diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2014-06-18 08:58:41 -0600 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2014-06-18 08:58:41 -0600 |
| commit | e3a5e67fef86758d03308695e3a4da1b444cac8c (patch) | |
| tree | 4fefc6adc51f198c04bcb955715c8c486d215a44 | |
| parent | 9a31bf95bb94bfc14c56f18145c4c280ac71a4f8 (diff) | |
| parent | 17c8af235a8b7abdddf24735b816e48654de7912 (diff) | |
| download | cryptography-e3a5e67fef86758d03308695e3a4da1b444cac8c.tar.gz cryptography-e3a5e67fef86758d03308695e3a4da1b444cac8c.tar.bz2 cryptography-e3a5e67fef86758d03308695e3a4da1b444cac8c.zip | |
Merge pull request #1147 from lvh/ffs-fedora
Conditionally add X509_V_FLAG_TRUSTED_FIRST
| -rw-r--r-- | cryptography/hazmat/bindings/openssl/x509_vfy.py | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/cryptography/hazmat/bindings/openssl/x509_vfy.py b/cryptography/hazmat/bindings/openssl/x509_vfy.py index 4db3da1d..a5dcb6a7 100644 --- a/cryptography/hazmat/bindings/openssl/x509_vfy.py +++ b/cryptography/hazmat/bindings/openssl/x509_vfy.py @@ -29,6 +29,7 @@ typedef STACK_OF(ASN1_OBJECT) Cryptography_STACK_OF_ASN1_OBJECT; TYPES = """ static const long Cryptography_HAS_X509_VERIFY_PARAM_SET_HOSTFLAGS; static const long Cryptography_HAS_102_VERIFICATION_PARAMS; +static const long Cryptography_HAS_X509_V_FLAG_TRUSTED_FIRST; static const long Cryptography_HAS_100_VERIFICATION_PARAMS; static const long Cryptography_HAS_X509_V_FLAG_CHECK_SS_SIGNATURE; @@ -101,7 +102,7 @@ void (*X509_VERIFY_PARAM_set_hostflags)(X509_VERIFY_PARAM *, static const long Cryptography_HAS_102_VERIFICATION_PARAMS = 1; #else static const long Cryptography_HAS_102_VERIFICATION_PARAMS = 0; -static const long X509_V_FLAG_TRUSTED_FIRST = 0; +// X509_V_FLAG_TRUSTED_FIRST is also new in 1.0.2, but added separately below static const long X509_V_FLAG_SUITEB_128_LOS_ONLY = 0; static const long X509_V_FLAG_SUITEB_192_LOS = 0; static const long X509_V_FLAG_SUITEB_128_LOS = 0; @@ -116,6 +117,14 @@ int (*X509_VERIFY_PARAM_set1_ip)(X509_VERIFY_PARAM *, const unsigned char *, int (*X509_VERIFY_PARAM_set1_ip_asc)(X509_VERIFY_PARAM *, const char *) = NULL; #endif +// OpenSSL 1.0.2+, *or* Fedora 20's flavor of OpenSSL 1.0.1e... +#ifdef X509_V_FLAG_TRUSTED_FIRST +static const long Cryptography_HAS_X509_V_FLAG_TRUSTED_FIRST = 1; +#else +static const long Cryptography_HAS_X509_V_FLAG_TRUSTED_FIRST = 0; +static const long X509_V_FLAG_TRUSTED_FIRST = 0; +#endif + // OpenSSL 1.0.0+ #if OPENSSL_VERSION_NUMBER >= 0x10000000L static const long Cryptography_HAS_100_VERIFICATION_PARAMS = 1; @@ -139,7 +148,6 @@ CONDITIONAL_NAMES = { "X509_VERIFY_PARAM_set_hostflags", ], "Cryptography_HAS_102_VERIFICATION_PARAMS": [ - "X509_V_FLAG_TRUSTED_FIRST", "X509_V_FLAG_SUITEB_128_LOS_ONLY", "X509_V_FLAG_SUITEB_192_LOS", "X509_V_FLAG_SUITEB_128_LOS", @@ -150,6 +158,9 @@ CONDITIONAL_NAMES = { "X509_VERIFY_PARAM_set1_ip", "X509_VERIFY_PARAM_set1_ip_asc", ], + "Cryptography_HAS_X509_V_FLAG_TRUSTED_FIRST": [ + "X509_V_FLAG_TRUSTED_FIRST", + ], "Cryptography_HAS_100_VERIFICATION_PARAMS": [ "Cryptography_HAS_100_VERIFICATION_PARAMS", "X509_V_FLAG_EXTENDED_CRL_SUPPORT", |