Merge pull request #1151 from lvh/consolidate-x509-vfy
Consolidate x509_vfy
diff --git a/cryptography/hazmat/bindings/openssl/err.py b/cryptography/hazmat/bindings/openssl/err.py
index f97fd5d..8ed97d0 100644
--- a/cryptography/hazmat/bindings/openssl/err.py
+++ b/cryptography/hazmat/bindings/openssl/err.py
@@ -18,8 +18,6 @@
"""
TYPES = """
-static const long Cryptography_HAS_102_ERROR_CODES;
-static const long Cryptography_HAS_100_ERROR_CODES;
static const int Cryptography_HAS_REMOVE_THREAD_STATE;
static const int Cryptography_HAS_098H_ERROR_CODES;
static const int Cryptography_HAS_098C_CAMELLIA_CODES;
@@ -30,7 +28,6 @@
};
typedef struct ERR_string_data_st ERR_STRING_DATA;
-
static const int ERR_LIB_EVP;
static const int ERR_LIB_PEM;
static const int ERR_LIB_ASN1;
@@ -223,70 +220,6 @@
static const int RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY;
static const int RSA_R_BLOCK_TYPE_IS_NOT_01;
static const int RSA_R_BLOCK_TYPE_IS_NOT_02;
-
-static const int X509_V_OK;
-static const int X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT;
-static const int X509_V_ERR_UNABLE_TO_GET_CRL;
-static const int X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE;
-static const int X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE;
-static const int X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
-static const int X509_V_ERR_CERT_SIGNATURE_FAILURE;
-static const int X509_V_ERR_CRL_SIGNATURE_FAILURE;
-static const int X509_V_ERR_CERT_NOT_YET_VALID;
-static const int X509_V_ERR_CERT_HAS_EXPIRED;
-static const int X509_V_ERR_CRL_NOT_YET_VALID;
-static const int X509_V_ERR_CRL_HAS_EXPIRED;
-static const int X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD;
-static const int X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD;
-static const int X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD;
-static const int X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD;
-static const int X509_V_ERR_OUT_OF_MEM;
-static const int X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
-static const int X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN;
-static const int X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
-static const int X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE;
-static const int X509_V_ERR_CERT_CHAIN_TOO_LONG;
-static const int X509_V_ERR_CERT_REVOKED;
-static const int X509_V_ERR_INVALID_CA;
-static const int X509_V_ERR_PATH_LENGTH_EXCEEDED;
-static const int X509_V_ERR_INVALID_PURPOSE;
-static const int X509_V_ERR_CERT_UNTRUSTED;
-static const int X509_V_ERR_CERT_REJECTED;
-static const int X509_V_ERR_SUBJECT_ISSUER_MISMATCH;
-static const int X509_V_ERR_AKID_SKID_MISMATCH;
-static const int X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
-static const int X509_V_ERR_KEYUSAGE_NO_CERTSIGN;
-static const int X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER;
-static const int X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION;
-static const int X509_V_ERR_KEYUSAGE_NO_CRL_SIGN;
-static const int X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION;
-static const int X509_V_ERR_INVALID_NON_CA;
-static const int X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED;
-static const int X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE;
-static const int X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED;
-static const int X509_V_ERR_INVALID_EXTENSION;
-static const int X509_V_ERR_INVALID_POLICY_EXTENSION;
-static const int X509_V_ERR_NO_EXPLICIT_POLICY;
-static const int X509_V_ERR_DIFFERENT_CRL_SCOPE;
-static const int X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE;
-static const int X509_V_ERR_UNNESTED_RESOURCE;
-static const int X509_V_ERR_PERMITTED_VIOLATION;
-static const int X509_V_ERR_EXCLUDED_VIOLATION;
-static const int X509_V_ERR_SUBTREE_MINMAX;
-static const int X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE;
-static const int X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX;
-static const int X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
-static const int X509_V_ERR_CRL_PATH_VALIDATION_ERROR;
-static const int X509_V_ERR_SUITE_B_INVALID_VERSION;
-static const int X509_V_ERR_SUITE_B_INVALID_ALGORITHM;
-static const int X509_V_ERR_SUITE_B_INVALID_CURVE;
-static const int X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM;
-static const int X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED;
-static const int X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256;
-static const int X509_V_ERR_HOSTNAME_MISMATCH;
-static const int X509_V_ERR_EMAIL_MISMATCH;
-static const int X509_V_ERR_IP_ADDRESS_MISMATCH;
-static const int X509_V_ERR_APPLICATION_VERIFICATION;
"""
FUNCTIONS = """
@@ -343,38 +276,6 @@
"""
CUSTOMIZATIONS = """
-// OpenSSL 1.0.2+
-#if OPENSSL_VERSION_NUMBER >= 0x10002000L
-static const long Cryptography_HAS_102_ERROR_CODES = 1;
-#else
-static const long Cryptography_HAS_102_ERROR_CODES = 0;
-static const long X509_V_ERR_SUITE_B_INVALID_VERSION = 0;
-static const long X509_V_ERR_SUITE_B_INVALID_ALGORITHM = 0;
-static const long X509_V_ERR_SUITE_B_INVALID_CURVE = 0;
-static const long X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM = 0;
-static const long X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED = 0;
-static const long X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 = 0;
-static const long X509_V_ERR_HOSTNAME_MISMATCH = 0;
-static const long X509_V_ERR_EMAIL_MISMATCH = 0;
-static const long X509_V_ERR_IP_ADDRESS_MISMATCH = 0;
-#endif
-
-// OpenSSL 1.0.0+
-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
-static const long Cryptography_HAS_100_ERROR_CODES = 1;
-#else
-static const long Cryptography_HAS_100_ERROR_CODES = 0;
-static const long X509_V_ERR_DIFFERENT_CRL_SCOPE = 0;
-static const long X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE = 0;
-static const long X509_V_ERR_PERMITTED_VIOLATION = 0;
-static const long X509_V_ERR_EXCLUDED_VIOLATION = 0;
-static const long X509_V_ERR_SUBTREE_MINMAX = 0;
-static const long X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE = 0;
-static const long X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX = 0;
-static const long X509_V_ERR_UNSUPPORTED_NAME_SYNTAX = 0;
-static const long X509_V_ERR_CRL_PATH_VALIDATION_ERROR = 0;
-#endif
-
#if OPENSSL_VERSION_NUMBER >= 0x10000000L
static const long Cryptography_HAS_REMOVE_THREAD_STATE = 1;
#else
@@ -405,33 +306,9 @@
static const int EVP_F_CAMELLIA_INIT_KEY = 0;
static const int EVP_R_CAMELLIA_KEY_SETUP_FAILED = 0;
#endif
-
"""
CONDITIONAL_NAMES = {
- "Cryptography_HAS_102_ERROR_CODES": [
- 'X509_V_ERR_SUITE_B_INVALID_VERSION',
- 'X509_V_ERR_SUITE_B_INVALID_ALGORITHM',
- 'X509_V_ERR_SUITE_B_INVALID_CURVE',
- 'X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM',
- 'X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED',
- 'X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256',
- 'X509_V_ERR_HOSTNAME_MISMATCH',
- 'X509_V_ERR_EMAIL_MISMATCH',
- 'X509_V_ERR_IP_ADDRESS_MISMATCH'
- ],
- "Cryptography_HAS_100_ERROR_CODES": [
- 'X509_V_ERR_DIFFERENT_CRL_SCOPE',
- 'X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE',
- 'X509_V_ERR_UNNESTED_RESOURCE',
- 'X509_V_ERR_PERMITTED_VIOLATION',
- 'X509_V_ERR_EXCLUDED_VIOLATION',
- 'X509_V_ERR_SUBTREE_MINMAX',
- 'X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE',
- 'X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX',
- 'X509_V_ERR_UNSUPPORTED_NAME_SYNTAX',
