commit 7c243875f34a47d3c552634a00440c846855c3a2
author Jean-Paul Calderone <exarkun@twistedmatrix.com> Sat Dec 28 08:56:34 2013 -0500
committer Jean-Paul Calderone <exarkun@twistedmatrix.com> Sat Dec 28 08:56:34 2013 -0500
tree 8f3b4052db7f72fd35112254a8a0bf2a3d3eb56d
parent 28f10001a18c96649003c59beb458d8d865aac88

expose SSL_get_peer_cert_chain, SSL_get_client_CA_list, and SSL_CTX_set_client_CA_list

cryptography/hazmat/backends/openssl/ssl.py

diff --git a/cryptography/hazmat/backends/openssl/ssl.py b/cryptography/hazmat/backends/openssl/ssl.py
index fb3b17e..7a1219b 100644
--- a/cryptography/hazmat/backends/openssl/ssl.py
+++ b/cryptography/hazmat/backends/openssl/ssl.py
@@ -157,6 +157,13 @@
 int SSL_write(SSL *, const void *, int);
 int SSL_read(SSL *, void *, int);
 X509 *SSL_get_peer_certificate(const SSL *);
+
+/* OpenSSL defines these with STACK_OF(...) instead stack_st_... of but the
+ * STACK_OF macro does not play well with cffi.
+ */
+struct stack_st_X509 *SSL_get_peer_cert_chain(const SSL *);
+struct stack_st_X509_NAME *SSL_get_client_CA_list(const SSL *s);
+
 int SSL_get_error(const SSL *, int);
 int SSL_do_handshake(SSL *);
 int SSL_shutdown(SSL *);
@@ -186,6 +193,11 @@
 X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *);
 int SSL_CTX_add_client_CA(SSL_CTX *, X509 *);
 
+/* See comment above about STACK_OF(...) vs stack_st_...
+ */
+void SSL_CTX_set_client_CA_list(SSL_CTX *, struct stack_st_X509_NAME *);
+
+
 /*  X509_STORE_CTX */
 int X509_STORE_CTX_get_error(X509_STORE_CTX *);
 void X509_STORE_CTX_set_error(X509_STORE_CTX *, int);