From exarkun at twistedmatrix.com Sat Mar 22 19:11:58 2008 From: exarkun at twistedmatrix.com (exarkun at twistedmatrix.com) Date: Sat, 22 Mar 2008 13:11:58 -0500 Subject: [pyOpenSSL] Call for testing - pyOpenSSL 0.7a1 In-Reply-To: 0 Message-ID: <20080322181158.6859.691484542.divmod.quotient.21755@ohm> Greetings all, Over the past several weeks, I've been working on integrating patches from the issue tracker and fixing long-standing bugs in the 0.6 release. I've gotten to the point where I think a release would be useful. So I've put together an alpha of what will become 0.7. You can find a source tarball or Windows Python 2.5 installers on the SourceForge download page. Any testing and feedback anyone can provide would be greatly appreciated. I'll probably aim for a final 0.7 release in between one to two weeks, barring any serious problems anyone may find. Thanks! Jean-Paul From sebvieira at gmail.com Sat Mar 22 22:16:56 2008 From: sebvieira at gmail.com (Sebastian Vieira) Date: Sat, 22 Mar 2008 22:16:56 +0100 Subject: [pyOpenSSL] Call for testing - pyOpenSSL 0.7a1 In-Reply-To: <20080322181158.6859.691484542.divmod.quotient.21755@ohm> References: <20080322181158.6859.691484542.divmod.quotient.21755@ohm> Message-ID: <279239c70803221416t1bf23a7apdb75e4688c984b97@mail.gmail.com> Hi, Any chance of including the CRL patch found on http://tinyurl.com/2kj8o6 ? I found that the required pkcs12 patched cleanly against the 0.7 source, but the crl patch failed one hunk: patching file src/crypto/crypto.c Hunk #1 succeeded at 461 (offset -1 lines). Hunk #2 succeeded at 591 (offset -1 lines). Hunk #3 succeeded at 626 (offset -1 lines). Hunk #4 succeeded at 794 (offset 25 lines). Hunk #5 FAILED at 803. Hunk #6 succeeded at 872 (offset 26 lines). I ask this because my python/openvpn script depends on it :) kind regards, S. On Sat, Mar 22, 2008 at 7:11 PM, wrote: > Greetings all, > > Over the past several weeks, I've been working on integrating patches from > the issue tracker and fixing long-standing bugs in the 0.6 release. I've > gotten to the point where I think a release would be useful. So I've put > together an alpha of what will become 0.7. You can find a source tarball > or Windows Python 2.5 installers on the SourceForge download page. Any > testing and feedback anyone can provide would be greatly appreciated. > I'll > probably aim for a final 0.7 release in between one to two weeks, barring > any serious problems anyone may find. > > Thanks! > > Jean-Paul > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > pyopenssl-list mailing list > pyopenssl-list at lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/pyopenssl-list > -------------- next part -------------- An HTML attachment was scrubbed... URL: From exarkun at divmod.com Sun Mar 23 00:20:32 2008 From: exarkun at divmod.com (Jean-Paul Calderone) Date: Sat, 22 Mar 2008 18:20:32 -0500 Subject: [pyOpenSSL] Call for testing - pyOpenSSL 0.7a1 In-Reply-To: <279239c70803221416t1bf23a7apdb75e4688c984b97@mail.gmail.com> Message-ID: <20080322232032.6859.770990263.divmod.quotient.21845@ohm> On Sat, 22 Mar 2008 22:16:56 +0100, Sebastian Vieira wrote: >Hi, > >Any chance of including the CRL patch found on http://tinyurl.com/2kj8o6 ? I >found that the required pkcs12 patched cleanly against the 0.7 source, but >the crl patch failed one hunk: > >patching file src/crypto/crypto.c >Hunk #1 succeeded at 461 (offset -1 lines). >Hunk #2 succeeded at 591 (offset -1 lines). >Hunk #3 succeeded at 626 (offset -1 lines). >Hunk #4 succeeded at 794 (offset 25 lines). >Hunk #5 FAILED at 803. >Hunk #6 succeeded at 872 (offset 26 lines). > >I ask this because my python/openvpn script depends on it :) > >kind regards, > Hey Sebastian, This is definitely a possibility. I may need some help with