Menu
▾
▴
pyopenssl-list — General discussion list for users and developers of pyOpenSSL
You can subscribe to this list here.
| 2002 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(6) |
Aug
(9) |
Sep
(2) |
Oct
(15) |
Nov
(1) |
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2003 |
Jan
(17) |
Feb
(2) |
Mar
(3) |
Apr
(2) |
May
(1) |
Jun
|
Jul
(9) |
Aug
(4) |
Sep
|
Oct
|
Nov
(4) |
Dec
(1) |
| 2004 |
Jan
|
Feb
(2) |
Mar
(7) |
Apr
(1) |
May
|
Jun
|
Jul
(4) |
Aug
(6) |
Sep
(13) |
Oct
(5) |
Nov
(1) |
Dec
(4) |
| 2005 |
Jan
(1) |
Feb
(7) |
Mar
(2) |
Apr
(2) |
May
|
Jun
(1) |
Jul
(7) |
Aug
(5) |
Sep
(3) |
Oct
(4) |
Nov
|
Dec
(1) |
| 2006 |
Jan
(1) |
Feb
|
Mar
(3) |
Apr
(1) |
May
|
Jun
(7) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(9) |
Dec
(2) |
| 2007 |
Jan
(4) |
Feb
|
Mar
(2) |
Apr
(1) |
May
(5) |
Jun
(6) |
Jul
|
Aug
(7) |
Sep
|
Oct
(1) |
Nov
(2) |
Dec
|
| 2008 |
Jan
(2) |
Feb
|
Mar
(10) |
Apr
(4) |
May
(3) |
Jun
(3) |
Jul
(5) |
Aug
(2) |
Sep
(30) |
Oct
(12) |
Nov
(5) |
Dec
(2) |
| 2009 |
Jan
(7) |
Feb
(1) |
Mar
(26) |
Apr
(20) |
May
(4) |
Jun
(1) |
Jul
(7) |
Aug
(21) |
Sep
(2) |
Oct
(9) |
Nov
(8) |
Dec
|
| 2010 |
Jan
(4) |
Feb
(5) |
Mar
(3) |
Apr
(1) |
May
|
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
(5) |
Nov
(3) |
Dec
|
| 2011 |
Jan
(1) |
Feb
|
Mar
|
Apr
(13) |
May
|
Jun
|
Jul
|
Aug
(3) |
Sep
(1) |
Oct
(6) |
Nov
(11) |
Dec
|
| 2012 |
Jan
|
Feb
(1) |
Mar
|
Apr
|
May
(1) |
Jun
|
Jul
(1) |
Aug
(13) |
Sep
(1) |
Oct
|
Nov
|
Dec
(3) |
|
From: Andrew G. <aga...@ge...> - 2006-06-19 04:54:34
|
Mihai Ibanescu wrote: > On Sun, Jun 18, 2006 at 07:24:17PM -0500, Andrew Gaffney wrote: >> Andrew Gaffney wrote: >> >> Okay, I finally have it "working". My above statement was actually wrong. It >> looks like HTTPResponse *does* use makefile(), but HTTPConnection does *not*. >> So, it calls close() which decrements the counter without ever calling >> makefile() which increments the counter. The way I made it "work" was by >> commenting all the calls to .close() and .shutdown(). This is technically >> "wrong", but it gets around the faulty close_refcount logic. Can anyone suggest >> a better way to do this? > > The history behind that counter is (but this is all based on memory): > When the response object is created, httplib.HTTPConnection will use > makefile() to dup() the file descriptor it passes down to the HTTPResponse > object. This allows the code to be much cleaner, you can now close the main > connection object and just keep reading from the response one. > > The problem with SSL is, it's not exposing real sockets. As such, there is no > dup() that works. The only way to achieve the same functionality is to play > the tricky counter thingie to keep the file descriptor open even after you > close the HTTPConnection. So, makefile() should increment the counter, and > close() should keep decrementing it (and do nothing else) until you hit zero, > at which point it should close the SSL connection. I completely understand the reason for the counter and the logic behind it. It's just that it doesn't quite work as advertised :) > For the same reason, select() works very unreliably on SSL sockets, because it > uses the underlying file descriptor/socket to check for incoming bytes. You > may (and I did) run into the situation where you get a couple of bytes on the > socket, but not enough to create input into the SSL buffer. So, select() would > return, but the read from the SSL socket would block. I've removed all the select() and timeout stuff in my local code, since I don't really care if it blocks (unlikely anyway with small xmlrpc requests). -- Andrew Gaffney http://dev.gentoo.org/~agaffney/ Gentoo Linux Developer Installer Project |
|
From: Mihai I. <mi...@re...> - 2006-06-19 04:26:09
|
On Sun, Jun 18, 2006 at 07:24:17PM -0500, Andrew Gaffney wrote: > Andrew Gaffney wrote: > > Okay, I finally have it "working". My above statement was actually wrong. It > looks like HTTPResponse *does* use makefile(), but HTTPConnection does *not*. > So, it calls close() which decrements the counter without ever calling > makefile() which increments the counter. The way I made it "work" was by > commenting all the calls to .close() and .shutdown(). This is technically > "wrong", but it gets around the faulty close_refcount logic. Can anyone suggest > a better way to do this? The history behind that counter is (but this is all based on memory): When the response object is created, httplib.HTTPConnection will use makefile() to dup() the file descriptor it passes down to the HTTPResponse object. This allows the code to be much cleaner, you can now close the main connection object and just keep reading from the response one. The problem with SSL is, it's not exposing real sockets. As such, there is no dup() that works. The only way to achieve the same functionality is to play the tricky counter thingie to keep the file descriptor open even after you close the HTTPConnection. So, makefile() should increment the counter, and close() should keep decrementing it (and do nothing else) until you hit zero, at which point it should close the SSL connection. For the same reason, select() works very unreliably on SSL sockets, because it uses the underlying file descriptor/socket to check for incoming bytes. You may (and I did) run into the situation where you get a couple of bytes on the socket, but not enough to create input into the SSL buffer. So, select() would return, but the read from the SSL socket would block. Hope this helps. Misa |
