include $(TOPDIR)/rules.mk
PKG_NAME:=python-cryptography
-PKG_VERSION:=3.2.1
+PKG_VERSION:=3.3.1
PKG_RELEASE:=1
PYPI_NAME:=cryptography
-PKG_HASH:=d3d5e10be0cf2a12214ddee45c6bd203dab435e3d83b4560c03066eda600bfe3
+PKG_HASH:=7e177e4bea2de937a584b13645cab32f25e3d96fc0bc4a4cf99c27dc77682be6
PKG_LICENSE:=Apache-2.0 BSD-3-Clause
PKG_LICENSE_FILES:=LICENSE.APACHE LICENSE.BSD
--- /dev/null
+From 7eefc9c72f522e414f953fee2d6ca9242c566107 Mon Sep 17 00:00:00 2001
+From: Rosen Penev <rosenp@gmail.com>
+Date: Fri, 7 Jun 2019 18:18:46 -0700
+Subject: [PATCH 1/7] Add new ASN1_STRING_get0_data API
+
+Introduced with OpenSSL 1.1
+---
+ src/_cffi_src/openssl/asn1.py | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/src/_cffi_src/openssl/asn1.py
++++ b/src/_cffi_src/openssl/asn1.py
+@@ -45,6 +45,7 @@ void ASN1_OBJECT_free(ASN1_OBJECT *);
+
+ /* ASN1 STRING */
+ unsigned char *ASN1_STRING_data(ASN1_STRING *);
++const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *);
+ int ASN1_STRING_set(ASN1_STRING *, const void *, int);
+
+ /* ASN1 OCTET STRING */
+@@ -105,4 +106,7 @@ ASN1_NULL *ASN1_NULL_new(void);
+ """
+
+ CUSTOMIZATIONS = """
++#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
++#define ASN1_STRING_data ASN1_STRING_get0_data
++#endif
+ """
--- /dev/null
+From 77b25307a743eb52ef5ead24c956e577f5bd025f Mon Sep 17 00:00:00 2001
+From: Rosen Penev <rosenp@gmail.com>
+Date: Fri, 7 Jun 2019 20:42:04 -0700
+Subject: [PATCH 2/7] Add compatibility for X509_STORE_set_get_issuer
+
+Deprecated under OpenSSL 1.1.
+---
+ src/_cffi_src/openssl/x509_vfy.py | 8 ++++++++
+ src/cryptography/hazmat/bindings/openssl/_conditional.py | 8 ++++++++
+ 2 files changed, 16 insertions(+)
+
+--- a/src/_cffi_src/openssl/x509_vfy.py
++++ b/src/_cffi_src/openssl/x509_vfy.py
+@@ -22,6 +22,7 @@ TYPES = """
+ static const long Cryptography_HAS_102_VERIFICATION;
+ static const long Cryptography_HAS_110_VERIFICATION_PARAMS;
+ static const long Cryptography_HAS_X509_STORE_CTX_GET_ISSUER;
++static const long Cryptography_HAS_X509_CB_ISSUER_CHECK;
+
+ typedef ... Cryptography_STACK_OF_ASN1_OBJECT;
+ typedef ... Cryptography_STACK_OF_X509_OBJECT;
+@@ -252,4 +253,11 @@ void (*X509_STORE_set_get_issuer)(X509_S
+ #else
+ static const long Cryptography_HAS_X509_STORE_CTX_GET_ISSUER = 1;
+ #endif
++
++#ifndef X509_V_FLAG_CB_ISSUER_CHECK
++static const long Cryptography_HAS_X509_CB_ISSUER_CHECK = 0;
++#define X509_V_FLAG_CB_ISSUER_CHECK 0x0
++#else
++static const long Cryptography_HAS_X509_CB_ISSUER_CHECK = 1;
++#endif
+ """
+--- a/src/cryptography/hazmat/bindings/openssl/_conditional.py
++++ b/src/cryptography/hazmat/bindings/openssl/_conditional.py
+@@ -270,6 +270,11 @@ def cryptography_has_get_proto_version()
+ "SSL_get_max_proto_version",
+ ]
+
++def cryptography_has_x509_cb_issuer_check():
++ return [
++ "X509_V_FLAG_CB_ISSUER_CHECK",
++ ]
++
+
+ # This is a mapping of
+ # {condition: function-returning-names-dependent-on-that-condition} so we can
+@@ -319,4 +324,7 @@ CONDITIONAL_NAMES = {
+ "Cryptography_HAS_VERIFIED_CHAIN": cryptography_has_verified_chain,
+ "Cryptography_HAS_SRTP": cryptography_has_srtp,
+ "Cryptography_HAS_GET_PROTO_VERSION": cryptography_has_get_proto_version,
++ "Cryptography_HAS_X509_CB_ISSUER_CHECK": (
++ cryptography_has_x509_cb_issuer_check
++ ),
+ }
--- /dev/null
+From 7a55c37e01114dfd1ae733b099fdee1ba1889449 Mon Sep 17 00:00:00 2001
+From: Rosen Penev <rosenp@gmail.com>
+Date: Fri, 7 Jun 2019 21:00:46 -0700
+Subject: [PATCH 3/7] Add compatibility for deprecated TLS methods
+
+---
+ src/_cffi_src/openssl/ssl.py | 45 +++++++++++++++++--
+ .../hazmat/bindings/openssl/_conditional.py | 36 +++++++++++++++
+ 2 files changed, 77 insertions(+), 4 deletions(-)
+
+--- a/src/_cffi_src/openssl/ssl.py
++++ b/src/_cffi_src/openssl/ssl.py
+@@ -14,12 +14,14 @@ TYPES = """
+ static const long Cryptography_HAS_SSL_ST;
+ static const long Cryptography_HAS_TLS_ST;
+ static const long Cryptography_HAS_SSL3_METHOD;
+-static const long Cryptography_HAS_TLSv1_1;
+-static const long Cryptography_HAS_TLSv1_2;
++static const long Cryptography_HAS_TLS1_METHOD;
++static const long Cryptography_HAS_TLS1_1_METHOD;
++static const long Cryptography_HAS_TLS1_2_METHOD;
+ static const long Cryptography_HAS_TLSv1_3;
+ static const long Cryptography_HAS_SECURE_RENEGOTIATION;
+ static const long Cryptography_HAS_SSL_CTX_CLEAR_OPTIONS;
+ static const long Cryptography_HAS_DTLS;
