diff options
Diffstat (limited to 'src/_cffi_src')
| -rw-r--r-- | src/_cffi_src/openssl/ssl.py | 9 | ||||
| -rw-r--r-- | src/_cffi_src/openssl/x509_vfy.py | 32 |
2 files changed, 41 insertions, 0 deletions
diff --git a/src/_cffi_src/openssl/ssl.py b/src/_cffi_src/openssl/ssl.py index 2e32b8f3..f9481af1 100644 --- a/src/_cffi_src/openssl/ssl.py +++ b/src/_cffi_src/openssl/ssl.py @@ -185,6 +185,9 @@ X509 *SSL_get_certificate(const SSL *); X509 *SSL_get_peer_certificate(const SSL *); int SSL_get_ex_data_X509_STORE_CTX_idx(void); +/* Added in 1.0.2 */ +X509_VERIFY_PARAM *SSL_get0_param(SSL *); + int SSL_use_certificate(SSL *, X509 *); int SSL_use_certificate_ASN1(SSL *, const unsigned char *, int); int SSL_use_certificate_file(SSL *, const char *, int); @@ -620,6 +623,12 @@ static const long Cryptography_HAS_SSL_OP_NO_TICKET = 1; static const long Cryptography_HAS_SSL_SET_SSL_CTX = 1; static const long Cryptography_HAS_NEXTPROTONEG = 1; +/* SSL_get0_param was added in OpenSSL 1.0.2. */ +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER +X509_VERIFY_PARAM *(*SSL_get0_param)(SSL *) = NULL; +#else +#endif + /* ALPN was added in OpenSSL 1.0.2. */ #if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 && !CRYPTOGRAPHY_IS_LIBRESSL int (*SSL_CTX_set_alpn_protos)(SSL_CTX *, diff --git a/src/_cffi_src/openssl/x509_vfy.py b/src/_cffi_src/openssl/x509_vfy.py index 618b5c21..42da3b1e 100644 --- a/src/_cffi_src/openssl/x509_vfy.py +++ b/src/_cffi_src/openssl/x509_vfy.py @@ -21,6 +21,7 @@ typedef STACK_OF(X509_OBJECT) Cryptography_STACK_OF_X509_OBJECT; TYPES = """ static const long Cryptography_HAS_102_VERIFICATION_ERROR_CODES; static const long Cryptography_HAS_102_VERIFICATION_PARAMS; +static const long Cryptography_HAS_110_VERIFICATION_PARAMS; static const long Cryptography_HAS_X509_V_FLAG_TRUSTED_FIRST; static const long Cryptography_HAS_X509_V_FLAG_PARTIAL_CHAIN; static const long Cryptography_HAS_X509_STORE_CTX_GET_ISSUER; @@ -128,6 +129,13 @@ static const long X509_V_FLAG_PARTIAL_CHAIN; static const long X509_LU_X509; static const long X509_LU_CRL; + +static const long X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT; +static const long X509_CHECK_FLAG_NO_WILDCARDS; +static const long X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS; +static const long X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS; +static const long X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS; +static const long X509_CHECK_FLAG_NEVER_CHECK_SUBJECT; """ FUNCTIONS = """ @@ -239,6 +247,21 @@ static const long X509_V_ERR_EMAIL_MISMATCH = 0; #ifndef X509_V_ERR_IP_ADDRESS_MISMATCH static const long X509_V_ERR_IP_ADDRESS_MISMATCH = 0; #endif +#ifndef X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT +static const long X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT = 0; +#endif +#ifndef X509_CHECK_FLAG_NO_WILDCARDS +static const long X509_CHECK_FLAG_NO_WILDCARDS = 0; +#endif +#ifndef X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS +static const long X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS = 0; +#endif +#ifndef X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS +static const long X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS = 0; +#endif +#ifndef X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS +static const long X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS = 0; +#endif /* X509_V_FLAG_TRUSTED_FIRST is also new in 1.0.2+, but it is added separately below because it shows up in some earlier 3rd party OpenSSL packages. */ @@ -259,6 +282,15 @@ void (*X509_VERIFY_PARAM_set_hostflags)(X509_VERIFY_PARAM *, #endif #endif +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 || CRYPTOGRAPHY_IS_LIBRESSL +static const long Cryptography_HAS_110_VERIFICATION_PARAMS = 0; +#ifndef X509_CHECK_FLAG_NEVER_CHECK_SUBJECT +static const long X509_CHECK_FLAG_NEVER_CHECK_SUBJECT = 0; +#endif +#else +static const long Cryptography_HAS_110_VERIFICATION_PARAMS = 1; +#endif + /* OpenSSL 1.0.2+ or Solaris's backport */ #ifdef X509_V_FLAG_PARTIAL_CHAIN static const long Cryptography_HAS_X509_V_FLAG_PARTIAL_CHAIN = 1; |