Could it be that somehow in (in the latest build) - X509_STORE_set_purpose and 
associated #defines are missing ?

In below - things work fine up until lib.X509_STORE_set_purpose() - but that 
calls gives me a:

    AttributeError: cffi library '_openssl' has no function, constant or global 
variable named 'X509_STORE_set_purpose'

With kind regards,

Dw

    # Create the pkcs7 object
    pkcs7_object = lib.d2i_PKCS7_bio(bio.bio, ffi.NULL)

    # We're not passing any untrusted certificates, the chain should
    # complete, up to, but not including the CA cert, in the CMS package.
    #
    other = lib.sk_X509_new_null()
    binding._openssl_assert(lib, other != ffi.NULL)

    # We are prividing exactly one certificate - that of the certificate
    # authority - as trusted. It has to be signed by this national root.
    #
    store = lib.X509_STORE_new()
    lib.X509_STORE_add_cert(store, certificate._x509) # type: ignore

    # As we're using certifcates somewhat off-label; we need to relax
    # the purpose verification. This is the equivalent of the -purpose any
    # flag in:
   # openssl smime -verify -inform DER -content payload.raw \
   #      -CAfile ca.pem -in signature.p7 -purpose any
   lib.X509_STORE_set_purpose(store, 7) # X509_PURPOSE_ANY

_______________________________________________
Cryptography-dev mailing list
Cryptography-dev@python.org
https://mail.python.org/mailman/listinfo/cryptography-dev

Reply via email to