openwrt-packages-dist/lang/python/python-cryptography/patches/050-Switch-get_-Update-APIs-to-get0.patch

From 645c30f76bce250772ce4e0b878e7228bd104277 Mon Sep 17 00:00:00 2001
From: Rosen Penev <rosenp@gmail.com>
Date: Sat, 15 Jun 2019 18:47:46 -0700
Subject: [PATCH] Switch get_*Update APIs to get0

Deprecated in 1.1
---
 src/_cffi_src/openssl/x509.py                 | 34 ++++++++++++++++---
 .../hazmat/backends/openssl/backend.py        |  4 +--
 .../hazmat/backends/openssl/x509.py           |  8 ++---
 3 files changed, 36 insertions(+), 10 deletions(-)

diff --git a/src/_cffi_src/openssl/x509.py b/src/_cffi_src/openssl/x509.py
index b88daa1f..54cd66c9 100644
--- a/src/_cffi_src/openssl/x509.py
+++ b/src/_cffi_src/openssl/x509.py
@@ -202,8 +202,10 @@ long X509_get_version(X509 *);
 
 ASN1_TIME *X509_get_notBefore(X509 *);
 ASN1_TIME *X509_get_notAfter(X509 *);
-ASN1_TIME *X509_getm_notBefore(X509 *);
-ASN1_TIME *X509_getm_notAfter(X509 *);
+ASN1_TIME *X509_getm_notBefore(const X509 *);
+ASN1_TIME *X509_getm_notAfter(const X509 *);
+const ASN1_TIME *X509_get0_notBefore(const X509 *);
+const ASN1_TIME *X509_get0_notAfter(const X509 *);
 
 long X509_REQ_get_version(X509_REQ *);
 X509_NAME *X509_REQ_get_subject_name(X509_REQ *);
@@ -235,6 +237,8 @@ X509_CRL *sk_X509_CRL_value(Cryptography_STACK_OF_X509_CRL *, int);
 long X509_CRL_get_version(X509_CRL *);
 ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *);
 ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *);
+const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *);
+const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *);
 X509_NAME *X509_CRL_get_issuer(X509_CRL *);
 Cryptography_STACK_OF_X509_REVOKED *X509_CRL_get_REVOKED(X509_CRL *);
 
@@ -243,8 +247,11 @@ int X509_CRL_set_lastUpdate(X509_CRL *, ASN1_TIME *);
 int X509_CRL_set_nextUpdate(X509_CRL *, ASN1_TIME *);
 int X509_set_notBefore(X509 *, ASN1_TIME *);
 int X509_set_notAfter(X509 *, ASN1_TIME *);
-int X509_set1_notBefore(X509 *, ASN1_TIME *);
-int X509_set1_notAfter(X509 *, ASN1_TIME *);
+
+int X509_CRL_set1_lastUpdate(X509_CRL *, const ASN1_TIME *);
+int X509_CRL_set1_nextUpdate(X509_CRL *, const ASN1_TIME *);
+int X509_set1_notBefore(X509 *, const ASN1_TIME *);
+int X509_set1_notAfter(X509 *, const ASN1_TIME *);
 
 EC_KEY *d2i_EC_PUBKEY_bio(BIO *, EC_KEY **);
 int i2d_EC_PUBKEY_bio(BIO *, EC_KEY *);
@@ -339,6 +346,25 @@ const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *x)
 #define X509_set1_notAfter X509_set_notAfter
 #define X509_getm_notAfter X509_get_notAfter
 #define X509_getm_notBefore X509_get_notBefore
+#define X509_get0_notAfter X509_get_notAfter
+#define X509_get0_notBefore X509_get_notBefore
+
+#define X509_CRL_set1_lastUpdate X509_CRL_set_lastUpdate
+#define X509_CRL_set1_nextUpdate X509_CRL_set_nextUpdate
+#define X509_CRL_get0_lastUpdate X509_CRL_get_lastUpdate
+#define X509_CRL_get0_nextUpdate X509_CRL_get_nextUpdate
+#endif
 #endif
+
+#if (OPENSSL_API_COMPAT >= 0x10100000L) && !CRYPTOGRAPHY_IS_LIBRESSL
+#define X509_set_notBefore X509_set1_notBefore
+#define X509_set_notAfter X509_set1_notAfter
+#define X509_get_notAfter X509_get0_notAfter
+#define X509_get_notBefore X509_get0_notBefore
+
+#define X509_CRL_get_lastUpdate X509_CRL_get0_lastUpdate
+#define X509_CRL_get_nextUpdate X509_CRL_get0_nextUpdate
+#define X509_CRL_set_lastUpdate X509_CRL_set1_lastUpdate
+#define X509_CRL_set_nextUpdate X509_CRL_set1_nextUpdate
 #endif
 """
diff --git a/src/cryptography/hazmat/backends/openssl/backend.py b/src/cryptography/hazmat/backends/openssl/backend.py
index 97c7fd05..891d6309 100644
--- a/src/cryptography/hazmat/backends/openssl/backend.py
+++ b/src/cryptography/hazmat/backends/openssl/backend.py
@@ -1129,12 +1129,12 @@ class Backend(object):
 
         # Set the last update time.
         last_update = self._create_asn1_time(builder._last_update)
-        res = self._lib.X509_CRL_set_lastUpdate(x509_crl, last_update)
+        res = self._lib.X509_CRL_set1_lastUpdate(x509_crl, last_update)
         self.openssl_assert(res == 1)
 
         # Set the next update time.
         next_update = self._create_asn1_time(builder._next_update)
-        res = self._lib.X509_CRL_set_nextUpdate(x509_crl, next_update)
+        res = self._lib.X509_CRL_set1_nextUpdate(x509_crl, next_update)
         self.openssl_assert(res == 1)
 
         # Add extensions.
diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py
index 4d0dac76..074211e6 100644
--- a/src/cryptography/hazmat/backends/openssl/x509.py
+++ b/src/cryptography/hazmat/backends/openssl/x509.py
@@ -86,12 +86,12 @@ class _Certificate(object):
 
     @property
     def not_valid_before(self):
-        asn1_time = self._backend._lib.X509_getm_notBefore(self._x509)
+        asn1_time = self._backend._lib.X509_get0_notBefore(self._x509)
         return _parse_asn1_time(self._backend, asn1_time)
 
     @property
     def not_valid_after(self):
-        asn1_time = self._backend._lib.X509_getm_notAfter(self._x509)
+        asn1_time = self._backend._lib.X509_get0_notAfter(self._x509)
         return _parse_asn1_time(self._backend, asn1_time)
 
     @property
@@ -277,13 +277,13 @@ class _CertificateRevocationList(object):
 
     @property
     def next_update(self):
-        nu = self._backend._lib.X509_CRL_get_nextUpdate(self._x509_crl)
+        nu = self._backend._lib.X509_CRL_get0_nextUpdate(self._x509_crl)
         self._backend.openssl_assert(nu != self._backend._ffi.NULL)
         return _parse_asn1_time(self._backend, nu)
 
     @property
     def last_update(self):
-        lu = self._backend._lib.X509_CRL_get_lastUpdate(self._x509_crl)
+        lu = self._backend._lib.X509_CRL_get0_lastUpdate(self._x509_crl)
         self._backend.openssl_assert(lu != self._backend._ffi.NULL)
         return _parse_asn1_time(self._backend, lu)
 
-- 
2.26.2