Hi Jean-Paul,

I would love to take credit for the patches, and provide you with the documentation you asked for. But the truth is that i haven't written these, and to be honest my knowledge of C is extremely limited so i'm unable to answer these questions. Sorry.

kind regards,

Sebastian

On Sun, Mar 23, 2008 at 12:20 AM, Jean-Paul Calderone <exarkun@divmod.com> wrote:
On Sat, 22 Mar 2008 22:16:56 +0100, Sebastian Vieira <sebvieira@gmail.com> wrote:
>Hi,
>
>Any chance of including the CRL patch found on http://tinyurl.com/2kj8o6 ? I
>found that the required pkcs12 patched cleanly against the 0.7 source, but
>the crl patch failed one hunk:
>
>patching file src/crypto/crypto.c
>Hunk #1 succeeded at 461 (offset -1 lines).
>Hunk #2 succeeded at 591 (offset -1 lines).
>Hunk #3 succeeded at 626 (offset -1 lines).
>Hunk #4 succeeded at 794 (offset 25 lines).
>Hunk #5 FAILED at 803.
>Hunk #6 succeeded at 872 (offset 26 lines).
>
>I ask this because my python/openvpn script depends on it :)
>
>kind regards,
>

Hey Sebastian,

This is definitely a possibility.  I may need some help with it, though.

First, http://arnaud.desmons.free.fr/pyOpenSSL-0.6-crl.patch is the patch
you're referring to, right?  And the patch which must be applied first is
http://arnaud.desmons.free.fr/pyOpenSSL-0.6-pkcs12.patch?

If so, here are some specific questions the answers to which would help me
out a bunch:

 * What is the proper usage of crypto_dump_pkcs12?
 * Is crypto_PKCS12_set_certificate stealing a reference (meaning memory corruption will likely follow a call to it)?
 * Same question for crypto_PKCS12_set_privatekey.
 * Why the commented out lines in crypto_PKCS12_dealloc and in the definition of crypto_PKCS12_Type?

 * What is the proper usage of crypto_dump_crl?

And more generally:

 * Documentation would be greatly appreciated.  Either in the form of C
   comments in the code, or docstrings exposed to Python (instead of the
   empty strings currently given to the new APIs), or in LaTeX as diffs
   against doc/pyOpenSSL.tex
 * Unit tests would be even better. ;)

In the mean time, I've applied both patches (resolving the simple conflicts)
and pushed a branch to launchpad - https://code.launchpad.net/~exarkun/pyopenssl/pkcs12-crl - in case you want
to use that diff (since it applies clean to trunk now) or if you want to
generate any patches.

Jean-Paul