Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

tls.py displays whether TACK came from TLS Ext or TACK cert.

  • Loading branch information...
commit 3d6c4f517ef4ee320221578895aa30c561da91db 1 parent a14f066
Trevor authored
View
4 README
@@ -98,8 +98,8 @@ Try connecting to the server with a web browser, or with:
X.509 with TACK
----------------
-To run an X.509 server using a Convergence TACK, install TACKpy, then run the
-same server command as above with added arguments:
+To run an X.509 server using a TACK, install TACKpy, then run the same server
+command as above with added arguments:
... -t TACK1.pem -b TACK_Break_Sigs.pem localhost:4443
View
5 scripts/tls.py
@@ -176,7 +176,10 @@ def printGoodConnection(connection, seconds):
if connection.session.tackExt.isEmpty():
emptyStr = "<empty TLS Extension>"
else:
- emptyStr = ""
+ if connection.session.tackInHelloExt:
+ emptyStr = "\n(via TLS Extension)"
+ else:
+ emptyStr = "\n(via TACK Certificate)"
print(" TACK: %s" % emptyStr)
print(writeTextTACKStructures(connection.session.tackExt.tack,
connection.session.tackExt.break_sigs))
View
11 tlslite/session.py
@@ -33,6 +33,12 @@ class Session:
@type serverCertChain: L{tlslite.x509certchain.X509CertChain}
@ivar serverCertChain: The server's certificate chain (or None).
+
+ @type tackExt: L{TACKpy.api.TACK_Extension}
+ @ivar tackExt: The server's TACK_Extension (or None).
+
+ @type tackInHelloExt: L{Boolean}
+ @ivar tackInHelloExt: True if a TACK was presented via TLS Extension.
"""
def __init__(self):
@@ -43,11 +49,12 @@ def __init__(self):
self.clientCertChain = None
self.serverCertChain = None
self.tackExt = None
+ self.tackInHelloExt = False
self.resumable = False
def create(self, masterSecret, sessionID, cipherSuite,
srpUsername, clientCertChain, serverCertChain,
- tackExt, resumable=True):
+ tackExt, tackInHelloExt, resumable=True):
self.masterSecret = masterSecret
self.sessionID = sessionID
self.cipherSuite = cipherSuite
@@ -55,6 +62,7 @@ def create(self, masterSecret, sessionID, cipherSuite,
self.clientCertChain = clientCertChain
self.serverCertChain = serverCertChain
self.tackExt = tackExt
+ self.tackInHelloExt = tackInHelloExt
self.resumable = resumable
def _clone(self):
@@ -66,6 +74,7 @@ def _clone(self):
other.clientCertChain = self.clientCertChain
other.serverCertChain = self.serverCertChain
other.tackExt = self.tackExt
+ other.tackInHelloExt = self.tackInHelloExt
other.resumable = self.resumable
return other
View
4 tlslite/tlsconnection.py
@@ -374,7 +374,7 @@ def _handshakeClientAsyncHelper(self, srpParams, certParams,
self.session = Session()
self.session.create(masterSecret, serverHello.session_id, cipherSuite,
srpUsername, clientCertChain, serverCertChain,
- tackExt)
+ tackExt, serverHello.tackExt!=None)
self._handshakeDone(resumed=False)
@@ -975,7 +975,7 @@ def _handshakeServerAsyncHelper(self, verifierDB,
serverCertChain = None
self.session.create(masterSecret, serverHello.session_id, cipherSuite,
clientHello.srp_username, clientCertChain, serverCertChain,
- tackExt)
+ tackExt, serverHello.tackExt!=None)
#Add the session object to the session cache
if sessionCache and sessionID:
Please sign in to comment.
Something went wrong with that request. Please try again.