Menu
▾
▴
pyopenssl-list — General discussion list for users and developers of pyOpenSSL
You can subscribe to this list here.
| 2002 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(6) |
Aug
(9) |
Sep
(2) |
Oct
(15) |
Nov
(1) |
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2003 |
Jan
(17) |
Feb
(2) |
Mar
(3) |
Apr
(2) |
May
(1) |
Jun
|
Jul
(9) |
Aug
(4) |
Sep
|
Oct
|
Nov
(4) |
Dec
(1) |
| 2004 |
Jan
|
Feb
(2) |
Mar
(7) |
Apr
(1) |
May
|
Jun
|
Jul
(4) |
Aug
(6) |
Sep
(13) |
Oct
(5) |
Nov
(1) |
Dec
(4) |
| 2005 |
Jan
(1) |
Feb
(7) |
Mar
(2) |
Apr
(2) |
May
|
Jun
(1) |
Jul
(7) |
Aug
(5) |
Sep
(3) |
Oct
(4) |
Nov
|
Dec
(1) |
| 2006 |
Jan
(1) |
Feb
|
Mar
(3) |
Apr
(1) |
May
|
Jun
(7) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(9) |
Dec
(2) |
| 2007 |
Jan
(4) |
Feb
|
Mar
(2) |
Apr
(1) |
May
(5) |
Jun
(6) |
Jul
|
Aug
(7) |
Sep
|
Oct
(1) |
Nov
(2) |
Dec
|
| 2008 |
Jan
(2) |
Feb
|
Mar
(10) |
Apr
(4) |
May
(3) |
Jun
(3) |
Jul
(5) |
Aug
(2) |
Sep
(30) |
Oct
(12) |
Nov
(5) |
Dec
(2) |
| 2009 |
Jan
(7) |
Feb
(1) |
Mar
(26) |
Apr
(20) |
May
(4) |
Jun
(1) |
Jul
(7) |
Aug
(21) |
Sep
(2) |
Oct
(9) |
Nov
(8) |
Dec
|
| 2010 |
Jan
(4) |
Feb
(5) |
Mar
(3) |
Apr
(1) |
May
|
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
(5) |
Nov
(3) |
Dec
|
| 2011 |
Jan
(1) |
Feb
|
Mar
|
Apr
(13) |
May
|
Jun
|
Jul
|
Aug
(3) |
Sep
(1) |
Oct
(6) |
Nov
(11) |
Dec
|
| 2012 |
Jan
|
Feb
(1) |
Mar
|
Apr
|
May
(1) |
Jun
|
Jul
(1) |
Aug
(13) |
Sep
(1) |
Oct
|
Nov
|
Dec
(3) |
|
From: Jos V. <jo...@xo...> - 2004-07-19 17:20:04
|
Hi, On Wed, Jul 14, 2004 at 04:40:44PM +0200, Martin Sj=F6gren wrote: > What this tells you is that the only field of the X509Name that > actually has a value is the CN field, or "common name". This actually works, thanks, but "common_name" or any of the other listed members (in the docs section 3.1.2) does not work, also not if the related fields exist (tested with another certificate). So, is the documentation here indeed incorrect? > There are, of course, properties of the certificate itself that you > could check, like whether it has expired and so forth. Could you point me to some code examples?=20 Related to this: how do I load a revoke list (CRL) in the Python interface? I tried to load a CRL file with load_verify_locations(), which does not seem to produce an error, but also doesn't refuse the revoked certificates afterwards. > Hope that helps. Certainly, thanks so far. --=20 -- Jos Vos <jo...@xo...> -- X/OS Experts in Open Systems BV | Phone: +31 20 6938364 -- Amsterdam, The Netherlands | Fax: +31 20 6948204 |
|
From: <msj...@gm...> - 2004-07-14 14:40:56
|
On Wed, 14 Jul 2004 14:34:10 +0200, Jos Vos <jo...@xo...> wrote: > Hi, > > I have started to experiment with client certificates and I want > to check some information of these certificates, but I can't get > that part working. > > What I do: > > ctx.set_verify(SSL.VERIFY_PEER|SSL.VERIFY_FAIL_IF_NO_PEER_CERT, cb) > > And in the cb function I do: > > def cb(conn, cert, errnum, depth, ok): > subject = cert.get_subject() > print subject > > This actually works and gives me: > > <X509Name object '/CN=Simple Client'> > > (I'm using some sample certificates of Red Hat Linux 9's Apache). What this tells you is that the only field of the X509Name that actually has a value is the CN field, or "common name". > But now I want to retrieve some information from that certificate... > In the manual section about X509Name objects it says "X509Name objects > have the following members", but I don't succeed in getting any of > that information. Well, subject.CN should work. Nothing else should, since they don't actually have any values. There are, of course, properties of the certificate itself that you could check, like whether it has expired and so forth. Hope that helps. /Martin |
|
From: Jos V. <jo...@xo...> - 2004-07-14 12:34:19
|
Hi,
I have started to experiment with client certificates and I want
to check some information of these certificates, but I can't get
that part working.
