From 25a0a09a9cc80f42c6259450bb7149c4b3321282 Mon Sep 17 00:00:00 2001 From: Laurens Van Houtven <_@lvh.cc> Date: Wed, 18 Jun 2014 13:03:23 +0200 Subject: Conditionally add X509_V_FLAG_TRUSTED_FIRST --- cryptography/hazmat/bindings/openssl/x509_vfy.py | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/cryptography/hazmat/bindings/openssl/x509_vfy.py b/cryptography/hazmat/bindings/openssl/x509_vfy.py index 4db3da1d..2e782c56 100644 --- a/cryptography/hazmat/bindings/openssl/x509_vfy.py +++ b/cryptography/hazmat/bindings/openssl/x509_vfy.py @@ -29,6 +29,7 @@ typedef STACK_OF(ASN1_OBJECT) Cryptography_STACK_OF_ASN1_OBJECT; TYPES = """ static const long Cryptography_HAS_X509_VERIFY_PARAM_SET_HOSTFLAGS; static const long Cryptography_HAS_102_VERIFICATION_PARAMS; +static const long Cryptography_HAS_X509_V_FLAG_TRUSTED_FIRST; static const long Cryptography_HAS_100_VERIFICATION_PARAMS; static const long Cryptography_HAS_X509_V_FLAG_CHECK_SS_SIGNATURE; @@ -101,6 +102,7 @@ void (*X509_VERIFY_PARAM_set_hostflags)(X509_VERIFY_PARAM *, static const long Cryptography_HAS_102_VERIFICATION_PARAMS = 1; #else static const long Cryptography_HAS_102_VERIFICATION_PARAMS = 0; +// X509_V_FLAG_TRUSTED_FIRST is also new in 1.0.2, but added separately below static const long X509_V_FLAG_TRUSTED_FIRST = 0; static const long X509_V_FLAG_SUITEB_128_LOS_ONLY = 0; static const long X509_V_FLAG_SUITEB_192_LOS = 0; @@ -116,6 +118,14 @@ int (*X509_VERIFY_PARAM_set1_ip)(X509_VERIFY_PARAM *, const unsigned char *, int (*X509_VERIFY_PARAM_set1_ip_asc)(X509_VERIFY_PARAM *, const char *) = NULL; #endif +// Ope/nSSL 1.0.2+, *or* Fedora 20's flavor of OpenSSL 1.0.1e... +#ifdef X509_V_FLAG_TRUSTED_FIRST +static const long Cryptography_HAS_X509_V_FLAG_TRUSTED_FIRST = 1; +#else +static const long Cryptography_HAS_X509_V_FLAG_TRUSTED_FIRST = 0; +static const long X509_V_FLAG_TRUSTED_FIRST = 0; +#endif + // OpenSSL 1.0.0+ #if OPENSSL_VERSION_NUMBER >= 0x10000000L static const long Cryptography_HAS_100_VERIFICATION_PARAMS = 1; @@ -139,7 +149,6 @@ CONDITIONAL_NAMES = { "X509_VERIFY_PARAM_set_hostflags", ], "Cryptography_HAS_102_VERIFICATION_PARAMS": [ - "X509_V_FLAG_TRUSTED_FIRST", "X509_V_FLAG_SUITEB_128_LOS_ONLY", "X509_V_FLAG_SUITEB_192_LOS", "X509_V_FLAG_SUITEB_128_LOS", @@ -150,6 +159,9 @@ CONDITIONAL_NAMES = { "X509_VERIFY_PARAM_set1_ip", "X509_VERIFY_PARAM_set1_ip_asc", ], + "Cryptography_HAS_X509_V_FLAG_TRUSTED_FIRST": [ + "X509_V_FLAG_TRUSTED_FIRST", + ], "Cryptography_HAS_100_VERIFICATION_PARAMS": [ "Cryptography_HAS_100_VERIFICATION_PARAMS", "X509_V_FLAG_EXTENDED_CRL_SUPPORT", -- cgit v1.2.3 From ee1c58383e27b4567d3caa66ea29c58c87827874 Mon Sep 17 00:00:00 2001 From: Laurens Van Houtven <_@lvh.cc> Date: Wed, 18 Jun 2014 13:29:04 +0200 Subject: Remove spurious constant definition --- cryptography/hazmat/bindings/openssl/x509_vfy.py | 1 - 1 file changed, 1 deletion(-) diff --git a/cryptography/hazmat/bindings/openssl/x509_vfy.py b/cryptography/hazmat/bindings/openssl/x509_vfy.py index 2e782c56..ba7bbba5 100644 --- a/cryptography/hazmat/bindings/openssl/x509_vfy.py +++ b/cryptography/hazmat/bindings/openssl/x509_vfy.py @@ -103,7 +103,6 @@ static const long Cryptography_HAS_102_VERIFICATION_PARAMS = 1; #else static const long Cryptography_HAS_102_VERIFICATION_PARAMS = 0; // X509_V_FLAG_TRUSTED_FIRST is also new in 1.0.2, but added separately below -static const long X509_V_FLAG_TRUSTED_FIRST = 0; static const long X509_V_FLAG_SUITEB_128_LOS_ONLY = 0; static const long X509_V_FLAG_SUITEB_192_LOS = 0; static const long X509_V_FLAG_SUITEB_128_LOS = 0; -- cgit v1.2.3 From 17c8af235a8b7abdddf24735b816e48654de7912 Mon Sep 17 00:00:00 2001 From: Laurens Van Houtven <_@lvh.cc> Date: Wed, 18 Jun 2014 13:29:21 +0200 Subject: Fix comment typo --- cryptography/hazmat/bindings/openssl/x509_vfy.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cryptography/hazmat/bindings/openssl/x509_vfy.py b/cryptography/hazmat/bindings/openssl/x509_vfy.py index ba7bbba5..a5dcb6a7 100644 --- a/cryptography/hazmat/bindings/openssl/x509_vfy.py +++ b/cryptography/hazmat/bindings/openssl/x509_vfy.py @@ -117,7 +117,7 @@ int (*X509_VERIFY_PARAM_set1_ip)(X509_VERIFY_PARAM *, const unsigned char *, int (*X509_VERIFY_PARAM_set1_ip_asc)(X509_VERIFY_PARAM *, const char *) = NULL; #endif -// Ope/nSSL 1.0.2+, *or* Fedora 20's flavor of OpenSSL 1.0.1e... +// OpenSSL 1.0.2+, *or* Fedora 20's flavor of OpenSSL 1.0.1e... #ifdef X509_V_FLAG_TRUSTED_FIRST static const long Cryptography_HAS_X509_V_FLAG_TRUSTED_FIRST = 1; #else -- cgit v1.2.3