diff options
| author | Cory Benfield <lukasaoz@gmail.com> | 2014-03-27 21:46:01 +0000 |
|---|---|---|
| committer | Cory Benfield <lukasaoz@gmail.com> | 2014-03-28 13:11:51 +0000 |
| commit | 73ea1ff1ab250b53360d7c59058820d554cfaf72 (patch) | |
| tree | ab3665fd967701637249d684739759e3a49596b8 | |
| parent | 3d5d6471b10e5f46eb8b40a9a41eb16e657d25b8 (diff) | |
| download | cryptography-73ea1ff1ab250b53360d7c59058820d554cfaf72.tar.gz cryptography-73ea1ff1ab250b53360d7c59058820d554cfaf72.tar.bz2 cryptography-73ea1ff1ab250b53360d7c59058820d554cfaf72.zip | |
Add NPN functions.
| -rw-r--r-- | cryptography/hazmat/bindings/openssl/ssl.py | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/cryptography/hazmat/bindings/openssl/ssl.py b/cryptography/hazmat/bindings/openssl/ssl.py index eb1f018b..a6169598 100644 --- a/cryptography/hazmat/bindings/openssl/ssl.py +++ b/cryptography/hazmat/bindings/openssl/ssl.py @@ -42,6 +42,7 @@ static const long Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING; static const long Cryptography_HAS_SSL_SET_SSL_CTX; static const long Cryptography_HAS_SSL_OP_NO_TICKET; static const long Cryptography_HAS_NETBSD_D1_METH; +static const long Cryptography_HAS_NEXTPROTONEG; static const long SSL_FILETYPE_PEM; static const long SSL_FILETYPE_ASN1; @@ -320,6 +321,29 @@ void (*SSL_CTX_get_info_callback(SSL_CTX *))(const SSL *, int, int); SSL_CTX *SSL_set_SSL_CTX(SSL *, SSL_CTX *); const SSL_METHOD* Cryptography_SSL_CTX_get_method(const SSL_CTX*); + +/* NPN APIs were introduced in OpenSSL 1.0.1. To continue to support earlier + * versions some special handling of these is necessary. + */ +void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *, + int (*) (SSL *, + const unsigned char **, + unsigned int *, + void *), + void *); +void SSL_CTX_set_next_proto_select_cb(SSL_CTX *, + int (*) (SSL *, + unsigned char **, + unsigned char *, + const unsigned char *, + unsigned int, + void *), + void *); +int SSL_select_next_proto(unsigned char **, unsigned char *, + const unsigned char *, unsigned int, + const unsigned char *, unsigned int); +void SSL_get0_next_proto_negotiated(const SSL *, + const unsigned char **, unsigned *); """ CUSTOMIZATIONS = """ @@ -426,6 +450,37 @@ static const long Cryptography_HAS_NETBSD_D1_METH = 1; const SSL_METHOD* Cryptography_SSL_CTX_get_method(const SSL_CTX* ctx) { return ctx->method; } + +/* Because OPENSSL defines macros that claim lack of support for things, rather + * than macros that claim support for things, we need to do a version check in + * addition to a definition check. NPN was added in 1.0.1: for any version + * before that, there is no compatibility. + */ +#if defined(OPENSSL_NO_NEXTPROTONEG) || OPENSSL_VERSION_NUMBER < 0x1000100fL +static const long Cryptography_HAS_NEXTPROTONEG = 0; +void (*SSL_CTX_set_next_protos_advertised_cb)(SSL_CTX *, + int (*)(SSL *, + const unsigned char **, + unsigned int *, + void *), + void *) = NULL; +void (*SSL_CTX_set_next_proto_select_cb)(SSL_CTX *, + int (*)(SSL *, + unsigned char **, + unsigned char *, + const unsigned char *, + unsigned int, + void *), + void *) = NULL; +int (*SSL_select_next_proto)(unsigned char **, unsigned char *, + const unsigned char *, unsigned int, + const unsigned char *, unsigned int) = NULL; +void (*SSL_get0_next_proto_negotiated)(const SSL *, + const unsigned char **, + unsigned *) = NULL; +#else +static const long Cryptography_HAS_NEXTPROTONEG = 1; +#endif """ CONDITIONAL_NAMES = { @@ -483,4 +538,11 @@ CONDITIONAL_NAMES = { "Cryptography_HAS_NETBSD_D1_METH": [ "DTLSv1_method", ], + + "Cryptography_HAS_NEXTPROTONEG": [ + "SSL_CTX_set_next_protos_advertised_cb", + "SSL_CTX_set_next_proto_select_cb", + "SSL_select_next_proto", + "SSL_get0_next_proto_negotiated", + ] } |