[PYTHON-CRYPTO] ANN: M2Crypto 0.18beta1

Heikki Toivonen heikki at OSAFOUNDATION.ORG
Tue Jul 10 20:12:53 CEST 2007

M2Crypto is the most complete Python wrapper for OpenSSL featuring RSA,
DSA, DH, HMACs, message digests, symmetric ciphers (including AES); SSL
functionality to implement clients and servers; HTTPS extensions to
Python's httplib, urllib, and xmlrpclib; unforgeable HMAC'ing
AuthCookies for web session management; FTP/TLS client and server;
S/MIME; ZServerSSL: A HTTPS server for Zope and ZSmime: An S/MIME
messenger for Zope.

This is the first beta of the 0.18 release cycle. Final release is
scheduled for the end of July 2007. Please test this out and report any
issues. Download links and bug filing instructions on the homepage at


- Added EVP.pbkdf2 to derive key from password
- X509_Store_Context.get1_chain added
- Added X509_Name.__iter__, __getitem__, get_entries_by_nid which allow
  iterating over all X509_Name_Entries or getting just all commonName
  for example
- Added X509_Name_Entry.get_object, get_data, set_data
- Added back PKCS7.get0_signers (was removed in 0.16)
- X509_Extension.get_value accepts flag and indent parameters.
- support multiple dNSName fields in subjectAltName
- support multiple commonName fields for SSL peer hostname checking
- Checking for erroneous returns from more OpenSSL EVP_* functions, which
  means that certain things that used to fail silently will now raise an
  EVP.EVPError; affected m2 functions are: digest_final, cipher_init,
  cipher_update, cipher_final and sign_update. sign_final will now raise
  EVP.EVPError instead of SystemError as well.
- Fixed Pkey.verify_final to take a sign parameter
- If a subjectAltName extension of type dNSName is present in peer
  use only the dNSNames when checking peer certificate hostname, as
  by RFC 2818. If no dNSNames are present, use subject commonName.
- Fixed memory leaks in m2 functions ec_key_new_by_curve_name,
  pkey_get_modulus, ecdsa_verify, threading_init and
  X509.X509.verify, X509.X509_Stack (which manifested for example when
  calling X509.new_stack_from_der), SSL.Connection (which manifested
with some
  connection errors or when connect was never called), twisted wrapper,
  SSL.Connection.makefile (in BIO.IOBuffer really)
- Fixed threading regressions introduced in 0.16,
  by Aaron Reizes and Keith Jackson
- Added SSL session caching support to HTTPSConnection, by Keith Jackson
- Added the ability to save and load DER formatted X509 certificates and
  certificate requests, by Keith Jackson
- m2xmlrpclib.py fixed to work with Python 2.5, by Miloslav Trmac
- 64-bit correctness fixes, by Miloslav Trmac
- Added X509_Name.as_hash, by Thomas Uram
- Moved --openssl option from general setup.py option to build_ext option,
  meaning you need to do: python setup.py build build_ext --openssl=/path,
  by Philip Kershaw
- Fixed build problem affecting certain systems where OpenSSL was built
  EC support
- M2CRYPTO_TEST_SSL_SLEEP environment variable controls how long to sleep
  after starting the test SSL server. Default is 0.5, but 0.1 or even 0.05
  might work with modern computers. Makes tests finish significantly faster.

  Heikki Toivonen

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
URL: <http://mail.python.org/pipermail/python-crypto/attachments/20070710/ed039110/attachment.pgp>

More information about the python-crypto mailing list