|
From: Andrew G. <aga...@ge...> - 2006-06-19 00:24:19
|
Andrew Gaffney wrote: > Andrew Gaffney wrote: >> Dan Williams wrote: >>> On Thu, 2006-06-15 at 10:14 -0500, Andrew Gaffney wrote: >>>> I'm trying to integrate xmlrpclib and pyopenssl. I'm mostly there, but I'm >>>> running into a problem: >>> If you need some example code of doing SSL and all things XMLRPC, take a >>> look at the files here: >>> >>> http://cvs.fedora.redhat.com/viewcvs/extras-buildsys/common/?root=fedora >>> >>> specifically SSLCommon.py and SSLConnection.py. Furthermore, >>> XMLRPCServerProxy.py, URLopener.py, FileTranser.py, FileDownloader.py, >>> and FileUploader.py might be of of interest as well. >>> >>> These implementations use nonblocking sockets by default, which have a >>> few other complications, but you can safely turn that off by passing >>> timeout values of None, I think. >>> >>> We've been running variations on this code for almost a year now in the >>> Fedora Extras build system, and it's been working pretty well. >>> >>> Dan >> The RH implementation is close to what I had come up with, so I at least know I >> was on the right track. That does get me a little farther, however, there's a >> still a problem somewhere. I've modified my code to be as close to the RH code >> and still have my own touches. >> >> Currently, it looks like the request is sent, the headers are received back from >> the server, and then the connection closes (but in a weird way). The 'closed' >> var is getting set in the SSLConnection class, but stuff like select.select() >> and socket.revc() don't seem to notice...they return "Bad file descriptor". I >> added some code to SSLConnection's recv() to check self.closed and return None, >> which gets me past that error. At that point, I get an exception from the XML >> parsing code in xmlrpclib, apparently because no XML was ever sent back. The >> following is a transcript of the session with the client code: > > <transcript snipped> > > Okay, I've gotten a little further in tracking down the problem. It appears to > be an issue with the close_refcount thing in SSLConnection. It increments when > makefile() is called and decrements when close() is called. Apparently, it looks > like when HTTPConnection.getresponse() closes the connection after instantiating > the response class, the response class never called makefile(), so the > close_refcount is decremented to 0 and closed, even though the response class is > using it. Any ideas on how to get around this? Okay, I finally have it "working". My above statement was actually wrong. It looks like HTTPResponse *does* use makefile(), but HTTPConnection does *not*. So, it calls close() which decrements the counter without ever calling makefile() which increments the counter. The way I made it "work" was by commenting all the calls to .close() and .shutdown(). This is technically "wrong", but it gets around the faulty close_refcount logic. Can anyone suggest a better way to do this? -- Andrew Gaffney http://dev.gentoo.org/~agaffney/ Gentoo Linux Developer Installer Project |
|
From: Andrew G. <aga...@ge...> - 2006-06-19 00:06:04
|
Andrew Gaffney wrote: > Dan Williams wrote: >> On Thu, 2006-06-15 at 10:14 -0500, Andrew Gaffney wrote: >>> I'm trying to integrate xmlrpclib and pyopenssl. I'm mostly there, but I'm >>> running into a problem: >> If you need some example code of doing SSL and all things XMLRPC, take a >> look at the files here: >> >> http://cvs.fedora.redhat.com/viewcvs/extras-buildsys/common/?root=fedora >> >> specifically SSLCommon.py and SSLConnection.py. Furthermore, >> XMLRPCServerProxy.py, URLopener.py, FileTranser.py, FileDownloader.py, >> and FileUploader.py might be of of interest as well. >> >> These implementations use nonblocking sockets by default, which have a >> few other complications, but you can safely turn that off by passing >> timeout values of None, I think. >> >> We've been running variations on this code for almost a year now in the >> Fedora Extras build system, and it's been working pretty well. >> >> Dan > > The RH implementation is close to what I had come up with, so I at least know I > was