From 25a0a09a9cc80f42c6259450bb7149c4b3321282 Mon Sep 17 00:00:00 2001
From: Laurens Van Houtven <_@lvh.cc>
Date: Wed, 18 Jun 2014 13:03:23 +0200
Subject: Conditionally add X509_V_FLAG_TRUSTED_FIRST

---
 cryptography/hazmat/bindings/openssl/x509_vfy.py | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/cryptography/hazmat/bindings/openssl/x509_vfy.py b/cryptography/hazmat/bindings/openssl/x509_vfy.py
index 4db3da1d..2e782c56 100644
--- a/cryptography/hazmat/bindings/openssl/x509_vfy.py
+++ b/cryptography/hazmat/bindings/openssl/x509_vfy.py
@@ -29,6 +29,7 @@ typedef STACK_OF(ASN1_OBJECT) Cryptography_STACK_OF_ASN1_OBJECT;
 TYPES = """
 static const long Cryptography_HAS_X509_VERIFY_PARAM_SET_HOSTFLAGS;
 static const long Cryptography_HAS_102_VERIFICATION_PARAMS;
+static const long Cryptography_HAS_X509_V_FLAG_TRUSTED_FIRST;
 static const long Cryptography_HAS_100_VERIFICATION_PARAMS;
 static const long Cryptography_HAS_X509_V_FLAG_CHECK_SS_SIGNATURE;
 
@@ -101,6 +102,7 @@ void (*X509_VERIFY_PARAM_set_hostflags)(X509_VERIFY_PARAM *,
 static const long Cryptography_HAS_102_VERIFICATION_PARAMS = 1;
 #else
 static const long Cryptography_HAS_102_VERIFICATION_PARAMS = 0;
+// X509_V_FLAG_TRUSTED_FIRST is also new in 1.0.2, but added separately below
 static const long X509_V_FLAG_TRUSTED_FIRST = 0;
 static const long X509_V_FLAG_SUITEB_128_LOS_ONLY = 0;
 static const long X509_V_FLAG_SUITEB_192_LOS = 0;
@@ -116,6 +118,14 @@ int (*X509_VERIFY_PARAM_set1_ip)(X509_VERIFY_PARAM *, const unsigned char *,
 int (*X509_VERIFY_PARAM_set1_ip_asc)(X509_VERIFY_PARAM *, const char *) = NULL;
 #endif
 
+// Ope/nSSL 1.0.2+, *or* Fedora 20's flavor of OpenSSL 1.0.1e...
+#ifdef X509_V_FLAG_TRUSTED_FIRST
+static const long Cryptography_HAS_X509_V_FLAG_TRUSTED_FIRST = 1;
+#else
+static const long Cryptography_HAS_X509_V_FLAG_TRUSTED_FIRST = 0;
+static const long X509_V_FLAG_TRUSTED_FIRST = 0;
+#endif
+
 // OpenSSL 1.0.0+
 #if OPENSSL_VERSION_NUMBER >= 0x10000000L
 static const long Cryptography_HAS_100_VERIFICATION_PARAMS = 1;
@@ -139,7 +149,6 @@ CONDITIONAL_NAMES = {
         "X509_VERIFY_PARAM_set_hostflags",
     ],
     "Cryptography_HAS_102_VERIFICATION_PARAMS": [
-        "X509_V_FLAG_TRUSTED_FIRST",
         "X509_V_FLAG_SUITEB_128_LOS_ONLY",
         "X509_V_FLAG_SUITEB_192_LOS",
         "X509_V_FLAG_SUITEB_128_LOS",
@@ -150,6 +159,9 @@ CONDITIONAL_NAMES = {
         "X509_VERIFY_PARAM_set1_ip",
         "X509_VERIFY_PARAM_set1_ip_asc",
     ],
+    "Cryptography_HAS_X509_V_FLAG_TRUSTED_FIRST": [
+        "X509_V_FLAG_TRUSTED_FIRST",
+    ],
     "Cryptography_HAS_100_VERIFICATION_PARAMS": [
         "Cryptography_HAS_100_VERIFICATION_PARAMS",
         "X509_V_FLAG_EXTENDED_CRL_SUPPORT",
-- 
cgit v1.2.3