it, though. First, http://arnaud.desmons.free.fr/pyOpenSSL-0.6-crl.patch is the patch you're referring to, right? And the patch which must be applied first is http://arnaud.desmons.free.fr/pyOpenSSL-0.6-pkcs12.patch? If so, here are some specific questions the answers to which would help me out a bunch: * What is the proper usage of crypto_dump_pkcs12? * Is crypto_PKCS12_set_certificate stealing a reference (meaning memory corruption will likely follow a call to it)? * Same question for crypto_PKCS12_set_privatekey. * Why the commented out lines in crypto_PKCS12_dealloc and in the definition of crypto_PKCS12_Type? * What is the proper usage of crypto_dump_crl? And more generally: * Documentation would be greatly appreciated. Either in the form of C comments in the code, or docstrings exposed to Python (instead of the empty strings currently given to the new APIs), or in LaTeX as diffs against doc/pyOpenSSL.tex * Unit tests would be even better. ;) In the mean time, I've applied both patches (resolving the simple conflicts) and pushed a branch to launchpad - https://code.launchpad.net/~exarkun/pyopenssl/pkcs12-crl - in case you want to use that diff (since it applies clean to trunk now) or if you want to generate any patches. Jean-Paul From sebvieira at gmail.com Mon Mar 24 10:56:42 2008 From: sebvieira at gmail.com (Sebastian Vieira) Date: Mon, 24 Mar 2008 10:56:42 +0100 Subject: [pyOpenSSL] Call for testing - pyOpenSSL 0.7a1 In-Reply-To: <20080322232032.6859.770990263.divmod.quotient.21845@ohm> References: <279239c70803221416t1bf23a7apdb75e4688c984b97@mail.gmail.com> <20080322232032.6859.770990263.divmod.quotient.21845@ohm> Message-ID: <279239c70803240256x7b567865m2675929449fb36ba@mail.gmail.com> Hi Jean-Paul, I would love to take credit for the patches, and provide you with the documentation you asked for. But the truth is that i haven't written these, and to be honest my knowledge of C is extremely limited so i'm unable to answer these questions. Sorry. kind regards, Sebastian On Sun, Mar 23, 2008 at 12:20 AM, Jean-Paul Calderone wrote: > On Sat, 22 Mar 2008 22:16:56 +0100, Sebastian Vieira > wrote: > >Hi, > > > >Any chance of including the CRL patch found on http://tinyurl.com/2kj8o6? I > >found that the required pkcs12 patched cleanly against the 0.7 source, > but > >the crl patch failed one hunk: > > > >patching file src/crypto/crypto.c > >Hunk #1 succeeded at 461 (offset -1 lines). > >Hunk #2 succeeded at 591 (offset -1 lines). > >Hunk #3 succeeded at 626 (offset -1 lines). > >Hunk #4 succeeded at 794 (offset 25 lines). > >Hunk #5 FAILED at 803. > >Hunk #6 succeeded at 872 (offset 26 lines). > > > >I ask this because my python/openvpn script depends on it :) > > > >kind regards, > > > > Hey Sebastian, > > This is definitely a possibility. I may need some help with it, though. > > First, http://arnaud.desmons.free.fr/pyOpenSSL-0.6-crl.patch is the patch > you're referring to, right? And the patch which must be applied first is > http://arnaud.desmons.free.fr/pyOpenSSL-0.6-pkcs12.patch? > > If so, here are some specific questions the answers to which would help me > out a bunch: > > * What is the proper usage of crypto_dump_pkcs12? > * Is crypto_PKCS12_set_certificate stealing a reference (meaning memory > corruption will likely follow a call to it)? > * Same question for crypto_PKCS12_set_privatekey. > * Why the commented out lines in crypto_PKCS12_dealloc and in the > definition of crypto_PKCS12_Type? > > * What is the proper usage of crypto_dump_crl? > > And more generally: > > * Documentation would be greatly appreciated. Either in the form of C > comments in the code, or docstrings exposed to Python (instead of the > empty strings currently given to the new APIs), or in LaTeX as diffs > against doc/pyOpenSSL.tex > * Unit tests would be even better. ;) > > In the mean time, I've