[PYTHON-CRYPTO] patches for X509_EXTENSION and a few other things

Matt Rodriguez MKRodriguez at LBL.GOV
Wed Nov 30 02:45:41 CET 2005 

I've done a little work with M2Crypto because I've been using it to 
generate proxy certificates. Proxy Certificates need to have a proxy 
certificate info extension for openssl to recognize them. Openssl 
versions 0.9.8 and later have support for proxy certificates. 

So here are the changes that I've made.

1. I added a as_der method to the EVP class in EVP.py. This calls 
i2d_PUBKEY to
get the DER encoding.

2. I changed the new_extensions function in X509. It initializes a LHASH 
and a
X509V3_CTX objects, and passes them into the X509V3_ext_conf function. I 
did this
was because to use the ProxyCertInfo extension it needed an initialized 
context object,
otherwise I would get a segmentation fault. This is because the 
X509_EXTENSION_METHOD object assoctiated with PCI does not contain v2i 
or s2i functions. The method does have an r2i function, but the 
do_ext_nconf  does a check
on the context to see if it has a db or db_meth object. If the context 
is NULL then there is
a segmentation fault.

If there is another way to create a PCI extension using M2Crypto without 
this patch, I'd like
to know about it. 

3. Changes to setup.py. I've mentioned this in previous posts. I added 
an option so that one
could build M2Crypto against openssl that is installed in an arbitrary 
location.

4. I added a quick test to test_evp.py that tests the as_der method.

5. I fixed an obvious memory leak in _x509.i in the x509_extension_get_name.

I've tested these changes with openssl-0.9.8a using valgrind to make 
sure my changes
didn't leak any more memory.


Please let me know if there are any problems with the patches or if 
there is anything I can
do to facilitate adding these patches to M2Crypto.

Matt Rodriguez
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ext.patch
Type: text/x-patch
Size: 5903 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/python-crypto/attachments/20051129/808e7f67/attachment.bin>

More information about the python-crypto mailing list