++static const long Cryptography_HAS_DTLS1_METHOD;
+ static const long Cryptography_HAS_SIGALGS;
+ static const long Cryptography_HAS_PSK;
+ static const long Cryptography_HAS_VERIFIED_CHAIN;
+@@ -543,8 +545,43 @@ static const long Cryptography_HAS_SSL3_
+
+ static const long Cryptography_HAS_RELEASE_BUFFERS = 1;
+ static const long Cryptography_HAS_OP_NO_COMPRESSION = 1;
+-static const long Cryptography_HAS_TLSv1_1 = 1;
+-static const long Cryptography_HAS_TLSv1_2 = 1;
++
++#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
++static const long Cryptography_HAS_TLS1_METHOD = 0;
++const SSL_METHOD* (*TLSv1_method)(void) = NULL;
++const SSL_METHOD* (*TLSv1_server_method)(void) = NULL;
++const SSL_METHOD* (*TLSv1_client_method)(void) = NULL;
++#else
++static const long Cryptography_HAS_TLS1_METHOD = 1;
++#endif
++
++#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
++static const long Cryptography_HAS_TLS1_1_METHOD = 0;
++const SSL_METHOD* (*TLSv1_1_method)(void) = NULL;
++const SSL_METHOD* (*TLSv1_1_server_method)(void) = NULL;
++const SSL_METHOD* (*TLSv1_1_client_method)(void) = NULL;
++#else
++static const long Cryptography_HAS_TLS1_1_METHOD = 1;
++#endif
++
++#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
++static const long Cryptography_HAS_TLS1_2_METHOD = 0;
++const SSL_METHOD* (*TLSv1_2_method)(void) = NULL;
++const SSL_METHOD* (*TLSv1_2_server_method)(void) = NULL;
++const SSL_METHOD* (*TLSv1_2_client_method)(void) = NULL;
++#else
++static const long Cryptography_HAS_TLS1_2_METHOD = 1;
++#endif
++
++#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
++static const long Cryptography_HAS_DTLS1_METHOD = 0;
++const SSL_METHOD* (*DTLSv1_method)(void) = NULL;
++const SSL_METHOD* (*DTLSv1_server_method)(void) = NULL;
++const SSL_METHOD* (*DTLSv1_client_method)(void) = NULL;
++#else
++static const long Cryptography_HAS_DTLS1_METHOD = 1;
++#endif
++
+ static const long Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING = 1;
+ static const long Cryptography_HAS_SSL_OP_NO_TICKET = 1;
+ static const long Cryptography_HAS_SSL_SET_SSL_CTX = 1;
+--- a/src/cryptography/hazmat/bindings/openssl/_conditional.py
++++ b/src/cryptography/hazmat/bindings/openssl/_conditional.py
+@@ -33,6 +33,38 @@ def cryptography_has_ssl3_method():
+ ]
+
+
++def cryptography_has_tls1_method():
++ return [
++ "TLSv1_method",
++ "TLSv1_client_method",
++ "TLSv1_server_method",
++ ]
++
++
++def cryptography_has_tls1_1_method():
++ return [
++ "TLSv1_1_method",
++ "TLSv1_1_client_method",
++ "TLSv1_1_server_method",
++ ]
++
++
++def cryptography_has_tls1_2_method():
++ return [
++ "TLSv1_2_method",
++ "TLSv1_2_client_method",
++ "TLSv1_2_server_method",
++ ]
++
++
++def cryptography_has_dtls1_method():
++ return [
++ "DTLSv1_method",
++ "DTLSv1_client_method",
++ "DTLSv1_server_method",
++ ]
++
++
+ def cryptography_has_102_verification():
+ return [
+ "X509_V_ERR_SUITE_B_INVALID_VERSION",
+@@ -286,6 +318,10 @@ CONDITIONAL_NAMES = {
+ "Cryptography_HAS_RSA_OAEP_MD": cryptography_has_rsa_oaep_md,
+ "Cryptography_HAS_RSA_OAEP_LABEL": cryptography_has_rsa_oaep_label,
+ "Cryptography_HAS_SSL3_METHOD": cryptography_has_ssl3_method,
++ "Cryptography_HAS_TLS1_METHOD": cryptography_has_tls1_method,
++ "Cryptography_HAS_TLS1_1_METHOD": cryptography_has_tls1_1_method,
++ "Cryptography_HAS_TLS1_2_METHOD": cryptography_has_tls1_2_method,
++ "Cryptography_HAS_DTLS1_METHOD": cryptography_has_dtls1_method,
+ "Cryptography_HAS_102_VERIFICATION": cryptography_has_102_verification,
+ "Cryptography_HAS_110_VERIFICATION_PARAMS": (
+ cryptography_has_110_verification_params
--- /dev/null
+From 008e299aaf32af0b93eede649c6942af93b1c11e Mon Sep 17 00:00:00 2001
+From: Rosen Penev <rosenp@gmail.com>
+Date: Sat, 15 Jun 2019 17:49:25 -0700
+Subject: [PATCH 4/7] Replace EVP_CIPHER_CTX_cleanup with EVP_CIPHER_CTX_reset
+
+Deprecated in OpenSSL 1.1
+---
+ src/_cffi_src/openssl/evp.py | 6 ++++++
+ src/cryptography/hazmat/backends/openssl/ciphers.py | 2 +-
+ 2 files changed, 7 insertions(+), 1 deletion(-)
+
+--- a/src/_cffi_src/openssl/evp.py
++++ b/src/_cffi_src/openssl/evp.py
+@@ -48,6 +48,7 @@ int EVP_CipherUpdate(EVP_CIPHER_CTX *, u
+ const unsigned char *, int);
+ int EVP_CipherFinal_ex(EVP_CIPHER_CTX *, unsigned char *, int *);
+ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *);
++int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *);
+ EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void);
+ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *);
+ int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *, int);
+@@ -269,4 +270,9 @@ static const long Cryptography_HAS_EVP_D
+ #ifndef EVP_PKEY_POLY1305
+ #define EVP_PKEY_POLY1305 NID_poly1305
+ #endif
++
++#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
++#define EVP_CIPHER_CTX_cleanup EVP_CIPHER_CTX_reset
++#define OpenSSL_add_all_algorithms() do {} while(0)
++#endif
+ """
+--- a/src/cryptography/hazmat/backends/openssl/ciphers.py
++++ b/src/cryptography/hazmat/backends/openssl/ciphers.py
+@@ -199,7 +199,7 @@ class _CipherContext(object):
+ self._backend.openssl_assert(res != 0)
+ self._tag = self._backend._ffi.buffer(tag_buf)[:]
+
+- res = self._backend._lib.EVP_CIPHER_CTX_cleanup(self._ctx)
++ res = self._backend._lib.EVP_CIPHER_CTX_reset(self._ctx)
+ self._backend.openssl_assert(res == 1)
+ return self._backend._ffi.buffer(buf)[: outlen[0]]
+
--- /dev/null
+From 339e0ab364ca931435c0ad134dc6047eb6974540 Mon Sep 17 00:00:00 2001
+From: Rosen Penev <rosenp@gmail.com>
+Date: Sat, 15 Jun 2019 18:47:46 -0700
+Subject: [PATCH 5/7] Switch get_*Update APIs to get0
+
+Deprecated in 1.1
+---
+ src/_cffi_src/openssl/x509.py | 27 ++++++++++++++++---
+ .../hazmat/backends/openssl/backend.py | 4 +--
+ .../hazmat/backends/openssl/x509.py | 8 +++---
+ 3 files changed, 29 insertions(+), 10 deletions(-)
+
+--- a/src/_cffi_src/openssl/x509.py
++++ b/src/_cffi_src/openssl/x509.py
+@@ -202,8 +202,10 @@ long X509_get_version(X509 *);
+
+ ASN1_TIME *X509_get_notBefore(X509 *);
+ ASN1_TIME *X509_get_notAfter(X509 *);
+-ASN1_TIME *X509_getm_notBefore(X509 *);
+-ASN1_TIME *X509_getm_notAfter(X509 *);
++ASN1_TIME *X509_getm_notBefore(const X509 *);
++ASN1_TIME *X509_getm_notAfter(const X509 *);
++const ASN1_TIME *X509_get0_notBefore(const X509 *);
++const ASN1_TIME *X509_get0_notAfter(const X509 *);
+
+ long X509_REQ_get_version(X509_REQ *);
+ X509_NAME *X509_REQ_get_subject_name(X509_REQ *);
+@@ -235,6 +237,8 @@ X509_CRL *sk_X509_CRL_value(Cryptography
+ long X509_CRL_get_version(X509_CRL *);
+ ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *);
+ ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *);
++const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *);
++const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *);
+ X509_NAME *X509_CRL_get_issuer(X509_CRL *);
+ Cryptography_STACK_OF_X509_REVOKED *X509_CRL_get_REVOKED(X509_CRL *);
+
+@@ -243,8 +247,11 @@ int X509_CRL_set_lastUpdate(X509_CRL *,
+ int X509_CRL_set_nextUpdate(X509_CRL *, ASN1_TIME *);
+ int X509_set_notBefore(X509 *, ASN1_TIME *);
+ int X509_set_notAfter(X509 *, ASN1_TIME *);
+-int X509_set1_notBefore(X509 *, ASN1_TIME *);
+-int X509_set1_notAfter(X509 *, ASN1_TIME *);
++
++int X509_CRL_set1_lastUpdate(X509_CRL *, const ASN1_TIME *);
++int X509_CRL_set1_nextUpdate(X509_CRL *, const ASN1_TIME *);
++int X509_set1_notBefore(X509 *, const ASN1_TIME *);
++int X509_set1_notAfter(X509 *, const ASN1_TIME *);
+
+ EC_KEY *d2i_EC_PUBKEY_bio(BIO *, EC_KEY **);
+ int i2d_EC_PUBKEY_bio(BIO *, EC_KEY *);
+@@ -299,4 +306,16 @@ int i2d_re_X509_CRL_tbs(X509_CRL *crl, u
+ return i2d_X509_CRL_INFO(crl->crl, pp);
+ }
+ #endif
++
++#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
++#define X509_get_notBefore X509_get0_notBefore
++#define X509_get_notAfter X509_get0_notAfter
++#define X509_set_notBefore X509_set1_notBefore
++#define X509_set_notAfter X509_set1_notAfter
++
++#define X509_CRL_get_lastUpdate X509_CRL_get0_lastUpdate
++#define X509_CRL_get_nextUpdate X509_CRL_get0_nextUpdate
++#define X509_CRL_set_lastUpdate X509_CRL_set1_lastUpdate
++#define X509_CRL_set_nextUpdate X509_CRL_set1_nextUpdate
++#endif
+ """
+--- a/src/cryptography/hazmat/backends/openssl/backend.py
++++ b/src/cryptography/hazmat/backends/openssl/backend.py
+@@ -1128,12 +1128,12 @@ class Backend(object):
+
+ # Set the last update time.
+ last_update = self._create_asn1_time(builder._last_update)
+- res = self._lib.X509_CRL_set_lastUpdate(x509_crl, last_update)
++ res = self._lib.X509_CRL_set1_lastUpdate(x509_crl, last_update)
+ self.openssl_assert(res == 1)
+
+ # Set the next update time.
+ next_update = self._create_asn1_time(builder._next_update)
+- res = self._lib.X509_CRL_set_nextUpdate(x509_crl, next_update)
++ res = self._lib.X509_CRL_set1_nextUpdate(x509_crl, next_update)
+ self.openssl_assert(res == 1)
+
+ # Add extensions.
