ANN: M2Crypto 0.18

Heikki Toivonen heikki at
Fri Jul 27 20:18:23 CEST 2007

M2Crypto is the most complete Python wrapper for OpenSSL featuring RSA,
DSA, DH, HMACs, message digests, symmetric ciphers (including AES); SSL
functionality to implement clients and servers; HTTPS extensions to
Python's httplib, urllib, and xmlrpclib; unforgeable HMAC'ing
AuthCookies for web session management; FTP/TLS client and server;
S/MIME; ZServerSSL: A HTTPS server for Zope and ZSmime: An S/MIME
messenger for Zope.

Download links on the homepage at


- Added EVP.pbkdf2 to derive key from password
- X509_Store_Context.get1_chain added
- Added X509_Name.__iter__, __getitem__, get_entries_by_nid which allow
  iterating over all X509_Name_Entries or getting just all commonName
  entries, for example
- Added X509_Name_Entry.get_object, get_data, set_data
- Added back PKCS7.get0_signers (was removed in 0.16)
- X509_Extension.get_value accepts flag and indent parameters.
- support multiple dNSName fields in subjectAltName
- support multiple commonName fields for SSL peer hostname checking
- Checking for erroneous returns from more OpenSSL EVP_* functions,
  which means that certain things that used to fail silently will now
  raise an EVP.EVPError; affected m2 functions are: digest_final,
  cipher_init, cipher_update, cipher_final and sign_update. sign_final
  will now raise EVP.EVPError instead of SystemError as well.
- Fixed Pkey.verify_final to take a sign parameter
- If a subjectAltName extension of type dNSName is present in peer
  certificate, use only the dNSNames when checking peer certificate
  hostname, as specified by RFC 2818. If no dNSNames are present, use
  subject commonName.
- Fixed memory leaks in m2 functions ec_key_new_by_curve_name,
  pkey_get_modulus, ecdsa_verify, threading_init and
  X509.X509.verify, X509.X509_Stack (which manifested for example when
  calling X509.new_stack_from_der), SSL.Connection (which manifested
  with some connection errors or when connect was never called), twisted
  wrapper, SSL.Connection.makefile (in BIO.IOBuffer really)
- Fixed threading regressions introduced in 0.16,
  by Aaron Reizes and Keith Jackson
- Added SSL session caching support to HTTPSConnection, by Keith Jackson
- Added the ability to save and load DER formatted X509 certificates and
  certificate requests, by Keith Jackson
- fixed to work with Python 2.5, by Miloslav Trmac
- 64-bit correctness fixes, by Miloslav Trmac
- Added X509_Name.as_hash, by Thomas Uram
- Moved --openssl option from general option to build_ext
  option, meaning you need to do: python build build_ext
  --openssl=/path, by Philip Kershaw
- Fixed build problem affecting certain systems where OpenSSL was built
  without EC support
- M2CRYPTO_TEST_SSL_SLEEP environment variable controls how long to
  sleep after starting the test SSL server. Default is 0.5, but 0.1 or
  even 0.05 might work with modern computers. Makes tests finish
  significantly faster.

  Heikki Toivonen

More information about the Python-list mailing list