From fd81cf8a5ce81647287eb77790448e3edc9b9dbb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= <mcepl@cepl.eu>
Date: Thu, 17 Dec 2020 16:52:20 +0100
Subject: Be prepared if any of constants in x509_vfy.h is not available.

Fixes #290
---
 M2Crypto/X509.py | 51 ++++++++++++++++++++++++++++++++++-----------------
 SWIG/_x509.i     | 36 ++++++++++++++++++++++++++++++++++--
 2 files changed, 68 insertions(+), 19 deletions(-)

diff --git a/M2Crypto/X509.py b/M2Crypto/X509.py
index 3b62dda..b27af13 100644
--- a/M2Crypto/X509.py
+++ b/M2Crypto/X509.py
@@ -18,25 +18,42 @@ from typing import AnyStr, List, Optional  # noqa
 FORMAT_DER = 0
 FORMAT_PEM = 1
 
-verify_allow_proxy_certs = m2.VERIFY_ALLOW_PROXY_CERTS
-verify_cb_issuer_check = m2.VERIFY_CB_ISSUER_CHECK
-verify_check_ss_signature = m2.VERIFY_CHECK_SS_SIGNATURE
-verify_crl_check = m2.VERIFY_CRL_CHECK
-verify_crl_check_all = m2.VERIFY_CRL_CHECK_ALL
-verify_explicit_policy = m2.VERIFY_EXPLICIT_POLICY
-verify_extended_crl_support = m2.VERIFY_EXTENDED_CRL_SUPPORT
-verify_ignore_critical = m2.VERIFY_IGNORE_CRITICAL
-verify_inhibit_any = m2.VERIFY_INHIBIT_ANY
-verify_inhibit_map = m2.VERIFY_INHIBIT_MAP
-verify_no_alt_chains = m2.VERIFY_NO_ALT_CHAINS
+if hasattr(m2, "VERIFY_ALLOW_PROXY_CERTS"):
+    verify_allow_proxy_certs = m2.VERIFY_ALLOW_PROXY_CERTS
+if hasattr(m2, "VERIFY_CB_ISSUER_CHECK"):
+    verify_cb_issuer_check = m2.VERIFY_CB_ISSUER_CHECK
+if hasattr(m2, "VERIFY_CHECK_SS_SIGNATURE"):
+    verify_check_ss_signature = m2.VERIFY_CHECK_SS_SIGNATURE
+if hasattr(m2, "VERIFY_CRL_CHECK"):
+    verify_crl_check = m2.VERIFY_CRL_CHECK
+if hasattr(m2, "VERIFY_CRL_CHECK_ALL"):
+    verify_crl_check_all = m2.VERIFY_CRL_CHECK_ALL
+if hasattr(m2, "VERIFY_EXPLICIT_POLICY"):
+    verify_explicit_policy = m2.VERIFY_EXPLICIT_POLICY
+if hasattr(m2, "VERIFY_EXTENDED_CRL_SUPPORT"):
+    verify_extended_crl_support = m2.VERIFY_EXTENDED_CRL_SUPPORT
+if hasattr(m2, "VERIFY_IGNORE_CRITICAL"):
+    verify_ignore_critical = m2.VERIFY_IGNORE_CRITICAL
+if hasattr(m2, "VERIFY_INHIBIT_ANY"):
+    verify_inhibit_any = m2.VERIFY_INHIBIT_ANY
+if hasattr(m2, "VERIFY_INHIBIT_MAP"):
+    verify_inhibit_map = m2.VERIFY_INHIBIT_MAP
+if hasattr(m2, "VERIFY_NO_ALT_CHAINS"):
+    verify_no_alt_chains = m2.VERIFY_NO_ALT_CHAINS
 if hasattr(m2, "VERIFY_NO_CHECK_TIME"):
     verify_no_check_time = m2.VERIFY_NO_CHECK_TIME
-verify_notify_policy = m2.VERIFY_NOTIFY_POLICY
-verify_partial_chain = m2.VERIFY_PARTIAL_CHAIN
-verify_policy_check = m2.VERIFY_POLICY_CHECK
-verify_trusted_first = m2.VERIFY_TRUSTED_FIRST
-verify_use_deltas = m2.VERIFY_USE_DELTAS
-verify_x509_strict = m2.VERIFY_X509_STRICT
+if hasattr(m2, "VERIFY_NOTIFY_POLICY"):
+    verify_notify_policy = m2.VERIFY_NOTIFY_POLICY
+if hasattr(m2, "VERIFY_PARTIAL_CHAIN"):
+    verify_partial_chain = m2.VERIFY_PARTIAL_CHAIN
+if hasattr(m2, "VERIFY_POLICY_CHECK"):
+    verify_policy_check = m2.VERIFY_POLICY_CHECK
+if hasattr(m2, "VERIFY_TRUSTED_FIRST"):
+    verify_trusted_first = m2.VERIFY_TRUSTED_FIRST
+if hasattr(m2, "VERIFY_USE_DELTAS"):
+    verify_use_deltas = m2.VERIFY_USE_DELTAS
+if hasattr(m2, "VERIFY_X509_STRICT"):
+    verify_x509_strict = m2.VERIFY_X509_STRICT
 
 log = logging.getLogger(__name__)
 
diff --git a/SWIG/_x509.i b/SWIG/_x509.i
index 211f573..b6334df 100644
--- a/SWIG/_x509.i
+++ b/SWIG/_x509.i
@@ -347,30 +347,62 @@ X509 *d2i_x509(BIO *bio) {
 