applied both patches (resolving the simple > conflicts) > and pushed a branch to launchpad - > https://code.launchpad.net/~exarkun/pyopenssl/pkcs12-crl- in case you want > to use that diff (since it applies clean to trunk now) or if you want to > generate any patches. > > Jean-Paul > -------------- next part -------------- An HTML attachment was scrubbed... URL: From arnaud.desmons at free.fr Mon Mar 24 17:08:09 2008 From: arnaud.desmons at free.fr (Arnaud Desmons) Date: Mon, 24 Mar 2008 17:08:09 +0100 Subject: [pyOpenSSL] Call for testing - pyOpenSSL 0.7a1 In-Reply-To: <279239c70803240256x7b567865m2675929449fb36ba@mail.gmail.com> References: <279239c70803221416t1bf23a7apdb75e4688c984b97@mail.gmail.com> <20080322232032.6859.770990263.divmod.quotient.21845@ohm> <279239c70803240256x7b567865m2675929449fb36ba@mail.gmail.com> Message-ID: <1206374889.47e7d1e99ce92@imp.free.fr> Hi, I am the author of those patches and I will try to document them this week. Nevertheless, I already made a quick synopsis of each patch : http://arnaud.desmons.free.fr/wordpress/?p=85 http://arnaud.desmons.free.fr/wordpress/?p=86 Nice to see that this code is useful for others ;-). Regards, -- Arnaud Selon Sebastian Vieira : > Hi Jean-Paul, > > I would love to take credit for the patches, and provide you with the > documentation you asked for. But the truth is that i haven't written these, > and to be honest my knowledge of C is extremely limited so i'm unable to > answer these questions. Sorry. > > kind regards, > > Sebastian > > On Sun, Mar 23, 2008 at 12:20 AM, Jean-Paul Calderone > wrote: > > > On Sat, 22 Mar 2008 22:16:56 +0100, Sebastian Vieira > > wrote: > > >Hi, > > > > > >Any chance of including the CRL patch found on http://tinyurl.com/2kj8o6? > I > > >found that the required pkcs12 patched cleanly against the 0.7 source, > > but > > >the crl patch failed one hunk: > > > > > >patching file src/crypto/crypto.c > > >Hunk #1 succeeded at 461 (offset -1 lines). > > >Hunk #2 succeeded at 591 (offset -1 lines). > > >Hunk #3 succeeded at 626 (offset -1 lines). > > >Hunk #4 succeeded at 794 (offset 25 lines). > > >Hunk #5 FAILED at 803. > > >Hunk #6 succeeded at 872 (offset 26 lines). > > > > > >I ask this because my python/openvpn script depends on it :) > > > > > >kind regards, > > > > > > > Hey Sebastian, > > > > This is definitely a possibility. I may need some help with it, though. > > > > First, http://arnaud.desmons.free.fr/pyOpenSSL-0.6-crl.patch is the patch > > you're referring to, right? And the patch which must be applied first is > > http://arnaud.desmons.free.fr/pyOpenSSL-0.6-pkcs12.patch? > > > > If so, here are some specific questions the answers to which would help me > > out a bunch: > > > > * What is the proper usage of crypto_dump_pkcs12? > > * Is crypto_PKCS12_set_certificate stealing a reference (meaning memory > > corruption will likely follow a call to it)? > > * Same question for crypto_PKCS12_set_privatekey. > > * Why the commented out lines in crypto_PKCS12_dealloc and in the > > definition of crypto_PKCS12_Type? > > > > * What is the proper usage of crypto_dump_crl? > > > > And more generally: > > > > * Documentation would be greatly appreciated. Either in the form of C > > comments in the code, or docstrings exposed to Python (instead of the > > empty strings currently given to the new APIs), or in LaTeX as diffs > > against doc/pyOpenSSL.tex > > * Unit tests would be even better. ;) > > > > In the mean time, I've applied both patches (resolving the simple > > conflicts) > > and pushed a branch to launchpad - > > > https://code.launchpad.net/~exarkun/pyopenssl/pkcs12-crl- > in case you want > > to use that diff (since it applies clean to trunk now) or if you want to > > generate any patches. > > > > Jean-Paul > > > -- Arnaud From georgem at novatech-llc.com