@@ -66,6 +66,7 @@ def deprecated(msg: str, **kwargs: object) -> Callable[[_T], _T]:
6666 "X509Extension" ,
6767 "X509Name" ,
6868 "X509Req" ,
69+ "X509Purpose" ,
6970 "X509Store" ,
7071 "X509StoreContext" ,
7172 "X509StoreContextError" ,
@@ -1709,6 +1710,28 @@ class X509StoreFlags:
17091710 PARTIAL_CHAIN : int = _lib .X509_V_FLAG_PARTIAL_CHAIN
17101711
17111712
1713+ class X509Purpose :
1714+ """
1715+ Enumeration of X509 purposes, e.g. used to set the purpose of a
1716+ :class:`X509Store`.
1717+
1718+ See `OpenSSL check purpose`_ for details.
1719+
1720+ .. _OpenSSL check purpose:
1721+ https://www.openssl.org/docs/manmaster/man3/X509_check_purpose.html
1722+ """
1723+
1724+ X509_PURPOSE_SSL_CLIENT = _lib .X509_PURPOSE_SSL_CLIENT
1725+ X509_PURPOSE_SSL_SERVER = _lib .X509_PURPOSE_SSL_SERVER
1726+ X509_PURPOSE_NS_SSL_SERVER = _lib .X509_PURPOSE_NS_SSL_SERVER
1727+ X509_PURPOSE_SMIME_SIGN = _lib .X509_PURPOSE_SMIME_SIGN
1728+ X509_PURPOSE_SMIME_ENCRYPT = _lib .X509_PURPOSE_SMIME_ENCRYPT
1729+ X509_PURPOSE_CRL_SIGN = _lib .X509_PURPOSE_CRL_SIGN
1730+ X509_PURPOSE_ANY = _lib .X509_PURPOSE_ANY
1731+ X509_PURPOSE_OCSP_HELPER = _lib .X509_PURPOSE_OCSP_HELPER
1732+ X509_PURPOSE_TIMESTAMP_SIGN = _lib .X509_PURPOSE_TIMESTAMP_SIGN
1733+
1734+
17121735class X509Store :
17131736 """
17141737 An X.509 store.
@@ -1827,6 +1850,18 @@ def set_time(self, vfy_time: datetime.datetime) -> None:
18271850 )
18281851 _openssl_assert (_lib .X509_STORE_set1_param (self ._store , param ) != 0 )
18291852
1853+ def set_purpose (self , purpose ):
1854+ """
1855+ Set purpose of this store.
1856+
1857+ .. versionadded:: 26.0.0
1858+
1859+ :param int flags: The verification flags to set on this store.
1860+ See :class:`X509StorePurposes` for available constants.
1861+ :return: ``None`` if the verification flags were successfully set.
1862+ """
1863+ _openssl_assert (_lib .X509_STORE_set_purpose (self ._store , purpose ) != 0 )
1864+
18301865 def load_locations (
18311866 self ,
18321867 cafile : StrOrBytesPath | None ,
0 commit comments