Re: [pyOpenSSL] CRL & PKCS12 patch

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Sebastian,

Did you look at the patch for CRL that I wrote?
https://bugs.launchpad.net/pyopenssl/+bug/404436
Would it meet your needs?

--
Rick

On Sun, Oct 18, 2009 at 04:05:14PM -0000, ex...@tw... wrote:
> On 01:45 pm, seb...@gm... wrote:
> >Hi,
> >
> >Is there any progress on this? I mean, will the CRL functionality be in 
> >the
> >next pyOpenSSL release and if so, when will that be? I'm trying to get 
> >a
> >python app into Fedora but while a part of its functionality is based 
> >on a
> >custom patched pyOpenSSL it will probably not be accepted.
> >
> >Apart from that, it's of course a great feature for pyOpenSSL that will
> >benefit everyone :)
> >
> >thanks,
> 
> Hi,
> 
> So far, no progress on CRLs in pyOpenSSL.  I just took a quick look at 
> the patch attached to https://bugs.launchpad.net/pyopenssl/+bug/385178 - 
> just thoroughly enough to see that it is a long way from being ready to 
> include in trunk.  Here's a semi-complete list of what I'd like to see 
> changes about it:
> 
>   * It makes unexplained changes to test_crypto.py; these have nothing to 
> do with CRLs and, if important, should be split out into a separate 
> patch/branch associated with a new ticket that explains their 
> significance.
> 
>   * It makes a memory management change to x509.c which is similarly 
> unexplained and also untested.  This should have a unit test and 
> possibly also be split off onto a separate ticket.
> 
>   * It adds get_extension, get_extensions, check_privatekey, verify, 
> repr, and str methods to the X509 type.  Also apparently unrelated to 
> CRLs.  Also untested.  Aside from str and repr these seem valuable and 
> should be added elsewhere, with tests.  Maybe str and repr are good too, 
> but I need to be convinced.
> 
>   * It adds str and repr methods to the X509Name type.  Also untested and 
> unrelated.
> 
>   * Likewise for X509Req.
> 
>   * There's a bunch of new code in crypto.c about "crypto_ui" and engines 
> which looks like it might be neat, but has nothing to do with crls (and 
> has no tests).
> 
>   * For the new code that's actually x509 crl related:
> 
>     * the whitespace is totally crazy and should be cleaned up
> 
>     * there are no unit tests.  I am trying to raise pyOpenSSL to 100% 
> line coverage.  That means all new code has to have unit tests.
> 
>     * the function docstrings all use the weird old style which is more 
> aimed at C programmers than Python programmers.  They should be updated 
> to be Python programmer friendly.
> 
>     * there's code for dealing with asn1 times copied from another 
> pyOpenSSL source file; this should be factored into a common file that 
> can be re-used, instead of duplicated.
> 
> 
> A lot of these things are easy to remedy.  Just delete some of the 
> patch.  However, adding the CRL unit tests is probably real work. 
> Someone who's familiar with the CRL APIs can probably make a significant 
> dent in this without too much trouble.  If someone can do that, I'll 
> make time to re-review the new submission and accept it or provide 
> further feedback.
> 
> Jean-Paul
> 
> ------------------------------------------------------------------------------
> Come build with us! The BlackBerry(R) Developer Conference in SF, CA
> is the only developer event you need to attend this year. Jumpstart your
> developing skills, take BlackBerry mobile applications to market and stay 
> ahead of the curve. Join us from November 9 - 12, 2009. Register now!
> http://p.sf.net/sfu/devconference
> _______________________________________________
> pyopenssl-list mailing list
> pyo...@li...
> https://lists.sourceforge.net/lists/listinfo/pyopenssl-list

-- 
Rick 