diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2014-03-28 14:32:55 -0500 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2014-03-28 14:32:55 -0500 |
| commit | a32dfdeaca5aaf0cdc85ac1064e3f6b452d9aa6f (patch) | |
| tree | 5697d4b6ac5f85f4082db5fedc08491a00a405d9 | |
| parent | 84468273d1bd0fd7646cc06fa37acedb2b00825f (diff) | |
| parent | 9341ddca88aebdd04f07adfefaa2ef8133ce2bca (diff) | |
| download | cryptography-a32dfdeaca5aaf0cdc85ac1064e3f6b452d9aa6f.tar.gz cryptography-a32dfdeaca5aaf0cdc85ac1064e3f6b452d9aa6f.tar.bz2 cryptography-a32dfdeaca5aaf0cdc85ac1064e3f6b452d9aa6f.zip | |
Merge pull request #857 from Lukasa/master
Add Next Protocol Negotiation functions for OpenSSL
| -rw-r--r-- | cryptography/hazmat/bindings/openssl/ssl.py | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/cryptography/hazmat/bindings/openssl/ssl.py b/cryptography/hazmat/bindings/openssl/ssl.py index eb1f018b..ad102769 100644 --- a/cryptography/hazmat/bindings/openssl/ssl.py +++ b/cryptography/hazmat/bindings/openssl/ssl.py @@ -42,6 +42,7 @@ static const long Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING; static const long Cryptography_HAS_SSL_SET_SSL_CTX; static const long Cryptography_HAS_SSL_OP_NO_TICKET; static const long Cryptography_HAS_NETBSD_D1_METH; +static const long Cryptography_HAS_NEXTPROTONEG; static const long SSL_FILETYPE_PEM; static const long SSL_FILETYPE_ASN1; @@ -320,6 +321,29 @@ void (*SSL_CTX_get_info_callback(SSL_CTX *))(const SSL *, int, int); SSL_CTX *SSL_set_SSL_CTX(SSL *, SSL_CTX *); const SSL_METHOD* Cryptography_SSL_CTX_get_method(const SSL_CTX*); + +/* NPN APIs were introduced in OpenSSL 1.0.1. To continue to support earlier + * versions some special handling of these is necessary. + */ +void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *, + int (*)(SSL *, + const unsigned char **, + unsigned int *, + void *), + void *); +void SSL_CTX_set_next_proto_select_cb(SSL_CTX *, + int (*)(SSL *, + unsigned char **, + unsigned char *, + const unsigned char *, + unsigned int, + void *), + void *); +int SSL_select_next_proto(unsigned char **, unsigned char *, + const unsigned char *, unsigned int, + const unsigned char *, unsigned int); +void SSL_get0_next_proto_negotiated(const SSL *, + const unsigned char **, unsigned *); """ CUSTOMIZATIONS = """ @@ -426,6 +450,37 @@ static const long Cryptography_HAS_NETBSD_D1_METH = 1; const SSL_METHOD* Cryptography_SSL_CTX_get_method(const SSL_CTX* ctx) { return ctx->method; } + +/* Because OPENSSL defines macros that claim lack of support for things, rather + * than macros that claim support for things, we need to do a version check in + * addition to a definition check. NPN was added in 1.0.1: for any version + * before that, there is no compatibility. + */ +#if defined(OPENSSL_NO_NEXTPROTONEG) || OPENSSL_VERSION_NUMBER < 0x1000100fL +static const long Cryptography_HAS_NEXTPROTONEG = 0; +void (*SSL_CTX_set_next_protos_advertised_cb)(SSL_CTX *, + int (*)(SSL *, + const unsigned char **, + unsigned int *, + void *), + void *) = NULL; +void (*SSL_CTX_set_next_proto_select_cb)(SSL_CTX *, + int (*)(SSL *, + unsigned char **, + unsigned char *, + const unsigned char *, + unsigned int, + void *), + void *) = NULL; +int (*SSL_select_next_proto)(unsigned char **, unsigned char *, + const unsigned char *, unsigned int, + const unsigned char *, unsigned int) = NULL; +void (*SSL_get0_next_proto_negotiated)(const SSL *, + const unsigned char **, + unsigned *) = NULL; +#else +static const long Cryptography_HAS_NEXTPROTONEG = 1; +#endif """ CONDITIONAL_NAMES = { @@ -483,4 +538,11 @@ CONDITIONAL_NAMES = { "Cryptography_HAS_NETBSD_D1_METH": [ "DTLSv1_method", ], + + "Cryptography_HAS_NEXTPROTONEG": [ + "SSL_CTX_set_next_protos_advertised_cb", + "SSL_CTX_set_next_proto_select_cb", + "SSL_select_next_proto", + "SSL_get0_next_proto_negotiated", + ] } |