diff options
| author | Cory Benfield <lukasaoz@gmail.com> | 2014-06-07 11:23:07 +0100 |
|---|---|---|
| committer | Cory Benfield <lukasaoz@gmail.com> | 2014-06-07 11:29:30 +0100 |
| commit | 424c0e97e227a2d8e483821a9ed54f929db2285c (patch) | |
| tree | c2f625e6851934baab24299bda1018bcacfe35fe | |
| parent | a5f37b2a41654d49ccac0bd7f772137226a58097 (diff) | |
| download | cryptography-424c0e97e227a2d8e483821a9ed54f929db2285c.tar.gz cryptography-424c0e97e227a2d8e483821a9ed54f929db2285c.tar.bz2 cryptography-424c0e97e227a2d8e483821a9ed54f929db2285c.zip | |
Add ALPN support.
| -rw-r--r-- | cryptography/hazmat/bindings/openssl/ssl.py | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/cryptography/hazmat/bindings/openssl/ssl.py b/cryptography/hazmat/bindings/openssl/ssl.py index 94b96d98..ab453d03 100644 --- a/cryptography/hazmat/bindings/openssl/ssl.py +++ b/cryptography/hazmat/bindings/openssl/ssl.py @@ -46,6 +46,7 @@ static const long Cryptography_HAS_SSL_SET_SSL_CTX; static const long Cryptography_HAS_SSL_OP_NO_TICKET; static const long Cryptography_HAS_NETBSD_D1_METH; static const long Cryptography_HAS_NEXTPROTONEG; +static const long Cryptography_HAS_ALPN; static const long SSL_FILETYPE_PEM; static const long SSL_FILETYPE_ASN1; @@ -367,6 +368,21 @@ void SSL_get0_next_proto_negotiated(const SSL *, int sk_SSL_CIPHER_num(Cryptography_STACK_OF_SSL_CIPHER *); SSL_CIPHER *sk_SSL_CIPHER_value(Cryptography_STACK_OF_SSL_CIPHER *, int); + +/* ALPN APIs were introduced in OpenSSL 1.0.2. To continue to support earlier + * versions some special handling of these is necessary. + */ +int SSL_CTX_set_alpn_protos(SSL_CTX *, const unsigned char*, unsigned); +int SSL_set_alpn_protos(SSL *, const unsigned char*, unsigned); +void SSL_CTX_set_alpn_select_cb(SSL_CTX*, + int (*) (SSL *, + const unsigned char **, + unsigned char *, + const unsigned char *, + unsigned int, + void *), + void *); +void SSL_get0_alpn_selected(const SSL *, const unsigned char **, unsigned *); """ CUSTOMIZATIONS = """ @@ -515,6 +531,28 @@ void (*SSL_get0_next_proto_negotiated)(const SSL *, #else static const long Cryptography_HAS_NEXTPROTONEG = 1; #endif + +// ALPN was added in OpenSSL 1.0.2. +#if OPENSSL_VERSION_NUMBER < 0x10002001L +int (*SSL_CTX_set_alpn_protos)(SSL_CTX *, + const unsigned char*, + unsigned) = NULL; +int (*SSL_set_alpn_protos)(SSL *, const unsigned char*, unsigned) = NULL; +void (*SSL_CTX_set_alpn_select_cb)(SSL_CTX*, + int (*) (SSL *, + const unsigned char **, + unsigned char *, + const unsigned char *, + unsigned int, + void *), + void *) = NULL; +void (*SSL_get0_alpn_selected)(const SSL *, + const unsigned char **, + unsigned *) = NULL; +static const long Cryptography_HAS_ALPN = 0; +#else +static const long Cryptography_HAS_ALPN = 1; +#endif """ CONDITIONAL_NAMES = { @@ -585,4 +623,11 @@ CONDITIONAL_NAMES = { "SSL_OP_LEGACY_SERVER_CONNECT", "SSL_get_secure_renegotiation_support", ], + + "Cryptography_HAS_ALPN": [ + "SSL_CTX_set_alpn_protos", + "SSL_set_alpn_protos", + "SSL_CTX_set_alpn_select_cb", + "SSL_get0_alpn_selected", + ] } |