on the right track. That does get me a little farther, however, there's a > still a problem somewhere. I've modified my code to be as close to the RH code > and still have my own touches. > > Currently, it looks like the request is sent, the headers are received back from > the server, and then the connection closes (but in a weird way). The 'closed' > var is getting set in the SSLConnection class, but stuff like select.select() > and socket.revc() don't seem to notice...they return "Bad file descriptor". I > added some code to SSLConnection's recv() to check self.closed and return None, > which gets me past that error. At that point, I get an exception from the XML > parsing code in xmlrpclib, apparently because no XML was ever sent back. The > following is a transcript of the session with the client code: <transcript snipped> Okay, I've gotten a little further in tracking down the problem. It appears to be an issue with the close_refcount thing in SSLConnection. It increments when makefile() is called and decrements when close() is called. Apparently, it looks like when HTTPConnection.getresponse() closes the connection after instantiating the response class, the response class never called makefile(), so the close_refcount is decremented to 0 and closed, even though the response class is using it. Any ideas on how to get around this? -- Andrew Gaffney http://dev.gentoo.org/~agaffney/ Gentoo Linux Developer Installer Project |
|
From: Andrew G. <aga...@ge...> - 2006-06-18 19:10:02
|
Dan Williams wrote: > On Thu, 2006-06-15 at 10:14 -0500, Andrew Gaffney wrote: >> I'm trying to integrate xmlrpclib and pyopenssl. I'm mostly there, but I'm >> running into a problem: > > If you need some example code of doing SSL and all things XMLRPC, take a > look at the files here: > > http://cvs.fedora.redhat.com/viewcvs/extras-buildsys/common/?root=fedora > > specifically SSLCommon.py and SSLConnection.py. Furthermore, > XMLRPCServerProxy.py, URLopener.py, FileTranser.py, FileDownloader.py, > and FileUploader.py might be of of interest as well. > > These implementations use nonblocking sockets by default, which have a > few other complications, but you can safely turn that off by passing > timeout values of None, I think. > > We've been running variations on this code for almost a year now in the > Fedora Extras build system, and it's been working pretty well. > > Dan The RH implementation is close to what I had come up with, so I at least know I was on the right track. That does get me a little farther, however, there's a still a problem somewhere. I've modified my code to be as close to the RH code and still have my own touches. Currently, it looks like the request is sent, the headers are received back from the server, and then the connection closes (but in a weird way). The 'closed' var is getting set in the SSLConnection class, but stuff like select.select() and socket.revc() don't seem to notice...they return "Bad file descriptor". I added some code to SSLConnection's recv() to check self.closed and return None, which gets me past that error. At that point, I get an exception from the XML parsing code in xmlrpclib, apparently because no XML was ever sent back. The following is a transcript of the session with the client code: POST /RPC2 HTTP/1.0 Host: localhost:9876 User-Agent: xmlrpclib.py/1.0.1 (by www.pythonware.com) Content-Type: text/xml Content-Length: 103 <?xml version='1.0'?> <methodCall> <methodName>say_hello</methodName> <params> </params> </methodCall> HTTP/1.0 200 OK Server: BaseHTTP/0.3 Python/2.4.3 Date: Sun, 18 Jun 2006 18:16:09 GMT Content-type: text/xml Content-length: 131 and the socket is closed. This definitely seems to be a client-side problem. I used 'openssl s_client' to make sure of this: POST /RPC2 HTTP/1.0 Host: localhost:9876 User-Agent: xmlrpclib.py/1.0.1 (by www.pythonware.com) Content-Type: text/xml Content-Length: 103 <?xml version='1.0'?> <methodCall> <methodName>say_hello</methodName> <params> </params> </methodCall> HTTP/1.0 200 OK Server: BaseHTTP/0.3 Python/2.4.3 Date: Sun, 18 Jun 2006 18:28:16 GMT Content-type: text/xml Content-length: 131 <?xml version='1.0'?> <methodResponse> <params> <param> <value><string>hello</string></value> </param> </params> </methodResponse> closed The current version of my code can be found at <http://dev.gentoo.org/~agaffney/misc/scirec/>. If it makes any difference, I'm using python-2.4.3, pyopenssl-0.6, and openssl-0.9.7j. Thanks for any help in getting this working. -- Andrew Gaffney http://dev.gentoo.org/~agaffney/ Gentoo Linux Developer Installer Project |
|
From: Dan W. <dc...@re...> - 2006-06-16 02:29:51
|
