diff options
author | arjenzorgdoc <42434363+arjenzorgdoc@users.noreply.github.com> | 2019-08-14 18:46:09 +0200 |
---|---|---|
committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2019-08-14 11:46:09 -0500 |
commit | 5231663da7a7832ebeec070ea9d4c97f734ffa9e (patch) | |
tree | badaef81c1d82d9bcd99b49a36973eb069ccf494 /src/_cffi_src | |
parent | c7681e80a68a97ba56453e7fbb960f0e59f4acad (diff) | |
download | cryptography-5231663da7a7832ebeec070ea9d4c97f734ffa9e.tar.gz cryptography-5231663da7a7832ebeec070ea9d4c97f734ffa9e.tar.bz2 cryptography-5231663da7a7832ebeec070ea9d4c97f734ffa9e.zip |
Add SSL_get0_verified_chain to cffi lib (#4965)
* Add SSL_get0_verified_chain to cffi lib
OpenSSL 1.1.0 supports SSL_get0_verified_chain. This gives the full chain from the peer cert including your trusted CA cert.
* Work around no support for #if in cdef in old cffi
Diffstat (limited to 'src/_cffi_src')
-rw-r--r-- | src/_cffi_src/openssl/ssl.py | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/src/_cffi_src/openssl/ssl.py b/src/_cffi_src/openssl/ssl.py index da21f3ce..071ac76a 100644 --- a/src/_cffi_src/openssl/ssl.py +++ b/src/_cffi_src/openssl/ssl.py @@ -31,6 +31,7 @@ static const long Cryptography_HAS_GENERIC_DTLS_METHOD; static const long Cryptography_HAS_SIGALGS; static const long Cryptography_HAS_PSK; static const long Cryptography_HAS_CIPHER_DETAILS; +static const long Cryptography_HAS_VERIFIED_CHAIN; /* Internally invented symbol to tell us if SNI is supported */ static const long Cryptography_HAS_TLSEXT_HOSTNAME; @@ -208,6 +209,7 @@ int SSL_get_sigalgs(SSL *, int, int *, int *, int *, unsigned char *, unsigned char *); Cryptography_STACK_OF_X509 *SSL_get_peer_cert_chain(const SSL *); +Cryptography_STACK_OF_X509 *SSL_get0_verified_chain(const SSL *); Cryptography_STACK_OF_X509_NAME *SSL_get_client_CA_list(const SSL *); int SSL_get_error(const SSL *, int); @@ -559,6 +561,13 @@ const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx) { } #endif +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 +static const long Cryptography_HAS_VERIFIED_CHAIN = 0; +Cryptography_STACK_OF_X509 *(*SSL_get0_verified_chain)(const SSL *) = NULL; +#else +static const long Cryptography_HAS_VERIFIED_CHAIN = 1; +#endif + /* Added in 1.1.0 in the great opaquing, but we need to define it for older OpenSSLs. Such is our burden. */ #if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER |