From 7c243875f34a47d3c552634a00440c846855c3a2 Mon Sep 17 00:00:00 2001 From: Jean-Paul Calderone Date: Sat, 28 Dec 2013 08:56:34 -0500 Subject: expose SSL_get_peer_cert_chain, SSL_get_client_CA_list, and SSL_CTX_set_client_CA_list --- cryptography/hazmat/backends/openssl/ssl.py | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/cryptography/hazmat/backends/openssl/ssl.py b/cryptography/hazmat/backends/openssl/ssl.py index fb3b17e6..7a1219b0 100644 --- a/cryptography/hazmat/backends/openssl/ssl.py +++ b/cryptography/hazmat/backends/openssl/ssl.py @@ -157,6 +157,13 @@ int SSL_pending(const SSL *); int SSL_write(SSL *, const void *, int); int SSL_read(SSL *, void *, int); X509 *SSL_get_peer_certificate(const SSL *); + +/* OpenSSL defines these with STACK_OF(...) instead stack_st_... of but the + * STACK_OF macro does not play well with cffi. + */ +struct stack_st_X509 *SSL_get_peer_cert_chain(const SSL *); +struct stack_st_X509_NAME *SSL_get_client_CA_list(const SSL *s); + int SSL_get_error(const SSL *, int); int SSL_do_handshake(SSL *); int SSL_shutdown(SSL *); @@ -186,6 +193,11 @@ void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *); X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *); int SSL_CTX_add_client_CA(SSL_CTX *, X509 *); +/* See comment above about STACK_OF(...) vs stack_st_... + */ +void SSL_CTX_set_client_CA_list(SSL_CTX *, struct stack_st_X509_NAME *); + + /* X509_STORE_CTX */ int X509_STORE_CTX_get_error(X509_STORE_CTX *); void X509_STORE_CTX_set_error(X509_STORE_CTX *, int); -- cgit v1.2.3 From 6c56e254932021e73aca04d1b1c71fb8ce9a95ea Mon Sep 17 00:00:00 2001 From: Jean-Paul Calderone Date: Sat, 28 Dec 2013 12:47:43 -0500 Subject: simplify a bit - just try tackling one problem at a time. and add some more typedefs that maybe should help (still broken though) --- cryptography/hazmat/backends/openssl/ssl.py | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/cryptography/hazmat/backends/openssl/ssl.py b/cryptography/hazmat/backends/openssl/ssl.py index 7a1219b0..071ec503 100644 --- a/cryptography/hazmat/backends/openssl/ssl.py +++ b/cryptography/hazmat/backends/openssl/ssl.py @@ -110,6 +110,8 @@ static const int X509_V_OK; typedef ... SSL_METHOD; typedef ... SSL_CTX; +typedef ... Cryptography_STACK_OF_X509; + typedef struct { int master_key_length; unsigned char master_key[...]; @@ -158,11 +160,13 @@ int SSL_write(SSL *, const void *, int); int SSL_read(SSL *, void *, int); X509 *SSL_get_peer_certificate(const SSL *); -/* OpenSSL defines these with STACK_OF(...) instead stack_st_... of but the - * STACK_OF macro does not play well with cffi. +/* + * OpenSSL defines these with STACK_OF(...) but the STACK_OF macro does not + * play well with cffi. */ -struct stack_st_X509 *SSL_get_peer_cert_chain(const SSL *); -struct stack_st_X509_NAME *SSL_get_client_CA_list(const SSL *s); + +Cryptography_STACK_OF_X509 *SSL_get_peer_cert_chain(const SSL *); +// Cryptography_STACK_OF_X509_NAME *SSL_get_client_CA_list(const SSL *); int SSL_get_error(const SSL *, int); int SSL_do_handshake(SSL *); @@ -193,9 +197,10 @@ void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *); X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *); int SSL_CTX_add_client_CA(SSL_CTX *, X509 *); -/* See comment above about STACK_OF(...) vs stack_st_... +/* + * See comment above about STACK_OF(...) vs stack_st_... */ -void SSL_CTX_set_client_CA_list(SSL_CTX *, struct stack_st_X509_NAME *); +// void SSL_CTX_set_client_CA_list(SSL_CTX *, Cryptography_STACK_OF_X509_NAME *); /* X509_STORE_CTX */ @@ -298,6 +303,11 @@ static const long Cryptography_HAS_OP_NO_COMPRESSION = 1; static const long Cryptography_HAS_OP_NO_COMPRESSION = 0; const long SSL_OP_NO_COMPRESSION = 0; #endif + +/* + * Get some simpler definitions for some types used by later prototypes. + */ +typedef STACK_OF(X509) Cryptography_STACK_OF_X509; """ CONDITIONAL_NAMES = { -- cgit v1.2.3 From 30f22f1ee19d8ff9df35d2a04b454a8da9af1a89 Mon Sep 17 00:00:00 2001 From: Jean-Paul Calderone Date: Sat, 28 Dec 2013 12:56:08 -0500 Subject: typedef has to come before function prototype that relies on it; only place that can happen is if the typedef is in INCLUDES woops --- cryptography/hazmat/backends/openssl/ssl.