diff options
| author | Maximilian Hils <git@maximilianhils.com> | 2020-04-12 03:34:32 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-04-11 20:34:32 -0500 |
| commit | f69225d1240fb378b48f363083e51b0cebb961d0 (patch) | |
| tree | 78a452d44ea05bf4676ff8925d59278dd9543a1a | |
| parent | 55f3b7d71b448c5a7f4dd98acfc6f349412bc934 (diff) | |
| download | cryptography-f69225d1240fb378b48f363083e51b0cebb961d0.tar.gz cryptography-f69225d1240fb378b48f363083e51b0cebb961d0.tar.bz2 cryptography-f69225d1240fb378b48f363083e51b0cebb961d0.zip | |
add SSL_CTX_(get|set)_keylog_callback (#5187)
* add SSL_CTX_(get|set)_keylog_callback
* For travis
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
| -rw-r--r-- | src/_cffi_src/openssl/ssl.py | 18 | ||||
| -rw-r--r-- | src/cryptography/hazmat/bindings/openssl/_conditional.py | 8 |
2 files changed, 26 insertions, 0 deletions
diff --git a/src/_cffi_src/openssl/ssl.py b/src/_cffi_src/openssl/ssl.py index faad5605..c803ae7a 100644 --- a/src/_cffi_src/openssl/ssl.py +++ b/src/_cffi_src/openssl/ssl.py @@ -31,6 +31,7 @@ static const long Cryptography_HAS_SIGALGS; static const long Cryptography_HAS_PSK; static const long Cryptography_HAS_CIPHER_DETAILS; static const long Cryptography_HAS_VERIFIED_CHAIN; +static const long Cryptography_HAS_KEYLOG; /* Internally invented symbol to tell us if SNI is supported */ static const long Cryptography_HAS_TLSEXT_HOSTNAME; @@ -285,6 +286,10 @@ void SSL_CTX_set_client_CA_list(SSL_CTX *, Cryptography_STACK_OF_X509_NAME *); void SSL_CTX_set_info_callback(SSL_CTX *, void (*)(const SSL *, int, int)); void (*SSL_CTX_get_info_callback(SSL_CTX *))(const SSL *, int, int); +void SSL_CTX_set_keylog_callback(SSL_CTX *, + void (*)(const SSL *, const char *)); +void (*SSL_CTX_get_keylog_callback(SSL_CTX *))(const SSL *, const char *); + long SSL_CTX_set1_sigalgs_list(SSL_CTX *, const char *); /* SSL_SESSION */ @@ -568,6 +573,19 @@ Cryptography_STACK_OF_X509 *(*SSL_get0_verified_chain)(const SSL *) = NULL; static const long Cryptography_HAS_VERIFIED_CHAIN = 1; #endif +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_111 +static const long Cryptography_HAS_KEYLOG = 0; +void (*SSL_CTX_set_keylog_callback)(SSL_CTX *, + void (*) (const SSL *, const char *) + ) = NULL; +void (*(*SSL_CTX_get_keylog_callback)(SSL_CTX *))( + const SSL *, + const char * + ) = NULL; +#else +static const long Cryptography_HAS_KEYLOG = 1; +#endif + /* Added in 1.1.0 in the great opaquing, but we need to define it for older OpenSSLs. Such is our burden. */ #if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_IS_LIBRESSL diff --git a/src/cryptography/hazmat/bindings/openssl/_conditional.py b/src/cryptography/hazmat/bindings/openssl/_conditional.py index ea4ae4c6..b089f65b 100644 --- a/src/cryptography/hazmat/bindings/openssl/_conditional.py +++ b/src/cryptography/hazmat/bindings/openssl/_conditional.py @@ -270,6 +270,13 @@ def cryptography_has_tlsv13(): ] +def cryptography_has_keylog(): + return [ + "SSL_CTX_set_keylog_callback", + "SSL_CTX_get_keylog_callback", + ] + + def cryptography_has_raw_key(): return [ "EVP_PKEY_new_raw_private_key", @@ -356,6 +363,7 @@ CONDITIONAL_NAMES = { "Cryptography_HAS_OPENSSL_CLEANUP": cryptography_has_openssl_cleanup, "Cryptography_HAS_CIPHER_DETAILS": cryptography_has_cipher_details, "Cryptography_HAS_TLSv1_3": cryptography_has_tlsv13, + "Cryptography_HAS_KEYLOG": cryptography_has_keylog, "Cryptography_HAS_RAW_KEY": cryptography_has_raw_key, "Cryptography_HAS_EVP_DIGESTFINAL_XOF": ( cryptography_has_evp_digestfinal_xof |