From 10a81a93b5b9a77a3022eaf4e24d28fa6e3fca0e Mon Sep 17 00:00:00 2001 From: Maximilian Hils Date: Tue, 25 Aug 2015 20:57:35 +0200 Subject: add set_cert_cb --- src/_cffi_src/openssl/ssl.py | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'src/_cffi_src') diff --git a/src/_cffi_src/openssl/ssl.py b/src/_cffi_src/openssl/ssl.py index 7a7968a1..798fcb16 100644 --- a/src/_cffi_src/openssl/ssl.py +++ b/src/_cffi_src/openssl/ssl.py @@ -45,6 +45,7 @@ static const long Cryptography_HAS_SSL_OP_NO_TICKET; static const long Cryptography_HAS_NETBSD_D1_METH; static const long Cryptography_HAS_NEXTPROTONEG; static const long Cryptography_HAS_ALPN; +static const long Cryptography_HAS_SET_CERT_CB; static const long SSL_FILETYPE_PEM; static const long SSL_FILETYPE_ASN1; @@ -406,6 +407,12 @@ void SSL_CTX_set_alpn_select_cb(SSL_CTX *, void SSL_get0_alpn_selected(const SSL *, const unsigned char **, unsigned *); long SSL_get_server_tmp_key(SSL *, EVP_PKEY **); + +/* SSL_CTX_set_cert_cb is introduced in OpenSSL 1.0.2. To continue to support + * earlier versions some special handling of these is necessary. + */ +void SSL_CTX_set_cert_cb(SSL_CTX *, int (*)(SSL *, void *), void *); +void SSL_set_cert_cb(SSL *, int (*)(SSL *, void *), void *); """ CUSTOMIZATIONS = """ @@ -609,6 +616,16 @@ static const long Cryptography_HAS_ALPN = 0; static const long Cryptography_HAS_ALPN = 1; #endif +/* SSL_CTX_set_cert_cb was added in OpenSSL 1.0.2. */ +#if OPENSSL_VERSION_NUMBER < 0x10002001L || defined(LIBRESSL_VERSION_NUMBER) +void (*SSL_CTX_set_cert_cb)(SSL_CTX *, int (*)(SSL *, void *), void *) = NULL; +void (*SSL_set_cert_cb)(SSL *, int (*)(SSL *, void *), void *) = NULL; +static const long Cryptography_HAS_SET_CERT_CB = 0; +#else +static const long Cryptography_HAS_SET_CERT_CB = 1; +#endif + + #if defined(OPENSSL_NO_COMP) || defined(LIBRESSL_VERSION_NUMBER) static const long Cryptography_HAS_COMPRESSION = 0; typedef void COMP_METHOD; -- cgit v1.2.3 From aad39497b8fd352dff4342d41d3eb69b0225dc10 Mon Sep 17 00:00:00 2001 From: Terry Chia Date: Fri, 28 Aug 2015 23:15:47 +0800 Subject: Add SSL_renegotiate binding. --- src/_cffi_src/openssl/ssl.py | 1 + 1 file changed, 1 insertion(+) (limited to 'src/_cffi_src') diff --git a/src/_cffi_src/openssl/ssl.py b/src/_cffi_src/openssl/ssl.py index 798fcb16..f14aaba7 100644 --- a/src/_cffi_src/openssl/ssl.py +++ b/src/_cffi_src/openssl/ssl.py @@ -205,6 +205,7 @@ Cryptography_STACK_OF_X509_NAME *SSL_get_client_CA_list(const SSL *); int SSL_get_error(const SSL *, int); int SSL_do_handshake(SSL *); int SSL_shutdown(SSL *); +int SSL_renegotiate(SSL *); const char *SSL_get_cipher_list(const SSL *, int); Cryptography_STACK_OF_SSL_CIPHER *SSL_get_ciphers(const SSL *); -- cgit v1.2.3 From c6a73cb16f00889b53d368359059141d75a26be0 Mon Sep 17 00:00:00 2001 From: kjav Date: Fri, 28 Aug 2015 16:44:16 +0100 Subject: Added bindings for SSL_renegotiate_ --- src/_cffi_src/openssl/ssl.py | 2 ++ 1 file changed, 2 insertions(+) (limited to 'src/_cffi_src') diff --git a/src/_cffi_src/openssl/ssl.py b/src/_cffi_src/openssl/ssl.py index f14aaba7..a5423552 100644 --- a/src/_cffi_src/openssl/ssl.py +++ b/src/_cffi_src/openssl/ssl.py @@ -206,6 +206,8 @@ int SSL_get_error(const SSL *, int); int SSL_do_handshake(SSL *); int SSL_shutdown(SSL *); int SSL_renegotiate(SSL *); +int SSL_renegotiate_abbreviated(SSL *); +int SSL_renegotiate_pending(SSL *); const char *SSL_get_cipher_list(const SSL *, int); Cryptography_STACK_OF_SSL_CIPHER *SSL_get_ciphers(const SSL *); -- cgit v1.2.3 From 729abcf1d552fd215aad864152d227d11580e0c7 Mon Sep 17 00:00:00 2001 From: kjav Date: Fri, 28 Aug 2015 16:54:22 +0100 Subject: Removed SSL_renegotiate_abbreviated binding As this is not supported in OpenSSL < 1.01 --- src/_cffi_src/openssl/ssl.py | 1 - 1 file changed, 1 deletion(-) (limited to 'src/_cffi_src') diff --git a/src/_cffi_src/openssl/ssl.py b/src/_cffi_src/openssl/ssl.py index a5423552..ccabb872 100644 --- a/src/_cffi_src/openssl/ssl.py +++ b/src/_cffi_src/openssl/ssl.py @@ -206,7 +206,6 @@ int SSL_get_error(const SSL *, int); int SSL_do_handshake(SSL *); int SSL_shutdown(SSL *); int SSL_renegotiate(SSL *); -int SSL_renegotiate_abbreviated(SSL *); int SSL_renegotiate_pending(SSL *); const char *SSL_get_cipher_list(const SSL *, int); Cryptography_STACK_OF_SSL_CIPHER *SSL_get_ciphers(const SSL *); -- cgit v1.2.3 From 1055431497ded70c1ef766ea7e543e6c4bc4f0da Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sat, 29 Aug 2015 15:47:53 -0500 Subject: add support for static linking of the openssl backend on OS X --- src/_cffi_src/build_openssl.py | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) (limited to 'src/_cffi_src') diff --git a/src/_cffi_src/build_openssl.py b/src/_cffi_src/build_openssl.py index 6a5bf2da..bd8cf73e 100644 --- a/src/_cffi_src/build_openssl.py +++ b/src/_cffi_src/build_openssl.py @@ -4,6 +4,7 @@ from __future__ import absolute_import, division, print_function +import os import sys from _cffi_src.utils import build_ffi_for_binding, extra_link_args @@ -11,15 +12,27 @@ from _cffi_src.utils import build_ffi_for_binding, extra_link_args def _get_openssl_libraries(platform): # OpenSSL goes by a different library name on different operating systems. - if platform != "win32": + if platform == "darwin": + return _osx_libraries( + os.environ.get("CRYPTOGRAPHY_BUILD_STATIC", None) + ) + elif platform == "win32": + return ["libeay32", "ssleay32", "advapi32", + "crypt32", "gdi32", "user32", "ws2_32"] + else: # In some circumstances, the order in which these libs are # specified on the linker command-line is significant; # libssl must come before libcrypto # (http://marc.info/?l=openssl-users&m=135361825921871) return ["ssl", "crypto"] + + +def _osx_libraries(build_static): + # For building statically we don't want to pass the -lssl or -lcrypto flags + if build_static == "1": + return [] else: - return ["libeay32", "ssleay32", "advapi32", - "crypt32", "gdi32", "user32", "ws2_32"] + return ["ssl", "crypto"] _OSX_PRE_INCLUDE = """ -- cgit v1.2.3 From 7539dcb6e424e27f6bb270571b9410bd6ad36aac Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sat, 29 Aug 2015 21:00:54 -0500 Subject: no need for None --- src/_cffi_src/build_openssl.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/_cffi_src') diff --git a/src/_cffi_src/build_openssl.py b/src/_cffi_src/build_openssl.py index bd8cf73e..49d7464c 100644 --- a/src/_cffi_src/build_openssl.py +++ b/src/_cffi_src/build_openssl.py @@ -14,7 +14,7 @@ def _get_openssl_libraries(platform): # OpenSSL goes by a different library name on different operating systems. if platform == "darwin": return _osx_libraries( - os.environ.get("CRYPTOGRAPHY_BUILD_STATIC", None) + os.environ.get("CRYPTOGRAPHY_BUILD_STATIC") ) elif platform == "win32": return ["libeay32", "ssleay32", "advapi32", -- cgit v1.2.3 From 7402cf1c676ffb7ba48d6e90227bb4b1397af12d Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Mon, 31 Aug 2015 12:34:30 -0500 Subject: rename env var to CRYPTOGRAPHY_OSX_NO_LINK_FLAGS --- src/_cffi_src/build_openssl.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/_cffi_src') diff --git a/src/_cffi_src/build_openssl.py b/src/_cffi_src/build_openssl.py index 49d7464c..defa69d3 100644 --- a/src/_cffi_src/build_openssl.py +++ b/src/_cffi_src/build_openssl.py @@ -14,7 +14,7 @@ def _get_openssl_libraries(platform): # OpenSSL goes by a different library name on different operating systems. if platform == "darwin": return _osx_libraries( - os.environ.get("CRYPTOGRAPHY_BUILD_STATIC") + os.environ.get("CRYPTOGRAPHY_OSX_NO_LINK_FLAGS") ) elif platform == "win32": return ["libeay32", "ssleay32", "advapi32", -- cgit v1.2.3