<div dir="ltr">I do need all three certs. I do see what <span style="font-family:Helvetica,Arial;font-size:13px">PKCS7_get0_signers does now.</span></div><br><div class="gmail_quote"><div dir="ltr">On Wed, Dec 26, 2018 at 11:27 AM Paul Kehrer <<a href="mailto:paul.l.kehrer@gmail.com">paul.l.kehrer@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><div style="font-family:Helvetica,Arial;font-size:13px">We haven't had anyone request support for those legacy extension types, but if you think you need it feel free to file an issue and we can discuss adding it. The data can be parsed out of the UnknownExtension type right now of course.</div><div style="font-family:Helvetica,Arial;font-size:13px"><br></div><div style="font-family:Helvetica,Arial;font-size:13px">So you need all 3 certs? Only one of them is used for signing which is why the PKCS7_get0_signers call only returns that one. To obtain the rest we'll need to de-opaque two PKCS7 structs in cryptography: PKCS7_ENVELOPE and PKCS7_SIGN_ENVELOPE. Your use case should only require SIGN_ENVELOPE de-opaqued but might as well get them both.</div><div style="font-family:Helvetica,Arial;font-size:13px"><br></div><div style="font-family:Helvetica,Arial;font-size:13px">-Paul</div><div style="font-family:Helvetica,Arial;font-size:13px"><br></div> <br> <div class="gmail-m_-1430641343124522847gmail_signature"></div> <br><p class="gmail-m_-1430641343124522847airmail_on">On December 25, 2018 at 9:15:10 PM, Robert Simmons (<a href="mailto:rsimmons0@gmail.com" target="_blank">rsimmons0@gmail.com</a>) wrote:</p> <blockquote type="cite" class="gmail-m_-1430641343124522847clean_bq"><span><div><div></div><div>

<div dir="ltr">

<div dir="ltr">On a side note: there is one oid in the extensions

of this cert that is listed as unknown, but openssl parses it as:

<div>

<div>Netscape Cert Type:</div>

<div>    Object Signing</div>

</div>

<div><br></div>

<div>Is this something to submit a bug for?</div>

<div><br></div>

<div>Also, happy holidays!</div>

</div>

</div>

<br>

<div class="gmail_quote">

<div dir="ltr">On Tue, Dec 25, 2018 at 9:41 PM Robert Simmons

<<a href="mailto:rsimmons0@gmail.com" target="_blank">rsimmons0@gmail.com</a>>

wrote:<br></div>

<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">

<div dir="ltr">Thanks for the help above. However, I think I'm

still missing something. When piping the DER binary data to openssl

on the command line, the output appears to have three certificates

in the example DER early in this thread. The code above has a list

for certs, but it appears to only contain one cert at the end of

the for loop. Is there a way to view the data from the other two?

I've attached the output from openssl command line.</div>

<br>

<div class="gmail_quote">

<div dir="ltr">On Mon, Dec 24, 2018 at 11:51 AM Paul Kehrer

<<a href="mailto:paul.l.kehrer@gmail.com" target="_blank">paul.l.kehrer@gmail.com</a>> wrote:<br></div>

<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">

<div dir="auto">

<div dir="ltr"></div>

<div dir="ltr">Great! I have an idea of how to implement an API for

this limited subset of pkcs7 as a utility function like the pkcs12

support we recently merged. Hopefully I or someone else can get to

it soon.</div>

<div dir="ltr"><br></div>

<div dir="ltr">-Paul</div>

<div dir="ltr"><br>

On Dec 23, 2018, at 6:32 PM, Robert Simmons <<a href="mailto:rsimmons0@gmail.com" target="_blank">rsimmons0@gmail.com</a>> wrote:<br>

<br></div>

<blockquote type="cite">

<div dir="ltr">

<div dir="ltr">This works great! Thanks!</div>

<br>

<div class="gmail_quote">

<div dir="ltr">On Sun, Dec 23, 2018 at 7:05 PM Paul Kehrer

<<a href="mailto:paul.l.kehrer@gmail.com" target="_blank">paul.l.kehrer@gmail.com</a>> wrote:<br></div>

<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">

<div>

<div style="font-family:Helvetica,Arial;font-size:13px">One day I

will learn to run the code I write before I ask people to use it.

