diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2020-04-04 17:08:08 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-04-04 16:08:08 -0500 |
| commit | aece5b3d47282beed31f7119e273b65816a0cf93 (patch) | |
| tree | d72e5ebfee8297197f1321b6d066d8d2061244f2 /src/_cffi_src/openssl/x509_vfy.py | |
| parent | e687b8f7f40e30ef88e9de889c55cd7fdec99762 (diff) | |
| download | cryptography-aece5b3d47282beed31f7119e273b65816a0cf93.tar.gz cryptography-aece5b3d47282beed31f7119e273b65816a0cf93.tar.bz2 cryptography-aece5b3d47282beed31f7119e273b65816a0cf93.zip | |
Drop support for OpenSSL 1.0.1 (#5178)
Diffstat (limited to 'src/_cffi_src/openssl/x509_vfy.py')
| -rw-r--r-- | src/_cffi_src/openssl/x509_vfy.py | 72 |
1 files changed, 4 insertions, 68 deletions
diff --git a/src/_cffi_src/openssl/x509_vfy.py b/src/_cffi_src/openssl/x509_vfy.py index 675ce823..d2bc5f4e 100644 --- a/src/_cffi_src/openssl/x509_vfy.py +++ b/src/_cffi_src/openssl/x509_vfy.py @@ -19,11 +19,8 @@ typedef STACK_OF(X509_OBJECT) Cryptography_STACK_OF_X509_OBJECT; """ TYPES = """ -static const long Cryptography_HAS_102_VERIFICATION_ERROR_CODES; -static const long Cryptography_HAS_102_VERIFICATION_PARAMS; +static const long Cryptography_HAS_102_VERIFICATION; static const long Cryptography_HAS_110_VERIFICATION_PARAMS; -static const long Cryptography_HAS_X509_V_FLAG_TRUSTED_FIRST; -static const long Cryptography_HAS_X509_V_FLAG_PARTIAL_CHAIN; static const long Cryptography_HAS_X509_STORE_CTX_GET_ISSUER; typedef ... Cryptography_STACK_OF_ASN1_OBJECT; @@ -222,64 +219,19 @@ void X509_STORE_set_get_issuer(X509_STORE *, X509_STORE_CTX_get_issuer_fn); """ CUSTOMIZATIONS = """ -/* OpenSSL 1.0.2+ verification parameters and error codes */ -#if CRYPTOGRAPHY_OPENSSL_102_OR_GREATER -static const long Cryptography_HAS_102_VERIFICATION_ERROR_CODES = 1; -static const long Cryptography_HAS_102_VERIFICATION_PARAMS = 1; +#if !CRYPTOGRAPHY_IS_LIBRESSL +static const long Cryptography_HAS_102_VERIFICATION = 1; #else -static const long Cryptography_HAS_102_VERIFICATION_ERROR_CODES = 0; -static const long Cryptography_HAS_102_VERIFICATION_PARAMS = 0; - +static const long Cryptography_HAS_102_VERIFICATION = 0; static const long X509_V_ERR_SUITE_B_INVALID_VERSION = 0; static const long X509_V_ERR_SUITE_B_INVALID_ALGORITHM = 0; static const long X509_V_ERR_SUITE_B_INVALID_CURVE = 0; static const long X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM = 0; static const long X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED = 0; static const long X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 = 0; -/* These 3 defines are unavailable in LibreSSL 2.5.x, but may be added - in the future... */ -#ifndef X509_V_ERR_HOSTNAME_MISMATCH -static const long X509_V_ERR_HOSTNAME_MISMATCH = 0; -#endif -#ifndef X509_V_ERR_EMAIL_MISMATCH -static const long X509_V_ERR_EMAIL_MISMATCH = 0; -#endif -#ifndef X509_V_ERR_IP_ADDRESS_MISMATCH -static const long X509_V_ERR_IP_ADDRESS_MISMATCH = 0; -#endif -#ifndef X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT -static const long X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT = 0; -#endif -#ifndef X509_CHECK_FLAG_NO_WILDCARDS -static const long X509_CHECK_FLAG_NO_WILDCARDS = 0; -#endif -#ifndef X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS -static const long X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS = 0; -#endif -#ifndef X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS -static const long X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS = 0; -#endif -#ifndef X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS -static const long X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS = 0; -#endif - -/* X509_V_FLAG_TRUSTED_FIRST is also new in 1.0.2+, but it is added separately - below because it shows up in some earlier 3rd party OpenSSL packages. */ static const long X509_V_FLAG_SUITEB_128_LOS_ONLY = 0; static const long X509_V_FLAG_SUITEB_192_LOS = 0; static const long X509_V_FLAG_SUITEB_128_LOS = 0; - -#if !CRYPTOGRAPHY_IS_LIBRESSL -int (*X509_VERIFY_PARAM_set1_host)(X509_VERIFY_PARAM *, const char *, - size_t) = NULL; -int (*X509_VERIFY_PARAM_set1_email)(X509_VERIFY_PARAM *, const char *, - size_t) = NULL; -int (*X509_VERIFY_PARAM_set1_ip)(X509_VERIFY_PARAM *, const unsigned char *, - size_t) = NULL; -int (*X509_VERIFY_PARAM_set1_ip_asc)(X509_VERIFY_PARAM *, const char *) = NULL; -void (*X509_VERIFY_PARAM_set_hostflags)(X509_VERIFY_PARAM *, - unsigned int) = NULL; -#endif #endif #if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 || CRYPTOGRAPHY_IS_LIBRESSL @@ -291,22 +243,6 @@ static const long X509_CHECK_FLAG_NEVER_CHECK_SUBJECT = 0; static const long Cryptography_HAS_110_VERIFICATION_PARAMS = 1; #endif -/* OpenSSL 1.0.2+ or Solaris's backport */ -#ifdef X509_V_FLAG_PARTIAL_CHAIN -static const long Cryptography_HAS_X509_V_FLAG_PARTIAL_CHAIN = 1; -#else -static const long Cryptography_HAS_X509_V_FLAG_PARTIAL_CHAIN = 0; -static const long X509_V_FLAG_PARTIAL_CHAIN = 0; -#endif - -/* OpenSSL 1.0.2+, *or* Fedora 20's flavor of OpenSSL 1.0.1e... */ -#ifdef X509_V_FLAG_TRUSTED_FIRST -static const long Cryptography_HAS_X509_V_FLAG_TRUSTED_FIRST = 1; -#else -static const long Cryptography_HAS_X509_V_FLAG_TRUSTED_FIRST = 0; -static const long X509_V_FLAG_TRUSTED_FIRST = 0; -#endif - #if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_IS_LIBRESSL Cryptography_STACK_OF_X509_OBJECT *X509_STORE_get0_objects(X509_STORE *ctx) { return ctx->objs; |