Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Expose X509_V_* constants #1202

Merged
merged 14 commits into from
Apr 29, 2023
Merged

Expose X509_V_* constants #1202

Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
afc6445
Expose X509_V_* constants.
pythonspeed Mar 27, 2023
cf55484
Switch to strategy where cryptography 40.0.2 exposes the constants.
pythonspeed Mar 28, 2023
ee1e697
Merge branch 'main' into 1201-expose-x509-v-err-codes
itamarst Mar 28, 2023
2045c04
Fix bad merge.
pythonspeed Mar 28, 2023
9fe055c
Fix flake.
pythonspeed Mar 28, 2023
4fc7a79
Link to PR.
pythonspeed Apr 28, 2023
103d051
Check availability, rather than versions.
pythonspeed Apr 28, 2023
dc1aa08
Add namespacing.
pythonspeed Apr 28, 2023
7618e1a
Merge remote-tracking branch 'PyCA/main' into 1201-expose-x509-v-err-…
pythonspeed Apr 28, 2023
664fb9f
Add success code to namespace.
pythonspeed Apr 28, 2023
3054fec
Fix lint.
pythonspeed Apr 28, 2023
a600d40
Merge remote-tracking branch 'PyCA/main' into 1201-expose-x509-v-err-…
pythonspeed Apr 28, 2023
acb57ee
Remove unnecessary conditional.
pythonspeed Apr 28, 2023
2bb44e1
Update CHANGELOG.rst
itamarst Apr 29, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions CHANGELOG.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,9 @@ Deprecations:
Changes:
^^^^^^^^

- Added ``X509_V_*` constants to ``OpenSSL.SSL``.


23.1.1 (2023-03-28)
-------------------

Expand Down
3 changes: 2 additions & 1 deletion setup.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -98,7 +98,8 @@ def find_meta(meta):
package_dir={"": "src"},
install_requires=[
# Fix cryptographyMinimum in tox.ini when changing this!
"cryptography>=38.0.0,<41",
# 40.0.0 and .1 are missing X509_V_* constants that we re-export.
"cryptography>=38.0.0,<41,!=40.0.0,!=40.0.1",
],
extras_require={
"test": ["flaky", "pretend", "pytest>=3.0.1"],
Expand Down
123 changes: 123 additions & 0 deletions src/OpenSSL/SSL.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@
from sys import platform
from weakref import WeakValueDictionary

from cryptography import __version__ as _cryptography_version

from OpenSSL._util import (
UNSPECIFIED as _UNSPECIFIED,
exception_from_error_queue as _exception_from_error_queue,
Expand Down Expand Up @@ -250,6 +252,127 @@
SSL_CB_HANDSHAKE_START = _lib.SSL_CB_HANDSHAKE_START
SSL_CB_HANDSHAKE_DONE = _lib.SSL_CB_HANDSHAKE_DONE

