def tls13_should_add_Certificate(self):
certs = []
for c in self.cur_session.server_certs:
certs += _ASN1CertAndExt(cert=c)
self.add_msg(TLS13Certificate(certs=certs))
raise self.tls13_ADDED_CERTIFICATE()
def tls13_should_add_Certificate(self):
# If a PSK is set, an extension pre_shared_key
# was send in the ServerHello. No certificate should
# be send here
if not self.cur_session.tls13_psk_secret:
certs = []
for c in self.cur_session.server_certs:
certs += _ASN1CertAndExt(cert=c)
self.add_msg(TLS13Certificate(certs=certs))
raise self.tls13_ADDED_CERTIFICATE()
def tls13_should_add_ClientCertificate(self):
"""
If the server sent a CertificateRequest, we send a Certificate message.
If no certificate is available, an empty Certificate message is sent:
- this is a SHOULD in RFC 4346 (Section 7.4.6)
- this is a MUST in RFC 5246 (Section 7.4.6)
XXX We may want to add a complete chain.
"""
hs_msg = [type(m) for m in self.cur_session.handshake_messages_parsed]
if TLS13CertificateRequest not in hs_msg:
raise self.TLS13_ADDED_CLIENTCERTIFICATE()
# return
certs = []
if self.mycert:
certs += _ASN1CertAndExt(cert=self.mycert)
self.add_msg(TLS13Certificate(certs=certs))
raise self.TLS13_ADDED_CLIENTCERTIFICATE()