diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-04-23 08:00:07 -0500 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-04-24 08:08:57 -0500 |
| commit | 94626eac2f6b35626048090feab7b006eaec9c76 (patch) | |
| tree | 3949293ee5c77a6fd5851562ced748c0c66f2fb5 | |
| parent | 6abe5674f23e9173350385862ea2da5c4a43d3c4 (diff) | |
| download | cryptography-94626eac2f6b35626048090feab7b006eaec9c76.tar.gz cryptography-94626eac2f6b35626048090feab7b006eaec9c76.tar.bz2 cryptography-94626eac2f6b35626048090feab7b006eaec9c76.zip | |
some initial OCSP bindings
| -rw-r--r-- | src/cryptography/hazmat/bindings/openssl/ssl.py | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/src/cryptography/hazmat/bindings/openssl/ssl.py b/src/cryptography/hazmat/bindings/openssl/ssl.py index 6161a9d1..8359c05d 100644 --- a/src/cryptography/hazmat/bindings/openssl/ssl.py +++ b/src/cryptography/hazmat/bindings/openssl/ssl.py @@ -20,6 +20,8 @@ static const long Cryptography_HAS_TLSv1_1; static const long Cryptography_HAS_TLSv1_2; static const long Cryptography_HAS_SECURE_RENEGOTIATION; static const long Cryptography_HAS_COMPRESSION; +static const long Cryptography_HAS_TLSEXT_STATUS_REQ_CB; +static const long Cryptography_HAS_STATUS_REQ_OCSP_RESP; /* Internally invented symbol to tell us if SNI is supported */ static const long Cryptography_HAS_TLSEXT_HOSTNAME; @@ -315,6 +317,12 @@ void SSL_CTX_set_tlsext_servername_callback( SSL_CTX *, int (*)(const SSL *, int *, void *)); +/* These were added in OpenSSL 0.9.8h, but since version testing in OpenSSL + is fraught with peril thanks to OS distributions we check some constants + to determine if they are supported or not */ +long SSL_set_tlsext_status_ocsp_resp(SSL *, unsigned char *, int); +long SSL_CTX_set_tlsext_status_cb(SSL_CTX *, int(*)(SSL *, void *)); + long SSL_session_reused(SSL *); /* The following were macros in 0.9.8e. Once we drop support for RHEL/CentOS 5 @@ -410,6 +418,20 @@ void (*SSL_CTX_set_tlsext_servername_callback)( int (*)(const SSL *, int *, void *)) = NULL; #endif +#ifdef SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB +static const long Cryptography_HAS_TLSEXT_STATUS_REQ_CB = 1; +#else +static const long Cryptography_HAS_TLSEXT_STATUS_REQ_CB = 0; +long (*SSL_CTX_set_tlsext_status_cb)(SSL_CTX *, int(*)(SSL *, void *)) = NULL; +#endif + +#ifdef SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP +static const long Cryptography_HAS_STATUS_REQ_OCSP_RESP = 1; +#else +static const long Cryptography_HAS_STATUS_REQ_OCSP_RESP = 0; +long (*SSL_set_tlsext_status_ocsp_resp)(SSL *, unsigned char *, int) = NULL; +#endif + #ifdef SSL_MODE_RELEASE_BUFFERS static const long Cryptography_HAS_RELEASE_BUFFERS = 1; #else @@ -588,6 +610,14 @@ CONDITIONAL_NAMES = { "SSL_CTX_set_tlsext_servername_callback", ], + "Cryptography_HAS_TLSEXT_STATUS_REQ_CB": [ + "SSL_CTX_set_tlsext_status_cb", + ], + + "Cryptography_HAS_STATUS_REQ_OCSP_RESP": [ + "SSL_set_tlsext_status_ocsp_resp", + ], + "Cryptography_HAS_RELEASE_BUFFERS": [ "SSL_MODE_RELEASE_BUFFERS", ], |