- 'X509_V_ERR_CRL_PATH_VALIDATION_ERROR',
- ],
"Cryptography_HAS_REMOVE_THREAD_STATE": [
"ERR_remove_thread_state"
],
diff --git a/cryptography/hazmat/bindings/openssl/ssl.py b/cryptography/hazmat/bindings/openssl/ssl.py
index 79f13b6..018a141 100644
--- a/cryptography/hazmat/bindings/openssl/ssl.py
+++ b/cryptography/hazmat/bindings/openssl/ssl.py
@@ -127,7 +127,6 @@
static const long SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER;
static const long SSL_MODE_AUTO_RETRY;
static const long SSL3_RANDOM_SIZE;
-typedef ... X509_STORE_CTX;
typedef ... SSL_METHOD;
typedef struct ssl_st {
int version;
@@ -226,16 +225,6 @@
void SSL_CTX_set_client_CA_list(SSL_CTX *, Cryptography_STACK_OF_X509_NAME *);
-
-/* X509_STORE_CTX */
-int X509_STORE_CTX_get_error(X509_STORE_CTX *);
-void X509_STORE_CTX_set_error(X509_STORE_CTX *, int);
-int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *);
-X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *);
-int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *, int, void *);
-void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *, int);
-
-
/* SSL_SESSION */
void SSL_SESSION_free(SSL_SESSION *);
diff --git a/cryptography/hazmat/bindings/openssl/x509.py b/cryptography/hazmat/bindings/openssl/x509.py
index c0be306..3785cc6 100644
--- a/cryptography/hazmat/bindings/openssl/x509.py
+++ b/cryptography/hazmat/bindings/openssl/x509.py
@@ -76,7 +76,6 @@
...;
} X509;
-typedef ... X509_STORE;
typedef ... NETSCAPE_SPKI;
"""
@@ -166,12 +165,6 @@
ASN1_INTEGER *X509_get_serialNumber(X509 *);
int X509_set_serialNumber(X509 *, ASN1_INTEGER *);
-/* X509_STORE */
-X509_STORE *X509_STORE_new(void);
-void X509_STORE_free(X509_STORE *);
-int X509_STORE_add_cert(X509_STORE *, X509 *);
-int X509_verify_cert(X509_STORE_CTX *);
-
const char *X509_verify_cert_error_string(long);
const char *X509_get_default_cert_area(void);
diff --git a/cryptography/hazmat/bindings/openssl/x509_vfy.py b/cryptography/hazmat/bindings/openssl/x509_vfy.py
index a5dcb6a..031a522 100644
--- a/cryptography/hazmat/bindings/openssl/x509_vfy.py
+++ b/cryptography/hazmat/bindings/openssl/x509_vfy.py
@@ -28,17 +28,89 @@
TYPES = """
static const long Cryptography_HAS_X509_VERIFY_PARAM_SET_HOSTFLAGS;
+static const long Cryptography_HAS_102_VERIFICATION_ERROR_CODES;
static const long Cryptography_HAS_102_VERIFICATION_PARAMS;
static const long Cryptography_HAS_X509_V_FLAG_TRUSTED_FIRST;
+static const long Cryptography_HAS_100_VERIFICATION_ERROR_CODES;
static const long Cryptography_HAS_100_VERIFICATION_PARAMS;
static const long Cryptography_HAS_X509_V_FLAG_CHECK_SS_SIGNATURE;
typedef ... Cryptography_STACK_OF_ASN1_OBJECT;
+
+typedef ... X509_STORE;
+typedef ... X509_STORE_CTX;
typedef ... X509_VERIFY_PARAM;
/* While these are defined in the source as ints, they're tagged here
as longs, just in case they ever grow to large, such as what we saw
with OP_ALL. */
+
+// Verification error codes
+static const int X509_V_OK;
+static const int X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT;
+static const int X509_V_ERR_UNABLE_TO_GET_CRL;
+static const int X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE;
+static const int X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE;
+static const int X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
+static const int X509_V_ERR_CERT_SIGNATURE_FAILURE;
+static const int X509_V_ERR_CRL_SIGNATURE_FAILURE;
+static const int X509_V_ERR_CERT_NOT_YET_VALID;
+static const int X509_V_ERR_CERT_HAS_EXPIRED;
+static const int X509_V_ERR_CRL_NOT_YET_VALID;
+static const int X509_V_ERR_CRL_HAS_EXPIRED;
+static const int X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD;
+static const int X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD;
