def should_add_ClientVerify(self):
"""
XXX Section 7.4.7.1 of RFC 5246 states that the CertificateVerify
message is only sent following a client certificate that has signing
capability (i.e. not those containing fixed DH params).
We should verify that before adding the message. We should also handle
the case when the Certificate message was empty.
"""
hs_msg = [type(m) for m in self.cur_session.handshake_messages_parsed]
if (TLSCertificateRequest not in hs_msg or self.mycert is None
or self.mykey is None):
return
self.add_msg(TLSCertificateVerify())
raise self.ADDED_CERTIFICATEVERIFY()
def tls13_should_add_CertificateVerifiy(self):
self.add_msg(TLSCertificateVerify())
raise self.tls13_ADDED_CERTIFICATEVERIFY()
def tls13_should_add_CertificateVerifiy(self):
if not self.cur_session.tls13_psk_secret:
self.add_msg(TLSCertificateVerify())
raise self.tls13_ADDED_CERTIFICATEVERIFY()