chromium/src/third_party/tlslite.git
6 days agoAdd DHE_RSA support to tlslite. master
davidben@chromium.org [Fri, 11 Apr 2014 07:20:26 +0000 (07:20 +0000)]
Add DHE_RSA support to tlslite.

Needed for our test server to be able to False Start.

BUG=354132

Review URL: https://codereview.chromium.org/212883008

git-svn-id: http://src.chromium.org/svn/trunk/src/third_party/tlslite@263169 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

7 days agoUpdate tlslite to 0.4.6.
davidben@chromium.org [Thu, 10 Apr 2014 17:56:44 +0000 (17:56 +0000)]
Update tlslite to 0.4.6.

This lets us get drop many of our patches. It also adds NPN support for free.
On the downside, it introduces a handful of new bugs that need additional
patches.

BUG=115301

Review URL: https://codereview.chromium.org/210323002

git-svn-id: http://src.chromium.org/svn/trunk/src/third_party/tlslite@263026 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

10 days agoPerform tlslite 0.3.8 -> 0.4.6 renames ahead of time.
davidben@chromium.org [Mon, 7 Apr 2014 18:07:27 +0000 (18:07 +0000)]
Perform tlslite 0.3.8 -> 0.4.6 renames ahead of time.

The files all became lowercase which upsets the Windows and Mac bots. (Our
infrastructure can't handle case-only renames on case-insensitive filesystems.)

BUG=115301,355812
R=mnissler@chromium.org, rsleevi@chromium.org

Review URL: https://codereview.chromium.org/211173006

git-svn-id: http://src.chromium.org/svn/trunk/src/third_party/tlslite@262158 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

8 weeks agoEnsure that RSA signatures have the correct length
bartfab@chromium.org [Tue, 18 Feb 2014 18:39:35 +0000 (18:39 +0000)]
Ensure that RSA signatures have the correct length

TLS Lite generates RSA signatures by converting a large integer that
holds the signature to a byte string. It does not apply any padding so
that if the signature starts with sufficiently many zero bits, the byte
string will be shorter than expected (it should have the same length as
the key's modulus).

This bug was fixed in trunk TLS Lite but is still present in our fork. The
fix in trunk TLS Lite was spread over two commits:

* Add a |howManyBytes| argument to the numberToBytes() method:
https://github.com/trevp/tlslite/commit/
    4278f558c2c519684ab35e9fc84887c15a11ea16
* Specify |howManyBytes| when generating an RSA signature:
https://github.com/trevp/tlslite/commit/
    0b8b2b4122109f22900ec929432308dd685f1d45

BUG=331761
TEST=Manual

Review URL: https://codereview.chromium.org/168903005

git-svn-id: http://src.chromium.org/svn/trunk/src/third_party/tlslite@251797 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

4 months agoExtract Certificate Transparency SCTs from stapled OCSP responses
ekasper@google.com [Tue, 17 Dec 2013 00:25:51 +0000 (00:25 +0000)]
Extract Certificate Transparency SCTs from stapled OCSP responses

BUG=309578

Review URL: https://codereview.chromium.org/102613006

git-svn-id: http://src.chromium.org/svn/trunk/src/third_party/tlslite@241083 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

4 months agotlslite: document a couple of new parameters.
agl@chromium.org [Mon, 16 Dec 2013 15:54:04 +0000 (15:54 +0000)]
tlslite: document a couple of new parameters.

This is a followup to address some post-submit comments on
https://codereview.chromium.org/109563002/.

Comment only change. No semantic effect.

git-svn-id: http://src.chromium.org/svn/trunk/src/third_party/tlslite@240907 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

4 months agoRevert of https://codereview.chromium.org/92443002/
szym@chromium.org [Fri, 13 Dec 2013 20:27:14 +0000 (20:27 +0000)]
Revert of https://codereview.chromium.org/92443002/
Reason for revert: Does not compile on CrOS amd64

net/cert/ct_objects_extractor_nss.cc:528:66: error: narrowing conversion (...)
from 'std::basic_string<char>::size_type {aka long unsigned int}' to 'unsigned int'
inside { } is ill-formed in C++11 [-Werror=narrowing]
                      ocsp_response.data())), ocsp_response.size() };

TBR=wtc@chromium.org,rsleevi@chromium.org,ekasper@google.com
NOTREECHECKS=true
NOTRY=true

