diff options
| -rw-r--r-- | cryptography/hazmat/backends/openssl/ssl.py | 8 | ||||
| -rw-r--r-- | cryptography/hazmat/backends/openssl/x509.py | 7 | ||||
| -rw-r--r-- | cryptography/hazmat/backends/openssl/x509name.py | 3 |
3 files changed, 10 insertions, 8 deletions
diff --git a/cryptography/hazmat/backends/openssl/ssl.py b/cryptography/hazmat/backends/openssl/ssl.py index 32ea2190..499e9c3a 100644 --- a/cryptography/hazmat/backends/openssl/ssl.py +++ b/cryptography/hazmat/backends/openssl/ssl.py @@ -158,11 +158,6 @@ int SSL_write(SSL *, const void *, int); int SSL_read(SSL *, void *, int); X509 *SSL_get_peer_certificate(const SSL *); -/* - * OpenSSL defines these with STACK_OF(...) but the STACK_OF macro does not - * play well with cffi. - */ - Cryptography_STACK_OF_X509 *SSL_get_peer_cert_chain(const SSL *); Cryptography_STACK_OF_X509_NAME *SSL_get_client_CA_list(const SSL *); @@ -195,9 +190,6 @@ void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *); X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *); int SSL_CTX_add_client_CA(SSL_CTX *, X509 *); -/* - * See comment above about STACK_OF(...) - */ void SSL_CTX_set_client_CA_list(SSL_CTX *, Cryptography_STACK_OF_X509_NAME *); diff --git a/cryptography/hazmat/backends/openssl/x509.py b/cryptography/hazmat/backends/openssl/x509.py index f0c84fd6..c83f5685 100644 --- a/cryptography/hazmat/backends/openssl/x509.py +++ b/cryptography/hazmat/backends/openssl/x509.py @@ -14,6 +14,13 @@ INCLUDES = """ #include <openssl/ssl.h> +/* + * This is part of a work-around for the difficulty cffi has in dealing with + * `STACK_OF(foo)` as the name of a type. We invent a new, simpler name that + * will be an alias for this type and use the alias throughout. This works + * together with another opaque typedef for the same name in the TYPES section. + * Note that the result is an opaque type. + */ typedef STACK_OF(X509) Cryptography_STACK_OF_X509; """ diff --git a/cryptography/hazmat/backends/openssl/x509name.py b/cryptography/hazmat/backends/openssl/x509name.py index a6f0a3c2..bf627d61 100644 --- a/cryptography/hazmat/backends/openssl/x509name.py +++ b/cryptography/hazmat/backends/openssl/x509name.py @@ -14,6 +14,9 @@ INCLUDES = """ #include <openssl/x509.h> +/* + * See the comment above Cryptography_STACK_OF_X509 in x509.py + */ typedef STACK_OF(X509_NAME) Cryptography_STACK_OF_X509_NAME; """ |