[Cryptography-dev] X509_STORE_set_purpose() missing
Dirk-Willem van Gulik
dirkx at webweaving.org
Sat Jul 31 07:08:57 EDT 2021
Could it be that somehow in (in the latest build) - X509_STORE_set_purpose and associated #defines are missing ?
In below - things work fine up until lib.X509_STORE_set_purpose() - but that calls gives me a:
AttributeError: cffi library '_openssl' has no function, constant or global variable named 'X509_STORE_set_purpose'
With kind regards,
Dw
# Create the pkcs7 object
pkcs7_object = lib.d2i_PKCS7_bio(bio.bio, ffi.NULL)
# We're not passing any untrusted certificates, the chain should
# complete, up to, but not including the CA cert, in the CMS package.
#
other = lib.sk_X509_new_null()
binding._openssl_assert(lib, other != ffi.NULL)
# We are prividing exactly one certificate - that of the certificate
# authority - as trusted. It has to be signed by this national root.
#
store = lib.X509_STORE_new()
lib.X509_STORE_add_cert(store, certificate._x509) # type: ignore
# As we're using certifcates somewhat off-label; we need to relax
# the purpose verification. This is the equivalent of the -purpose any
# flag in:
# openssl smime -verify -inform DER -content payload.raw \
# -CAfile ca.pem -in signature.p7 -purpose any
lib.X509_STORE_set_purpose(store, 7) # X509_PURPOSE_ANY
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.python.org/pipermail/cryptography-dev/attachments/20210731/7cc549b2/attachment.html>
More information about the Cryptography-dev
mailing list