From 94626eac2f6b35626048090feab7b006eaec9c76 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Thu, 23 Apr 2015 08:00:07 -0500
Subject: some initial OCSP bindings

---
 src/cryptography/hazmat/bindings/openssl/ssl.py | 30 +++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/src/cryptography/hazmat/bindings/openssl/ssl.py b/src/cryptography/hazmat/bindings/openssl/ssl.py
index 6161a9d1..8359c05d 100644
--- a/src/cryptography/hazmat/bindings/openssl/ssl.py
+++ b/src/cryptography/hazmat/bindings/openssl/ssl.py
@@ -20,6 +20,8 @@ static const long Cryptography_HAS_TLSv1_1;
 static const long Cryptography_HAS_TLSv1_2;
 static const long Cryptography_HAS_SECURE_RENEGOTIATION;
 static const long Cryptography_HAS_COMPRESSION;
+static const long Cryptography_HAS_TLSEXT_STATUS_REQ_CB;
+static const long Cryptography_HAS_STATUS_REQ_OCSP_RESP;
 
 /* Internally invented symbol to tell us if SNI is supported */
 static const long Cryptography_HAS_TLSEXT_HOSTNAME;
@@ -315,6 +317,12 @@ void SSL_CTX_set_tlsext_servername_callback(
     SSL_CTX *,
     int (*)(const SSL *, int *, void *));
 
+/* These were added in OpenSSL 0.9.8h, but since version testing in OpenSSL
+   is fraught with peril thanks to OS distributions we check some constants
+   to determine if they are supported or not */
+long SSL_set_tlsext_status_ocsp_resp(SSL *, unsigned char *, int);
+long SSL_CTX_set_tlsext_status_cb(SSL_CTX *, int(*)(SSL *, void *));
+
 long SSL_session_reused(SSL *);
 
 /* The following were macros in 0.9.8e. Once we drop support for RHEL/CentOS 5
@@ -410,6 +418,20 @@ void (*SSL_CTX_set_tlsext_servername_callback)(
     int (*)(const SSL *, int *, void *)) = NULL;
 #endif
 
+#ifdef SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB
+static const long Cryptography_HAS_TLSEXT_STATUS_REQ_CB = 1;
+#else
+static const long Cryptography_HAS_TLSEXT_STATUS_REQ_CB = 0;
+long (*SSL_CTX_set_tlsext_status_cb)(SSL_CTX *, int(*)(SSL *, void *)) = NULL;
+#endif
+
+#ifdef SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP
+static const long Cryptography_HAS_STATUS_REQ_OCSP_RESP = 1;
+#else
+static const long Cryptography_HAS_STATUS_REQ_OCSP_RESP = 0;
+long (*SSL_set_tlsext_status_ocsp_resp)(SSL *, unsigned char *, int) = NULL;
+#endif
+
 #ifdef SSL_MODE_RELEASE_BUFFERS
 static const long Cryptography_HAS_RELEASE_BUFFERS = 1;
 #else
@@ -588,6 +610,14 @@ CONDITIONAL_NAMES = {
         "SSL_CTX_set_tlsext_servername_callback",
     ],
 
+    "Cryptography_HAS_TLSEXT_STATUS_REQ_CB": [
+        "SSL_CTX_set_tlsext_status_cb",
+    ],
+
+    "Cryptography_HAS_STATUS_REQ_OCSP_RESP": [
+        "SSL_set_tlsext_status_ocsp_resp",
+    ],
+
     "Cryptography_HAS_RELEASE_BUFFERS": [
         "SSL_MODE_RELEASE_BUFFERS",
     ],
-- 
cgit v1.2.3