diff options
| author | Matěj Cepl <mcepl@cepl.eu> | 2020-12-17 16:52:20 +0100 |
|---|---|---|
| committer | Matěj Cepl <mcepl@cepl.eu> | 2020-12-17 16:52:20 +0100 |
| commit | fd81cf8a5ce81647287eb77790448e3edc9b9dbb (patch) | |
| tree | 1f6b6335e7d2550eb2783044e651d9424069dbbb | |
| parent | d9c8207efea7333c9b071443a538c748877dd51c (diff) | |
| download | m2crypto-fd81cf8a5ce81647287eb77790448e3edc9b9dbb.tar.gz | |
Be prepared if any of constants in x509_vfy.h is not available.
Fixes #290
| -rw-r--r-- | M2Crypto/X509.py | 51 | ||||
| -rw-r--r-- | SWIG/_x509.i | 36 |
2 files changed, 68 insertions, 19 deletions
diff --git a/M2Crypto/X509.py b/M2Crypto/X509.py index 3b62dda..b27af13 100644 --- a/M2Crypto/X509.py +++ b/M2Crypto/X509.py @@ -18,25 +18,42 @@ from typing import AnyStr, List, Optional # noqa FORMAT_DER = 0 FORMAT_PEM = 1 -verify_allow_proxy_certs = m2.VERIFY_ALLOW_PROXY_CERTS -verify_cb_issuer_check = m2.VERIFY_CB_ISSUER_CHECK -verify_check_ss_signature = m2.VERIFY_CHECK_SS_SIGNATURE -verify_crl_check = m2.VERIFY_CRL_CHECK -verify_crl_check_all = m2.VERIFY_CRL_CHECK_ALL -verify_explicit_policy = m2.VERIFY_EXPLICIT_POLICY -verify_extended_crl_support = m2.VERIFY_EXTENDED_CRL_SUPPORT -verify_ignore_critical = m2.VERIFY_IGNORE_CRITICAL -verify_inhibit_any = m2.VERIFY_INHIBIT_ANY -verify_inhibit_map = m2.VERIFY_INHIBIT_MAP -verify_no_alt_chains = m2.VERIFY_NO_ALT_CHAINS +if hasattr(m2, "VERIFY_ALLOW_PROXY_CERTS"): + verify_allow_proxy_certs = m2.VERIFY_ALLOW_PROXY_CERTS +if hasattr(m2, "VERIFY_CB_ISSUER_CHECK"): + verify_cb_issuer_check = m2.VERIFY_CB_ISSUER_CHECK +if hasattr(m2, "VERIFY_CHECK_SS_SIGNATURE"): + verify_check_ss_signature = m2.VERIFY_CHECK_SS_SIGNATURE +if hasattr(m2, "VERIFY_CRL_CHECK"): + verify_crl_check = m2.VERIFY_CRL_CHECK +if hasattr(m2, "VERIFY_CRL_CHECK_ALL"): + verify_crl_check_all = m2.VERIFY_CRL_CHECK_ALL +if hasattr(m2, "VERIFY_EXPLICIT_POLICY"): + verify_explicit_policy = m2.VERIFY_EXPLICIT_POLICY +if hasattr(m2, "VERIFY_EXTENDED_CRL_SUPPORT"): + verify_extended_crl_support = m2.VERIFY_EXTENDED_CRL_SUPPORT +if hasattr(m2, "VERIFY_IGNORE_CRITICAL"): + verify_ignore_critical = m2.VERIFY_IGNORE_CRITICAL +if hasattr(m2, "VERIFY_INHIBIT_ANY"): + verify_inhibit_any = m2.VERIFY_INHIBIT_ANY +if hasattr(m2, "VERIFY_INHIBIT_MAP"): + verify_inhibit_map = m2.VERIFY_INHIBIT_MAP +if hasattr(m2, "VERIFY_NO_ALT_CHAINS"): + verify_no_alt_chains = m2.VERIFY_NO_ALT_CHAINS if hasattr(m2, "VERIFY_NO_CHECK_TIME"): verify_no_check_time = m2.VERIFY_NO_CHECK_TIME -verify_notify_policy = m2.VERIFY_NOTIFY_POLICY -verify_partial_chain = m2.VERIFY_PARTIAL_CHAIN -verify_policy_check = m2.VERIFY_POLICY_CHECK -verify_trusted_first = m2.VERIFY_TRUSTED_FIRST -verify_use_deltas = m2.VERIFY_USE_DELTAS -verify_x509_strict = m2.VERIFY_X509_STRICT +if hasattr(m2, "VERIFY_NOTIFY_POLICY"): + verify_notify_policy = m2.VERIFY_NOTIFY_POLICY +if hasattr(m2, "VERIFY_PARTIAL_CHAIN"): + verify_partial_chain = m2.VERIFY_PARTIAL_CHAIN +if hasattr(m2, "VERIFY_POLICY_CHECK"): + verify_policy_check = m2.VERIFY_POLICY_CHECK +if hasattr(m2, "VERIFY_TRUSTED_FIRST"): + verify_trusted_first = m2.VERIFY_TRUSTED_FIRST +if hasattr(m2, "VERIFY_USE_DELTAS"): + verify_use_deltas = m2.VERIFY_USE_DELTAS +if hasattr(m2, "VERIFY_X509_STRICT"): + verify_x509_strict = m2.VERIFY_X509_STRICT log = logging.getLogger(__name__) diff --git a/SWIG/_x509.i b/SWIG/_x509.i index 211f573..b6334df 100644 --- a/SWIG/_x509.i +++ b/SWIG/_x509.i @@ -347,30 +347,62 @@ X509 *d2i_x509(BIO *bio) { /* See man page of X509_VERIFY_PARAM_set_flags for definition of all these flags */ +#ifdef X509_V_FLAG_ALLOW_PROXY_CERTS %constant int VERIFY_ALLOW_PROXY_CERTS = X509_V_FLAG_ALLOW_PROXY_CERTS; +#endif +#ifdef X509_V_FLAG_CB_ISSUER_CHECK %constant int VERIFY_CB_ISSUER_CHECK = X509_V_FLAG_CB_ISSUER_CHECK; +#endif +#ifdef X509_V_FLAG_CHECK_SS_SIGNATURE %constant int VERIFY_CHECK_SS_SIGNATURE = X509_V_FLAG_CHECK_SS_SIGNATURE; +#endif /* note: X509_V_FLAG_CRL_CHECK is already defined in _ssl.i as VERIFY_CRL_CHECK_LEAF However I add it here for consistency */ +#ifdef X509_V_FLAG_CRL_CHECK %constant int VERIFY_CRL_CHECK = X509_V_FLAG_CRL_CHECK; +#endif +#ifdef X509_V_FLAG_CRL_CHECK_ALL %constant int VERIFY_CRL_CHECK_ALL = X509_V_FLAG_CRL_CHECK_ALL; +#endif +#ifdef X509_V_FLAG_EXPLICIT_POLICY %constant int VERIFY_EXPLICIT_POLICY = X509_V_FLAG_EXPLICIT_POLICY; +#endif +#ifdef X509_V_FLAG_EXTENDED_CRL_SUPPORT %constant int VERIFY_EXTENDED_CRL_SUPPORT = X509_V_FLAG_EXTENDED_CRL_SUPPORT; +#endif +#ifdef X509_V_FLAG_IGNORE_CRITICAL %constant int VERIFY_IGNORE_CRITICAL = X509_V_FLAG_IGNORE_CRITICAL; +#endif +#ifdef X509_V_FLAG_INHIBIT_ANY %constant int VERIFY_INHIBIT_ANY = X509_V_FLAG_INHIBIT_ANY; +#endif +#ifdef X509_V_FLAG_INHIBIT_MAP %constant int VERIFY_INHIBIT_MAP = X509_V_FLAG_INHIBIT_MAP; +#endif +#ifdef X509_V_FLAG_NO_ALT_CHAINS %constant int VERIFY_NO_ALT_CHAINS = X509_V_FLAG_NO_ALT_CHAINS; -/* The flag X509_V_FLAG_NO_CHECK_TIME is not available on some versions - * of Windows */ +#endif #ifdef X509_V_FLAG_NO_CHECK_TIME %constant int VERIFY_NO_CHECK_TIME = X509_V_FLAG_NO_CHECK_TIME; #endif +#ifdef X509_V_FLAG_NOTIFY_POLICY %constant int VERIFY_NOTIFY_POLICY = X509_V_FLAG_NOTIFY_POLICY; +#endif +#ifdef X509_V_FLAG_PARTIAL_CHAIN %constant int VERIFY_PARTIAL_CHAIN = X509_V_FLAG_PARTIAL_CHAIN; +#endif +#ifdef X509_V_FLAG_POLICY_CHECK %constant int VERIFY_POLICY_CHECK = X509_V_FLAG_POLICY_CHECK; +#endif +#ifdef X509_V_FLAG_TRUSTED_FIRST %constant int VERIFY_TRUSTED_FIRST = X509_V_FLAG_TRUSTED_FIRST; +#endif +#ifdef X509_V_FLAG_USE_DELTAS %constant int VERIFY_USE_DELTAS = X509_V_FLAG_USE_DELTAS; +#endif +#ifdef X509_V_FLAG_X509_STRICT %constant int VERIFY_X509_STRICT = X509_V_FLAG_X509_STRICT; +#endif |