diff options
| author | Laurens Van Houtven <_@lvh.cc> | 2014-06-18 13:03:23 +0200 |
|---|---|---|
| committer | Laurens Van Houtven <_@lvh.cc> | 2014-06-18 13:03:23 +0200 |
| commit | 25a0a09a9cc80f42c6259450bb7149c4b3321282 (patch) | |
| tree | c9894c9b60ca95e7ec63ba0c5c062eec9dac136f | |
| parent | 9a31bf95bb94bfc14c56f18145c4c280ac71a4f8 (diff) | |
| download | cryptography-25a0a09a9cc80f42c6259450bb7149c4b3321282.tar.gz cryptography-25a0a09a9cc80f42c6259450bb7149c4b3321282.tar.bz2 cryptography-25a0a09a9cc80f42c6259450bb7149c4b3321282.zip | |
Conditionally add X509_V_FLAG_TRUSTED_FIRST
| -rw-r--r-- | cryptography/hazmat/bindings/openssl/x509_vfy.py | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/cryptography/hazmat/bindings/openssl/x509_vfy.py b/cryptography/hazmat/bindings/openssl/x509_vfy.py index 4db3da1d..2e782c56 100644 --- a/cryptography/hazmat/bindings/openssl/x509_vfy.py +++ b/cryptography/hazmat/bindings/openssl/x509_vfy.py @@ -29,6 +29,7 @@ typedef STACK_OF(ASN1_OBJECT) Cryptography_STACK_OF_ASN1_OBJECT; TYPES = """ static const long Cryptography_HAS_X509_VERIFY_PARAM_SET_HOSTFLAGS; static const long Cryptography_HAS_102_VERIFICATION_PARAMS; +static const long Cryptography_HAS_X509_V_FLAG_TRUSTED_FIRST; static const long Cryptography_HAS_100_VERIFICATION_PARAMS; static const long Cryptography_HAS_X509_V_FLAG_CHECK_SS_SIGNATURE; @@ -101,6 +102,7 @@ void (*X509_VERIFY_PARAM_set_hostflags)(X509_VERIFY_PARAM *, static const long Cryptography_HAS_102_VERIFICATION_PARAMS = 1; #else static const long Cryptography_HAS_102_VERIFICATION_PARAMS = 0; +// X509_V_FLAG_TRUSTED_FIRST is also new in 1.0.2, but added separately below static const long X509_V_FLAG_TRUSTED_FIRST = 0; static const long X509_V_FLAG_SUITEB_128_LOS_ONLY = 0; static const long X509_V_FLAG_SUITEB_192_LOS = 0; @@ -116,6 +118,14 @@ int (*X509_VERIFY_PARAM_set1_ip)(X509_VERIFY_PARAM *, const unsigned char *, int (*X509_VERIFY_PARAM_set1_ip_asc)(X509_VERIFY_PARAM *, const char *) = NULL; #endif +// Ope/nSSL 1.0.2+, *or* Fedora 20's flavor of OpenSSL 1.0.1e... +#ifdef X509_V_FLAG_TRUSTED_FIRST +static const long Cryptography_HAS_X509_V_FLAG_TRUSTED_FIRST = 1; +#else +static const long Cryptography_HAS_X509_V_FLAG_TRUSTED_FIRST = 0; +static const long X509_V_FLAG_TRUSTED_FIRST = 0; +#endif + // OpenSSL 1.0.0+ #if OPENSSL_VERSION_NUMBER >= 0x10000000L static const long Cryptography_HAS_100_VERIFICATION_PARAMS = 1; @@ -139,7 +149,6 @@ CONDITIONAL_NAMES = { "X509_VERIFY_PARAM_set_hostflags", ], "Cryptography_HAS_102_VERIFICATION_PARAMS": [ - "X509_V_FLAG_TRUSTED_FIRST", "X509_V_FLAG_SUITEB_128_LOS_ONLY", "X509_V_FLAG_SUITEB_192_LOS", "X509_V_FLAG_SUITEB_128_LOS", @@ -150,6 +159,9 @@ CONDITIONAL_NAMES = { "X509_VERIFY_PARAM_set1_ip", "X509_VERIFY_PARAM_set1_ip_asc", ], + "Cryptography_HAS_X509_V_FLAG_TRUSTED_FIRST": [ + "X509_V_FLAG_TRUSTED_FIRST", + ], "Cryptography_HAS_100_VERIFICATION_PARAMS": [ "Cryptography_HAS_100_VERIFICATION_PARAMS", "X509_V_FLAG_EXTENDED_CRL_SUPPORT", |