Hi Jean-Paul,

I would love to take credit for the patches, and provide you with the documentation you asked for. But the truth is that i haven't written these, and to be honest my knowledge of C is extremely limited so i'm unable to answer these questions. Sorry.

kind regards,


On Sun, Mar 23, 2008 at 12:20 AM, Jean-Paul Calderone <exarkun@divmod.com> wrote:
On Sat, 22 Mar 2008 22:16:56 +0100, Sebastian Vieira <sebvieira@gmail.com> wrote:
>Any chance of including the CRL patch found on http://tinyurl.com/2kj8o6 ? I
>found that the required pkcs12 patched cleanly against the 0.7 source, but
>the crl patch failed one hunk:
>patching file src/crypto/crypto.c
>Hunk #1 succeeded at 461 (offset -1 lines).
>Hunk #2 succeeded at 591 (offset -1 lines).
>Hunk #3 succeeded at 626 (offset -1 lines).
>Hunk #4 succeeded at 794 (offset 25 lines).
>Hunk #5 FAILED at 803.
>Hunk #6 succeeded at 872 (offset 26 lines).
>I ask this because my python/openvpn script depends on it :)
>kind regards,

Hey Sebastian,

This is definitely a possibility.  I may need some help with it, though.

First, http://arnaud.desmons.free.fr/pyOpenSSL-0.6-crl.patch is the patch
you're referring to, right?  And the patch which must be applied first is

If so, here are some specific questions the answers to which would help me
out a bunch:

 * What is the proper usage of crypto_dump_pkcs12?
 * Is crypto_PKCS12_set_certificate stealing a reference (meaning memory corruption will likely follow a call to it)?
 * Same question for crypto_PKCS12_set_privatekey.
 * Why the commented out lines in crypto_PKCS12_dealloc and in the definition of crypto_PKCS12_Type?

 * What is the proper usage of crypto_dump_crl?

And more generally:

 * Documentation would be greatly appreciated.  Either in the form of C
   comments in the code, or docstrings exposed to Python (instead of the
   empty strings currently given to the new APIs), or in LaTeX as diffs
   against doc/pyOpenSSL.tex
 * Unit tests would be even better. ;)

In the mean time, I've applied both patches (resolving the simple conflicts)
and pushed a branch to launchpad - https://code.launchpad.net/~exarkun/pyopenssl/pkcs12-crl - in case you want
to use that diff (since it applies clean to trunk now) or if you want to
generate any patches.