From 2beccafe22c87a7b3feb6672aaa88d7b7f3a9fb1 Mon Sep 17 00:00:00 2001
From: David Benjamin <davidben@davidben.net>
Date: Fri, 12 Jan 2018 21:32:29 +0100
Subject: Use the real X509_REVOKED_dup when available. (#4080)

This avoids reaching into the ASN1_ITEM mess if not necessary.
---
 src/_cffi_src/openssl/x509.py | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'src/_cffi_src/openssl')

diff --git a/src/_cffi_src/openssl/x509.py b/src/_cffi_src/openssl/x509.py
index 394c37c5..ea7b84b6 100644
--- a/src/_cffi_src/openssl/x509.py
+++ b/src/_cffi_src/openssl/x509.py
@@ -376,7 +376,11 @@ int i2d_re_X509_tbs(X509 *x, unsigned char **pp)
    IMPLEMENT_ASN1_DUP_FUNCTION. The below is the equivalent so we have
    it available on all OpenSSLs. */
 X509_REVOKED *Cryptography_X509_REVOKED_dup(X509_REVOKED *rev) {
+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_102
     return ASN1_item_dup(ASN1_ITEM_rptr(X509_REVOKED), rev);
+#else
+    return X509_REVOKED_dup(rev);
+#endif
 }
 
 /* Added in 1.1.0 but we need it in all versions now due to the great
-- 
cgit v1.2.3