The missing signers variable should go after the pkcs7 assignment.

It looks like this:</div>

<div style="font-family:Helvetica,Arial;font-size:13px">

<br></div>

<div style="font-family:Helvetica,Arial;font-size:13px">signers =

backend._lib.PKCS7_get0_signers(pkcs7, backend._ffi.NULL, 0)</div>

<div style="font-family:Helvetica,Arial;font-size:13px">

<br></div>

<div style="font-family:Helvetica,Arial;font-size:13px">With that

in place and using the extracted.der you previously provided I can

parse a cert, which has the following subject/issuer data:</div>

<div style="font-family:Helvetica,Arial;font-size:13px">

<br></div>

<div style="font-family:Helvetica,Arial;font-size:13px">

<div style="margin:0px">        Issuer: C=GB,

ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO

RSA Code Signing CA</div>

<div style="margin:0px">        Validity</div>

<div style="margin:0px">           

Not Before: Oct 19 00:00:00 2018 GMT</div>

<div style="margin:0px">           

Not After : Sep 25 23:59:59 2019 GMT</div>

<div style="margin:0px">        Subject:

C=GB/postalCode=WA1 1RG, ST=UK, L=WARRINGTON/street=Brunel House,

340 Firecrest Court, O=TATIANA PUK, LIMITED, CN=TATIANA PUK,

LIMITED</div>

</div>

<div style="font-family:Helvetica,Arial;font-size:13px">

<br></div>

<div style="font-family:Helvetica,Arial;font-size:13px">I've also

attached the cert. If this is what you're looking for then your use

case is covered by the existing issue, although I still need to

decide on an API for this.</div>

<div style="font-family:Helvetica,Arial;font-size:13px">

<br></div>

<div style="font-family:Helvetica,Arial;font-size:13px">-Paul</div>

<div style="font-family:Helvetica,Arial;font-size:13px">

<br></div>

<br>

<div class="gmail-m_-1430641343124522847gmail-m_-2527856756753551074gmail-m_-5721002655554792113gmail-m_-6759911784144987638gmail_signature">

</div>

<br>

<p class="gmail-m_-1430641343124522847gmail-m_-2527856756753551074gmail-m_-5721002655554792113gmail-m_-6759911784144987638airmail_on">

On December 23, 2018 at 2:17:54 AM, Robert Simmons (<a href="mailto:rsimmons0@gmail.com" target="_blank">rsimmons0@gmail.com</a>) wrote:</p>

<blockquote type="cite" class="gmail-m_-1430641343124522847gmail-m_-2527856756753551074gmail-m_-5721002655554792113gmail-m_-6759911784144987638clean_bq">

<div>

<div>

<div dir="ltr">

<div dir="ltr">

<div dir="ltr">

<div dir="ltr">

<div dir="ltr">

<div dir="ltr">

<div dir="ltr">

<div dir="ltr">

<div dir="ltr">

<div dir="ltr">

<div dir="ltr">

<div dir="ltr">

<div><span>import os</span></div>

<div><span>import pathlib</span></div>

<div><span>import pefile</span></div>

<div><span><br></span></div>

<div><span>target =

pathlib.Path().home().joinpath('Desktop').joinpath('HWID_4_0_6YMBWX.exe')<br>

</span></div>

<div><span>fname = str(target)<br></span></div>

<div><span>totsize = os.path.getsize(target)<br></span></div>

<div><span>pe = pefile.PE(fname)<br></span></div>

<div>

<span>pe.parse_data_directories(directories=[pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_SECURITY']])<br>

