From 28e935c23d10a31e4f44d14140f8d6e302292bb3 Mon Sep 17 00:00:00 2001 From: Laurens Van Houtven <_@lvh.cc> Date: Fri, 20 Jun 2014 15:12:23 +0200 Subject: Add STACK_OF(X509_CRL) --- cryptography/hazmat/bindings/openssl/x509.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/cryptography/hazmat/bindings/openssl/x509.py b/cryptography/hazmat/bindings/openssl/x509.py index 3785cc61..cf38df32 100644 --- a/cryptography/hazmat/bindings/openssl/x509.py +++ b/cryptography/hazmat/bindings/openssl/x509.py @@ -24,11 +24,13 @@ INCLUDES = """ * Note that the result is an opaque type. */ typedef STACK_OF(X509) Cryptography_STACK_OF_X509; +typedef STACK_OF(X509_CRL) Cryptography_STACK_OF_X509_CRL; typedef STACK_OF(X509_REVOKED) Cryptography_STACK_OF_X509_REVOKED; """ TYPES = """ typedef ... Cryptography_STACK_OF_X509; +typedef ... Cryptography_STACK_OF_X509_CRL; typedef ... Cryptography_STACK_OF_X509_REVOKED; typedef struct { -- cgit v1.2.3 From f87dabbfd932b90100d2e72f1f25a04cffdcfedd Mon Sep 17 00:00:00 2001 From: Laurens Van Houtven <_@lvh.cc> Date: Fri, 20 Jun 2014 15:27:41 +0200 Subject: Add many (all?) X509_STORE_CTX methods --- cryptography/hazmat/bindings/openssl/x509_vfy.py | 31 ++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/cryptography/hazmat/bindings/openssl/x509_vfy.py b/cryptography/hazmat/bindings/openssl/x509_vfy.py index 031a5227..148ab991 100644 --- a/cryptography/hazmat/bindings/openssl/x509_vfy.py +++ b/cryptography/hazmat/bindings/openssl/x509_vfy.py @@ -33,6 +33,7 @@ static const long Cryptography_HAS_102_VERIFICATION_PARAMS; static const long Cryptography_HAS_X509_V_FLAG_TRUSTED_FIRST; static const long Cryptography_HAS_100_VERIFICATION_ERROR_CODES; static const long Cryptography_HAS_100_VERIFICATION_PARAMS; +static const long Cryptography_HAS_X509_STORE_CTX_SET0_CRLS; static const long Cryptography_HAS_X509_V_FLAG_CHECK_SS_SIGNATURE; typedef ... Cryptography_STACK_OF_ASN1_OBJECT; @@ -142,6 +143,22 @@ void X509_STORE_free(X509_STORE *); int X509_STORE_add_cert(X509_STORE *, X509 *); // X509_STORE_CTX +X509_STORE_CTX *X509_STORE_CTX_new(void); +void X509_STORE_CTX_cleanup(X509_STORE_CTX *); +void X509_STORE_CTX_free(X509_STORE_CTX *); +int X509_STORE_CTX_init(X509_STORE_CTX *, X509_STORE *, X509 *, + Cryptography_STACK_OF_X509 *); +void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *, Cryptography_STACK_OF_X509 *); +void X509_STORE_CTX_set_cert(X509_STORE_CTX *, X509 *); +void X509_STORE_CTX_set_chain(X509_STORE_CTX *,Cryptography_STACK_OF_X509 *); +// X509_STORE_CTX_set0_crls is defined below: not always available. +X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *); +void X509_STORE_CTX_set0_param(X509_STORE_CTX *, X509_VERIFY_PARAM *); +int X509_STORE_CTX_set_default(X509_STORE_CTX *, const char *); +void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *, + int (*)(int, X509_STORE_CTX *)) +Cryptography_STACK_OF_X509 *X509_STORE_CTX_get_chain(X509_STORE_CTX *); +Cryptography_STACK_OF_X509 *X509_STORE_CTX_get1_chain(X509_STORE_CTX *); int X509_STORE_CTX_get_error(X509_STORE_CTX *); void X509_STORE_CTX_set_error(X509_STORE_CTX *, int); int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *); @@ -165,6 +182,11 @@ int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *); """ MACROS = """ +// X509_STORE_CTX +void X509_STORE_CTX_set0_crls(X509_STORE_CTX *, + Cryptography_STACK_OF_X509_CRL *); + +// X509_VERIFY_PARAM int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *, const