On Thu, 2006-06-15 at 10:14 -0500, Andrew Gaffney wrote: > I'm trying to integrate xmlrpclib and pyopenssl. I'm mostly there, but I'm > running into a problem: If you need some example code of doing SSL and all things XMLRPC, take a look at the files here: http://cvs.fedora.redhat.com/viewcvs/extras-buildsys/common/?root=fedora specifically SSLCommon.py and SSLConnection.py. Furthermore, XMLRPCServerProxy.py, URLopener.py, FileTranser.py, FileDownloader.py, and FileUploader.py might be of of interest as well. These implementations use nonblocking sockets by default, which have a few other complications, but you can safely turn that off by passing timeout values of None, I think. We've been running variations on this code for almost a year now in the Fedora Extras build system, and it's been working pretty well. Dan > Traceback (most recent call last): > File "./scirec.py", line 39, in ? > print client.say_hello() > File "/usr/lib/python2.4/xmlrpclib.py", line 1096, in __call__ > return self.__send(self.__name, args) > File "/usr/lib/python2.4/xmlrpclib.py", line 1383, in __request > verbose=self.__verbose > File "/usr/lib/python2.4/xmlrpclib.py", line 1147, in request > return self._parse_response(h.getfile(), sock) > File "/usr/lib/python2.4/xmlrpclib.py", line 1276, in _parse_response > response = file.read(1024) > File "/usr/lib64/python2.4/socket.py", line 303, in read > data = self._sock.recv(recv_size) > OpenSSL.SSL.SysCallError: (9, 'Bad file descriptor') > > > My wrapper module code is below. Is there something I'm doing wrong? > > > import httplib > import xmlrpclib > import socket > from OpenSSL import SSL > > class SecureXMLRPCClient(xmlrpclib.ServerProxy): > > def __init__(self, host, port, client_cert, client_key, verify_cert_func=None): > xmlrpclib.ServerProxy.__init__(self, "https://" + host + ":" + str(port), > transport=SafeTransport(self.__host, client_cert, client_key, verify_cert_func), > encoding="utf-8", allow_none=True) > > class SafeTransport(xmlrpclib.Transport): > > def __init__(self, host, client_cert, client_key, verify_cert_func=None): > self.__host = host > self.__client_cert = client_cert > self.__client_key = client_key > self.__verify_cert_func = verify_cert_func > > def make_connection(self, host): > host, extra_headers, x509 = self.get_host_info(host) > return HTTPS(host, self.__client_key, self.__client_cert, self.__verify_cert_func) > > class HTTPS(httplib.HTTP): > > def __init__(self, host='', key_file=None, cert_file=None, verify_cert_func=None): > self._setup(HTTPSConnection(host, key_file, cert_file, verify_cert_func)) > > # we never actually use these for anything, but we keep them > # here for compatibility with post-1.5.2 CVS. > self.key_file = key_file > self.cert_file = cert_file > > class HTTPSConnection(httplib.HTTPConnection): > > def __init__(self, host, key_file=None, cert_file=None, verify_cert_func=None): > httplib.HTTPConnection.__init__(self, host, None, None) > self.verify_cert_func = verify_cert_func > self.key_file = key_file > self.cert_file = cert_file > > def connect(self): > # Initialize context > ctx = SSL.Context(SSL.SSLv23_METHOD) > if self.verify_cert_func: > ctx.set_verify(SSL.VERIFY_PEER, self.verify_cert_func) # Demand a certificate > ctx.use_privatekey_file(self.key_file) > ctx.use_certificate_file(self.cert_file) > > # Set up client > # self.sock = SSL.Connection(ctx, socket.socket(socket.AF_INET, > socket.SOCK_STREAM)) > real_sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) > ssl_sock = SSL.Connection(ctx, real_sock) > ssl_sock.connect((self.host, self.port)) > self.sock = SSLConnWrapper(ssl_sock) > print str(self.sock) > > class SSLConnWrapper: > ''' > Proxy class to provide makefile function on SSL Connection objects. > ''' > def __init__(self, connection): > print "SSLConnWrapper.__init__()" > self.connection = connection > > def __getattr__(self, function) : > return getattr(self.connection, function) > > def makefile(self, mode, bufsize=0): > print "SSLConnWrapper.makefile()" > fo = socket._fileobject(self.connection) #, mode, bufsize) > return fo > > def shutdown(self, _) : > return self.connection.shutdown() > |
|
From: Andrew G. <aga...@ge...> - 2006-06-15 15:14:41
|
I'm trying to integrate xmlrpclib and pyopenssl. I'm mostly there, but I'm
running into a problem:
Traceback (most recent call last):
File "./scirec.py", line 39, in ?
print client.say_hello()
File "/usr/lib/python2.4/xmlrpclib.py", line 1096, in __call__
return self.__send(self.__name, args)
File "/usr/lib/python2.4/xmlrpclib.py", line 1383, in __request
verbose=self.__verbose
File "/usr/lib/python2.4/xmlrpclib.py", line 1147, in request
return self._parse_response(h.getfile(), sock)
File "/usr/lib/python2.4/xmlrpclib.py", line 1276, in _parse_response
response = file.read(1024)
File "/usr/lib64/python2.4/socket.py", line 303, in read
data = self._sock.recv(recv_size)
OpenSSL.SSL.SysCallError: (9, 'Bad file descriptor')
My wrapper module code is below. Is there something I'm doing wrong?