Review URL: https://codereview.chromium.org/108113006

git-svn-id: http://src.chromium.org/svn/trunk/src/third_party/tlslite@240731 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

4 months agoExtract Certificate Transparency SCTs from stapled OCSP responses
ekasper@google.com [Fri, 13 Dec 2013 19:57:48 +0000 (19:57 +0000)]
Extract Certificate Transparency SCTs from stapled OCSP responses

BUG=309578

Review URL: https://codereview.chromium.org/92443002

git-svn-id: http://src.chromium.org/svn/trunk/src/third_party/tlslite@240721 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

4 months agonet: add test for TLS_FALLBACK_SCSV
agl@chromium.org [Wed, 11 Dec 2013 20:16:13 +0000 (20:16 +0000)]
net: add test for TLS_FALLBACK_SCSV

BUG=310768

Review URL: https://codereview.chromium.org/109563002

git-svn-id: http://src.chromium.org/svn/trunk/src/third_party/tlslite@240163 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

4 months agoAdd support for fetching Certificate Transparency SCTs over a TLS extension
ekasper@google.com [Thu, 28 Nov 2013 13:43:26 +0000 (13:43 +0000)]
Add support for fetching Certificate Transparency SCTs over a TLS extension

BUG=309578

Review URL: https://codereview.chromium.org/83333003

git-svn-id: http://src.chromium.org/svn/trunk/src/third_party/tlslite@237775 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

8 months agoRevert 216444 "net: add a test to ensure that our TLS handshake ..."
frankf@chromium.org [Thu, 8 Aug 2013 23:13:38 +0000 (23:13 +0000)]
Revert 216444 "net: add a test to ensure that our TLS handshake ..."

This is failing on Android bots.

> net: add a test to ensure that our TLS handshake doesn't get too large.
>
> (I would like the test to assert that we have some headroom too, but we don't
> have any to assert!)
>
> BUG=none
> R=rsleevi@chromium.org, wtc@chromium.org
>
> Review URL: https://codereview.chromium.org/19557004

TBR=agl@chromium.org

Review URL: https://codereview.chromium.org/22371007

git-svn-id: http://src.chromium.org/svn/trunk/src/third_party/tlslite@216479 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

8 months agonet: add a test to ensure that our TLS handshake doesn't get too large.
agl@chromium.org [Thu, 8 Aug 2013 20:36:08 +0000 (20:36 +0000)]
net: add a test to ensure that our TLS handshake doesn't get too large.

(I would like the test to assert that we have some headroom too, but we don't
have any to assert!)

BUG=none
R=rsleevi@chromium.org, wtc@chromium.org

Review URL: https://codereview.chromium.org/19557004

git-svn-id: http://src.chromium.org/svn/trunk/src/third_party/tlslite@216444 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

13 months agoAdd OWNERS for third_party/tlslite.
agl@chromium.org [Mon, 4 Mar 2013 15:55:30 +0000 (15:55 +0000)]
Add OWNERS for third_party/tlslite.

(This is not a new third party package, this is just adding an OWNERS file
where there hasn't been one before.)

Review URL: https://codereview.chromium.org/12379064

git-svn-id: http://src.chromium.org/svn/trunk/src/third_party/tlslite@185905 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

13 months agonet: add basic ChannelID support to TLSLite.
agl@chromium.org [Sat, 2 Mar 2013 18:40:41 +0000 (18:40 +0000)]
net: add basic ChannelID support to TLSLite.

In order to test some ChannelID functions, this change adds basic ChannelID
support to testserver and TLSLite. With this change, testserver can receive a
ChannelID and echo its hash on /channel-id.

This code doesn't check the ChannelID signature.

BUG=none
TBR=darin

Review URL: https://chromiumcodereview.appspot.com/12313068

git-svn-id: http://src.chromium.org/svn/trunk/src/third_party/tlslite@185744 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

20 months agoMake 'License' field in third-party metadata required
steveblock@chromium.org [Wed, 1 Aug 2012 15:50:29 +0000 (15:50 +0000)]
Make 'License' field in third-party metadata required

This will simplify the addition of a tool to check licenses for the purpose of
the Android WebView build.

See also http://codereview.chromium.org/10827099

Also adds other missing fields to these README.chromium files as required by
presubmit checks and fixes a regex used to enforce this.