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/cryptography/hazmat/backends/openssl/ssl.py b/cryptography/hazmat/backends/openssl/ssl.py index 071ec503..83353e4f 100644 --- a/cryptography/hazmat/backends/openssl/ssl.py +++ b/cryptography/hazmat/backends/openssl/ssl.py @@ -13,6 +13,11 @@ INCLUDES = """ #include + +/* + * Get some simpler definitions for some types used by later prototypes. + */ +typedef STACK_OF(X509) Cryptography_STACK_OF_X509; """ TYPES = """ @@ -303,11 +308,6 @@ static const long Cryptography_HAS_OP_NO_COMPRESSION = 1; static const long Cryptography_HAS_OP_NO_COMPRESSION = 0; const long SSL_OP_NO_COMPRESSION = 0; #endif - -/* - * Get some simpler definitions for some types used by later prototypes. - */ -typedef STACK_OF(X509) Cryptography_STACK_OF_X509; """ CONDITIONAL_NAMES = { -- cgit v1.2.3 From f5360499bac470d2d3231f2529bce5bc0a770c76 Mon Sep 17 00:00:00 2001 From: Jean-Paul Calderone Date: Sat, 28 Dec 2013 12:57:42 -0500 Subject: Put back these other functions now that they ought to work. --- cryptography/hazmat/backends/openssl/ssl.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/cryptography/hazmat/backends/openssl/ssl.py b/cryptography/hazmat/backends/openssl/ssl.py index c3d485b2..e62a45a5 100644 --- a/cryptography/hazmat/backends/openssl/ssl.py +++ b/cryptography/hazmat/backends/openssl/ssl.py @@ -18,6 +18,7 @@ INCLUDES = """ * Get some simpler definitions for some types used by later prototypes. */ typedef STACK_OF(X509) Cryptography_STACK_OF_X509; +typedef STACK_OF(X509_NAME) Cryptography_STACK_OF_X509_NAME; """ TYPES = """ @@ -171,7 +172,7 @@ X509 *SSL_get_peer_certificate(const SSL *); */ Cryptography_STACK_OF_X509 *SSL_get_peer_cert_chain(const SSL *); -// Cryptography_STACK_OF_X509_NAME *SSL_get_client_CA_list(const SSL *); +Cryptography_STACK_OF_X509_NAME *SSL_get_client_CA_list(const SSL *); int SSL_get_error(const SSL *, int); int SSL_do_handshake(SSL *); @@ -203,9 +204,9 @@ X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *); int SSL_CTX_add_client_CA(SSL_CTX *, X509 *); /* - * See comment above about STACK_OF(...) vs stack_st_... + * See comment above about STACK_OF(...) */ -// void SSL_CTX_set_client_CA_list(SSL_CTX *, Cryptography_STACK_OF_X509_NAME *); +void SSL_CTX_set_client_CA_list(SSL_CTX *, Cryptography_STACK_OF_X509_NAME *); /* X509_STORE_CTX */ -- cgit v1.2.3 From f8475f44238c8a7ee0e730e118683d4732d06c76 Mon Sep 17 00:00:00 2001 From: Jean-Paul Calderone Date: Sat, 28 Dec 2013 12:58:10 -0500 Subject: This bit is important as well. --- cryptography/hazmat/backends/openssl/ssl.py | 1 + 1 file changed, 1 insertion(+) diff --git a/cryptography/hazmat/backends/openssl/ssl.py b/cryptography/hazmat/backends/openssl/ssl.py index e62a45a5..e4192349 100644 --- a/cryptography/hazmat/backends/openssl/ssl.py +++ b/cryptography/hazmat/backends/openssl/ssl.py @@ -117,6 +117,7 @@ typedef ... SSL_METHOD; typedef ... SSL_CTX; typedef ... Cryptography_STACK_OF_X509; +typedef ... Cryptography_STACK_OF_X509_NAME; typedef struct { int master_key_length; -- cgit v1.2.3 From 7db423959e5648bd1ba3bbf3581d56b199de10f2 Mon Sep 17 00:00:00 2001 From: Jean-Paul Calderone Date: Sat, 28 Dec 2013 13:04:53 -0500 Subject: move these type definitions to perhaps-more-appropriate modules --- cryptography/hazmat/backends/openssl/ssl.py | 9 --------- cryptography/hazmat/backends/openssl/x509.py | 3 +++ cryptography/hazmat/backends/openssl/x509name.py | 3 +++ 3 files changed, 6 insertions(+), 9 deletions(-) diff --git a/cryptography/hazmat/backends/openssl/ssl.py b/cryptography/hazmat/backends/openssl/ssl.py index e4192349..32ea2190 100644 --- a/cryptography/hazmat/backends/openssl/ssl.py +++ b/cryptography/hazmat/backends/openssl/ssl.py @@ -13,12 +13,6 @@ INCLUDES = """ #include - -/* - * Get some simpler definitions for some types used by later prototypes. - */ -typedef STACK_OF(X509) Cryptography_STACK_OF_X509; -typedef STACK_OF(X509_NAME) Cryptography_STACK_OF_X509_NAME; """ TYPES = """ @@ -116,9 +110,6 @@ static const int X509_V_OK; typedef ... SSL_METHOD; typedef ... SSL_CTX; -typedef ... Cryptography_STACK_OF_X509; -typedef ... Cryptography_STACK_OF_X509_NAME; - typedef struct { int master_key_length; unsigned char master_key[...]; diff --git a/cryptography/hazmat/backends/openssl/x509.py b/cryptography/hazmat/backends/openssl/x509.py index 632efb31..8f4f3a0b 100644 --- a/cryptography/hazmat/backends/openssl/x509.py +++ b/cryptography/hazmat/backends/openssl/x509.py @@ -13,6 +13,8 @@ INCLUDES = """ #include + +typedef STACK_OF(X509) Cryptography_STACK_OF_X509; """ TYPES = """ @@ -63,6 +65,7 @@ typedef struct { typedef ... X509_STORE; typedef ... NETSCAPE_SPKI; +typedef ... Cryptography_STACK_OF_X509; """ FUNCTIONS = """ diff --git a/cryptography/hazmat/backends/openssl/x509name.py b/cryptography/hazmat/backends/openssl/x509name.py index 0543e387..25638ab0 100644 --- a/cryptography/hazmat/backends/openssl/x509name.py +++ b/cryptography/hazmat/backends/openssl/x509name.py @@ -13,11 +13,14 @@ INCLUDES = """ #include + +typedef STACK_OF(X509_NAME) Cryptography_STACK_OF_X509_NAME; """ TYPES = """ typedef ... X509_NAME; typedef ... X509_NAME_ENTRY; +typedef ... Cryptography_STACK_OF_X509_NAME; """ FUNCTIONS = """ -- cgit v1.2.3 From b14472fdb3deae6525df4823376fb4add191eeb9 Mon Sep 17 00:00:00 2001 From: Jean-Paul Calderone Date: Sat, 28 Dec 2013 13:10:18 -0500 Subject: Switch other spellings of this type from `struct stack_st_X509` to `Cryptography_STACK_OF_X590` (and similar for X509_NAME) --- cryptography/hazmat/backends/openssl/pkcs12.py | 4 ++-- cryptography/hazmat/backends/openssl/x509.py | 10 +++++----- cryptography/hazmat/backends/openssl/x509name.py | 10 +++++----- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/cryptography/hazmat/backends/openssl/pkcs12.py b/cryptography/hazmat/backends/openssl/pkcs12.py index b3ecd0aa..bd01e756 100644 --- a/cryptography/hazmat/backends/openssl/pkcs12.py +++ b/cryptography/hazmat/backends/openssl/pkcs12.py @@ -28,9 +28,9 @@ int i2d_PKCS12_bio(BIO *, PKCS12 *); MACROS = """ int PKCS12_parse(PKCS12 *, const char *, EVP_PKEY **, X509 **, - struct stack_st_X509 **); + Cryptography_STACK_OF_X509 **); PKCS12 *PKCS12_create(char *, char *, EVP_PKEY *, X509 *, - struct stack_st_X509 *, int, int, int, int, int); + Cryptography_STACK_OF_X509 *, int, int, int, int, int); """ CUSTOMIZATIONS = """ diff --git a/cryptography/hazmat/backends/openssl/x509.py b/cryptography/hazmat/backends/openssl/x509.py index 8f4f3a0b..f0c84fd6 100644 --- a/cryptography/hazmat/backends/openssl/x509.py +++ b/cryptography/hazmat/backends/openssl/x509.py @@ -168,11 +168,11 @@ ASN1_TIME *X509_get_notAfter(X509 *); long X509_REQ_get_version(X509_REQ *); X509_NAME *X509_REQ_get_subject_name(X509_REQ *); -struct stack_st_X509 *sk_X509_new_null(void); -void sk_X509_free(struct stack_st_X509 *); -int sk_X509_num(struct stack_st_X509 *); -int sk_X509_push(struct stack_st_X509 *, X509 *); -X509 *sk_X509_value(struct stack_st_X509 *, int); +Cryptography_STACK_OF_X509 *sk_X509_new_null(void); +void