+static const int X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD;
+static const int X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD;
+static const int X509_V_ERR_OUT_OF_MEM;
+static const int X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
+static const int X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN;
+static const int X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
+static const int X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE;
+static const int X509_V_ERR_CERT_CHAIN_TOO_LONG;
+static const int X509_V_ERR_CERT_REVOKED;
+static const int X509_V_ERR_INVALID_CA;
+static const int X509_V_ERR_PATH_LENGTH_EXCEEDED;
+static const int X509_V_ERR_INVALID_PURPOSE;
+static const int X509_V_ERR_CERT_UNTRUSTED;
+static const int X509_V_ERR_CERT_REJECTED;
+static const int X509_V_ERR_SUBJECT_ISSUER_MISMATCH;
+static const int X509_V_ERR_AKID_SKID_MISMATCH;
+static const int X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
+static const int X509_V_ERR_KEYUSAGE_NO_CERTSIGN;
+static const int X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER;
+static const int X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION;
+static const int X509_V_ERR_KEYUSAGE_NO_CRL_SIGN;
+static const int X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION;
+static const int X509_V_ERR_INVALID_NON_CA;
+static const int X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED;
+static const int X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE;
+static const int X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED;
+static const int X509_V_ERR_INVALID_EXTENSION;
+static const int X509_V_ERR_INVALID_POLICY_EXTENSION;
+static const int X509_V_ERR_NO_EXPLICIT_POLICY;
+static const int X509_V_ERR_DIFFERENT_CRL_SCOPE;
+static const int X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE;
+static const int X509_V_ERR_UNNESTED_RESOURCE;
+static const int X509_V_ERR_PERMITTED_VIOLATION;
+static const int X509_V_ERR_EXCLUDED_VIOLATION;
+static const int X509_V_ERR_SUBTREE_MINMAX;
+static const int X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE;
+static const int X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX;
+static const int X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
+static const int X509_V_ERR_CRL_PATH_VALIDATION_ERROR;
+static const int X509_V_ERR_SUITE_B_INVALID_VERSION;
+static const int X509_V_ERR_SUITE_B_INVALID_ALGORITHM;
+static const int X509_V_ERR_SUITE_B_INVALID_CURVE;
+static const int X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM;
+static const int X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED;
+static const int X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256;
+static const int X509_V_ERR_HOSTNAME_MISMATCH;
+static const int X509_V_ERR_EMAIL_MISMATCH;
+static const int X509_V_ERR_IP_ADDRESS_MISMATCH;
+static const int X509_V_ERR_APPLICATION_VERIFICATION;
+
+// Verification parameters
static const long X509_V_FLAG_CB_ISSUER_CHECK;
static const long X509_V_FLAG_USE_CHECK_TIME;
static const long X509_V_FLAG_CRL_CHECK;
@@ -62,6 +134,22 @@
"""
FUNCTIONS = """
+int X509_verify_cert(X509_STORE_CTX *);
+
+// X509_STORE
+X509_STORE *X509_STORE_new(void);
+void X509_STORE_free(X509_STORE *);
+int X509_STORE_add_cert(X509_STORE *, X509 *);
+
+// X509_STORE_CTX
+int X509_STORE_CTX_get_error(X509_STORE_CTX *);
+void X509_STORE_CTX_set_error(X509_STORE_CTX *, int);
+int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *);
+X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *);
+int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *, int, void *);
+void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *, int);
+
+// X509_VERIFY_PARAM
