src/third_party/tlslite/patches/send_certificate_types.patch

   1 diff --git a/tlslite/constants.py b/tlslite/constants.py
   2 index 8f2d559..04302c0 100644
   3 --- a/tlslite/constants.py
   4 +++ b/tlslite/constants.py
   5 @@ -5,6 +5,12 @@ class CertificateType:
   6      openpgp = 1
   7      cryptoID = 2
   8
   9 +class ClientCertificateType:
  10 +    rsa_sign = 1
  11 +    dss_sign = 2
  12 +    rsa_fixed_dh = 3
  13 +    dss_fixed_dh = 4
  14 +
  15  class HandshakeType:
  16      hello_request = 0
  17      client_hello = 1
  18 diff --git a/tlslite/messages.py b/tlslite/messages.py
  19 index 06c46b9..8bcec2c 100644
  20 --- a/tlslite/messages.py
  21 +++ b/tlslite/messages.py
  22 @@ -346,7 +346,9 @@ class Certificate(HandshakeMsg):
  23  class CertificateRequest(HandshakeMsg):
  24      def __init__(self):
  25          self.contentType = ContentType.handshake
  26 -        self.certificate_types = []
  27 +        #Apple's implementation rejects empty certificate_types, so
  28 +        #default to rsa_sign.
  29 +        self.certificate_types = [ClientCertificateType.rsa_sign]
  30          #treat as opaque bytes for now
  31          self.certificate_authorities = createByteArraySequence([])
  32