BUG=138921

Review URL: https://chromiumcodereview.appspot.com/10821103

git-svn-id: http://src.chromium.org/svn/trunk/src/third_party/tlslite@149423 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

22 months agoImprove the TLS intolerant server testing support added in r134129
wtc@chromium.org [Wed, 23 May 2012 18:32:23 +0000 (18:32 +0000)]
Improve the TLS intolerant server testing support added in r134129
(http://codereview.chromium.org/10218007).

Add the ability to simulate a server that is intolerant of only a
particular version of TLS. This will allow us to test the handling
of a TLS 1.1 intolerant server.

R=agl@chromium.org,phajdan.jr@chromium.org
BUG=126340
TEST=none

Review URL: https://chromiumcodereview.appspot.com/10412042

git-svn-id: http://src.chromium.org/svn/trunk/src/third_party/tlslite@138537 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

23 months agoSet svn:executable on windows executables.
maruel@chromium.org [Fri, 27 Apr 2012 19:11:54 +0000 (19:11 +0000)]
Set svn:executable on windows executables.

Remove third_party/tlslite/installers/

TBR=thestig@chromium.org
BUG=
TEST=
NOTRY=true

Review URL: https://chromiumcodereview.appspot.com/10178018

git-svn-id: http://src.chromium.org/svn/trunk/src/third_party/tlslite@134316 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

23 months agonet: don't remember TLS intolerant servers.
agl@chromium.org [Thu, 26 Apr 2012 18:45:34 +0000 (18:45 +0000)]
net: don't remember TLS intolerant servers.

I've seen a couple of reports recently where is was clear that an SNI-only
hostname had ended up in the list of TLS-intolerant servers. The result is that
the user sees the non-SNI certificate for that IP address, which doesn't match
the requested hostname. The only way to clear this is to restart Chrome.

This change partly reverts r45088 so that we will no longer remember
TLS-intolerant servers. This means that we'll perform SSLv3 fallback for every
connection, if needed. That's unfortunate for truly TLS-intolerant servers, but
it also means that we'll get back to TLS much faster in the event of a
transient network error trigger fallback.

BUG=none
TEST=net_unittests

Review URL: http://codereview.chromium.org/10218007

git-svn-id: http://src.chromium.org/svn/trunk/src/third_party/tlslite@134129 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

2 years agoSupport reading PEM files in TLSLite git-svn
rsleevi@chromium.org [Fri, 2 Mar 2012 14:58:02 +0000 (14:58 +0000)]
Support reading PEM files in TLSLite

BUG=none
TEST=none

Review URL: http://codereview.chromium.org/9515015

git-svn-id: http://src.chromium.org/svn/trunk/src/third_party/tlslite@124637 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

3 years agoCleaning up third_party readmes and adding a template for future use.
cdn@chromium.org [Wed, 16 Mar 2011 01:17:52 +0000 (01:17 +0000)]
Cleaning up third_party readmes and adding a template for future use.
The next step is a presubmit rule that will make people use the template.
We are doing this so that we can better track dependancy versions.

BUG=None
TEST=N/A
Review URL: http://codereview.chromium.org/6610030

git-svn-id: http://src.chromium.org/svn/trunk/src/third_party/tlslite@78316 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

3 years agoRevert "net: add test for False Start corking."
agl@chromium.org [Tue, 21 Sep 2010 15:25:15 +0000 (15:25 +0000)]
Revert "net: add test for False Start corking."

This reverts commit r60056. The test failed on Windows.

git-svn-id: http://src.chromium.org/svn/trunk/src/third_party/tlslite@60059 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

3 years agonet: add test for False Start corking.
agl@chromium.org [Tue, 21 Sep 2010 15:15:01 +0000 (15:15 +0000)]
net: add test for False Start corking.

See r58838 for details of why we do False Start corking.

BUG=none
TEST=net_unittests

http://codereview.chromium.org/3427014

git-svn-id: http://src.chromium.org/svn/trunk/src/third_party/tlslite@60056 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

3 years agoReintegrate certificate selection in HttpNetworkTransaction DoLoop
davidben@chromium.org [Sat, 21 Aug 2010 05:46:58 +0000 (05:46 +0000)]
Reintegrate certificate selection in HttpNetworkTransaction DoLoop

The HttpNetworkTransaction refactor intercepts the client auth
handling and moves it out of DoLoop. Because HandleCertificateRequest
often switches states, this caused a DCHECK and crash in some
circumstances.

