbackSCSV):
+ sessionCache, anon, fallbackSCSV):
#Initialize acceptable cipher suites
cipherSuites = []
if verifierDB:
yield result
#If simulating TLS intolerance, reject certain TLS versions.
- elif (tlsIntolerant is not None and
- clientHello.client_version >= tlsIntolerant):
- for result in self._sendError(\
+ elif (settings.tlsIntolerant is not None and
+ clientHello.client_version >= settings.tlsIntolerant):
+ if settings.tlsIntoleranceType == "alert":
+ for result in self._sendError(\
AlertDescription.handshake_failure):
- yield result
+ yield result
+ elif settings.tlsIntoleranceType == "close":
+ self._abruptClose()
+ raise TLSUnsupportedError("Simulating version intolerance")
+ elif settings.tlsIntoleranceType == "reset":
+ self._abruptClose(reset=True)
+ raise TLSUnsupportedError("Simulating version intolerance")
+ else:
+ raise ValueError("Unknown intolerance type: '%s'" %
+ settings.tlsIntoleranceType)
#If client's version is too high, propose my highest version
elif clientHello.client_version > settings.maxVersion:
#Detect if the client performed an inappropriate fallback.
elif fallbackSCSV and clientHello.client_version < settings.maxVersion:
+ self.version = clientHello.client_version
if CipherSuite.TLS_FALLBACK_SCSV in clientHello.cipher_suites:
for result in self._sendError(\
AlertDescription.inappropriate_fallback):
projects / platform / framework / web / crosswalk.git / blobdiff