From 77b25307a743eb52ef5ead24c956e577f5bd025f Mon Sep 17 00:00:00 2001
From: Rosen Penev <rosenp@gmail.com>
Date: Fri, 7 Jun 2019 20:42:04 -0700
Subject: [PATCH 2/7] Add compatibility for X509_STORE_set_get_issuer

Deprecated under OpenSSL 1.1.
---
 src/_cffi_src/openssl/x509_vfy.py                        | 8 ++++++++
 src/cryptography/hazmat/bindings/openssl/_conditional.py | 8 ++++++++
 2 files changed, 16 insertions(+)

--- a/src/_cffi_src/openssl/x509_vfy.py
+++ b/src/_cffi_src/openssl/x509_vfy.py
@@ -21,6 +21,7 @@ TYPES = """
 static const long Cryptography_HAS_102_VERIFICATION;
 static const long Cryptography_HAS_110_VERIFICATION_PARAMS;
 static const long Cryptography_HAS_X509_STORE_CTX_GET_ISSUER;
+static const long Cryptography_HAS_X509_CB_ISSUER_CHECK;
 
 typedef ... Cryptography_STACK_OF_ASN1_OBJECT;
 typedef ... Cryptography_STACK_OF_X509_OBJECT;
@@ -257,4 +258,11 @@ void (*X509_STORE_set_get_issuer)(X509_S
 #else
 static const long Cryptography_HAS_X509_STORE_CTX_GET_ISSUER = 1;
 #endif
+
+#ifndef X509_V_FLAG_CB_ISSUER_CHECK
+static const long Cryptography_HAS_X509_CB_ISSUER_CHECK = 0;
+#define X509_V_FLAG_CB_ISSUER_CHECK	0x0
+#else
+static const long Cryptography_HAS_X509_CB_ISSUER_CHECK = 1;
+#endif
 """
--- a/src/cryptography/hazmat/bindings/openssl/_conditional.py
+++ b/src/cryptography/hazmat/bindings/openssl/_conditional.py
@@ -269,6 +269,11 @@ def cryptography_has_get_proto_version()
         "SSL_get_max_proto_version",
     ]
 
+def cryptography_has_x509_cb_issuer_check():
+    return [
+        "X509_V_FLAG_CB_ISSUER_CHECK",
+    ]
+
 
 # This is a mapping of
 # {condition: function-returning-names-dependent-on-that-condition} so we can
@@ -318,4 +323,7 @@ CONDITIONAL_NAMES = {
     "Cryptography_HAS_VERIFIED_CHAIN": cryptography_has_verified_chain,
     "Cryptography_HAS_SRTP": cryptography_has_srtp,
     "Cryptography_HAS_GET_PROTO_VERSION": cryptography_has_get_proto_version,
+    "Cryptography_HAS_X509_CB_ISSUER_CHECK": (
+        cryptography_has_x509_cb_issuer_check
+    ),
 }