import httplib
import xmlrpclib
import socket
from OpenSSL import SSL
class SecureXMLRPCClient(xmlrpclib.ServerProxy):
def __init__(self, host, port, client_cert, client_key, verify_cert_func=None):
xmlrpclib.ServerProxy.__init__(self, "https://" + host + ":" + str(port),
transport=SafeTransport(self.__host, client_cert, client_key, verify_cert_func),
encoding="utf-8", allow_none=True)
class SafeTransport(xmlrpclib.Transport):
def __init__(self, host, client_cert, client_key, verify_cert_func=None):
self.__host = host
self.__client_cert = client_cert
self.__client_key = client_key
self.__verify_cert_func = verify_cert_func
def make_connection(self, host):
host, extra_headers, x509 = self.get_host_info(host)
return HTTPS(host, self.__client_key, self.__client_cert, self.__verify_cert_func)
class HTTPS(httplib.HTTP):
def __init__(self, host='', key_file=None, cert_file=None, verify_cert_func=None):
self._setup(HTTPSConnection(host, key_file, cert_file, verify_cert_func))
# we never actually use these for anything, but we keep them
# here for compatibility with post-1.5.2 CVS.
self.key_file = key_file
self.cert_file = cert_file
class HTTPSConnection(httplib.HTTPConnection):
def __init__(self, host, key_file=None, cert_file=None, verify_cert_func=None):
httplib.HTTPConnection.__init__(self, host, None, None)
self.verify_cert_func = verify_cert_func
self.key_file = key_file
self.cert_file = cert_file
def connect(self):
# Initialize context
ctx = SSL.Context(SSL.SSLv23_METHOD)
if self.verify_cert_func:
ctx.set_verify(SSL.VERIFY_PEER, self.verify_cert_func) # Demand a certificate
ctx.use_privatekey_file(self.key_file)
ctx.use_certificate_file(self.cert_file)
# Set up client
# self.sock = SSL.Connection(ctx, socket.socket(socket.AF_INET,
socket.SOCK_STREAM))
real_sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
ssl_sock = SSL.Connection(ctx, real_sock)
ssl_sock.connect((self.host, self.port))
self.sock = SSLConnWrapper(ssl_sock)
print str(self.sock)
class SSLConnWrapper:
'''
Proxy class to provide makefile function on SSL Connection objects.
'''
def __init__(self, connection):
print "SSLConnWrapper.__init__()"
self.connection = connection
def __getattr__(self, function) :
return getattr(self.connection, function)
def makefile(self, mode, bufsize=0):
print "SSLConnWrapper.makefile()"
fo = socket._fileobject(self.connection) #, mode, bufsize)
return fo
def shutdown(self, _) :
return self.connection.shutdown()
--
Andrew Gaffney http://dev.gentoo.org/~agaffney/
Gentoo Linux Developer Installer Project
|
|
From: Matthew W. <ma...@ov...> - 2006-04-05 21:04:12
|
I need to do some symmetric encryption inside a python program. The command-line openssl command would be openssl enc -bf -in infile.txt -out outfile.txt or something like that. Are the bindings for this part of OpenSSL? |
|
From: Bryan <be...@gm...> - 2006-03-11 03:49:01
|
i'm having some trouble this code which i hope someone can help me with. the
following client side code works correctly if the length of the message being
sent in the POST request is 16384 (1024 * 16) chars or less. if the length of
message is greater than 16384 an
OpenSSL.SSL.SysCallError: (-1, 'Unexpected EOF')
exception is raised. this is a port of code that exists in c++ and java
implementations where they are able to send messages with lengths of 100,000
bytes. all three implementations are using openssl 0.9.7d and are sharing the
exact same binary in a common area, so odds are openssl is not the problem. as
for python, i'm using python 2.4.2 and pyOpenSSL wrapper 0.6. is this a
limitation with httplib or pyopensll? i googled for this problem, but came up
empty handed.
import socket
import httplib
import SSL
def verify(conn, cert, err, width, ok):
return ok
header = {'Content-Type': 'text/foo', 'Connection': 'Keep-Alive'}
ctx = SSL.Context(SSL.SSLv3_METHOD)
ctx.set_verify(SSL.VERIFY_NONE, verify)
ctx.set_options(SSL.OP_ALL | SSL.OP_NO_SSLv2)
ctx.set_cipher_list('ALL:!aNULL:!eNULL:!LOW:!EXP:!MD5:@STRENGTH')
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
ssl = SSL.Connection(ctx, sock)
ssl.connect((host, port))
con = httplib.HTTPSConnection(host, port)
con.sock = httplib.FakeSocket(sock, ssl)
# raises exception if len(message) > 1024*16
con.request('POST', '/foo', message, header)
res = con.getresponse().read()
thanks,
bryan
|
|
From: Matthew R. D. s. <MKR...@lb...> - 2006-03-08 18:19:06
|
Cserna Zsolt wrote:
I would suggest looking at M2Crypto, nobody seems to be maintaining
pyOpenssl anymore.