</span></div>

<div>

<div><span>sigoff = 0</span></div>

<div><span>siglen = 0</span></div>

</div>

<div>

<div><span>for s in pe.__structures__:</span></div>

<div><span>    if <a href="http://s.name" target="_blank">s.name</a> ==

'IMAGE_DIRECTORY_ENTRY_SECURITY':</span></div>

<div><span>        sigoff =

s.VirtualAddress</span></div>

<div><span>        siglen = s.Size</span></div>

<div><span>pe.close()</span></div>

</div>

<div>

<div><span>with open(fname, 'rb') as fh:</span></div>

<div><span>    fh.seek(sigoff)</span></div>

<div><span>    thesig = fh.read(siglen)</span></div>

</div>

<div><span><br></span></div>

<div>

<div><span>from cryptography.hazmat.backends.openssl.backend import

backend</span></div>

<div><span>from cryptography.hazmat.backends.openssl import

x509</span></div>

<div><span><br></span></div>

<div><span>bio = backend._bytes_to_bio(thesig[8:])</span></div>

<div><span>pkcs7 = backend._lib.d2i_PKCS7_bio(bio.bio,

backend._ffi.NULL)</span></div>

<div><span>certs = []</span></div>

<div><span>for i in

range(backend._lib.sk_X509_num(signers)):</span></div>

<div><span>    x509_ptr =

backend._lib.sk_X509_value(signers, i)</span></div>

<div><span>    certs.append(x509._Certificate(backend,

x509_ptr))</span></div>

</div>

<div><span><br></span></div>

<div><span>That's the exact code I'm trying to run with the

provided code snippet at the end. If you want to follow along with

the exact file I'm working with:</span></div>

<div>

<span>hxxps://dangerous[.]link/d9b72c43-1bdd-415b-b15f-3a436b26bca8<br>

</span></div>

<div><span><br></span></div>

<div><span>The password to that file is "infected" and btw: it is

live malware, so please treat it accordingly. Run code on it in a

safe environment for handling malware.</span></div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

<span><br></span>

<div class="gmail_quote">

<div dir="ltr"><span>On Sun, Dec 23, 2018 at 4:10 AM Robert Simmons

<<a href="mailto:rsimmons0@gmail.com" target="_blank">rsimmons0@gmail.com</a>> wrote:<br></span></div>

<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">

<div dir="ltr">

<div dir="ltr"><span>I've added the use case to the issue as

requested. I tried the code snippet, but the contents of signers is

missing. What should that be?</span>

<div><span><br></span></div>

<div><span>NameError: name 'signers' is not

defined<br></span></div>

</div>

</div>

<span><br></span>

<div class="gmail_quote">

<div dir="ltr"><span>On Fri, Dec 21, 2018 at 11:21 AM Paul Kehrer

<<a href="mailto:paul.l.kehrer@gmail.com" target="_blank">paul.l.kehrer@gmail.com</a>> wrote:<br></span></div>