+--- a/src/cryptography/hazmat/backends/openssl/x509.py
++++ b/src/cryptography/hazmat/backends/openssl/x509.py
+@@ -86,12 +86,12 @@ class _Certificate(object):
+
+ @property
+ def not_valid_before(self):
+- asn1_time = self._backend._lib.X509_getm_notBefore(self._x509)
++ asn1_time = self._backend._lib.X509_get0_notBefore(self._x509)
+ return _parse_asn1_time(self._backend, asn1_time)
+
+ @property
+ def not_valid_after(self):
+- asn1_time = self._backend._lib.X509_getm_notAfter(self._x509)
++ asn1_time = self._backend._lib.X509_get0_notAfter(self._x509)
+ return _parse_asn1_time(self._backend, asn1_time)
+
+ @property
+@@ -277,13 +277,13 @@ class _CertificateRevocationList(object)
+
+ @property
+ def next_update(self):
+- nu = self._backend._lib.X509_CRL_get_nextUpdate(self._x509_crl)
++ nu = self._backend._lib.X509_CRL_get0_nextUpdate(self._x509_crl)
+ self._backend.openssl_assert(nu != self._backend._ffi.NULL)
+ return _parse_asn1_time(self._backend, nu)
+
+ @property
+ def last_update(self):
+- lu = self._backend._lib.X509_CRL_get_lastUpdate(self._x509_crl)
++ lu = self._backend._lib.X509_CRL_get0_lastUpdate(self._x509_crl)
+ self._backend.openssl_assert(lu != self._backend._ffi.NULL)
+ return _parse_asn1_time(self._backend, lu)
+
--- /dev/null
+From 98bf3eda9c950158cf6a0a6a698dd365712201b1 Mon Sep 17 00:00:00 2001
+From: Rosen Penev <rosenp@gmail.com>
+Date: Mon, 25 Nov 2019 12:06:16 -0800
+Subject: [PATCH 6/7] Add X509_STORE_CTX_trusted_stack compatibility macro
+
+Deprecated in 1.1
+
+Signed-off-by: Rosen Penev <rosenp@gmail.com>
+---
+ src/_cffi_src/openssl/x509_vfy.py | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+--- a/src/_cffi_src/openssl/x509_vfy.py
++++ b/src/_cffi_src/openssl/x509_vfy.py
+@@ -157,8 +157,12 @@ int X509_STORE_CTX_init(X509_STORE_CTX *
+ Cryptography_STACK_OF_X509 *);
+ void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *,
+ Cryptography_STACK_OF_X509 *);
++void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *,
++ Cryptography_STACK_OF_X509 *);
+ void X509_STORE_CTX_set_cert(X509_STORE_CTX *, X509 *);
+-void X509_STORE_CTX_set_chain(X509_STORE_CTX *,Cryptography_STACK_OF_X509 *);
++void X509_STORE_CTX_set_chain(X509_STORE_CTX *, Cryptography_STACK_OF_X509 *);
++void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *,
++ Cryptography_STACK_OF_X509 *);
+ X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *);
+ void X509_STORE_CTX_set0_param(X509_STORE_CTX *, X509_VERIFY_PARAM *);
+ int X509_STORE_CTX_set_default(X509_STORE_CTX *, const char *);
+@@ -260,4 +264,10 @@ static const long Cryptography_HAS_X509_
+ #else
+ static const long Cryptography_HAS_X509_CB_ISSUER_CHECK = 1;
+ #endif
++
++#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
++#define X509_STORE_CTX_trusted_stack X509_STORE_CTX_set0_trusted_stack
++#define X509_STORE_CTX_set_chain X509_STORE_CTX_set0_untrusted
++#define X509_STORE_CTX_get_chain X509_STORE_CTX_get1_chain
++#endif
+ """
--- /dev/null
+From e96af1cee523c5551c7fc5f36eba8e271fa51b20 Mon Sep 17 00:00:00 2001
+From: Rosen Penev <rosenp@gmail.com>
+Date: Thu, 5 Dec 2019 12:52:13 -0800
+Subject: [PATCH 7/7] Add defines for totally deprecated functions
+
+---
+ src/_cffi_src/openssl/conf.py | 4 ++++
+ src/_cffi_src/openssl/crypto.py | 4 ++++
+ src/_cffi_src/openssl/ecdh.py | 3 +++
+ src/_cffi_src/openssl/ssl.py | 5 +++++
+ 4 files changed, 16 insertions(+)
+
+--- a/src/_cffi_src/openssl/conf.py
++++ b/src/_cffi_src/openssl/conf.py
+@@ -18,4 +18,8 @@ void OPENSSL_no_config(void);
+ """
+
+ CUSTOMIZATIONS = """
++#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
++#define OPENSSL_config(x) 0
++#define OPENSSL_no_config() 0
++#endif
+ """
+--- a/src/_cffi_src/openssl/crypto.py
++++ b/src/_cffi_src/openssl/crypto.py
+@@ -114,4 +114,8 @@ void *Cryptography_realloc_wrapper(void
+ void Cryptography_free_wrapper(void *ptr, const char *path, int line) {
+ free(ptr);
+ }
++
++#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
++#define CRYPTO_get_locking_callback() 0
++#endif
+ """
+--- a/src/_cffi_src/openssl/ecdh.py
++++ b/src/_cffi_src/openssl/ecdh.py
+@@ -18,4 +18,7 @@ long SSL_CTX_set_ecdh_auto(SSL_CTX *, in
+ """
+
+ CUSTOMIZATIONS = """
++#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
++#define SSL_CTX_set_ecdh_auto(a, b) ((b) != 0)
++#endif
+ """
+--- a/src/_cffi_src/openssl/ssl.py
++++ b/src/_cffi_src/openssl/ssl.py
+@@ -739,4 +739,9 @@ long (*SSL_get_max_proto_version)(SSL *)
+ #else
+ static const long Cryptography_HAS_GET_PROTO_VERSION = 1;
+ #endif
++
++#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
++#define SSL_library_init() 1
++#define SSL_load_error_strings() 0
++#endif
+ """
+++ /dev/null
-From 1d97b931bf4701fbd3478d2b788ec4310d9eb8e1 Mon Sep 17 00:00:00 2001
-From: Rosen Penev <rosenp@gmail.com>
-Date: Fri, 7 Jun 2019 18:18:46 -0700
-Subject: [PATCH] Add new ASN1_STRING_get0_data API
-
-Introduced with OpenSSL 1.1
----
- src/_cffi_src/openssl/asn1.py | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
---- a/src/_cffi_src/openssl/asn1.py
-+++ b/src/_cffi_src/openssl/asn1.py
-@@ -45,6 +45,7 @@ void ASN1_OBJECT_free(ASN1_OBJECT *);
-
- /* ASN1 STRING */
- unsigned char *ASN1_STRING_data(ASN1_STRING *);
-+const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *);
- int ASN1_STRING_set(ASN1_STRING *, const void *, int);
-
- /* ASN1 OCTET STRING */
-@@ -105,4 +106,11 @@ ASN1_NULL *ASN1_NULL_new(void);
- """
-
- CUSTOMIZATIONS = """
-+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER
-+#define ASN1_STRING_get0_data ASN1_STRING_data
-+#endif
-+
-+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
-+#define ASN1_STRING_data ASN1_STRING_get0_data
-+#endif
- """
+++ /dev/null
-From a30684980e8f1f7472d885487880b405608f4122 Mon Sep 17 00:00:00 2001
-From: Rosen Penev <rosenp@gmail.com>
-Date: Fri, 7 Jun 2019 20:42:04 -0700
-Subject: [PATCH] Add compatibility for X509_STORE_set_get_issuer
-
-Deprecated under OpenSSL 1.1.
----
- src/_cffi_src/openssl/x509_vfy.py | 8 ++++++++
- src/cryptography/hazmat/bindings/openssl/_conditional.py | 9 +++++++++
- 2 files changed, 17 insertions(+)
-
---- a/src/_cffi_src/openssl/x509_vfy.py
-+++ b/src/_cffi_src/openssl/x509_vfy.py
-@@ -22,6 +22,7 @@ TYPES = """
- static const long Cryptography_HAS_102_VERIFICATION;
- static const long Cryptography_HAS_110_VERIFICATION_PARAMS;
- static const long Cryptography_HAS_X509_STORE_CTX_GET_ISSUER;
-+static const long Cryptography_HAS_X509_CB_ISSUER_CHECK;
-
- typedef ... Cryptography_STACK_OF_ASN1_OBJECT;
- typedef ... Cryptography_STACK_OF_X509_OBJECT;
-@@ -274,4 +275,11 @@ void (*X509_STORE_set_get_issuer)(X509_S
- #else
- static const long Cryptography_HAS_X509_STORE_CTX_GET_ISSUER = 1;
- #endif
-+
-+#ifndef X509_V_FLAG_CB_ISSUER_CHECK
-+static const long Cryptography_HAS_X509_CB_ISSUER_CHECK = 0;
-+#define X509_V_FLAG_CB_ISSUER_CHECK 0x0
-+#else
-+static const long Cryptography_HAS_X509_CB_ISSUER_CHECK = 1;
-+#endif
- """
---- a/src/cryptography/hazmat/bindings/openssl/_conditional.py
-+++ b/src/cryptography/hazmat/bindings/openssl/_conditional.py
-@@ -291,6 +291,12 @@ def cryptography_has_srtp():
- ]
-
-
-+def cryptography_has_x509_cb_issuer_check():
-+ return [
-+ "X509_V_FLAG_CB_ISSUER_CHECK",
-+ ]
-+
-+
- # This is a mapping of
- # {condition: function-returning-names-dependent-on-that-condition} so we can
- # loop over them and delete unsupported names at runtime. It will be removed
-@@ -342,4 +348,7 @@ CONDITIONAL_NAMES = {
- "Cryptography_HAS_ENGINE": cryptography_has_engine,
- "Cryptography_HAS_VERIFIED_CHAIN": cryptography_has_verified_chain,
- "Cryptography_HAS_SRTP": cryptography_has_srtp,
-+ "Cryptography_HAS_X509_CB_ISSUER_CHECK": (
-+ cryptography_has_x509_cb_issuer_check
-+ ),
- }
+++ /dev/null
-From 3f3b85a59d3c2cb021174ad92ad3a43d9eb73e62 Mon Sep 17 00:00:00 2001
-From: Rosen Penev <rosenp@gmail.com>
-Date: Fri, 7 Jun 2019 21:00:46 -0700
-Subject: [PATCH] Add compatibility for deprecated TLS methods
-
----
- src/_cffi_src/openssl/ssl.py | 45 +++++++++++++++++--
- .../hazmat/bindings/openssl/_conditional.py | 36 +++++++++++++++
- 2 files changed, 77 insertions(+), 4 deletions(-)
-
---- a/src/_cffi_src/openssl/ssl.py
-+++ b/src/_cffi_src/openssl/ssl.py
-@@ -15,8 +15,9 @@ static const long Cryptography_HAS_SSL_S
- static const long Cryptography_HAS_TLS_ST;
- static const long Cryptography_HAS_SSL2;
- static const long Cryptography_HAS_SSL3_METHOD;
--static const long Cryptography_HAS_TLSv1_1;
--static const long Cryptography_HAS_TLSv1_2;
-+static const long Cryptography_HAS_TLS1_METHOD;
-+static const long Cryptography_HAS_TLS1_1_METHOD;
-+static const long Cryptography_HAS_TLS1_2_METHOD;
- static const long Cryptography_HAS_TLSv1_3;
- static const long Cryptography_HAS_SECURE_RENEGOTIATION;
- static const long Cryptography_HAS_TLSEXT_STATUS_REQ_CB;
-@@ -24,6 +25,7 @@ static const long Cryptography_HAS_STATU
- static const long Cryptography_HAS_TLSEXT_STATUS_REQ_TYPE;
- static const long Cryptography_HAS_SSL_CTX_CLEAR_OPTIONS;
- static const long Cryptography_HAS_DTLS;
-+static const long Cryptography_HAS_DTLS1_METHOD;
- static const long Cryptography_HAS_SIGALGS;
- static const long Cryptography_HAS_PSK;
- static const long Cryptography_HAS_CIPHER_DETAILS;
-@@ -596,8 +598,43 @@ static const long Cryptography_HAS_STATU
- static const long Cryptography_HAS_TLSEXT_STATUS_REQ_TYPE = 1;
- static const long Cryptography_HAS_RELEASE_BUFFERS = 1;
- static const long Cryptography_HAS_OP_NO_COMPRESSION = 1;
--static const long Cryptography_HAS_TLSv1_1 = 1;
--static const long Cryptography_HAS_TLSv1_2 = 1;
-+
-+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
-+static const long Cryptography_HAS_TLS1_METHOD = 0;
-+const SSL_METHOD* (*TLSv1_method)(void) = NULL;
-+const SSL_METHOD* (*TLSv1_server_method)(void) = NULL;
-+const SSL_METHOD* (*TLSv1_client_method)(void) = NULL;
-+#else
-+static const long Cryptography_HAS_TLS1_METHOD = 1;
-+#endif
-+
-+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
-+static const long Cryptography_HAS_TLS1_1_METHOD = 0;
-+const SSL_METHOD* (*TLSv1_1_method)(void) = NULL;
-+const SSL_METHOD* (*TLSv1_1_server_method)(void) = NULL;
