diff options
| author | Christophe Haen <christophe.haen@cern.ch> | 2020-01-21 16:56:51 +0100 |
|---|---|---|
| committer | Matěj Cepl <mcepl@cepl.eu> | 2020-11-20 21:47:49 +0100 |
| commit | 89ec49d5c1b946836486eb96e21323b827098137 (patch) | |
| tree | 8594f09e979f923793110905de3f18a0fe17d72d | |
| parent | 0ac96ae996d36ff452afe0fbb7a368fcd35b219b (diff) | |
| download | m2crypto-89ec49d5c1b946836486eb96e21323b827098137.tar.gz | |
Expose all the X509_V_FLAG
| -rw-r--r-- | M2Crypto/X509.py | 23 | ||||
| -rw-r--r-- | SWIG/_x509.i | 23 |
2 files changed, 44 insertions, 2 deletions
diff --git a/M2Crypto/X509.py b/M2Crypto/X509.py index 6b0e963..ea8a7c1 100644 --- a/M2Crypto/X509.py +++ b/M2Crypto/X509.py @@ -18,6 +18,25 @@ from typing import AnyStr, List, Optional # noqa FORMAT_DER = 0 FORMAT_PEM = 1 +verify_allow_proxy_certs = m2.VERIFY_ALLOW_PROXY_CERTS +verify_cb_issuer_check = m2.VERIFY_CB_ISSUER_CHECK +verify_check_ss_signature = m2.VERIFY_CHECK_SS_SIGNATURE +verify_crl_check = m2.VERIFY_CRL_CHECK +verify_crl_check_all = m2.VERIFY_CRL_CHECK_ALL +verify_explicit_policy = m2.VERIFY_EXPLICIT_POLICY +verify_extended_crl_support = m2.VERIFY_EXTENDED_CRL_SUPPORT +verify_ignore_critical = m2.VERIFY_IGNORE_CRITICAL +verify_inhibit_any = m2.VERIFY_INHIBIT_ANY +verify_inhibit_map = m2.VERIFY_INHIBIT_MAP +verify_no_alt_chains = m2.VERIFY_NO_ALT_CHAINS +verify_no_check_time = m2.VERIFY_NO_CHECK_TIME +verify_notify_policy = m2.VERIFY_NOTIFY_POLICY +verify_partial_chain = m2.VERIFY_PARTIAL_CHAIN +verify_policy_check = m2.VERIFY_POLICY_CHECK +verify_trusted_first = m2.VERIFY_TRUSTED_FIRST +verify_use_deltas = m2.VERIFY_USE_DELTAS +verify_x509_strict = m2.VERIFY_X509_STRICT + log = logging.getLogger(__name__) @@ -1008,7 +1027,9 @@ class X509_Store(object): Set the verification flags for the X509Store Wrapper over OpenSSL X509_STORE_set_flags() - :param flags: verification parameters + :param flags: `VERIFICATION FLAGS` section of the X509_VERIFY_PARAM_set_flags man page has a complete description + of values the flags parameter can take. + Their M2Crypto equivalent is transformed following this pattern: "X509_V_FLAG_XYZ" -> lowervase("VERIFY_XYZ") """ return m2.x509_store_set_flags(self.store, flags) diff --git a/SWIG/_x509.i b/SWIG/_x509.i index 740bb7e..0227789 100644 --- a/SWIG/_x509.i +++ b/SWIG/_x509.i @@ -345,8 +345,29 @@ X509 *d2i_x509(BIO *bio) { %constant int X509_V_ERR_CERT_REJECTED = 28; %constant int X509_V_ERR_APPLICATION_VERIFICATION = 50; -/* Enable proxy certificate validation */ +/* See man page of X509_VERIFY_PARAM_set_flags for definition of all these flags */ + %constant int VERIFY_ALLOW_PROXY_CERTS = X509_V_FLAG_ALLOW_PROXY_CERTS; +%constant int VERIFY_CB_ISSUER_CHECK = X509_V_FLAG_CB_ISSUER_CHECK; +%constant int VERIFY_CHECK_SS_SIGNATURE = X509_V_FLAG_CHECK_SS_SIGNATURE; +/* note: X509_V_FLAG_CRL_CHECK is already defined in _ssl.i as VERIFY_CRL_CHECK_LEAF +However I add it here for consistency */ +%constant int VERIFY_CRL_CHECK = X509_V_FLAG_CRL_CHECK; +%constant int VERIFY_CRL_CHECK_ALL = X509_V_FLAG_CRL_CHECK_ALL; +%constant int VERIFY_EXPLICIT_POLICY = X509_V_FLAG_EXPLICIT_POLICY; +%constant int VERIFY_EXTENDED_CRL_SUPPORT = X509_V_FLAG_EXTENDED_CRL_SUPPORT; +%constant int VERIFY_IGNORE_CRITICAL = X509_V_FLAG_IGNORE_CRITICAL; +%constant int VERIFY_INHIBIT_ANY = X509_V_FLAG_INHIBIT_ANY; +%constant int VERIFY_INHIBIT_MAP = X509_V_FLAG_INHIBIT_MAP; +%constant int VERIFY_NO_ALT_CHAINS = X509_V_FLAG_NO_ALT_CHAINS; +%constant int VERIFY_NO_CHECK_TIME = X509_V_FLAG_NO_CHECK_TIME; +%constant int VERIFY_NOTIFY_POLICY = X509_V_FLAG_NOTIFY_POLICY; +%constant int VERIFY_PARTIAL_CHAIN = X509_V_FLAG_PARTIAL_CHAIN; +%constant int VERIFY_POLICY_CHECK = X509_V_FLAG_POLICY_CHECK; +%constant int VERIFY_TRUSTED_FIRST = X509_V_FLAG_TRUSTED_FIRST; +%constant int VERIFY_USE_DELTAS = X509_V_FLAG_USE_DELTAS; +%constant int VERIFY_X509_STRICT = X509_V_FLAG_X509_STRICT; + /* x509.h */ |