M2Crypto allows you to create and set extensions in X509 certificates.
Matt Rodriguez
> Hi,
>
> I would like to generate a "CA" certificate, so I need to set the basic
> constraints extension to "CA:TRUE". I know it is not requied for CA
> certificates but it is a recommendation.
>
> I try to set the extensions by this code:
>
> from OpenSSL import crypto
> crypto.X509Extension("basicConstraints", True, "CA:TRUE")
>
> But I get Segmentation fault as result.
>
> pyopenssl: 0.6
> openssl: 0.9.7a
>
> I get the same result with openssl 0.9.8a so I think it is not an openssl
> bug.
>
> Regards,
> Zsolt
> --
> E-mail: zs...@fm...
> Web: http://zsolt.cserna.hu/
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by xPML, a groundbreaking scripting language
> that extends applications into web and mobile media. Attend the live webcast
> and join the prime developer group breaking into this new coding territory!
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
> _______________________________________________
> pyopenssl-list mailing list
> pyo...@li...
> https://lists.sourceforge.net/lists/listinfo/pyopenssl-list
>
|
|
From: Cserna Z. <zs...@fm...> - 2006-03-08 17:11:45
|
Hi,
I would like to generate a "CA" certificate, so I need to set the basic
constraints extension to "CA:TRUE". I know it is not requied for CA
certificates but it is a recommendation.
I try to set the extensions by this code:
from OpenSSL import crypto
crypto.X509Extension("basicConstraints", True, "CA:TRUE")
But I get Segmentation fault as result.
pyopenssl: 0.6
openssl: 0.9.7a
I get the same result with openssl 0.9.8a so I think it is not an openssl
bug.
Regards,
Zsolt
--
E-mail: zs...@fm...
Web: http://zsolt.cserna.hu/
|
|
From: Ted S. <ts...@ya...> - 2006-01-23 21:07:27
|
Hi, My apologies if this is not the place to post this - if it isn't, could you please refer me to a better forum? I'm trying to "tunnel" a streaming protocol (VNC) over SSL. I've been told there are some complications with this because SSL expects a packet size - but I have no idea if this is accurate or not. Note we will have a 128 key from Verisign. Could someone provide me with some guidance to an approach here? Thanks for any information, and again my apologies if this isn't appropriate for this list. --Ted __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com |
|
From: Andreas K. <an...@ko...> - 2005-12-07 13:45:44
|
Hi! Is there any way to access the lowlevel DES encryption functions from Python? Andreas |
|
From: Manish R. J. <man...@gm...> - 2005-10-17 17:01:31
|
Hi
I am trying to connect to an JAVA based SSL server, which is using
X.509certificates.
Here is the java code:
***************************************************************************=
****
> SSLContext ctx;
> KeyManagerFactory kmf;
> KeyStore ks;
> char[] passphrase =3D pass.toCharArray();
> ctx =3D SSLContext.getInstance("TLS");
> kmf =3D KeyManagerFactory.getInstance("SunX509");
> ks =3D KeyStore.getInstance("PKCS12");
> File keyFile =3D new File(keyfile);
> if (keyFile.canRead()) {
> ks.load(new FileInputStream(keyFile), passphrase);
> System.out.println("Key file loaded...");
> kmf.init(ks, passphrase);
> ctx.init(kmf.getKeyManagers(), null, null);
> factory =3D ctx.getSocketFactory();
> }
*********************************************************************
Here is my implementation of python code:
############################
> ctx =3D SSL.Context(SSL.TLSv1_METHOD)
> # ctx.set_verify(SSL.VERIFY_PEER, verify_cb)
>
> #Get X509 certificate and the private key from the
> #initial .p12 file provided to network client
> f =3D open(pkey)
>
> pkcs12Obj =3D crypto.load_pkcs12(f.read(), passPhrase)
> x509Obj =3D pkcs12Obj.get_certificate()
> pkeyObj =3D pkcs12Obj.get_privatekey()
>
> ctx.use_privatekey(pkeyObj)
> ctx.use_certificate(x509Obj)
>
> self.sock =3D SSL.Connection(ctx, socket.socket(socket.AF_INET,
> socket.SOCK_STREAM))
>
###################################################
But, the code doesn't seem to work. Apparently it can connect, and do the
handshake w/o raising any interrupt, but, it is unable to gain any response
from the server. However, on similar conditions, the java code does get
response.
Any thing I am missing/ any suggestions?