unsigned char *, size_t); void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *, unsigned int); @@ -254,6 +276,15 @@ static const long X509_V_FLAG_EXTENDED_CRL_SUPPORT = 0; static const long X509_V_FLAG_USE_DELTAS = 0; #endif +// X509_STORE_CTX_set0_crls was allegedly introduced in OpenSSL 1.0.0+ +#ifdef X509_STORE_CTX_set0_crls +static const long Cryptography_HAS_X509_STORE_CTX_SET0_CRLS = 1; +#else +static const long Cryptography_HAS_X509_STORE_CTX_SET0_CRLS = 0; +void (*X509_STORE_CTX_set0_crls)(X509_STORE_CTX *, + _Cryptography_STACK_OF_X509_CRL *) = NULL; +#endif + // OpenSSL 0.9.8recent+ #ifdef X509_V_FLAG_CHECK_SS_SIGNATURE static const long Cryptography_HAS_X509_V_FLAG_CHECK_SS_SIGNATURE = 1; -- cgit v1.2.3 From 21d31051a77a93b2473e9c137f5eb3028d965d58 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sat, 21 Jun 2014 17:02:31 -0600 Subject: a few fixes,, remove unneeded conditional on binding --- cryptography/hazmat/bindings/openssl/x509_vfy.py | 16 +++------------- 1 file changed, 3 insertions(+), 13 deletions(-) diff --git a/cryptography/hazmat/bindings/openssl/x509_vfy.py b/cryptography/hazmat/bindings/openssl/x509_vfy.py index 148ab991..ed35b1bc 100644 --- a/cryptography/hazmat/bindings/openssl/x509_vfy.py +++ b/cryptography/hazmat/bindings/openssl/x509_vfy.py @@ -33,7 +33,6 @@ static const long Cryptography_HAS_102_VERIFICATION_PARAMS; static const long Cryptography_HAS_X509_V_FLAG_TRUSTED_FIRST; static const long Cryptography_HAS_100_VERIFICATION_ERROR_CODES; static const long Cryptography_HAS_100_VERIFICATION_PARAMS; -static const long Cryptography_HAS_X509_STORE_CTX_SET0_CRLS; static const long Cryptography_HAS_X509_V_FLAG_CHECK_SS_SIGNATURE; typedef ... Cryptography_STACK_OF_ASN1_OBJECT; @@ -148,15 +147,15 @@ void X509_STORE_CTX_cleanup(X509_STORE_CTX *); void X509_STORE_CTX_free(X509_STORE_CTX *); int X509_STORE_CTX_init(X509_STORE_CTX *, X509_STORE *, X509 *, Cryptography_STACK_OF_X509 *); -void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *, Cryptography_STACK_OF_X509 *); +void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *, + Cryptography_STACK_OF_X509 *); void X509_STORE_CTX_set_cert(X509_STORE_CTX *, X509 *); void X509_STORE_CTX_set_chain(X509_STORE_CTX *,Cryptography_STACK_OF_X509 *); -// X509_STORE_CTX_set0_crls is defined below: not always available. X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *); void X509_STORE_CTX_set0_param(X509_STORE_CTX *, X509_VERIFY_PARAM *); int X509_STORE_CTX_set_default(X509_STORE_CTX *, const char *); void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *, - int (*)(int, X509_STORE_CTX *)) + int (*)(int, X509_STORE_CTX *)); Cryptography_STACK_OF_X509 *X509_STORE_CTX_get_chain(X509_STORE_CTX *); Cryptography_STACK_OF_X509 *X509_STORE_CTX_get1_chain(X509_STORE_CTX *); int X509_STORE_CTX_get_error(X509_STORE_CTX *); @@ -276,15 +275,6 @@ static const long X509_V_FLAG_EXTENDED_CRL_SUPPORT = 0; static const long X509_V_FLAG_USE_DELTAS = 0; #endif -// X509_STORE_CTX_set0_crls was allegedly introduced in OpenSSL 1.0.0+ -#ifdef X509_STORE_CTX_set0_crls -static const long Cryptography_HAS_X509_STORE_CTX_SET0_CRLS = 1; -#else -static const long Cryptography_HAS_X509_STORE_CTX_SET0_CRLS = 0; -void (*X509_STORE_CTX_set0_crls)(X509_STORE_CTX *, - _Cryptography_STACK_OF_X509_CRL *) = NULL; -#endif - // OpenSSL 0.9.8recent+ #ifdef X509_V_FLAG_CHECK_SS_SIGNATURE static const long Cryptography_HAS_X509_V_FLAG_CHECK_SS_SIGNATURE = 1; -- cgit v1.2.3