 /* See man page of X509_VERIFY_PARAM_set_flags for definition of all these flags */
 
+#ifdef X509_V_FLAG_ALLOW_PROXY_CERTS
 %constant int VERIFY_ALLOW_PROXY_CERTS  = X509_V_FLAG_ALLOW_PROXY_CERTS;
+#endif
+#ifdef X509_V_FLAG_CB_ISSUER_CHECK
 %constant int VERIFY_CB_ISSUER_CHECK  = X509_V_FLAG_CB_ISSUER_CHECK;
+#endif
+#ifdef X509_V_FLAG_CHECK_SS_SIGNATURE
 %constant int VERIFY_CHECK_SS_SIGNATURE  = X509_V_FLAG_CHECK_SS_SIGNATURE;
+#endif
 /* note: X509_V_FLAG_CRL_CHECK is already defined in _ssl.i as VERIFY_CRL_CHECK_LEAF
 However I add it here for consistency */
+#ifdef X509_V_FLAG_CRL_CHECK
 %constant int VERIFY_CRL_CHECK  = X509_V_FLAG_CRL_CHECK;
+#endif
+#ifdef X509_V_FLAG_CRL_CHECK_ALL
 %constant int VERIFY_CRL_CHECK_ALL  = X509_V_FLAG_CRL_CHECK_ALL;
+#endif
+#ifdef X509_V_FLAG_EXPLICIT_POLICY
 %constant int VERIFY_EXPLICIT_POLICY  = X509_V_FLAG_EXPLICIT_POLICY;
+#endif
+#ifdef X509_V_FLAG_EXTENDED_CRL_SUPPORT
 %constant int VERIFY_EXTENDED_CRL_SUPPORT  = X509_V_FLAG_EXTENDED_CRL_SUPPORT;
+#endif
+#ifdef X509_V_FLAG_IGNORE_CRITICAL
 %constant int VERIFY_IGNORE_CRITICAL  = X509_V_FLAG_IGNORE_CRITICAL;
+#endif
+#ifdef X509_V_FLAG_INHIBIT_ANY
 %constant int VERIFY_INHIBIT_ANY  = X509_V_FLAG_INHIBIT_ANY;
+#endif
+#ifdef X509_V_FLAG_INHIBIT_MAP
 %constant int VERIFY_INHIBIT_MAP  = X509_V_FLAG_INHIBIT_MAP;
+#endif
+#ifdef X509_V_FLAG_NO_ALT_CHAINS
 %constant int VERIFY_NO_ALT_CHAINS  = X509_V_FLAG_NO_ALT_CHAINS;
-/* The flag X509_V_FLAG_NO_CHECK_TIME is not available on some versions
- * of Windows */
+#endif
 #ifdef X509_V_FLAG_NO_CHECK_TIME
 %constant int VERIFY_NO_CHECK_TIME  = X509_V_FLAG_NO_CHECK_TIME;
 #endif
+#ifdef X509_V_FLAG_NOTIFY_POLICY
 %constant int VERIFY_NOTIFY_POLICY  = X509_V_FLAG_NOTIFY_POLICY;
+#endif
+#ifdef X509_V_FLAG_PARTIAL_CHAIN
 %constant int VERIFY_PARTIAL_CHAIN  = X509_V_FLAG_PARTIAL_CHAIN;
+#endif
+#ifdef X509_V_FLAG_POLICY_CHECK
 %constant int VERIFY_POLICY_CHECK  = X509_V_FLAG_POLICY_CHECK;
+#endif
+#ifdef X509_V_FLAG_TRUSTED_FIRST
 %constant int VERIFY_TRUSTED_FIRST  = X509_V_FLAG_TRUSTED_FIRST;
+#endif
+#ifdef X509_V_FLAG_USE_DELTAS
 %constant int VERIFY_USE_DELTAS  = X509_V_FLAG_USE_DELTAS;
+#endif
+#ifdef X509_V_FLAG_X509_STRICT
 %constant int VERIFY_X509_STRICT  = X509_V_FLAG_X509_STRICT;
+#endif
 
 
 
-- 
cgit v1.2.1