Thanks
Regards
Manish
|
|
From: Mike T. <be...@co...> - 2005-10-06 20:17:18
|
On Oct 6, 2005, at 3:57 PM, Michael Foord wrote: > Would this be useful to the pyOpenSSL team? > > It would be useful to me (and others). > > I'm happy to host it on Voidspace if you want ? I don't mind hosting it at all - just was wondering if anyone else would find it useful. You can get it http://code-bear.com/pyopenssl/ I would appreciate any feedback on if it works - I used setup.py install to install mine and generated this using setup.py bdist_win32inst enjoy! --- Bear Build and Release Engineer Open Source Applications Foundation (OSAF) be...@os... http://www.osafoundation.org be...@co... http://code-bear.com PGP Fingerprint = 9996 719F 973D B11B E111 D770 9331 E822 40B3 CD29 |
|
From: Michael F. <mi...@pc...> - 2005-10-06 19:47:04
|
-----Original Message-----
From: "Mike Taylor"<be...@co...>
Sent: 05/10/05 16:28:57
To: "pyo...@li..."<pyo...@li...>
Subject: [pyOpenSSL] win32 python2.4 Vc7 binary
Using the patch that Robert Cheung provided in message
http://sourceforge.net/mailarchive/message.php?msg_id=13125731 I've
created a win32 exe using Python 2.4 and Vc7.
Would this be useful to the pyOpenSSL team?
It would be useful to me (and others).
I'm happy to host it on Voidspace if you want ?
Thanks
Fuzzyman
Http://www.voidspace.org.uk/python
thanks,
---
Bear
Build and Release Engineer
Open Source Applications Foundation (OSAF)
be...@os...
http://www.osafoundation.org
be...@co...
http://code-bear.com
PGP Fingerprint = 9996 719F 973D B11B E111 D770 9331 E822 40B3 CD29
[Message truncated. Tap Edit->Mark for Download to get remaining portion.]
|
|
From: Mike T. <be...@co...> - 2005-10-05 15:29:19
|
Using the patch that Robert Cheung provided in message http://sourceforge.net/mailarchive/message.php?msg_id=13125731 I've created a win32 exe using Python 2.4 and Vc7. Would this be useful to the pyOpenSSL team? thanks, --- Bear Build and Release Engineer Open Source Applications Foundation (OSAF) be...@os... http://www.osafoundation.org be...@co... http://code-bear.com PGP Fingerprint = 9996 719F 973D B11B E111 D770 9331 E822 40B3 CD29 |
|
From: Sascha <sas...@ar...> - 2005-09-29 18:41:20
|
Hi i have a lil big problem. i installed python 2.4 with the installer on a windows XP pro system i need to install pyopenssl but when i try to install with the setup.py an error message prompts in dos mode, that the same compiler (ms visual studio 7.2) is needed to compile it i dont have visual studio! and there is no installer for python version 2.4! can someone tell me how i should do that? Greetz |
|
From: mdusi\@libero\.it <md...@li...> - 2005-09-29 13:31:56
|
I've installed python 2.2.3 on winxp and successfully imported pyOpenSSL = library. I need to send by socket a certificate '.pem' but, after I load= ed it using crypto.load_certificate() function, I can't pickle this x509 = object. How can I send it using a socket? Are there other methods? By = the way, I've also a Mandriva OS, but I can't import pyOpenSSL library...= can you explain me what exactly should I do? How can I compile it? [setup= .py build/install doesn't work and causes error-exit]I'm not a expert abo= ut linux system and C language, so please be redundant... Thank you v= ery much for assistance Cordially, Maurizio |
|
From: <Rob...@cs...> - 2005-09-28 01:52:06
|
Hi,
I have been trying to build -
* pyOpenSSL (0.6)
* WinXP
* Visual C v7.0=20
* Python 2.3.5
* OpenSSL 0.9.8
and encountered the following error -
---
C:\Program Files\Microsoft Visual Studio .NET 2003\Vc7\bin\cl.exe /c
/nologo /Ox /MD /W3 /GX /DNDEBUG -I..\openssl-0.9.8\inc32
-IC:\repositories\python2.3.5\pybuild\Python-2.3.5\include
-IC:\repositories\python2.3.5\pybuild\Python-2.3.5\PC/Tcsrc/ssl/context.
c /Fobuild\temp.win32-2.3\Release\src/ssl/context.obj
context.c
c:\repositories\python2.3.5\pybuild\pyOpenSSL-0.6\src\crypto\x509name.h(
27) : er
ror C2059: syntax error : '('
c:\repositories\python2.3.5\pybuild\pyOpenSSL-0.6\src\crypto\x509name.h(
30) : er
ror C2059: syntax error : '}'
...
...
---
Basically on line 27 of src\crypto\x509name.h, the typedef X509_NAME has
been overridden by a #define in wincrypt.h. To Fix this problem we need
to add the following lines to x509name.h (anywhere after the #include
and before the crypto_X509NameObj structure) -
---
#ifdef OPENSSL_SYS_WIN32
#undef X509_NAME /* Wincrypt.h overrides this */
#endif
---
I hope this helps.