sk_X509_free(Cryptography_STACK_OF_X509 *); +int sk_X509_num(Cryptography_STACK_OF_X509 *); +int sk_X509_push(Cryptography_STACK_OF_X509 *, X509 *); +X509 *sk_X509_value(Cryptography_STACK_OF_X509 *, int); X509_EXTENSIONS *sk_X509_EXTENSION_new_null(void); int sk_X509_EXTENSION_num(X509_EXTENSIONS *); diff --git a/cryptography/hazmat/backends/openssl/x509name.py b/cryptography/hazmat/backends/openssl/x509name.py index 25638ab0..a6f0a3c2 100644 --- a/cryptography/hazmat/backends/openssl/x509name.py +++ b/cryptography/hazmat/backends/openssl/x509name.py @@ -43,11 +43,11 @@ void X509_NAME_free(X509_NAME *); """ MACROS = """ -struct stack_st_X509_NAME *sk_X509_NAME_new_null(void); -int sk_X509_NAME_num(struct stack_st_X509_NAME *); -int sk_X509_NAME_push(struct stack_st_X509_NAME *, X509_NAME *); -X509_NAME *sk_X509_NAME_value(struct stack_st_X509_NAME *, int); -void sk_X509_NAME_free(struct stack_st_X509_NAME *); +Cryptography_STACK_OF_X509_NAME *sk_X509_NAME_new_null(void); +int sk_X509_NAME_num(Cryptography_STACK_OF_X509_NAME *); +int sk_X509_NAME_push(Cryptography_STACK_OF_X509_NAME *, X509_NAME *); +X509_NAME *sk_X509_NAME_value(Cryptography_STACK_OF_X509_NAME *, int); +void sk_X509_NAME_free(Cryptography_STACK_OF_X509_NAME *); """ CUSTOMIZATIONS = """ -- cgit v1.2.3 From ec79c43e9b6d35c9e715f3d0bf25a0cfd71fdc56 Mon Sep 17 00:00:00 2001 From: Jean-Paul Calderone Date: Sat, 28 Dec 2013 13:12:46 -0500 Subject: clean up the comments a bit --- cryptography/hazmat/backends/openssl/ssl.py | 8 -------- cryptography/hazmat/backends/openssl/x509.py | 7 +++++++ cryptography/hazmat/backends/openssl/x509name.py | 3 +++ 3 files changed, 10 insertions(+), 8 deletions(-) diff --git a/cryptography/hazmat/backends/openssl/ssl.py b/cryptography/hazmat/backends/openssl/ssl.py index 32ea2190..499e9c3a 100644 --- a/cryptography/hazmat/backends/openssl/ssl.py +++ b/cryptography/hazmat/backends/openssl/ssl.py @@ -158,11 +158,6 @@ int SSL_write(SSL *, const void *, int); int SSL_read(SSL *, void *, int); X509 *SSL_get_peer_certificate(const SSL *); -/* - * OpenSSL defines these with STACK_OF(...) but the STACK_OF macro does not - * play well with cffi. - */ - Cryptography_STACK_OF_X509 *SSL_get_peer_cert_chain(const SSL *); Cryptography_STACK_OF_X509_NAME *SSL_get_client_CA_list(const SSL *); @@ -195,9 +190,6 @@ void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *); X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *); int SSL_CTX_add_client_CA(SSL_CTX *, X509 *); -/* - * See comment above about STACK_OF(...) - */ void SSL_CTX_set_client_CA_list(SSL_CTX *, Cryptography_STACK_OF_X509_NAME *); diff --git a/cryptography/hazmat/backends/openssl/x509.py b/cryptography/hazmat/backends/openssl/x509.py index f0c84fd6..c83f5685 100644 --- a/cryptography/hazmat/backends/openssl/x509.py +++ b/cryptography/hazmat/backends/openssl/x509.py @@ -14,6 +14,13 @@ INCLUDES = """ #include +/* + * This is part of a work-around for the difficulty cffi has in dealing with + * `STACK_OF(foo)` as the name of a type. We invent a new, simpler name that + * will be an alias for this type and use the alias throughout. This works + * together with another opaque typedef for the same name in the TYPES section. + * Note that the result is an opaque type. + */ typedef STACK_OF(X509) Cryptography_STACK_OF_X509; """ diff --git a/cryptography/hazmat/backends/openssl/x509name.py b/cryptography/hazmat/backends/openssl/x509name.py index a6f0a3c2..bf627d61 100644 --- a/cryptography/hazmat/backends/openssl/x509name.py +++ b/cryptography/hazmat/backends/openssl/x509name.py @@ -14,6 +14,9 @@ INCLUDES = """ #include +/* + * See the comment above Cryptography_STACK_OF_X509 in x509.py + */ typedef STACK_OF(X509_NAME) Cryptography_STACK_OF_X509_NAME; """ -- cgit v1.2.3