third_party/tlslite/patches/alert_after_handshake.patch

   1 diff --git a/third_party/tlslite/tlslite/handshakesettings.py b/third_party/tlslite/tlslite/handshakesettings.py
   2 index 2f11aaa..e752834 100644
   3 --- a/third_party/tlslite/tlslite/handshakesettings.py
   4 +++ b/third_party/tlslite/tlslite/handshakesettings.py
   5 @@ -107,6 +107,10 @@ class HandshakeSettings(object):
   6
   7      @type useExperimentalTackExtension: bool
   8      @ivar useExperimentalTackExtension: Whether to enabled TACK support.
   9 +
  10 +    @type alertAfterHandshake: bool
  11 +    @ivar alertAfterHandshake: If true, the server will send a fatal
  12 +    alert immediately after the handshake completes.
  13
  14      Note that TACK support is not standardized by IETF and uses a temporary
  15      TLS Extension number, so should NOT be used in production software.
  16 @@ -124,6 +128,7 @@ class HandshakeSettings(object):
  17          self.tlsIntolerant = None
  18          self.tlsIntoleranceType = 'alert'
  19          self.useExperimentalTackExtension = False
  20 +        self.alertAfterHandshake = False
  21
  22      # Validates the min/max fields, and certificateTypes
  23      # Filters out unsupported cipherNames and cipherImplementations
  24 @@ -140,6 +145,7 @@ class HandshakeSettings(object):
  25          other.maxVersion = self.maxVersion
  26          other.tlsIntolerant = self.tlsIntolerant
  27          other.tlsIntoleranceType = self.tlsIntoleranceType
  28 +        other.alertAfterHandshake = self.alertAfterHandshake
  29
  30          if not cipherfactory.tripleDESPresent:
  31              other.cipherNames = [e for e in self.cipherNames if e != "3des"]
  32 diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/tlslite/tlsconnection.py
  33 index 0e13a78..eb850e9 100644
  34 --- a/third_party/tlslite/tlslite/tlsconnection.py
  35 +++ b/third_party/tlslite/tlslite/tlsconnection.py
  36 @@ -1221,6 +1221,10 @@ class TLSConnection(TLSRecordLayer):
  37              ocspResponse=ocspResponse)
  38          for result in self._handshakeWrapperAsync(handshaker, checker):
  39              yield result
  40 +        if settings and settings.alertAfterHandshake:
  41 +            for result in self._sendError(AlertDescription.internal_error,
  42 +                                          "Spurious alert"):
  43 +                yield result
  44
  45
  46      def _handshakeServerAsyncHelper(self, verifierDB,