From 89ec49d5c1b946836486eb96e21323b827098137 Mon Sep 17 00:00:00 2001 From: Christophe Haen Date: Tue, 21 Jan 2020 16:56:51 +0100 Subject: Expose all the X509_V_FLAG --- M2Crypto/X509.py | 23 ++++++++++++++++++++++- SWIG/_x509.i | 23 ++++++++++++++++++++++- 2 files changed, 44 insertions(+), 2 deletions(-) diff --git a/M2Crypto/X509.py b/M2Crypto/X509.py index 6b0e963..ea8a7c1 100644 --- a/M2Crypto/X509.py +++ b/M2Crypto/X509.py @@ -18,6 +18,25 @@ from typing import AnyStr, List, Optional # noqa FORMAT_DER = 0 FORMAT_PEM = 1 +verify_allow_proxy_certs = m2.VERIFY_ALLOW_PROXY_CERTS +verify_cb_issuer_check = m2.VERIFY_CB_ISSUER_CHECK +verify_check_ss_signature = m2.VERIFY_CHECK_SS_SIGNATURE +verify_crl_check = m2.VERIFY_CRL_CHECK +verify_crl_check_all = m2.VERIFY_CRL_CHECK_ALL +verify_explicit_policy = m2.VERIFY_EXPLICIT_POLICY +verify_extended_crl_support = m2.VERIFY_EXTENDED_CRL_SUPPORT +verify_ignore_critical = m2.VERIFY_IGNORE_CRITICAL +verify_inhibit_any = m2.VERIFY_INHIBIT_ANY +verify_inhibit_map = m2.VERIFY_INHIBIT_MAP +verify_no_alt_chains = m2.VERIFY_NO_ALT_CHAINS +verify_no_check_time = m2.VERIFY_NO_CHECK_TIME +verify_notify_policy = m2.VERIFY_NOTIFY_POLICY +verify_partial_chain = m2.VERIFY_PARTIAL_CHAIN +verify_policy_check = m2.VERIFY_POLICY_CHECK +verify_trusted_first = m2.VERIFY_TRUSTED_FIRST +verify_use_deltas = m2.VERIFY_USE_DELTAS +verify_x509_strict = m2.VERIFY_X509_STRICT + log = logging.getLogger(__name__) @@ -1008,7 +1027,9 @@ class X509_Store(object): Set the verification flags for the X509Store Wrapper over OpenSSL X509_STORE_set_flags() - :param flags: verification parameters + :param flags: `VERIFICATION FLAGS` section of the X509_VERIFY_PARAM_set_flags man page has a complete description + of values the flags parameter can take. + Their M2Crypto equivalent is transformed following this pattern: "X509_V_FLAG_XYZ" -> lowervase("VERIFY_XYZ") """ return m2.x509_store_set_flags(self.store, flags) diff --git a/SWIG/_x509.i b/SWIG/_x509.i index 740bb7e..0227789 100644 --- a/SWIG/_x509.i +++ b/SWIG/_x509.i @@ -345,8 +345,29 @@ X509 *d2i_x509(BIO *bio) { %constant int X509_V_ERR_CERT_REJECTED = 28; %constant int X509_V_ERR_APPLICATION_VERIFICATION = 50; -/* Enable proxy certificate validation */ +/* See man page of X509_VERIFY_PARAM_set_flags for definition of all these flags */ + %constant int VERIFY_ALLOW_PROXY_CERTS = X509_V_FLAG_ALLOW_PROXY_CERTS; +%constant int VERIFY_CB_ISSUER_CHECK = X509_V_FLAG_CB_ISSUER_CHECK; +%constant int VERIFY_CHECK_SS_SIGNATURE = X509_V_FLAG_CHECK_SS_SIGNATURE; +/* note: X509_V_FLAG_CRL_CHECK is already defined in _ssl.i as VERIFY_CRL_CHECK_LEAF +However I add it here for consistency */ +%constant int VERIFY_CRL_CHECK = X509_V_FLAG_CRL_CHECK; +%constant int VERIFY_CRL_CHECK_ALL = X509_V_FLAG_CRL_CHECK_ALL; +%constant int VERIFY_EXPLICIT_POLICY = X509_V_FLAG_EXPLICIT_POLICY; +%constant int VERIFY_EXTENDED_CRL_SUPPORT = X509_V_FLAG_EXTENDED_CRL_SUPPORT; +%constant int VERIFY_IGNORE_CRITICAL = X509_V_FLAG_IGNORE_CRITICAL; +%constant int VERIFY_INHIBIT_ANY = X509_V_FLAG_INHIBIT_ANY; +%constant int VERIFY_INHIBIT_MAP = X509_V_FLAG_INHIBIT_MAP; +%constant int VERIFY_NO_ALT_CHAINS = X509_V_FLAG_NO_ALT_CHAINS; +%constant int VERIFY_NO_CHECK_TIME = X509_V_FLAG_NO_CHECK_TIME; +%constant int VERIFY_NOTIFY_POLICY = X509_V_FLAG_NOTIFY_POLICY; +%constant int VERIFY_PARTIAL_CHAIN = X509_V_FLAG_PARTIAL_CHAIN; +%constant int VERIFY_POLICY_CHECK = X509_V_FLAG_POLICY_CHECK; +%constant int VERIFY_TRUSTED_FIRST = X509_V_FLAG_TRUSTED_FIRST; +%constant int VERIFY_USE_DELTAS = X509_V_FLAG_USE_DELTAS; +%constant int VERIFY_X509_STRICT = X509_V_FLAG_X509_STRICT; + /* x509.h */ -- cgit v1.2.1