simplify a bit - just try tackling one problem at a time. and add some more typedefs that maybe should help (still broken though)
diff --git a/cryptography/hazmat/backends/openssl/ssl.py b/cryptography/hazmat/backends/openssl/ssl.py
index 7a1219b..071ec50 100644
--- a/cryptography/hazmat/backends/openssl/ssl.py
+++ b/cryptography/hazmat/backends/openssl/ssl.py
@@ -110,6 +110,8 @@
typedef ... SSL_METHOD;
typedef ... SSL_CTX;
+typedef ... Cryptography_STACK_OF_X509;
+
typedef struct {
int master_key_length;
unsigned char master_key[...];
@@ -158,11 +160,13 @@
int SSL_read(SSL *, void *, int);
X509 *SSL_get_peer_certificate(const SSL *);
-/* OpenSSL defines these with STACK_OF(...) instead stack_st_... of but the
- * STACK_OF macro does not play well with cffi.
+/*
+ * OpenSSL defines these with STACK_OF(...) but the STACK_OF macro does not
+ * play well with cffi.
*/
-struct stack_st_X509 *SSL_get_peer_cert_chain(const SSL *);
-struct stack_st_X509_NAME *SSL_get_client_CA_list(const SSL *s);
+
+Cryptography_STACK_OF_X509 *SSL_get_peer_cert_chain(const SSL *);
+// Cryptography_STACK_OF_X509_NAME *SSL_get_client_CA_list(const SSL *);
int SSL_get_error(const SSL *, int);
int SSL_do_handshake(SSL *);
@@ -193,9 +197,10 @@
X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *);
int SSL_CTX_add_client_CA(SSL_CTX *, X509 *);
-/* See comment above about STACK_OF(...) vs stack_st_...
+/*
+ * See comment above about STACK_OF(...) vs stack_st_...
*/
-void SSL_CTX_set_client_CA_list(SSL_CTX *, struct stack_st_X509_NAME *);
+// void SSL_CTX_set_client_CA_list(SSL_CTX *, Cryptography_STACK_OF_X509_NAME *);
/* X509_STORE_CTX */
@@ -298,6 +303,11 @@
static const long Cryptography_HAS_OP_NO_COMPRESSION = 0;
const long SSL_OP_NO_COMPRESSION = 0;
#endif
+
+/*
+ * Get some simpler definitions for some types used by later prototypes.
+ */
+typedef STACK_OF(X509) Cryptography_STACK_OF_X509;
"""
CONDITIONAL_NAMES = {