Tue Mar 25 18:53:20 2008 From: georgem at novatech-llc.com (George McCollister) Date: Tue, 25 Mar 2008 12:53:20 -0500 Subject: [pyOpenSSL] get_notBefore/get_notAfter Message-ID: <47E93C10.7080105@novatech-llc.com> I'm using 0.7a1 and get_notBefore and get_notAfter seem to be broken. I've included some information below: Here is a snippet of my code: cert = load_certificate(FILETYPE_PEM, buf) #print type(cert) if cert: key = cert.get_pubkey() key_type = 'none' if key.type() == TYPE_RSA: key_type = 'RSA' elif key.type() == TYPE_DSA: key_type = 'DSA' subject = cert.get_subject() issuer = cert.get_issuer() expired = 'No' if cert.has_expired(): expired = 'Yes' notBefore = cert.get_notBefore() notAfter = cert.get_notAfter() Here is the error: [25/Mar/2008:17:40:28] HTTP Traceback (most recent call last): File "/usr/lib/python2.4/site-packages/cherrypy/_cprequest.py", line 551, in respond cherrypy.response.body = self.handler() File "/usr/lib/python2.4/site-packages/cherrypy/_cpdispatch.py", line 24, in __call__ return self.callable(*self.args, **self.kwargs) File "/opt/WebUI/ui.py", line 691, in ViewKey key=self.getkeyinfo(keyname + '.crt') File "/opt/WebUI/ui.py", line 882, in getkeyinfo notBefore = cert.get_notBefore() Error: [] System Information: linux 2.6.21.4 arch: armeb-xscale python 2.4.2 openssl-0.9.8f Regards, George McCollister From exarkun at divmod.com Tue Mar 25 20:45:16 2008 From: exarkun at divmod.com (Jean-Paul Calderone) Date: Tue, 25 Mar 2008 14:45:16 -0500 Subject: [pyOpenSSL] get_notBefore/get_notAfter In-Reply-To: <47E93C10.7080105@novatech-llc.com> Message-ID: <20080325194516.6859.1817774745.divmod.quotient.23018@ohm> On Tue, 25 Mar 2008 12:53:20 -0500, George McCollister wrote: >I'm using 0.7a1 and get_notBefore and get_notAfter seem to be broken. >I've included some information below: > >Here is a snippet of my code: > > cert = load_certificate(FILETYPE_PEM, buf) > #print type(cert) > if cert: > key = cert.get_pubkey() > key_type = 'none' > if key.type() == TYPE_RSA: > key_type = 'RSA' > elif key.type() == TYPE_DSA: > key_type = 'DSA' > subject = cert.get_subject() > issuer = cert.get_issuer() > > expired = 'No' > if cert.has_expired(): > expired = 'Yes' > > notBefore = cert.get_notBefore() > notAfter = cert.get_notAfter() > >Here is the error: > [25/Mar/2008:17:40:28] HTTP Traceback (most recent call last): > File "/usr/lib/python2.4/site-packages/cherrypy/_cprequest.py", line >551, in respond > cherrypy.response.body = self.handler() > File "/usr/lib/python2.4/site-packages/cherrypy/_cpdispatch.py", line >24, in __call__ > return self.callable(*self.args, **self.kwargs) > File "/opt/WebUI/ui.py", line 691, in ViewKey > key=self.getkeyinfo(keyname + '.crt') > File "/opt/WebUI/ui.py", line 882, in getkeyinfo > notBefore = cert.get_notBefore() > Error: [] > >System Information: > linux 2.6.21.4 > arch: armeb-xscale > python 2.4.2 > openssl-0.9.8f > Thanks. I think I've fixed this. I just released 0.7a2, which includes the fix. Could you check to see if it works for you? Jean-Paul From georgem at novatech-llc.com Tue Mar 25 23:17:08 2008 From: georgem at novatech-llc.com (George McCollister) Date: Tue, 25 Mar 2008 17:17:08 -0500 Subject: [pyOpenSSL] get_notBefore/get_notAfter In-Reply-To: <20080325194516.6859.1817774745.divmod.quotient.23018@ohm> References: <20080325194516.6859.1817774745.divmod.quotient.23018@ohm> Message-ID: <47E979E4.80504@novatech-llc.com> It works now! Thanks for the quick fix. Regards, George McCollister Jean-Paul Calderone wrote: > On Tue, 25 Mar 2008 12:53:20 -0500, George McCollister wrote: > >> I'm using 0.7a1 and get_notBefore and get_notAfter seem to be broken. >> I've included some information below: >> >> Here is a snippet of my code: >> >> cert = load_certificate(FILETYPE_PEM, buf) >> #print type(cert) >> if cert: >> key = cert.get_pubkey() >> key_type = 'none' >> if key.type() == TYPE_RSA: >> key_type = 'RSA' >> elif key.type() == TYPE_DSA: >> key_type = 'DSA' >> subject = cert.get_subject() >> issuer = cert.get_issuer() >> >> expired = 'No' >> if cert.has_expired(): >> expired = 'Yes' >> >> notBefore = cert.get_notBefore() >> notAfter = cert.get_notAfter() >> >> Here is the error: >> [25/Mar/2008:17:40:28] HTTP Traceback (most recent call last): >> File "/usr/lib/python2.4/site-packages/cherrypy/_cprequest.py", line >> 551, in respond >> cherrypy.response.body = self.handler() >> File "/usr/lib/python2.4/site-packages/cherrypy/_cpdispatch.py", line >> 24, in __call__ >> return self.callable(*self.args, **self.kwargs) >> File "/opt/WebUI/ui.py", line 691, in ViewKey >> key=self.getkeyinfo(keyname + '.crt') >> File "/opt/WebUI/ui.py", line 882, in getkeyinfo >> notBefore = cert.get_notBefore() >> Error: [] >> >> System Information: >> linux 2.6.21.4 >> arch: armeb-xscale >> python 2.4.2 >> openssl-0.9.8f >> >> > > Thanks. I think I've fixed this. I just released 0.7a2, which includes > the fix. Could you check to see if it works for you? > > Jean-Paul > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > pyopenssl-list mailing list > pyopenssl-list at lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/pyopenssl-list > From matrixhasu at gmail.com Wed Mar 26 09:47:33 2008 From: matrixhasu at gmail.com (Sandro Tosi) Date: Wed, 26 Mar 2008 09:47:33 +0100 Subject: [pyOpenSSL] pyOpenSSL in Debian Message-ID: <8b2d7b4d0803260147s7b55cd48u4aef2d8e9a1922a6@mail.gmail.com> Hi Jean-Paul, I'm really happy that someone is now supporting again pyOpenSSL tool! I maintain the Debian package for it, and I'll try to keep up with your updates :) Actually, I'm trying to get rid of latex2html to generate documentation (we cannot use it for the Debian package since it's not a completly free tool), replacing it with tex4ht; as soon as I'll have a working patch, I'll submit to you. Thanks for your work, Sandro -- Sandro Tosi (aka morph, Morpheus, matrixhasu) My website: http://matrixhasu.altervista.org/ Me at Debian: http://wiki.debian.org/SandroTosi From matrixhasu at gmail.com Sat Mar 29 17:30:54 2008 From: matrixhasu at gmail.com (Sandro Tosi) Date: Sat, 29 Mar 2008 17:30:54 +0100 Subject: [pyOpenSSL] pyOpenSSL in Debian In-Reply-To: <8b2d7b4d0803260147s7b55cd48u4aef2d8e9a1922a6@mail.gmail.com> References: <8b2d7b4d0803260147s7b55cd48u4aef2d8e9a1922a6@mail.gmail.com> Message-ID: <8b2d7b4d0803290930qc24ef69j2aa7dbc096462444@mail.gmail.com> Hi Jean-Paul, > Actually, I'm trying to get rid of latex2html to generate > documentation (we cannot use it for the Debian package since it's not > a completly free tool), replacing it with tex4ht; as soon as I'll have > a working patch, I'll submit to you. As promised, here is the patch I wrote to use tex4ht instead of latex2html to generate html documentation: this is because latex2html is not completely free, and I cannot use it to create package to go into main Debian distribution. In the same patch you can find some changes to doc/Makefile and the usage of w3m instead of lynx to generated txt doc: this is becase w3m generates UTF8 output that renders better the name of Martin Sj?gren. The patch apply against 0.7a1, still didn't try against 0.7a2. I will use the patch in the debian package; if you like it and want to merge directly in you code, jsut give me a ping so I can avoid to apply while building. Cheers, Sandro -- Sandro Tosi (aka morph, Morpheus, matrixhasu) My website: http://matrixhasu.altervista.org/ Me at Debian: http://wiki.debian.org/SandroTosi -------------- next part -------------- A non-text attachment was scrubbed... Name: pyOpenSSL-0.7a1_debian.patch Type: text/x-diff Size: 6165 bytes Desc: not available URL: