From krjackson at LBL.GOV Sun Jun 3 05:52:01 2007 From: krjackson at LBL.GOV (Keith Jackson) Date: Sat, 2 Jun 2007 20:52:01 -0700 Subject: [PYTHON-CRYPTO] added session caching support for M2 HTTPSConnection Message-ID: <37ABF98C-E12C-4987-95A6-1884478D2F73@lbl.gov> I added in support for client side session caching in HTTPSConnection. I added an extra test to test_ssl.py that tests this functionality. See: https://bugzilla.osafoundation.org/show_bug.cgi? id=9409 for more info or to get the patches. --keith From heikki at OSAFOUNDATION.ORG Fri Jun 8 10:28:51 2007 From: heikki at OSAFOUNDATION.ORG (Heikki Toivonen) Date: Fri, 8 Jun 2007 01:28:51 -0700 Subject: [PYTHON-CRYPTO] M2Crypto 0.18 Roadmap Message-ID: <46691343.3000300@osafoundation.org> I am planning on wrapping up 0.18 development work by the beginning of July 2007, do weekly betas during July, and get the actual release out by the end of July 2007. Due to vacations the schedule may not be exactly strict, but that is the plan. There are currently 18 more bugs targeted for 0.18. If you have any issues or enhancement requests you haven't submitted to the M2Crypto bug database, now would be the time. Also, the earlier and more testing the better. http://chandlerproject.org/Projects/MeTooCrypto -- Heikki Toivonen -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 254 bytes Desc: OpenPGP digital signature URL: From P.J.Kershaw at RL.AC.UK Fri Jun 8 13:30:52 2007 From: P.J.Kershaw at RL.AC.UK (Kershaw, PJ (Philip)) Date: Fri, 8 Jun 2007 12:30:52 +0100 Subject: [PYTHON-CRYPTO] M2Crypto 0.18 Roadmap References: A<46691343.3000300@osafoundation.org> Message-ID: Hi Heikki, I have a couple of requests for enhancements. Apologies if you have these already on Bugzilla. I'm new to this process. * I made an alteration to the setup.py so that you can create an egg and also, use build_ext options to set which OpenSSL to link with: http://glue.badc.rl.ac.uk/ndg/browser/TI12-security/branches/Dependencies/m2crypto/setup.py I know you can do this with the --openssl option already but if I do it with build_ext its more flexible. In particular it means if I include an M2Crypto.tar.gz as a dependency link for another egg I can also pass build_ext args to determine the OpenSSL link location. * I'd like to be able to read ASN1 format from a string. To do this I added in a wrapper to OpenSSL d2i_X509_bio() but is there an alternative way to do this with the existing M2Crypto interface? * I have a question about the handling of proxy certificate DNs. X509_Name.CN will yield only one value even if there are multiple CN entries: >>> from M2Crypto import * >>> x509=X509.load_cert('cert.pem') >>> x509subj=x509.get_subject() >>> str(x509subj) '/O=a/OU=b/CN=A.N.Other/CN=proxy' >>> x509subj.CN 'A.N.Other' Is this right or is there another to do this? Cheers, Phil -----Original Message----- From: generic crypto class API for Python on behalf of Heikki Toivonen Sent: Fri 08-Jun-07 9:28 AM To: PYTHON-CRYPTO at NIC.SURFNET.NL Subject: M2Crypto 0.18 Roadmap I am planning on wrapping up 0.18 development work by the beginning of July 2007, do weekly betas during July, and get the actual release out by the end of July 2007. Due to vacations the schedule may not be exactly strict, but that is the plan. There are currently 18 more bugs targeted for 0.18. If you have any issues or enhancement requests you haven't submitted to the M2Crypto bug database, now would be the time. Also, the earlier and more testing the better. http://chandlerproject.org/Projects/MeTooCrypto -- Heikki Toivonen From heikki at OSAFOUNDATION.ORG Fri Jun 8 20:29:47 2007 From: heikki at OSAFOUNDATION.ORG (Heikki Toivonen) Date: Fri, 8 Jun 2007 11:29:47 -0700 Subject: [PYTHON-CRYPTO] M2Crypto 0.18 Roadmap In-Reply-To: References: A<46691343.3000300@osafoundation.org> Message-ID: <4669A01B.8080401@osafoundation.org> Kershaw, PJ (Philip) wrote: > * I made an alteration to the setup.py so that you can create an egg and also, use build_ext options to set which OpenSSL to link with: > > http://glue.badc.rl.ac.uk/ndg/browser/TI12-security/branches/Dependencies/m2crypto/setup.py Yeah, this would be nice. The current --openssl is kind of a hack so if you have something better, great! Could you file a bug and attach an svn diff against the trunk? https://bugzilla.osafoundation.org/enter_bug.cgi?product=M2Crypto > * I'd like to be able to read ASN1 format from a string. To do this I added in a wrapper to OpenSSL d2i_X509_bio() but is there an alternative way to do this with the existing M2Crypto interface? There might be something like this. Could you give a specific code example what you want to do? > * I have a question about the handling of proxy certificate DNs. X509_Name.CN will yield only one value even if there are multiple CN entries: This is bug https://bugzilla.osafoundation.org/show_bug.cgi?id=5380 There is an OpenSSL API for getting this, but so far I haven't been able to wrap that successfully yet; there are parts of the API that I don't understand completely. -- Heikki Toivonen -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 254 bytes Desc: OpenPGP digital signature URL: From krjackson at LBL.GOV Fri Jun 8 21:50:40 2007 From: krjackson at LBL.GOV (Keith Jackson) Date: Fri, 8 Jun 2007 12:50:40 -0700 Subject: [PYTHON-CRYPTO] M2Crypto 0.18 Roadmap In-Reply-To: <4669A01B.8080401@osafoundation.org> References: A<46691343.3000300@osafoundation.org> <4669A01B.8080401@osafoundation.org> Message-ID: <9ABB2C2A-50E8-40DB-8112-09D6414C5F1C@lbl.gov> I'll go ahead and look at the proxy problem. I was already planning on spending some time on m2 this weekend, and I'm pretty familiar with proxy handling. --keith On Jun 8, 2007, at 11:29 AM, Heikki Toivonen wrote: >> * I have a question about the handling of proxy certificate DNs. >> X509_Name.CN will yield only one value even if there are multiple >> CN entries: > > This is bug https://bugzilla.osafoundation.org/show_bug.cgi?id=5380 > > There is an OpenSSL API for getting this, but so far I haven't been > able > to wrap that successfully yet; there are parts of the API that I don't > understand completely. From heikki at OSAFOUNDATION.ORG Sat Jun 9 01:58:34 2007 From: heikki at OSAFOUNDATION.ORG (Heikki Toivonen) Date: Fri, 8 Jun 2007 16:58:34 -0700 Subject: [PYTHON-CRYPTO] M2Crypto 0.18 Roadmap In-Reply-To: <9ABB2C2A-50E8-40DB-8112-09D6414C5F1C@lbl.gov> References: A<46691343.3000300@osafoundation.org> <4669A01B.8080401@osafoundation.org> <9ABB2C2A-50E8-40DB-8112-09D6414C5F1C@lbl.gov> Message-ID: <4669ED2A.7080008@osafoundation.org> > On Jun 8, 2007, at 11:29 AM, Heikki Toivonen wrote: >>> * I have a question about the handling of proxy certificate DNs. >>> X509_Name.CN will yield only one value even if there are multiple CN >>> entries: >> >> This is bug https://bugzilla.osafoundation.org/show_bug.cgi?id=5380 I actually fixed this bug today. -- Heikki Toivonen -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 254 bytes Desc: OpenPGP digital signature URL: From P.J.Kershaw at RL.AC.UK Mon Jun 11 15:13:05 2007 From: P.J.Kershaw at RL.AC.UK (Kershaw, PJ (Philip)) Date: Mon, 11 Jun 2007 14:13:05 +0100 Subject: [PYTHON-CRYPTO] M2Crypto 0.18 Roadmap In-Reply-To: A<4669A01B.8080401@osafoundation.org> References: A<46691343.3000300@osafoundation.org> A<4669A01B.8080401@osafoundation.org> Message-ID: Hi Heikki, > -----Original Message----- > From: generic crypto class API for Python > [mailto:PYTHON-CRYPTO at NIC.SURFNET.NL] On Behalf Of Heikki Toivonen > Sent: 08 June 2007 19:30 > To: PYTHON-CRYPTO at NIC.SURFNET.NL > Subject: Re: M2Crypto 0.18 Roadmap > > Kershaw, PJ (Philip) wrote: > > * I made an alteration to the setup.py so that you can > create an egg and also, use build_ext options to set which > OpenSSL to link with: > > > > > http://glue.badc.rl.ac.uk/ndg/browser/TI12-security/branches/Dependenc > > ies/m2crypto/setup.py > > Yeah, this would be nice. The current --openssl is kind of a > hack so if you have something better, great! > > Could you file a bug and attach an svn diff against the trunk? OK :) > > https://bugzilla.osafoundation.org/enter_bug.cgi?product=M2Crypto > > > * I'd like to be able to read ASN1 format from a string. > To do this I added in a wrapper to OpenSSL d2i_X509_bio() but > is there an alternative way to do this with the existing > M2Crypto interface? > > There might be something like this. Could you give a specific > code example what you want to do? It was for use with a MyProxy client. I adapted code by Tom Uram: http://www-unix.mcs.anl.gov/fl/research/accessgrid/myproxy/myproxy_logon .py This uses pyOpenSSL but I wanted to use M2Crypto. In one case, MyProxy server returns a list of certificates which are parsed used in Tom's code using pyOpenSSL OpenSSL.crypto.load_certificate ... # extract der-format cert, and convert to pem c = dat[ind:ind+len+4] => x509 = crypto.load_certificate(crypto.FILETYPE_ASN1,c) pem_cert = crypto.dump_certificate(crypto.FILETYPE_PEM,x509) pem_certs.append(pem_cert) I couldn't see an M2Crypto equivalent so I looked into the pyOpenSSL C source code. The C function used is d2i_X509_bio(). I made a wrapper for this in my own version of M2Crypto adapting X509.load_cert_string() My equivalent is at: http://glue.badc.rl.ac.uk/ndg/browser/TI12-security/branches/Dependencie s/m2crypto > > > * I have a question about the handling of proxy > certificate DNs. X509_Name.CN will yield only one value even > if there are multiple CN entries: > > This is bug https://bugzilla.osafoundation.org/show_bug.cgi?id=5380 > > There is an OpenSSL API for getting this, but so far I > haven't been able to wrap that successfully yet; there are > parts of the API that I don't understand completely. > I saw your update on that thanks. Cheers, Phil > -- > Heikki Toivonen > > > From heikki at OSAFOUNDATION.ORG Mon Jun 11 21:08:05 2007 From: heikki at OSAFOUNDATION.ORG (Heikki Toivonen) Date: Mon, 11 Jun 2007 12:08:05 -0700 Subject: [PYTHON-CRYPTO] M2Crypto 0.18 Roadmap In-Reply-To: References: A<46691343.3000300@osafoundation.org> A<4669A01B.8080401@osafoundation.org> Message-ID: <466D9D95.1050109@osafoundation.org> Kershaw, PJ (Philip) wrote: > This uses pyOpenSSL but I wanted to use M2Crypto. In one case, MyProxy > server returns a list of certificates which are parsed used in Tom's > code using pyOpenSSL OpenSSL.crypto.load_certificate ... > > # extract der-format cert, and convert to pem > c = dat[ind:ind+len+4] > => x509 = crypto.load_certificate(crypto.FILETYPE_ASN1,c) > pem_cert = crypto.dump_certificate(crypto.FILETYPE_PEM,x509) > pem_certs.append(pem_cert) > > I couldn't see an M2Crypto equivalent so I looked into the pyOpenSSL C > source code. The C function used is d2i_X509_bio(). I made a wrapper > for this in my own version of M2Crypto adapting X509.load_cert_string() I think that this will be addressed by bug https://bugzilla.osafoundation.org/show_bug.cgi?id=9259 -- Heikki Toivonen -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 254 bytes Desc: OpenPGP digital signature URL: From LightLan at LIGHTLAN.DE Sat Jun 23 09:48:16 2007 From: LightLan at LIGHTLAN.DE (Paul Rauch) Date: Sat, 23 Jun 2007 09:48:16 +0200 Subject: [PYTHON-CRYPTO] added pycrypto to my suse repository Message-ID: <467CD040.1070801@lightlan.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello *, I just added pycrypto to my opensuse repository, just thought you'd like to know ;) http://repo.lightlan.de/index.php?/archives/13-Neue-rpmsnew-rpms.html greetz Paul Rauch -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iQIVAwUBRnzQQBG67lyyQrltAQLXfA//Ynh0pdzxnkqwY+q5+Iwh85iHZlQ9F+IP DA1fFH8TZtz8QyUumoztUBy8ZHYEkZG60ssuL2zDAXnUMsEI2EvB6lNETfBrP90M GxMddVDrn7RgQT47F+3O7aJthKgdVydUi7Zt/nxRyMcjhPHtJYiUS+5mme3re9Qe 2/9dpq61d51rjw1gc4CTWdXSczC2+WpwRYmIWFDEbKHSqYbEoEvpRwikkGjxvpin d7HIfOUDk4oZ8Ht/3sZ3PBPRNvMOPQNxkZSwVRBa4p8bFIbggwWZOuLwYIfpIt/g fgmTP0VqYRq/0gW6Yj5pfL/XN56YPsVA/Js/9euKJIPg1Fvq5arfeLZulDlad7CW 9O99Jjj7wC4xgJSN3B5cnFkI55ZOrnFswKznvFdglWOpOxuYO9UkfA6GZTjryNVo iCK2o57HbvEzwS2mMb5rwsjHbgtB/D1W84DuqYal3oqwSLxvIgFFtOjlBJbHPl3E xgKmYCZum81AdmhxwpD3FW9eZS/x+VBB9/jNSIyAn//44x/Nit8lg73Qjgw07N5e jiZI9hTnXsEnqhfWKFbDE6BR55XInXa1skdKcZGaw/NA0geiCehZmXurBUc4Lhcl O3kFWxXKb7dreJEyLcaMmb6R/BCTue1UO8P6GiKNSWDJBUl/5dbgPhoKpm5D1tm3 61sihbCPajs= =lMzx -----END PGP SIGNATURE-----