diff options
author | Kai Engert <kaie@kuix.de> | 2018-10-10 17:23:54 +0200 |
---|---|---|
committer | Alex Gaynor <alex.gaynor@gmail.com> | 2018-10-10 11:23:54 -0400 |
commit | ef18e61594572e7f1f479d66c68dfbdfd9b49859 (patch) | |
tree | 22648ac9af7c2c08ce8b9ae133f052a51994520e /src/_cffi_src/openssl/ssl.py | |
parent | 838bc4a95cd2d027fc5c165c07e8ac1039dd7192 (diff) | |
download | cryptography-ef18e61594572e7f1f479d66c68dfbdfd9b49859.tar.gz cryptography-ef18e61594572e7f1f479d66c68dfbdfd9b49859.tar.bz2 cryptography-ef18e61594572e7f1f479d66c68dfbdfd9b49859.zip |
Add definitions that help with hostname checking (#4492)
* Add definitions for SSL_get0_param and X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS
* remove unnecessary parameter name
* Add version conditionals and more flags
* extend cryptography_has_102_verification_params
* X509_CHECK_FLAG_NEVER_CHECK_SUBJECT only available with openssl 1.1.0+
* add missing declaration
Diffstat (limited to 'src/_cffi_src/openssl/ssl.py')
-rw-r--r-- | src/_cffi_src/openssl/ssl.py | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/src/_cffi_src/openssl/ssl.py b/src/_cffi_src/openssl/ssl.py index 2e32b8f3..f9481af1 100644 --- a/src/_cffi_src/openssl/ssl.py +++ b/src/_cffi_src/openssl/ssl.py @@ -185,6 +185,9 @@ X509 *SSL_get_certificate(const SSL *); X509 *SSL_get_peer_certificate(const SSL *); int SSL_get_ex_data_X509_STORE_CTX_idx(void); +/* Added in 1.0.2 */ +X509_VERIFY_PARAM *SSL_get0_param(SSL *); + int SSL_use_certificate(SSL *, X509 *); int SSL_use_certificate_ASN1(SSL *, const unsigned char *, int); int SSL_use_certificate_file(SSL *, const char *, int); @@ -620,6 +623,12 @@ static const long Cryptography_HAS_SSL_OP_NO_TICKET = 1; static const long Cryptography_HAS_SSL_SET_SSL_CTX = 1; static const long Cryptography_HAS_NEXTPROTONEG = 1; +/* SSL_get0_param was added in OpenSSL 1.0.2. */ +#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER +X509_VERIFY_PARAM *(*SSL_get0_param)(SSL *) = NULL; +#else +#endif + /* ALPN was added in OpenSSL 1.0.2. */ #if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 && !CRYPTOGRAPHY_IS_LIBRESSL int (*SSL_CTX_set_alpn_protos)(SSL_CTX *, |