X509_V_OK = _lib.X509_V_OK
# cryptography v40.0.0 and .1 releases are missing the X509_V_ERR_* codes;
# previously they were exposed but not formally part of the public API. Once
# pyOpenSSL has minimal required cryptography version of 41 this code can be
# run unconditionally. See https://github.com/pyca/pyopenssl/issues/1206
if _cryptography_version not in ("40.0.0", "40.0.1"):
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT = (
_lib.X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT
)
X509_V_ERR_UNABLE_TO_GET_CRL = _lib.X509_V_ERR_UNABLE_TO_GET_CRL
X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE = (
_lib.X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE
)
X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE = (
_lib.X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE
)
X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY = (
_lib.X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY
)
X509_V_ERR_CERT_SIGNATURE_FAILURE = _lib.X509_V_ERR_CERT_SIGNATURE_FAILURE
X509_V_ERR_CRL_SIGNATURE_FAILURE = _lib.X509_V_ERR_CRL_SIGNATURE_FAILURE
X509_V_ERR_CERT_NOT_YET_VALID = _lib.X509_V_ERR_CERT_NOT_YET_VALID
X509_V_ERR_CERT_HAS_EXPIRED = _lib.X509_V_ERR_CERT_HAS_EXPIRED
X509_V_ERR_CRL_NOT_YET_VALID = _lib.X509_V_ERR_CRL_NOT_YET_VALID
X509_V_ERR_CRL_HAS_EXPIRED = _lib.X509_V_ERR_CRL_HAS_EXPIRED
X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD = (
_lib.X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD
)
X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD = (
_lib.X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD
)
X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD = (
_lib.X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD
)
X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD = (
_lib.X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD
)
X509_V_ERR_OUT_OF_MEM = _lib.X509_V_ERR_OUT_OF_MEM
X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT = (
_lib.X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
)
X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN = (
_lib.X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN
)
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY = (
_lib.X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
)
X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE = (
_lib.X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE
)
X509_V_ERR_CERT_CHAIN_TOO_LONG = _lib.X509_V_ERR_CERT_CHAIN_TOO_LONG
X509_V_ERR_CERT_REVOKED = _lib.X509_V_ERR_CERT_REVOKED
X509_V_ERR_INVALID_CA = _lib.X509_V_ERR_INVALID_CA
X509_V_ERR_PATH_LENGTH_EXCEEDED = _lib.X509_V_ERR_PATH_LENGTH_EXCEEDED
X509_V_ERR_INVALID_PURPOSE = _lib.X509_V_ERR_INVALID_PURPOSE
X509_V_ERR_CERT_UNTRUSTED = _lib.X509_V_ERR_CERT_UNTRUSTED
X509_V_ERR_CERT_REJECTED = _lib.X509_V_ERR_CERT_REJECTED
X509_V_ERR_SUBJECT_ISSUER_MISMATCH = (
_lib.X509_V_ERR_SUBJECT_ISSUER_MISMATCH
)
X509_V_ERR_AKID_SKID_MISMATCH = _lib.X509_V_ERR_AKID_SKID_MISMATCH
X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH = (
_lib.X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH
)
X509_V_ERR_KEYUSAGE_NO_CERTSIGN = _lib.X509_V_ERR_KEYUSAGE_NO_CERTSIGN
X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER = (
_lib.X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER
)
X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION = (
_lib.X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION
)
X509_V_ERR_KEYUSAGE_NO_CRL_SIGN = _lib.X509_V_ERR_KEYUSAGE_NO_CRL_SIGN
X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION = (
_lib.X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION
)
X509_V_ERR_INVALID_NON_CA = _lib.X509_V_ERR_INVALID_NON_CA
X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED = (
_lib.X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED
)
X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE = (
_lib.X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE
)
X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED = (
_lib.X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED
)
X509_V_ERR_INVALID_EXTENSION = _lib.X509_V_ERR_INVALID_EXTENSION
X509_V_ERR_INVALID_POLICY_EXTENSION = (
_lib.X509_V_ERR_INVALID_POLICY_EXTENSION
)
X509_V_ERR_NO_EXPLICIT_POLICY = _lib.X509_V_ERR_NO_EXPLICIT_POLICY
X509_V_ERR_DIFFERENT_CRL_SCOPE = _lib.X509_V_ERR_DIFFERENT_CRL_SCOPE
X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE = (
_lib.X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE
)
X509_V_ERR_UNNESTED_RESOURCE = _lib.X509_V_ERR_UNNESTED_RESOURCE
X509_V_ERR_PERMITTED_VIOLATION = _lib.X509_V_ERR_PERMITTED_VIOLATION
X509_V_ERR_EXCLUDED_VIOLATION = _lib.X509_V_ERR_EXCLUDED_VIOLATION
X509_V_ERR_SUBTREE_MINMAX = _lib.X509_V_ERR_SUBTREE_MINMAX
X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE = (
_lib.X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE
)
X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX = (
_lib.X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX
)
X509_V_ERR_UNSUPPORTED_NAME_SYNTAX = (
_lib.X509_V_ERR_UNSUPPORTED_NAME_SYNTAX
)
X509_V_ERR_CRL_PATH_VALIDATION_ERROR = (
_lib.X509_V_ERR_CRL_PATH_VALIDATION_ERROR
)
X509_V_ERR_HOSTNAME_MISMATCH = _lib.X509_V_ERR_HOSTNAME_MISMATCH
X509_V_ERR_EMAIL_MISMATCH = _lib.X509_V_ERR_EMAIL_MISMATCH
X509_V_ERR_IP_ADDRESS_MISMATCH = _lib.X509_V_ERR_IP_ADDRESS_MISMATCH
X509_V_ERR_APPLICATION_VERIFICATION = (
_lib.X509_V_ERR_APPLICATION_VERIFICATION
)
for name in list(globals().keys()):
if name.startswith("X509_V_"):
__all__.append(name)


# Taken from https://golang.org/src/crypto/x509/root_linux.go
_CERTIFICATE_FILE_LOCATIONS = [
"/etc/ssl/certs/ca-certificates.crt", # Debian/Ubuntu/Gentoo etc.
Expand Down