<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">

<div>

<div style="font-family:Helvetica,Arial;font-size:13px"><span>Out

of curiosity, does the following code load the cert you expect? der

should be the bytes of extracted.der:</span></div>

<div style="font-family:Helvetica,Arial;font-size:13px">

<span><br></span></div>

<div style="font-family:Helvetica,Arial;font-size:13px"><span>from

cryptography.hazmat.backends.openssl.backend import

backend</span></div>

<div style="font-family:Helvetica,Arial;font-size:13px"><span>from

cryptography.hazmat.backends.openssl import x509</span></div>

<div style="font-family:Helvetica,Arial;font-size:13px">

<span><br></span></div>

<div style="font-family:Helvetica,Arial;font-size:13px"><span>bio =

backend._bytes_to_bio(der)</span></div>

<div style="font-family:Helvetica,Arial;font-size:13px"><span>pkcs7

= backend._lib.d2i_PKCS7_bio(bio.bio,

backend._ffi.NULL)</span></div>

<div style="font-family:Helvetica,Arial;font-size:13px"><span>certs

= []</span></div>

<div style="font-family:Helvetica,Arial;font-size:13px">

<div style="margin:0px"><span>for i in

range(backend._lib.sk_X509_num(signers)):</span></div>

<div style="margin:0px"><span>    x509_ptr =

backend._lib.sk_X509_value(signers, i)</span></div>

<div style="margin:0px"><span>   

certs.append(x509._Certificate(backend, x509_ptr))</span></div>

</div>

<div style="font-family:Helvetica,Arial;font-size:13px">

<span><br></span></div>

<div style="font-family:Helvetica,Arial;font-size:13px"><span>Certs

will be a list of signer certificates -- in this case, just one

cert in the list. Please note that this code does not manage memory

correctly so it should strictly be used to test if the cert you

need is being properly extracted :)</span></div>

<div style="font-family:Helvetica,Arial;font-size:13px">

<span><br></span></div>

<div style="font-family:Helvetica,Arial;font-size:13px"><span>-Paul

(reaperhulk)</span></div>

<span><br></span>

<div class="gmail-m_-1430641343124522847gmail-m_-2527856756753551074gmail-m_-5721002655554792113gmail-m_-6759911784144987638gmail-m_5893053700116227057gmail-m_-2253487206888245369gmail_signature">

</div>

<span><br></span>

<p class="gmail-m_-1430641343124522847gmail-m_-2527856756753551074gmail-m_-5721002655554792113gmail-m_-6759911784144987638gmail-m_5893053700116227057gmail-m_-2253487206888245369airmail_on">

<span>On December 21, 2018 at 8:02:13 AM, Paul Kehrer (<a href="mailto:paul.l.kehrer@gmail.com" target="_blank">paul.l.kehrer@gmail.com</a>) wrote:</span></p>

<blockquote type="cite" class="gmail-m_-1430641343124522847gmail-m_-2527856756753551074gmail-m_-5721002655554792113gmail-m_-6759911784144987638gmail-m_5893053700116227057gmail-m_-2253487206888245369clean_bq">

<div>

<div>

<div style="font-family:Helvetica,Arial;font-size:13px">

<span><span>Thanks, that's perfect. Looking at this data it's

actually a PKCS7 envelope holding multiple certificates and at the

moment cryptography unfortunately has no interface for parsing

PKCS7. If you wouldn't mind sharing your use case directly

on <a href="https://github.com/pyca/cryptography/issues/3983" target="_blank">https://github.com/pyca/cryptography/issues/3983</a> then

it will help me when I'm prioritizing features for upcoming

releases.</span></span></div>

<div style="font-family:Helvetica,Arial;font-size:13px">

<span><br></span></div>

<div style="font-family:Helvetica,Arial;font-size:13px">

<span>-Paul</span></div>

<span><br></span>

<div class="gmail-m_-1430641343124522847gmail-m_-2527856756753551074gmail-m_-5721002655554792113gmail-m_-6759911784144987638gmail-m_5893053700116227057gmail-m_-2253487206888245369gmail_signature">

</div>

<span><br></span>

<p class="gmail-m_-1430641343124522847gmail-m_-2527856756753551074gmail-m_-5721002655554792113gmail-m_-6759911784144987638gmail-m_5893053700116227057gmail-m_-2253487206888245369airmail_on">

<span>On December 20, 2018 at 2:23:11 PM, Robert Simmons (<a href="mailto:rsimmons0@gmail.com" target="_blank">rsimmons0@gmail.com</a>) wrote:</span></p>

<blockquote type="cite" class="gmail-m_-1430641343124522847gmail-m_-2527856756753551074gmail-m_-5721002655554792113gmail-m_-6759911784144987638gmail-m_5893053700116227057gmail-m_-2253487206888245369clean_bq">

<div>

<div>

<div dir="ltr">

<div dir="ltr">

<div dir="ltr">

<div dir="ltr">

<div dir="ltr">

<div dir="ltr">

<div dir="ltr">

<div dir="ltr"><span><span>Definitely. I've attached the DER data

as extracted from the PE file using the following

code:</span></span>

<div><span><br></span></div>

<div><span>pe = pefile.PE(fname)<br></span></div>

<div>

<span>pe.parse_data_directories(directories=[pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_SECURITY']])<br>