This reintegrates it and adds unit tests to catch the DCHECK. We really
want to test sending a legitimate certificate, as well as more
checking interesting errors, but we cannot import temporary keys yet.

We also add a patch for tlslite to send a non-empty certificate_types.
Apple's SSL implementation raises a protocol error otherwise.

BUG=52744,51132,52778
TEST=SSLClientSocketTest.ConnectClientAuth*,URLRequestTest.ClientAuthTest

Review URL: http://codereview.chromium.org/3141026

git-svn-id: http://src.chromium.org/svn/trunk/src/third_party/tlslite@56983 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

3 years agoImprove support for requesting client certs in tlslite
rsleevi@chromium.org [Sat, 21 Aug 2010 04:02:44 +0000 (04:02 +0000)]
Improve support for requesting client certs in tlslite

Currently, tlslite only supports the caller passing in a list of CAs pre-encoded for the TLS CertificateRequest message. This CL improves that, by providing a means of extracting the DER-encoded subject name from an X509 certificate, supplying a list of such names to tlslite's server routines, and having tlslite encode the list of CAs as part of the CertificateRequest.

BUG=47656, 47658
TEST=net_unittests

Review URL: http://codereview.chromium.org/3177015

git-svn-id: http://src.chromium.org/svn/trunk/src/third_party/tlslite@56982 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

3 years agoUpdate tlslite README.chromium and add a patch for r53724
rsleevi@chromium.org [Sat, 21 Aug 2010 03:24:33 +0000 (03:24 +0000)]
Update tlslite README.chromium and add a patch for r53724

BUG=none
TEST=none

Review URL: http://codereview.chromium.org/3115011

git-svn-id: http://src.chromium.org/svn/trunk/src/third_party/tlslite@56977 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

3 years agoReplaced sha, md5 module imports with hashlib.
zelidrag@chromium.org [Tue, 27 Jul 2010 00:27:57 +0000 (00:27 +0000)]
Replaced sha, md5 module imports with hashlib.

TEST=make sure desktopui_BrowserTest autotest works on ChromeOS
BUG=chromium-os:4828

Review URL: http://codereview.chromium.org/2881026

git-svn-id: http://src.chromium.org/svn/trunk/src/third_party/tlslite@53724 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

4 years agoPass tools/licenses.py for a few more directories.
evan@chromium.org [Fri, 9 Apr 2010 17:24:51 +0000 (17:24 +0000)]
Pass tools/licenses.py for a few more directories.

Getting very close to done.

BUG=39240

Review URL: http://codereview.chromium.org/1559022

git-svn-id: http://src.chromium.org/svn/trunk/src/third_party/tlslite@44099 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

5 years agoRename README.google to README.chromium.
mal@chromium.org [Fri, 30 Jan 2009 21:24:17 +0000 (21:24 +0000)]
Rename README.google to README.chromium.

No code change.

B=4380
Review URL: http://codereview.chromium.org/19501

git-svn-id: http://src.chromium.org/svn/trunk/src/third_party/tlslite@8988 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

5 years agoIgnore *.pyc files.
maruel@chromium.org [Fri, 9 Jan 2009 14:07:21 +0000 (14:07 +0000)]
Ignore *.pyc files.

git-svn-id: http://src.chromium.org/svn/trunk/src/third_party/tlslite@7800 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

5 years agoRediff the tlslite patch (it was against wrong baseline)
dank@chromium.org [Wed, 26 Nov 2008 18:48:09 +0000 (18:48 +0000)]
Rediff the tlslite patch (it was against wrong baseline)
Apply it when installing on Linux
Link to bug report describing the problem it fixes

This solves a hang on Linux running url_request_unittest

Review URL: http://codereview.chromium.org/12477

git-svn-id: http://src.chromium.org/svn/trunk/src/third_party/tlslite@6037 4ff67af0-8c30-449e-8e8b-ad334ec8d88c

5 years agoAdd third_party to the repository.
initial.commit [Sun, 27 Jul 2008 00:38:33 +0000 (00:38 +0000)]
Add third_party to the repository.

git-svn-id: http://src.chromium.org/svn/trunk/src/third_party/tlslite@19 4ff67af0-8c30-449e-8e8b-ad334ec8d88c