diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/_cffi_src/openssl/ssl.py | 21 | ||||
| -rw-r--r-- | src/cryptography/hazmat/backends/openssl/backend.py | 4 | ||||
| -rw-r--r-- | src/cryptography/hazmat/bindings/openssl/_conditional.py | 6 | ||||
| -rw-r--r-- | src/cryptography/x509/base.py | 11 |
4 files changed, 18 insertions, 24 deletions
diff --git a/src/_cffi_src/openssl/ssl.py b/src/_cffi_src/openssl/ssl.py index 83a7386f..64e4e2f0 100644 --- a/src/_cffi_src/openssl/ssl.py +++ b/src/_cffi_src/openssl/ssl.py @@ -301,15 +301,6 @@ unsigned long SSL_CTX_add_extra_chain_cert(SSL_CTX *, X509 *); /* methods */ -/* SSLv2 support is compiled out of some versions of OpenSSL. These will - * get special support when we generate the bindings so that if they are - * available they will be wrapped, but if they are not they won't cause - * problems (like link errors). - */ -const SSL_METHOD *SSLv2_method(void); -const SSL_METHOD *SSLv2_server_method(void); -const SSL_METHOD *SSLv2_client_method(void); - /* * TLSv1_1 and TLSv1_2 are recent additions. Only sufficiently new versions of * OpenSSL support them. @@ -441,14 +432,12 @@ const long SSL_OP_LEGACY_SERVER_CONNECT = 0; #else static const long Cryptography_HAS_SECURE_RENEGOTIATION = 1; #endif -#ifdef OPENSSL_NO_SSL2 + +/* Cryptography now compiles out all SSLv2 bindings. This exists to allow + * clients that use it to check for SSLv2 support to keep functioning as + * expected. + */ static const long Cryptography_HAS_SSL2 = 0; -SSL_METHOD* (*SSLv2_method)(void) = NULL; -SSL_METHOD* (*SSLv2_client_method)(void) = NULL; -SSL_METHOD* (*SSLv2_server_method)(void) = NULL; -#else -static const long Cryptography_HAS_SSL2 = 1; -#endif #ifdef OPENSSL_NO_SSL3_METHOD static const long Cryptography_HAS_SSL3_METHOD = 0; diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py index 8d9e5e0e..768559cf 100644 --- a/src/cryptography/hazmat/backends/openssl/backend.py +++ b/src/cryptography/hazmat/backends/openssl/backend.py @@ -1372,7 +1372,7 @@ class Backend(object): # Set the subject's name. res = self._lib.X509_set_subject_name( - x509_cert, _encode_name(self, list(builder._subject_name)) + x509_cert, _encode_name_gc(self, list(builder._subject_name)) ) self.openssl_assert(res == 1) @@ -1423,7 +1423,7 @@ class Backend(object): # Set the issuer name. res = self._lib.X509_set_issuer_name( - x509_cert, _encode_name(self, list(builder._issuer_name)) + x509_cert, _encode_name_gc(self, list(builder._issuer_name)) ) self.openssl_assert(res == 1) diff --git a/src/cryptography/hazmat/bindings/openssl/_conditional.py b/src/cryptography/hazmat/bindings/openssl/_conditional.py index dad37436..206c2915 100644 --- a/src/cryptography/hazmat/bindings/openssl/_conditional.py +++ b/src/cryptography/hazmat/bindings/openssl/_conditional.py @@ -276,12 +276,6 @@ CONDITIONAL_NAMES = { "TLSv1_2_client_method", ], - "Cryptography_HAS_SSL2": [ - "SSLv2_method", - "SSLv2_client_method", - "SSLv2_server_method", - ], - "Cryptography_HAS_SSL3_METHOD": [ "SSLv3_method", "SSLv3_client_method", diff --git a/src/cryptography/x509/base.py b/src/cryptography/x509/base.py index c56ca5ee..49761046 100644 --- a/src/cryptography/x509/base.py +++ b/src/cryptography/x509/base.py @@ -436,6 +436,11 @@ class CertificateBuilder(object): if time <= _UNIX_EPOCH: raise ValueError('The not valid before date must be after the unix' ' epoch (1970 January 1).') + if self._not_valid_after is not None and time > self._not_valid_after: + raise ValueError( + 'The not valid before date must be before the not valid after ' + 'date.' + ) return CertificateBuilder( self._issuer_name, self._subject_name, self._public_key, self._serial_number, time, @@ -453,6 +458,12 @@ class CertificateBuilder(object): if time <= _UNIX_EPOCH: raise ValueError('The not valid after date must be after the unix' ' epoch (1970 January 1).') + if (self._not_valid_before is not None and + time < self._not_valid_before): + raise ValueError( + 'The not valid after date must be after the not valid before ' + 'date.' + ) return CertificateBuilder( self._issuer_name, self._subject_name, self._public_key, self._serial_number, self._not_valid_before, |