Regards
Robert Cheung
|
|
From: Scott C. <sco...@mi...> - 2005-08-26 20:37:51
|
openssl smime -sign -in $tempfile -signer $MY_CERT -inkey $MY_KEY -outform der -nodetach -binary | \ openssl smime -encrypt -des3 -binary -outform pem paypal_public_cert_sandbox.pem I'm not making progress on the pyOpenSSL module and so I'm trying to use subprocess to run this which is not the most elegant way. Can anyone give me the right code in Python to do this? TIA, Scott |
|
From: Scott C. <sco...@mi...> - 2005-08-23 18:15:25
|
Scott Chapman wrote: > I need to dynamically encrypt buttons for my web site's interaction with > PayPal, similar to this example of how to do it from the shell prompt > using OpenSSL: > http://paypaltech.com/Dave/api_sourcebook/html/ewp/ewpshell.html > > 1) Will pyOpenSSL do this? > > 2) Any pointers on where to start/how to do this with pyOpenSSL would be > very helpful. I'm new to encryption. I can generate the certificates > Ok so far (using OpenSSL at the command line, not Python :( ). I don't > find any examples on how to use pyOpenSSL in the docs, just a bare > rundown on the objects. Did I miss something? I'm rather lost here > trying to figure out what all to use. More specifically, I need to emulate this openssl command: openssl smime -sign -in $tempfile -signer $MY_CERT -inkey $MY_KEY -outform der -nodetach -binary | \ openssl smime -encrypt -des3 -binary -outform pem /root/sandbox_cert_key_pem.txt I am completely at a loss to deal with the pyOpenSSL library and really need a lift here if anyone can help me out. TIA, Scott |
|
From: Scott C. <sco...@mi...> - 2005-08-23 09:07:32
|
Scott Chapman wrote: > I need to dynamically encrypt buttons for my web site's interaction with > PayPal, similar to this example of how to do it from the shell prompt > using OpenSSL: > http://paypaltech.com/Dave/api_sourcebook/html/ewp/ewpshell.html > > 1) Will pyOpenSSL do this? > > 2) Any pointers on where to start/how to do this with pyOpenSSL would be > very helpful. I'm new to encryption. I can generate the certificates > Ok so far (using OpenSSL at the command line, not Python :( ). I don't > find any examples on how to use pyOpenSSL in the docs, just a bare > rundown on the objects. Did I miss something? I'm rather lost here > trying to figure out what all to use. More specifically, I need to emulate this openssl command: openssl smime -sign -in $tempfile -signer $MY_CERT -inkey $MY_KEY -outform der -nodetach -binary | \ openssl smime -encrypt -des3 -binary -outform pem /root/sandbox_cert_key_pem.txt I am completely at a loss to deal with the pyOpenSSL library and really need a lift here if anyone can help me out. TIA, Scott |
|
From: SPE - Stani's P. E. <spe...@gm...> - 2005-08-23 00:59:54
|
Hi,
I need to use OpenSSL for Webcleaner, a python proxy filter. However
there seems to be this error. The author of Webcleaner cannot
reproduce this bug. So for me it is really a mistery. Does anybody
understands what goes wrong and what could be a solution or to point me
in a direction. I use the latest version of openssl
(Win32OpenSSL-v0.9.8.exe) on windows xp professional and home edition,
both dutch. Could the dutch be a problem? I also use
pyOpenSSL-0.6.win32-py2.4.exe for the bindings, provided on the homepage
of Webcleaner.
Traceback (most recent call last):
File "C:\Python24\Scripts\webcleaner-certificates", line 113, in ?
main(sys.argv[1:])
File "C:\Python24\Scripts\webcleaner-certificates", line 105, in main
install_ssl_certs(configdir)
File "C:\Python24\Scripts\webcleaner-certificates", line 61, in
install_ssl_certs
wc.proxy.ssl.create_certificates(configdir)
File "C:\Python24\Lib\site-packages\wc\proxy\ssl.py", line 109, in
create_certificates
careq = createCertRequest(cakey, CN='Certificate Authority')
File "C:\Python24\Lib\site-packages\wc\proxy\ssl.py", line 179, in
createCertRequest
setattr(subj, key, value)
OpenSSL.crypto.Error: [('asn1 encoding routines', 'ASN1_mbstring_ncopy',
'invalid universalstring length')]
Please help, as I am quite desperate to get this working!
Thanks,
Stani
|
|
From: Scott C. <sco...@mi...> - 2005-08-18 21:30:21
|
I need to dynamically encrypt buttons for my web site's interaction with PayPal, similar to this example of how to do it from the shell prompt using OpenSSL: http://paypaltech.com/Dave/api_sourcebook/html/ewp/ewpshell.html 1) Will pyOpenSSL do this? 2) Any pointers on where to start/how to do this with pyOpenSSL would be very helpful. I'm new to encryption. I can generate the certificates Ok so far (using OpenSSL at the command line, not Python :( ). I don't find any examples on how to use pyOpenSSL in the docs, just a bare rundown on the objects. Did I miss something? I'm rather lost here trying to figure out what all to use. Thanks! Scott |
5 messages has been excluded from this view by a project administrator.
