diff options
| author | arjenzorgdoc <42434363+arjenzorgdoc@users.noreply.github.com> | 2019-08-14 18:46:09 +0200 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2019-08-14 11:46:09 -0500 |
| commit | 5231663da7a7832ebeec070ea9d4c97f734ffa9e (patch) | |
| tree | badaef81c1d82d9bcd99b49a36973eb069ccf494 /src/cryptography | |
| parent | c7681e80a68a97ba56453e7fbb960f0e59f4acad (diff) | |
| download | cryptography-5231663da7a7832ebeec070ea9d4c97f734ffa9e.tar.gz cryptography-5231663da7a7832ebeec070ea9d4c97f734ffa9e.tar.bz2 cryptography-5231663da7a7832ebeec070ea9d4c97f734ffa9e.zip | |
Add SSL_get0_verified_chain to cffi lib (#4965)
* Add SSL_get0_verified_chain to cffi lib
OpenSSL 1.1.0 supports SSL_get0_verified_chain. This gives the full chain from the peer cert including your trusted CA cert.
* Work around no support for #if in cdef in old cffi
Diffstat (limited to 'src/cryptography')
| -rw-r--r-- | src/cryptography/hazmat/bindings/openssl/_conditional.py | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/cryptography/hazmat/bindings/openssl/_conditional.py b/src/cryptography/hazmat/bindings/openssl/_conditional.py index a1f78193..a2eee181 100644 --- a/src/cryptography/hazmat/bindings/openssl/_conditional.py +++ b/src/cryptography/hazmat/bindings/openssl/_conditional.py @@ -358,6 +358,12 @@ def cryptography_has_engine(): ] +def cryptography_has_verified_chain(): + return [ + "SSL_get0_verified_chain", + ] + + # This is a mapping of # {condition: function-returning-names-dependent-on-that-condition} so we can # loop over them and delete unsupported names at runtime. It will be removed @@ -431,4 +437,5 @@ CONDITIONAL_NAMES = { cryptography_has_evp_r_memory_limit_exceeded ), "Cryptography_HAS_ENGINE": cryptography_has_engine, + "Cryptography_HAS_VERIFIED_CHAIN": cryptography_has_verified_chain, } |