</span></div>

<div>

<div><span>sigoff = 0</span></div>

<div><span>siglen = 0</span></div>

</div>

<div>

<div><span>for s in pe.__structures__:</span></div>

<div><span>    if <a href="http://s.name" target="_blank">s.name</a> ==

'IMAGE_DIRECTORY_ENTRY_SECURITY':</span></div>

<div><span>        sigoff =

s.VirtualAddress</span></div>

<div><span>        siglen = s.Size</span></div>

</div>

<div><span>pe.close()<br></span></div>

<div>

<div><span>with open(fname, 'rb') as fh:</span></div>

<div><span>    fh.seek(sigoff)</span></div>

<div><span>    thesig = fh.read(siglen)</span></div>

</div>

<div>

<div><span>with open('extracted.der', 'wb') as fh:</span></div>

<div><span>    fh.write(thesig[8:])</span></div>

</div>

<div><span><br></span></div>

<div><span>I've attached extracted.der as a zip file to maintain

integrity as an attachment.</span></div>

<div><span><br></span></div>

<div><span>Thanks!</span></div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

<span><br></span>

<div class="gmail_quote">

<div dir="ltr"><span>On Thu, Dec 20, 2018 at 11:12 AM Paul Kehrer

<<a href="mailto:paul.l.kehrer@gmail.com" target="_blank">paul.l.kehrer@gmail.com</a>> wrote:<br></span></div>

<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">

<div>

<div style="font-family:Helvetica,Arial;font-size:13px"><span>Could

you give us an example (in hex or b64 or something) so we can

easily reproduce? Make sure any certs you're giving us don't

contain sensitive data of course.</span></div>

<div style="font-family:Helvetica,Arial;font-size:13px">

<span><br></span></div>

<div style="font-family:Helvetica,Arial;font-size:13px">

<span>-Paul</span></div>

<span><br></span>

<div class="gmail-m_-1430641343124522847gmail-m_-2527856756753551074gmail-m_-5721002655554792113gmail-m_-6759911784144987638gmail-m_5893053700116227057gmail-m_-2253487206888245369gmail-m_-7574093660416502495gmail_signature">

</div>

<span><br></span>

<p class="gmail-m_-1430641343124522847gmail-m_-2527856756753551074gmail-m_-5721002655554792113gmail-m_-6759911784144987638gmail-m_5893053700116227057gmail-m_-2253487206888245369gmail-m_-7574093660416502495airmail_on">

<span>On December 19, 2018 at 11:55:04 PM, Robert Simmons (<a href="mailto:rsimmons0@gmail.com" target="_blank">rsimmons0@gmail.com</a>) wrote:</span></p>

<blockquote type="cite" class="gmail-m_-1430641343124522847gmail-m_-2527856756753551074gmail-m_-5721002655554792113gmail-m_-6759911784144987638gmail-m_5893053700116227057gmail-m_-2253487206888245369gmail-m_-7574093660416502495clean_bq">

<div>

<div>

<div dir="ltr">

<div dir="ltr">

<div dir="ltr">

<div dir="ltr"><span><span>I've asked this question on Stack

Overflow here:</span></span>

<div><span><a href="https://stackoverflow.com/q/53862702/1033217" target="_blank">https://stackoverflow.com/q/53862702/1033217</a><br></span></div>

<div><span><br></span></div>

<div><span>I have compared my code to Dider Stevens's disitool here

(examine the function ExtractDigitalSignature):</span></div>

<div><span><a href="https://github.com/DidierStevens/DidierStevensSuite/blob/master/disitool.py" target="_blank">https://github.com/DidierStevens/DidierStevensSuite/blob/master/disitool.py</a><br>

</span></div>

<div><span><br></span></div>

<div><span>When I load that extracted file into a variable and try

to parse it with cryptography, it fails. If I pipe the same file to

openssl on the command line, it works.</span></div>

<div><span><br></span></div>

<div><span>I am thinking this has to do with the number of

certificates in the directory in the PE file. There can be three

(cert, intermediate CA, and CA, etc).</span></div>

<div><span><br></span></div>

<div><span>Any idea what's going on?<br></span></div>

</div>

</div>

</div>

</div>

<span>_______________________________________________<br>

Cryptography-dev mailing list<br>

<a href="mailto:Cryptography-dev@python.org" target="_blank">Cryptography-dev@python.org</a><br>

