Allow setting and inspecting the preferred client certificate signer list.
This exposes SSL_CTX_add_client_CA, SSL_CTX_set_client_CA_list
and SSL_get_client_CA_list functions to python.
The other *client_CA* functions don't look so useful, so I'll leave them
to someone else.
diff --git a/src/ssl/connection.c b/src/ssl/connection.c
index 5d6d008..bd39b66 100755
--- a/src/ssl/connection.c
+++ b/src/ssl/connection.c
@@ -840,6 +840,58 @@
return lst;
}
+static char ssl_Connection_get_client_CA_list_doc[] = "\n\
+Get CAs whose certificates are suggested for client authentication.\n\
+\n\
+@return: A list of X509Names representing the acceptable CAs as set by\n\
+ ssl.Context.{set, add}_client_CA* if this is a server connection\n\
+ or as sent by the server if this is a client connection.\n\
+";
+
+static PyObject *
+ssl_Connection_get_client_CA_list(ssl_ConnectionObj *self, PyObject *args)
+{
+ STACK_OF(X509_NAME) *CANames;
+ PyObject *CAList;
+ int i, n;
+
+ if (!PyArg_ParseTuple(args, ":get_client_CA_list")) {
+ return NULL;
+ }
+ CANames = SSL_get_client_CA_list(self->ssl);
+ if (CANames == NULL) {
+ return PyList_New(0);
+ }
+ n = sk_X509_NAME_num(CANames);
+ CAList = PyList_New(n);
+ if (CAList == NULL) {
+ return NULL;
+ }
+ for (i = 0; i < n; i++) {
+ X509_NAME *CAName;
+ PyObject *CA;
+
+ CAName = X509_NAME_dup(sk_X509_NAME_value(CANames, i));
+ if (CAName == NULL) {
+ Py_DECREF(CAList);
+ exception_from_error_queue(ssl_Error);
+ return NULL;
+ }
+ CA = (PyObject *)crypto_X509Name_New(CAName, 1);
+ if (CA == NULL) {
+ X509_NAME_free(CAName);
+ Py_DECREF(CAList);
+ return NULL;
+ }
+ if (PyList_SetItem(CAList, i, CA)) {
+ Py_DECREF(CA);
+ Py_DECREF(CAList);
+ return NULL;
+ }
+ }
+ return CAList;
+}
+
static char ssl_Connection_makefile_doc[] = "\n\
The makefile() method is not implemented, since there is no dup semantics\n\
for SSL connections\n\
@@ -1098,6 +1150,7 @@
ADD_METHOD(bio_shutdown),
ADD_METHOD(shutdown),
ADD_METHOD(get_cipher_list),
+ ADD_METHOD(get_client_CA_list),
ADD_METHOD(makefile),
ADD_METHOD(get_app_data),
ADD_METHOD(set_app_data),