From ef18e61594572e7f1f479d66c68dfbdfd9b49859 Mon Sep 17 00:00:00 2001
From: Kai Engert <kaie@kuix.de>
Date: Wed, 10 Oct 2018 17:23:54 +0200
Subject: Add definitions that help with hostname checking (#4492)

* Add definitions for SSL_get0_param and X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS

* remove unnecessary parameter name

* Add version conditionals and more flags

* extend cryptography_has_102_verification_params

* X509_CHECK_FLAG_NEVER_CHECK_SUBJECT only available with openssl 1.1.0+

* add missing declaration
---
 src/_cffi_src/openssl/ssl.py | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'src/_cffi_src/openssl/ssl.py')

diff --git a/src/_cffi_src/openssl/ssl.py b/src/_cffi_src/openssl/ssl.py
index 2e32b8f3..f9481af1 100644
--- a/src/_cffi_src/openssl/ssl.py
+++ b/src/_cffi_src/openssl/ssl.py
@@ -185,6 +185,9 @@ X509 *SSL_get_certificate(const SSL *);
 X509 *SSL_get_peer_certificate(const SSL *);
 int SSL_get_ex_data_X509_STORE_CTX_idx(void);
 
+/* Added in 1.0.2 */
+X509_VERIFY_PARAM *SSL_get0_param(SSL *);
+
 int SSL_use_certificate(SSL *, X509 *);
 int SSL_use_certificate_ASN1(SSL *, const unsigned char *, int);
 int SSL_use_certificate_file(SSL *, const char *, int);
@@ -620,6 +623,12 @@ static const long Cryptography_HAS_SSL_OP_NO_TICKET = 1;
 static const long Cryptography_HAS_SSL_SET_SSL_CTX = 1;
 static const long Cryptography_HAS_NEXTPROTONEG = 1;
 
+/* SSL_get0_param was added in OpenSSL 1.0.2. */
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER
+X509_VERIFY_PARAM *(*SSL_get0_param)(SSL *) = NULL;
+#else
+#endif
+
 /* ALPN was added in OpenSSL 1.0.2. */
 #if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 && !CRYPTOGRAPHY_IS_LIBRESSL
 int (*SSL_CTX_set_alpn_protos)(SSL_CTX *,
-- 
cgit v1.2.3