Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cryptography / 7921375c6a8f1d3bd32ecd4c0ba9be0682c5a57a^1..7921375c6a8f1d3bd32ecd4c0ba9be0682c5a57a / .
commit7921375c6a8f1d3bd32ecd4c0ba9be0682c5a57a[log] [tgz]
authorAlex Gaynor <alex.gaynor@gmail.com>Fri Apr 24 10:07:33 2015 -0400
committerAlex Gaynor <alex.gaynor@gmail.com>Fri Apr 24 10:07:33 2015 -0400
tree3949293ee5c77a6fd5851562ced748c0c66f2fb5
parent6abe5674f23e9173350385862ea2da5c4a43d3c4 [diff]
parent94626eac2f6b35626048090feab7b006eaec9c76 [diff]
Merge pull request #1865 from reaperhulk/ocsp-bindings

some initial OCSP bindings
diff --git a/src/cryptography/hazmat/bindings/openssl/ssl.py b/src/cryptography/hazmat/bindings/openssl/ssl.py
index 6161a9d..8359c05 100644
--- a/src/cryptography/hazmat/bindings/openssl/ssl.py
+++ b/src/cryptography/hazmat/bindings/openssl/ssl.py

@@ -20,6 +20,8 @@
 static const long Cryptography_HAS_TLSv1_2;
 static const long Cryptography_HAS_SECURE_RENEGOTIATION;
 static const long Cryptography_HAS_COMPRESSION;
+static const long Cryptography_HAS_TLSEXT_STATUS_REQ_CB;
+static const long Cryptography_HAS_STATUS_REQ_OCSP_RESP;
 
 /* Internally invented symbol to tell us if SNI is supported */
 static const long Cryptography_HAS_TLSEXT_HOSTNAME;
@@ -315,6 +317,12 @@
     SSL_CTX *,
     int (*)(const SSL *, int *, void *));
 
+/* These were added in OpenSSL 0.9.8h, but since version testing in OpenSSL
+   is fraught with peril thanks to OS distributions we check some constants
+   to determine if they are supported or not */
+long SSL_set_tlsext_status_ocsp_resp(SSL *, unsigned char *, int);
+long SSL_CTX_set_tlsext_status_cb(SSL_CTX *, int(*)(SSL *, void *));
+
 long SSL_session_reused(SSL *);
 
 /* The following were macros in 0.9.8e. Once we drop support for RHEL/CentOS 5
@@ -410,6 +418,20 @@
     int (*)(const SSL *, int *, void *)) = NULL;
 #endif
 
+#ifdef SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB
+static const long Cryptography_HAS_TLSEXT_STATUS_REQ_CB = 1;
+#else
+static const long Cryptography_HAS_TLSEXT_STATUS_REQ_CB = 0;
+long (*SSL_CTX_set_tlsext_status_cb)(SSL_CTX *, int(*)(SSL *, void *)) = NULL;
+#endif
+
+#ifdef SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP
+static const long Cryptography_HAS_STATUS_REQ_OCSP_RESP = 1;
+#else
+static const long Cryptography_HAS_STATUS_REQ_OCSP_RESP = 0;
+long (*SSL_set_tlsext_status_ocsp_resp)(SSL *, unsigned char *, int) = NULL;
+#endif
+
 #ifdef SSL_MODE_RELEASE_BUFFERS
 static const long Cryptography_HAS_RELEASE_BUFFERS = 1;
 #else
@@ -588,6 +610,14 @@
         "SSL_CTX_set_tlsext_servername_callback",
     ],
 
+    "Cryptography_HAS_TLSEXT_STATUS_REQ_CB": [
+        "SSL_CTX_set_tlsext_status_cb",
+    ],
+
+    "Cryptography_HAS_STATUS_REQ_OCSP_RESP": [
+        "SSL_set_tlsext_status_ocsp_resp",
+    ],
+
     "Cryptography_HAS_RELEASE_BUFFERS": [
         "SSL_MODE_RELEASE_BUFFERS",
     ],