1 Name: tlslite 2 URL: http://trevp.net/tlslite/ 3 Version: 0.3.8 4 Security Critical: No 5 License: Public domain 6 7 Local Modifications: 8 9 - patches/close_notify.patch: tlslite/TLSRecordLayer.py was changed to force 10 the socket to be closed when the SSL connection is closed. This is is 11 necessary at this point since WinHTTP does not seem to react to the SSL 12 close notify. It's also needed to prevent a hang on Linux. See also 13 http://sourceforge.net/mailarchive/forum.php?thread_name=41C9B18B.2010201%40ag.com&forum_name=tlslite-users 14 - patches/python26.patch: Replace sha, md5 module imports with hashlib, as 15 they are deprecated in Python 2.6 16 - patches/ca_request.patch: tlslite/X509.py was changed to obtain the 17 DER-encoded distinguished name for a certificate, without requiring any 18 addition libraries. 19 tlslite/utils/ASN1Parser.py was changed to allow obtaining the unparsed 20 data for an element in a SEQUENCE, in addition to providing the parsed 21 value (tag and length removed) 22 tlslite/messages.py was changed from accepting/returning a single byte 23 array in the CertificateRequest message for the CA names to accept a list 24 of byte arrays, each containing a DER-encoded distinguished name. 25 tlslite/TLSConnection.py was changed to take a list of such byte arrays 26 when creating a TLS server that will request client authentication. 27 - patches/send_certificate_types.patch: tlslite/message.py was changed to 28 default to a certificate_types of [rsa_sign] in CertificateRequest. Apple's 29 Secure Transport library rejects an empty list and raises an SSL protocol 30 error. 31 - patches/parse_chain.patch: tlslite/X509CertChain.py and tlslite/X509.py were 32 updated to add a parseChain method, that can parse multiple certificates from 33 a PEM string. 34 - patches/tls_intolerant.patch: allow TLSLite to simulate a TLS-intolerant server. 35 - patches/channel_id.patch: add basic ChannelID support. (Signatures are not 36 checked.) 37 - patches/signed_certificate_timestamps.patch: add support for sending Signed 38 Certificate Timestamps over a TLS extension. 39 - patches/fallback_scsv.patch: add support for TLS_FALLBACK_SCSV. See 40 https://tools.ietf.org/html/draft-bmoeller-tls-downgrade-scsv-01 41 - patches/status_request.patch: add support for sending stapled OCSP responses. 42