From b4e47f87c0d7240f072af26e8ccb40657110be5d Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Wed, 9 Mar 2016 21:03:46 -0400
Subject: opaque X509_EXTENSION

---
 src/_cffi_src/openssl/x509.py                           | 6 +-----
 src/cryptography/hazmat/backends/openssl/decode_asn1.py | 9 ++++++---
 2 files changed, 7 insertions(+), 8 deletions(-)

(limited to 'src')

diff --git a/src/_cffi_src/openssl/x509.py b/src/_cffi_src/openssl/x509.py
index c5eb600a..112f4ed2 100644
--- a/src/_cffi_src/openssl/x509.py
+++ b/src/_cffi_src/openssl/x509.py
@@ -36,11 +36,7 @@ typedef struct {
     ...;
 } X509_CINF;
 
-typedef struct {
-    ASN1_OBJECT *object;
-    ASN1_BOOLEAN critical;
-    ASN1_OCTET_STRING *value;
-} X509_EXTENSION;
+typedef ... X509_EXTENSION;
 
 typedef ... X509_EXTENSIONS;
 typedef ... X509_REQ_INFO;
diff --git a/src/cryptography/hazmat/backends/openssl/decode_asn1.py b/src/cryptography/hazmat/backends/openssl/decode_asn1.py
index 5f828c6b..140d3de4 100644
--- a/src/cryptography/hazmat/backends/openssl/decode_asn1.py
+++ b/src/cryptography/hazmat/backends/openssl/decode_asn1.py
@@ -198,7 +198,9 @@ class _X509ExtensionParser(object):
             backend.openssl_assert(ext != backend._ffi.NULL)
             crit = backend._lib.X509_EXTENSION_get_critical(ext)
             critical = crit == 1
-            oid = x509.ObjectIdentifier(_obj2txt(backend, ext.object))
+            oid = x509.ObjectIdentifier(
+                _obj2txt(backend, backend._lib.X509_EXTENSION_get_object(ext))
+            )
             if oid in seen_oids:
                 raise x509.DuplicateExtension(
                     "Duplicate {0} extension found".format(oid), oid
@@ -652,9 +654,10 @@ def _decode_cert_issuer(backend, ext):
     """
 
     data_ptr_ptr = backend._ffi.new("const unsigned char **")
-    data_ptr_ptr[0] = ext.value.data
+    value = backend._lib.X509_EXTENSION_get_data(ext)
+    data_ptr_ptr[0] = value.data
     gns = backend._lib.d2i_GENERAL_NAMES(
-        backend._ffi.NULL, data_ptr_ptr, ext.value.length
+        backend._ffi.NULL, data_ptr_ptr, value.length
     )
 
     # Check the result of d2i_GENERAL_NAMES() is valid. Usually this is covered
-- 
cgit v1.2.3


From 8de767ed8b4197483b7a2abcef1e9746545e9fd1 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Thu, 10 Mar 2016 21:10:13 -0400
Subject: deopaque X509_EXTENSION so we can keep moving on 1.1.0 support

---
 src/_cffi_src/openssl/x509.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/_cffi_src/openssl/x509.py b/src/_cffi_src/openssl/x509.py
index 112f4ed2..4cdc8274 100644
--- a/src/_cffi_src/openssl/x509.py
+++ b/src/_cffi_src/openssl/x509.py
@@ -36,7 +36,13 @@ typedef struct {
     ...;
 } X509_CINF;
 
-typedef ... X509_EXTENSION;
+/* TODO: opaque X509_EXTENSION. Cryptography no longer depends on it being
+   non-opaque but pyOpenSSL needs a release where it doesn't depend on this */
+typedef struct {
+    ASN1_OBJECT *object;
+    ASN1_BOOLEAN critical;
+    ASN1_OCTET_STRING *value;
+} X509_EXTENSION;
 
 typedef ... X509_EXTENSIONS;
 typedef ... X509_REQ_INFO;
-- 
cgit v1.2.3