tls.py displays whether TACK came from TLS Ext or TACK cert.

d-mo · Mar 16, 2012 · 3d6c4f5 · 3d6c4f5
1 parent a14f066
commit 3d6c4f5
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 6 deletions.
diff --git a/README b/README
@@ -98,8 +98,8 @@ Try connecting to the server with a web browser, or with:
 
 X.509 with TACK
 ----------------
-To run an X.509 server using a Convergence TACK, install TACKpy, then run the
-same server command as above with added arguments:
+To run an X.509 server using a TACK, install TACKpy, then run the same server
+command as above with added arguments:
 
  ... -t TACK1.pem -b TACK_Break_Sigs.pem localhost:4443
 

diff --git a/scripts/tls.py b/scripts/tls.py
@@ -176,7 +176,10 @@ def printGoodConnection(connection, seconds):
         if connection.session.tackExt.isEmpty():
             emptyStr = "<empty TLS Extension>"
         else:
-            emptyStr = "" 
+            if connection.session.tackInHelloExt:
+                emptyStr = "\n(via TLS Extension)"
+            else:
+                emptyStr = "\n(via TACK Certificate)" 
         print("  TACK: %s" % emptyStr)
         print(writeTextTACKStructures(connection.session.tackExt.tack, 
                                   connection.session.tackExt.break_sigs))    

diff --git a/tlslite/session.py b/tlslite/session.py
@@ -33,6 +33,12 @@ class Session:
 
     @type serverCertChain: L{tlslite.x509certchain.X509CertChain}
     @ivar serverCertChain: The server's certificate chain (or None).
+
+    @type tackExt: L{TACKpy.api.TACK_Extension}
+    @ivar tackExt: The server's TACK_Extension (or None).
+
+    @type tackInHelloExt: L{Boolean}
+    @ivar tackInHelloExt: True if a TACK was presented via TLS Extension.
     """
 
     def __init__(self):
@@ -43,18 +49,20 @@ def __init__(self):
         self.clientCertChain = None
         self.serverCertChain = None
         self.tackExt = None
+        self.tackInHelloExt = False
         self.resumable = False
 
     def create(self, masterSecret, sessionID, cipherSuite,
             srpUsername, clientCertChain, serverCertChain, 
-            tackExt, resumable=True):
+            tackExt, tackInHelloExt, resumable=True):
         self.masterSecret = masterSecret
         self.sessionID = sessionID
         self.cipherSuite = cipherSuite
         self.srpUsername = srpUsername
         self.clientCertChain = clientCertChain
         self.serverCertChain = serverCertChain
         self.tackExt = tackExt
+        self.tackInHelloExt = tackInHelloExt  
         self.resumable = resumable
 
     def _clone(self):
@@ -66,6 +74,7 @@ def _clone(self):
         other.clientCertChain = self.clientCertChain
         other.serverCertChain = self.serverCertChain
         other.tackExt = self.tackExt
+        other.tackInHelloExt = self.tackInHelloExt
         other.resumable = self.resumable
         return other
 

diff --git a/tlslite/tlsconnection.py b/tlslite/tlsconnection.py
@@ -374,7 +374,7 @@ def _handshakeClientAsyncHelper(self, srpParams, certParams,
         self.session = Session()
         self.session.create(masterSecret, serverHello.session_id, cipherSuite,
             srpUsername, clientCertChain, serverCertChain,
-            tackExt)
+            tackExt, serverHello.tackExt!=None)
         self._handshakeDone(resumed=False)
 
 
@@ -975,7 +975,7 @@ def _handshakeServerAsyncHelper(self, verifierDB,
             serverCertChain = None
         self.session.create(masterSecret, serverHello.session_id, cipherSuite,
             clientHello.srp_username, clientCertChain, serverCertChain,
-            tackExt)
+            tackExt, serverHello.tackExt!=None)
 
         #Add the session object to the session cache
         if sessionCache and sessionID: