#6 coredump when naively generating a self-signed certificate

closed-fixed
nobody
None
5
2008-03-12
2004-11-09
Glyph Lefkowitz
No

glyph@kazekage:~% python
Python 2.3.4 (#2, Sep 24 2004, 08:39:09)
[GCC 3.3.4 (Debian 1:3.3.4-12)] on linux2
Type "help", "copyright", "credits" or "license" for
more information.
>>> from OpenSSL.crypto import *
>>> pk = PKey()
>>> pk.generate_key(TYPE_RSA, 1024)
>>> req = X509Req()
>>> req.set_pubkey(pk)
>>> req.sign(req.get_pubkey(), 'md5')
zsh: segmentation fault python

I understand now why this is invalid, I think: the
"pkey" object used does not have a private-key half.
However, it would be nice to have this represented in
the repr() and to have a less abrupt method of
informing the user that something has gone wrong.

Discussion

  • Jp Calderone
    Jp Calderone
    2008-03-10

    Logged In: YES
    user_id=366566
    Originator: NO

    I've improved this situation somewhat. PKeys now remember if they can sign things. Signature attempts are rejected for PKeys which aren't suitable. The patch is in my fork of pyOpenSSL, <http://launchpad.net/pyopenssl>. The changeset is revision 39.

     
  • Jp Calderone
    Jp Calderone
    2008-03-12

    • status: open --> closed-fixed