Could it be that somehow in (in the latest build) - X509_STORE_set_purpose and
associated #defines are missing ?
In below - things work fine up until lib.X509_STORE_set_purpose() - but that
calls gives me a:
AttributeError: cffi library '_openssl' has no function, constant or global
variable named 'X509_STORE_set_purpose'
With kind regards,
Dw
# Create the pkcs7 object
pkcs7_object = lib.d2i_PKCS7_bio(bio.bio, ffi.NULL)
# We're not passing any untrusted certificates, the chain should
# complete, up to, but not including the CA cert, in the CMS package.
#
other = lib.sk_X509_new_null()
binding._openssl_assert(lib, other != ffi.NULL)
# We are prividing exactly one certificate - that of the certificate
# authority - as trusted. It has to be signed by this national root.
#
store = lib.X509_STORE_new()
lib.X509_STORE_add_cert(store, certificate._x509) # type: ignore
# As we're using certifcates somewhat off-label; we need to relax
# the purpose verification. This is the equivalent of the -purpose any
# flag in:
# openssl smime -verify -inform DER -content payload.raw \
# -CAfile ca.pem -in signature.p7 -purpose any
lib.X509_STORE_set_purpose(store, 7) # X509_PURPOSE_ANY
_______________________________________________
Cryptography-dev mailing list
Cryptography-dev@python.org
https://mail.python.org/mailman/listinfo/cryptography-dev