<a href="https://mail.python.org/mailman/listinfo/cryptography-dev" target="_blank">https://mail.python.org/mailman/listinfo/cryptography-dev</a><br>

</span></div>

</div>

</blockquote>

</div>

_______________________________________________<br>

Cryptography-dev mailing list<br>

<a href="mailto:Cryptography-dev@python.org" target="_blank">Cryptography-dev@python.org</a><br>

<a href="https://mail.python.org/mailman/listinfo/cryptography-dev" rel="noreferrer" target="_blank">https://mail.python.org/mailman/listinfo/cryptography-dev</a><br>

</blockquote>

</div>

_______________________________________________<br>

Cryptography-dev mailing list<br>

<a href="mailto:Cryptography-dev@python.org" target="_blank">Cryptography-dev@python.org</a><br>

<a href="https://mail.python.org/mailman/listinfo/cryptography-dev" target="_blank">https://mail.python.org/mailman/listinfo/cryptography-dev</a><br>

</div>

</div>

</blockquote>

</div>

</div>

</blockquote>

</div>

_______________________________________________<br>

Cryptography-dev mailing list<br>

<a href="mailto:Cryptography-dev@python.org" target="_blank">Cryptography-dev@python.org</a><br>

<a href="https://mail.python.org/mailman/listinfo/cryptography-dev" rel="noreferrer" target="_blank">https://mail.python.org/mailman/listinfo/cryptography-dev</a><br>

</blockquote>

</div>

</blockquote>

</div>

_______________________________________________<br>

Cryptography-dev mailing list<br>

<a href="mailto:Cryptography-dev@python.org" target="_blank">Cryptography-dev@python.org</a><br>

<a href="https://mail.python.org/mailman/listinfo/cryptography-dev" target="_blank">https://mail.python.org/mailman/listinfo/cryptography-dev</a><br>

</div>

</div>

</blockquote>

</div>

_______________________________________________<br>

Cryptography-dev mailing list<br>

<a href="mailto:Cryptography-dev@python.org" target="_blank">Cryptography-dev@python.org</a><br>

<a href="https://mail.python.org/mailman/listinfo/cryptography-dev" rel="noreferrer" target="_blank">https://mail.python.org/mailman/listinfo/cryptography-dev</a><br>

</blockquote>

</div>

</div>

</blockquote>

<blockquote type="cite">

<div dir="ltr">

<span>_______________________________________________</span><br>

<span>Cryptography-dev mailing list</span><br>

<span><a href="mailto:Cryptography-dev@python.org" target="_blank">Cryptography-dev@python.org</a></span><br>

<span><a href="https://mail.python.org/mailman/listinfo/cryptography-dev" target="_blank">https://mail.python.org/mailman/listinfo/cryptography-dev</a></span><br>

</div>

</blockquote>

</div>

_______________________________________________<br>

Cryptography-dev mailing list<br>

<a href="mailto:Cryptography-dev@python.org" target="_blank">Cryptography-dev@python.org</a><br>

<a href="https://mail.python.org/mailman/listinfo/cryptography-dev" rel="noreferrer" target="_blank">https://mail.python.org/mailman/listinfo/cryptography-dev</a><br>

</blockquote>

</div>

</blockquote>

</div>

_______________________________________________

<br>Cryptography-dev mailing list

<br><a href="mailto:Cryptography-dev@python.org" target="_blank">Cryptography-dev@python.org</a>

<br><a href="https://mail.python.org/mailman/listinfo/cryptography-dev" target="_blank">https://mail.python.org/mailman/listinfo/cryptography-dev</a>

<br></div></div></span></blockquote></div>

_______________________________________________<br>

Cryptography-dev mailing list<br>

<a href="mailto:Cryptography-dev@python.org" target="_blank">Cryptography-dev@python.org</a><br>

<a href="https://mail.python.org/mailman/listinfo/cryptography-dev" rel="noreferrer" target="_blank">https://mail.python.org/mailman/listinfo/cryptography-dev</a><br>

</blockquote></div>