-+const SSL_METHOD* (*TLSv1_1_client_method)(void) = NULL;
-+#else
-+static const long Cryptography_HAS_TLS1_1_METHOD = 1;
-+#endif
-+
-+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
-+static const long Cryptography_HAS_TLS1_2_METHOD = 0;
-+const SSL_METHOD* (*TLSv1_2_method)(void) = NULL;
-+const SSL_METHOD* (*TLSv1_2_server_method)(void) = NULL;
-+const SSL_METHOD* (*TLSv1_2_client_method)(void) = NULL;
-+#else
-+static const long Cryptography_HAS_TLS1_2_METHOD = 1;
-+#endif
-+
-+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
-+static const long Cryptography_HAS_DTLS1_METHOD = 0;
-+const SSL_METHOD* (*DTLSv1_method)(void) = NULL;
-+const SSL_METHOD* (*DTLSv1_server_method)(void) = NULL;
-+const SSL_METHOD* (*DTLSv1_client_method)(void) = NULL;
-+#else
-+static const long Cryptography_HAS_DTLS1_METHOD = 1;
-+#endif
-+
- static const long Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING = 1;
- static const long Cryptography_HAS_SSL_OP_NO_TICKET = 1;
- static const long Cryptography_HAS_SSL_SET_SSL_CTX = 1;
---- a/src/cryptography/hazmat/bindings/openssl/_conditional.py
-+++ b/src/cryptography/hazmat/bindings/openssl/_conditional.py
-@@ -33,6 +33,38 @@ def cryptography_has_ssl3_method():
- ]
-
-
-+def cryptography_has_tls1_method():
-+ return [
-+ "TLSv1_method",
-+ "TLSv1_client_method",
-+ "TLSv1_server_method",
-+ ]
-+
-+
-+def cryptography_has_tls1_1_method():
-+ return [
-+ "TLSv1_1_method",
-+ "TLSv1_1_client_method",
-+ "TLSv1_1_server_method",
-+ ]
-+
-+
-+def cryptography_has_tls1_2_method():
-+ return [
-+ "TLSv1_2_method",
-+ "TLSv1_2_client_method",
-+ "TLSv1_2_server_method",
-+ ]
-+
-+
-+def cryptography_has_dtls1_method():
-+ return [
-+ "DTLSv1_method",
-+ "DTLSv1_client_method",
-+ "DTLSv1_server_method",
-+ ]
-+
-+
- def cryptography_has_102_verification():
- return [
- "X509_V_ERR_SUITE_B_INVALID_VERSION",
-@@ -307,6 +339,10 @@ CONDITIONAL_NAMES = {
- "Cryptography_HAS_RSA_OAEP_MD": cryptography_has_rsa_oaep_md,
- "Cryptography_HAS_RSA_OAEP_LABEL": cryptography_has_rsa_oaep_label,
- "Cryptography_HAS_SSL3_METHOD": cryptography_has_ssl3_method,
-+ "Cryptography_HAS_TLS1_METHOD": cryptography_has_tls1_method,
-+ "Cryptography_HAS_TLS1_1_METHOD": cryptography_has_tls1_1_method,
-+ "Cryptography_HAS_TLS1_2_METHOD": cryptography_has_tls1_2_method,
-+ "Cryptography_HAS_DTLS1_METHOD": cryptography_has_dtls1_method,
- "Cryptography_HAS_102_VERIFICATION": cryptography_has_102_verification,
- "Cryptography_HAS_110_VERIFICATION_PARAMS": (
- cryptography_has_110_verification_params
+++ /dev/null
-From 50c1e937342c8b13c8a80c3bb55ce245aecdcdfe Mon Sep 17 00:00:00 2001
-From: Rosen Penev <rosenp@gmail.com>
-Date: Sat, 15 Jun 2019 17:49:25 -0700
-Subject: [PATCH] Replace EVP_CIPHER_CTX_cleanup with EVP_CIPHER_CTX_reset
-
-Deprecated in OpenSSL 1.1
----
- src/_cffi_src/openssl/evp.py | 10 ++++++++++
- src/cryptography/hazmat/backends/openssl/ciphers.py | 2 +-
- 2 files changed, 11 insertions(+), 1 deletion(-)
-
---- a/src/_cffi_src/openssl/evp.py
-+++ b/src/_cffi_src/openssl/evp.py
-@@ -48,6 +48,7 @@ int EVP_CipherUpdate(EVP_CIPHER_CTX *, u
- const unsigned char *, int);
- int EVP_CipherFinal_ex(EVP_CIPHER_CTX *, unsigned char *, int *);
- int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *);
-+int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *);
- EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void);
- void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *);
- int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *, int);
-@@ -273,4 +274,13 @@ static const long Cryptography_HAS_EVP_D
- #ifndef EVP_PKEY_POLY1305
- #define EVP_PKEY_POLY1305 NID_poly1305
- #endif
-+
-+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_LIBRESSL_27_OR_GREATER
-+#define EVP_CIPHER_CTX_reset EVP_CIPHER_CTX_cleanup
-+#endif
-+
-+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
-+#define EVP_CIPHER_CTX_cleanup EVP_CIPHER_CTX_reset
-+#define OpenSSL_add_all_algorithms() do {} while(0)
-+#endif
- """
---- a/src/cryptography/hazmat/backends/openssl/ciphers.py
-+++ b/src/cryptography/hazmat/backends/openssl/ciphers.py
-@@ -199,7 +199,7 @@ class _CipherContext(object):
- self._backend.openssl_assert(res != 0)
- self._tag = self._backend._ffi.buffer(tag_buf)[:]
-
-- res = self._backend._lib.EVP_CIPHER_CTX_cleanup(self._ctx)
-+ res = self._backend._lib.EVP_CIPHER_CTX_reset(self._ctx)
- self._backend.openssl_assert(res == 1)
- return self._backend._ffi.buffer(buf)[: outlen[0]]
-
+++ /dev/null
-From 645c30f76bce250772ce4e0b878e7228bd104277 Mon Sep 17 00:00:00 2001
-From: Rosen Penev <rosenp@gmail.com>
-Date: Sat, 15 Jun 2019 18:47:46 -0700
-Subject: [PATCH] Switch get_*Update APIs to get0
-
-Deprecated in 1.1
----
- src/_cffi_src/openssl/x509.py | 34 ++++++++++++++++---
- .../hazmat/backends/openssl/backend.py | 4 +--
- .../hazmat/backends/openssl/x509.py | 8 ++---
- 3 files changed, 36 insertions(+), 10 deletions(-)
-
---- a/src/_cffi_src/openssl/x509.py
-+++ b/src/_cffi_src/openssl/x509.py
-@@ -202,8 +202,10 @@ long X509_get_version(X509 *);
-
- ASN1_TIME *X509_get_notBefore(X509 *);
- ASN1_TIME *X509_get_notAfter(X509 *);
--ASN1_TIME *X509_getm_notBefore(X509 *);
--ASN1_TIME *X509_getm_notAfter(X509 *);
-+ASN1_TIME *X509_getm_notBefore(const X509 *);
-+ASN1_TIME *X509_getm_notAfter(const X509 *);
-+const ASN1_TIME *X509_get0_notBefore(const X509 *);
-+const ASN1_TIME *X509_get0_notAfter(const X509 *);
-
- long X509_REQ_get_version(X509_REQ *);
- X509_NAME *X509_REQ_get_subject_name(X509_REQ *);
-@@ -235,6 +237,8 @@ X509_CRL *sk_X509_CRL_value(Cryptography
- long X509_CRL_get_version(X509_CRL *);
- ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *);
- ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *);
-+const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *);
-+const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *);
- X509_NAME *X509_CRL_get_issuer(X509_CRL *);
- Cryptography_STACK_OF_X509_REVOKED *X509_CRL_get_REVOKED(X509_CRL *);
-
-@@ -243,8 +247,11 @@ int X509_CRL_set_lastUpdate(X509_CRL *,
- int X509_CRL_set_nextUpdate(X509_CRL *, ASN1_TIME *);
- int X509_set_notBefore(X509 *, ASN1_TIME *);
- int X509_set_notAfter(X509 *, ASN1_TIME *);
--int X509_set1_notBefore(X509 *, ASN1_TIME *);
--int X509_set1_notAfter(X509 *, ASN1_TIME *);
-+
-+int X509_CRL_set1_lastUpdate(X509_CRL *, const ASN1_TIME *);
-+int X509_CRL_set1_nextUpdate(X509_CRL *, const ASN1_TIME *);
-+int X509_set1_notBefore(X509 *, const ASN1_TIME *);
-+int X509_set1_notAfter(X509 *, const ASN1_TIME *);
-
- EC_KEY *d2i_EC_PUBKEY_bio(BIO *, EC_KEY **);
- int i2d_EC_PUBKEY_bio(BIO *, EC_KEY *);
-@@ -339,6 +346,25 @@ const ASN1_INTEGER *X509_REVOKED_get0_se
- #define X509_set1_notAfter X509_set_notAfter
- #define X509_getm_notAfter X509_get_notAfter
- #define X509_getm_notBefore X509_get_notBefore
-+#define X509_get0_notAfter X509_get_notAfter
-+#define X509_get0_notBefore X509_get_notBefore
-+
-+#define X509_CRL_set1_lastUpdate X509_CRL_set_lastUpdate
-+#define X509_CRL_set1_nextUpdate X509_CRL_set_nextUpdate
-+#define X509_CRL_get0_lastUpdate X509_CRL_get_lastUpdate
-+#define X509_CRL_get0_nextUpdate X509_CRL_get_nextUpdate
- #endif
- #endif
-+
-+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
-+#define X509_set_notBefore X509_set1_notBefore
-+#define X509_set_notAfter X509_set1_notAfter
-+#define X509_get_notAfter X509_get0_notAfter
-+#define X509_get_notBefore X509_get0_notBefore
-+
-+#define X509_CRL_get_lastUpdate X509_CRL_get0_lastUpdate
-+#define X509_CRL_get_nextUpdate X509_CRL_get0_nextUpdate
-+#define X509_CRL_set_lastUpdate X509_CRL_set1_lastUpdate
-+#define X509_CRL_set_nextUpdate X509_CRL_set1_nextUpdate
-+#endif
- """
---- a/src/cryptography/hazmat/backends/openssl/backend.py
-+++ b/src/cryptography/hazmat/backends/openssl/backend.py
-@@ -1127,12 +1127,12 @@ class Backend(object):
-
- # Set the last update time.
- last_update = self._create_asn1_time(builder._last_update)
-- res = self._lib.X509_CRL_set_lastUpdate(x509_crl, last_update)
-+ res = self._lib.X509_CRL_set1_lastUpdate(x509_crl, last_update)
- self.openssl_assert(res == 1)
-
- # Set the next update time.
- next_update = self._create_asn1_time(builder._next_update)
-- res = self._lib.X509_CRL_set_nextUpdate(x509_crl, next_update)
-+ res = self._lib.X509_CRL_set1_nextUpdate(x509_crl, next_update)
- self.openssl_assert(res == 1)
-
- # Add extensions.
---- a/src/cryptography/hazmat/backends/openssl/x509.py
-+++ b/src/cryptography/hazmat/backends/openssl/x509.py
-@@ -86,12 +86,12 @@ class _Certificate(object):
-
- @property
- def not_valid_before(self):
-- asn1_time = self._backend._lib.X509_getm_notBefore(self._x509)
-+ asn1_time = self._backend._lib.X509_get0_notBefore(self._x509)
- return _parse_asn1_time(self._backend, asn1_time)
-
- @property
- def not_valid_after(self):
-- asn1_time = self._backend._lib.X509_getm_notAfter(self._x509)
-+ asn1_time = self._backend._lib.X509_get0_notAfter(self._x509)
- return _parse_asn1_time(self._backend, asn1_time)
-
- @property
-@@ -277,13 +277,13 @@ class _CertificateRevocationList(object)
-
- @property
- def next_update(self):
-- nu = self._backend._lib.X509_CRL_get_nextUpdate(self._x509_crl)
-+ nu = self._backend._lib.X509_CRL_get0_nextUpdate(self._x509_crl)
- self._backend.openssl_assert(nu != self._backend._ffi.NULL)
- return _parse_asn1_time(self._backend, nu)
-
- @property
- def last_update(self):
-- lu = self._backend._lib.X509_CRL_get_lastUpdate(self._x509_crl)
-+ lu = self._backend._lib.X509_CRL_get0_lastUpdate(self._x509_crl)
- self._backend.openssl_assert(lu != self._backend._ffi.NULL)
- return _parse_asn1_time(self._backend, lu)
-
+++ /dev/null
-From 07fb50eecc3a3a50ac543f53f98c285eb1ceeb1e Mon Sep 17 00:00:00 2001
-From: Rosen Penev <rosenp@gmail.com>
-Date: Mon, 25 Nov 2019 12:06:16 -0800
-Subject: [PATCH] Add X509_STORE_CTX_trusted_stack compatibility macro
-
-Deprecated in 1.1
-
-Signed-off-by: Rosen Penev <rosenp@gmail.com>
----
- src/_cffi_src/openssl/x509_vfy.py | 17 ++++++++++++++++-
- 1 file changed, 16 insertions(+), 1 deletion(-)
-
---- a/src/_cffi_src/openssl/x509_vfy.py
-+++ b/src/_cffi_src/openssl/x509_vfy.py
-@@ -157,8 +157,12 @@ int X509_STORE_CTX_init(X509_STORE_CTX *
- Cryptography_STACK_OF_X509 *);
- void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *,
- Cryptography_STACK_OF_X509 *);
-+void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *,
-+ Cryptography_STACK_OF_X509 *);
- void X509_STORE_CTX_set_cert(X509_STORE_CTX *, X509 *);
--void X509_STORE_CTX_set_chain(X509_STORE_CTX *,Cryptography_STACK_OF_X509 *);
-+void X509_STORE_CTX_set_chain(X509_STORE_CTX *, Cryptography_STACK_OF_X509 *);
-+void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *,
-+ Cryptography_STACK_OF_X509 *);
- X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *);
- void X509_STORE_CTX_set0_param(X509_STORE_CTX *, X509_VERIFY_PARAM *);
- int X509_STORE_CTX_set_default(X509_STORE_CTX *, const char *);
-@@ -282,4 +286,15 @@ static const long Cryptography_HAS_X509_
- #else
- static const long Cryptography_HAS_X509_CB_ISSUER_CHECK = 1;
- #endif
-+
-+#if CRYPTOGRAPHY_OPENSSL_LESS_THAN_110 && !CRYPTOGRAPHY_IS_LIBRESSL
-+#define X509_STORE_CTX_set0_trusted_stack X509_STORE_CTX_trusted_stack
-+#define X509_STORE_CTX_set0_untrusted X509_STORE_CTX_set_chain
-+#endif
-+
-+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
-+#define X509_STORE_CTX_trusted_stack X509_STORE_CTX_set0_trusted_stack
-+#define X509_STORE_CTX_set_chain X509_STORE_CTX_set0_untrusted
-+#define X509_STORE_CTX_get_chain X509_STORE_CTX_get1_chain
-+#endif
- """
+++ /dev/null
-From 93317e7835acf40a9b8b0f7af417240b57ab690a Mon Sep 17 00:00:00 2001
-From: Rosen Penev <rosenp@gmail.com>
-Date: Thu, 5 Dec 2019 12:52:13 -0800
-Subject: [PATCH] Add defines for totally deprecated functions
-
----
- src/_cffi_src/openssl/conf.py | 4 ++++
- src/_cffi_src/openssl/crypto.py | 4 ++++
- src/_cffi_src/openssl/ssl.py | 5 +++++
- 3 files changed, 13 insertions(+)
-
---- a/src/_cffi_src/openssl/conf.py
-+++ b/src/_cffi_src/openssl/conf.py
-@@ -18,4 +18,8 @@ void OPENSSL_no_config(void);
- """
-
- CUSTOMIZATIONS = """
-+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
-+#define OPENSSL_config(x) 0
-+#define OPENSSL_no_config() 0
-+#endif
- """
---- a/src/_cffi_src/openssl/crypto.py
-+++ b/src/_cffi_src/openssl/crypto.py
-@@ -124,4 +124,8 @@ void *Cryptography_realloc_wrapper(void
- void Cryptography_free_wrapper(void *ptr, const char *path, int line) {
- free(ptr);
- }
-+
-+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
-+#define CRYPTO_get_locking_callback() 0
-+#endif
- """
---- a/src/_cffi_src/openssl/ssl.py
-+++ b/src/_cffi_src/openssl/ssl.py
-@@ -792,4 +792,9 @@ int (*SSL_CTX_set_max_early_data)(SSL_CT
- #else
- static const long Cryptography_HAS_TLSv1_3 = 1;
- #endif
-+
-+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
-+#define SSL_library_init() 1
-+#define SSL_load_error_strings() 0
-+#endif
- """
projects / feed / packages.git / commitdiff