[PYTHON-CRYPTO] patches for X509_EXTENSION and a few other things
Matt Rodriguez
MKRodriguez at LBL.GOV
Wed Nov 30 02:45:41 CET 2005
I've done a little work with M2Crypto because I've been using it to
generate proxy certificates. Proxy Certificates need to have a proxy
certificate info extension for openssl to recognize them. Openssl
versions 0.9.8 and later have support for proxy certificates.
So here are the changes that I've made.
1. I added a as_der method to the EVP class in EVP.py. This calls
i2d_PUBKEY to
get the DER encoding.
2. I changed the new_extensions function in X509. It initializes a LHASH
and a
X509V3_CTX objects, and passes them into the X509V3_ext_conf function. I
did this
was because to use the ProxyCertInfo extension it needed an initialized
context object,
otherwise I would get a segmentation fault. This is because the
X509_EXTENSION_METHOD object assoctiated with PCI does not contain v2i
or s2i functions. The method does have an r2i function, but the
do_ext_nconf does a check
on the context to see if it has a db or db_meth object. If the context
is NULL then there is
a segmentation fault.
If there is another way to create a PCI extension using M2Crypto without
this patch, I'd like
to know about it.
3. Changes to setup.py. I've mentioned this in previous posts. I added
an option so that one
could build M2Crypto against openssl that is installed in an arbitrary
location.
4. I added a quick test to test_evp.py that tests the as_der method.
5. I fixed an obvious memory leak in _x509.i in the x509_extension_get_name.
I've tested these changes with openssl-0.9.8a using valgrind to make
sure my changes
didn't leak any more memory.
Please let me know if there are any problems with the patches or if
there is anything I can
do to facilitate adding these patches to M2Crypto.
Matt Rodriguez
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ext.patch
Type: text/x-patch
Size: 5903 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/python-crypto/attachments/20051129/808e7f67/attachment.bin>
More information about the python-crypto
mailing list