X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void);
int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *, unsigned long);
int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *, unsigned long);
@@ -97,7 +185,23 @@
unsigned int) = NULL;
#endif
-// OpenSSL 1.0.2+
+// OpenSSL 1.0.2+ verification error codes
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L
+static const long Cryptography_HAS_102_VERIFICATION_ERROR_CODES = 1;
+#else
+static const long Cryptography_HAS_102_VERIFICATION_ERROR_CODES = 0;
+static const long X509_V_ERR_SUITE_B_INVALID_VERSION = 0;
+static const long X509_V_ERR_SUITE_B_INVALID_ALGORITHM = 0;
+static const long X509_V_ERR_SUITE_B_INVALID_CURVE = 0;
+static const long X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM = 0;
+static const long X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED = 0;
+static const long X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 = 0;
+static const long X509_V_ERR_HOSTNAME_MISMATCH = 0;
+static const long X509_V_ERR_EMAIL_MISMATCH = 0;
+static const long X509_V_ERR_IP_ADDRESS_MISMATCH = 0;
+#endif
+
+// OpenSSL 1.0.2+ verification parameters
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
static const long Cryptography_HAS_102_VERIFICATION_PARAMS = 1;
#else
@@ -125,7 +229,23 @@
static const long X509_V_FLAG_TRUSTED_FIRST = 0;
#endif
-// OpenSSL 1.0.0+
+// OpenSSL 1.0.0+ verification error codes
+#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+static const long Cryptography_HAS_100_VERIFICATION_ERROR_CODES = 1;
+#else
+static const long Cryptography_HAS_100_VERIFICATION_ERROR_CODES = 0;
+static const long X509_V_ERR_DIFFERENT_CRL_SCOPE = 0;
+static const long X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE = 0;
+static const long X509_V_ERR_PERMITTED_VIOLATION = 0;
+static const long X509_V_ERR_EXCLUDED_VIOLATION = 0;
+static const long X509_V_ERR_SUBTREE_MINMAX = 0;
+static const long X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE = 0;
+static const long X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX = 0;
+static const long X509_V_ERR_UNSUPPORTED_NAME_SYNTAX = 0;
+static const long X509_V_ERR_CRL_PATH_VALIDATION_ERROR = 0;
+#endif
+
+// OpenSSL 1.0.0+ verification parameters
#if OPENSSL_VERSION_NUMBER >= 0x10000000L
static const long Cryptography_HAS_100_VERIFICATION_PARAMS = 1;
#else
@@ -147,6 +267,17 @@
"Cryptography_HAS_X509_VERIFY_PARAM_SET_HOSTFLAGS": [
"X509_VERIFY_PARAM_set_hostflags",
],
+ "Cryptography_HAS_102_VERIFICATION_ERROR_CODES": [
+ 'X509_V_ERR_SUITE_B_INVALID_VERSION',
+ 'X509_V_ERR_SUITE_B_INVALID_ALGORITHM',
+ 'X509_V_ERR_SUITE_B_INVALID_CURVE',
+ 'X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM',
+ 'X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED',
+ 'X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256',
+ 'X509_V_ERR_HOSTNAME_MISMATCH',
+ 'X509_V_ERR_EMAIL_MISMATCH',
+ 'X509_V_ERR_IP_ADDRESS_MISMATCH'
+ ],
"Cryptography_HAS_102_VERIFICATION_PARAMS": [
"X509_V_FLAG_SUITEB_128_LOS_ONLY",
"X509_V_FLAG_SUITEB_192_LOS",
@@ -161,6 +292,18 @@
"Cryptography_HAS_X509_V_FLAG_TRUSTED_FIRST": [
"X509_V_FLAG_TRUSTED_FIRST",
],
+ "Cryptography_HAS_100_VERIFICATION_ERROR_CODES": [
+ 'X509_V_ERR_DIFFERENT_CRL_SCOPE',
+ 'X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE',
+ 'X509_V_ERR_UNNESTED_RESOURCE',
+ 'X509_V_ERR_PERMITTED_VIOLATION',
+ 'X509_V_ERR_EXCLUDED_VIOLATION',
+ 'X509_V_ERR_SUBTREE_MINMAX',
+ 'X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE',
+ 'X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX',
+ 'X509_V_ERR_UNSUPPORTED_NAME_SYNTAX',
+ 'X509_V_ERR_CRL_PATH_VALIDATION_ERROR',
+ ],
"Cryptography_HAS_100_VERIFICATION_PARAMS": [
"Cryptography_HAS_100_VERIFICATION_PARAMS",
"X509_V_FLAG_EXTENDED_CRL_SUPPORT",