def should_add_ClientCertificate(self):
"""
If the server sent a CertificateRequest, we send a Certificate message.
If no certificate is available, an empty Certificate message is sent:
- this is a SHOULD in RFC 4346 (Section 7.4.6)
- this is a MUST in RFC 5246 (Section 7.4.6)
XXX We may want to add a complete chain.
"""
hs_msg = [type(m) for m in self.cur_session.handshake_messages_parsed]
if TLSCertificateRequest not in hs_msg:
return
certs = []
if self.mycert:
certs = [self.mycert]
self.add_msg(TLSCertificate(certs=certs))
raise self.ADDED_CLIENTCERTIFICATE()
def should_add_Certificate(self):
c = self.buffer_out[-1].msg[0].cipher
if not _tls_cipher_suites_cls[c].kx_alg.anonymous:
self.add_msg(TLSCertificate(certs=self.cur_session.server_certs))
raise self.ADDED_CERTIFICATE()