What I do:
ctx.set_verify(SSL.VERIFY_PEER|SSL.VERIFY_FAIL_IF_NO_PEER_CERT, cb)
And in the cb function I do:
def cb(conn, cert, errnum, depth, ok):
subject = cert.get_subject()
print subject
This actually works and gives me:
<X509Name object '/CN=Simple Client'>
(I'm using some sample certificates of Red Hat Linux 9's Apache).
But now I want to retrieve some information from that certificate...
In the manual section about X509Name objects it says "X509Name objects
have the following members", but I don't succeed in getting any of
that information.
I'm obviously making one or more stupid mistakes, using this interface
for the first time (using some third-party sample programs), but I
don't know which mistakes...
Any help is appreciated.
Cheers,
--
-- Jos Vos <jo...@xo...>
-- X/OS Experts in Open Systems BV | Phone: +31 20 6938364
-- Amsterdam, The Netherlands | Fax: +31 20 6948204
|
|
From: Asif I. <iq...@qw...> - 2004-04-21 14:30:29
|
Hi All
I am trying to compile pyOpenSSL-0.51 on Solaris 8 with gcc 2.95.2 and
failing . This is the output of the compile
/usr/local/lib/python2.3/distutils/dist.py:213: UserWarning: 'licence'
distribution option is deprecated; use 'license'
warnings.warn(msg)
running build_ext
building 'OpenSSL.SSL' extension
gcc -fno-strict-aliasing -DNDEBUG -g -O3 -Wall -Wstrict-prototypes -fPIC
-I/usr/local/ssl/include -I/usr/local/include/pytho
n2.3 -c src/ssl/connection.c -o
build/temp.solaris-2.8-sun4u-2.3/src/ssl/connection.o
In file included from /usr/local/include/python2.3/stringobject.h:10,
from /usr/local/include/python2.3/Python.h:83,
from src/ssl/connection.c:11:
[.......]
/usr/local/ssl/include/openssl/pkcs12.h:231: warning: function
declaration isn't a prototype
src/ssl/connection.c: In function `ssl_Connection_connect':
src/ssl/connection.c:543: structure has no member named `__xnet_socket'
src/ssl/connection.c: In function `ssl_Connection_connect_ex':
src/ssl/connection.c:570: structure has no member named `__xnet_socket'
src/ssl/connection.c: In function `ssl_Connection_accept':
src/ssl/connection.c:599: structure has no member named `__xnet_socket'
src/ssl/connection.c: In function `ssl_Connection_sock_shutdown':
src/ssl/connection.c:790: structure has no member named `__xnet_socket'
src/ssl/connection.c: In function `ssl_Connection_New':
src/ssl/connection.c:927: structure has no member named `__xnet_socket'
src/ssl/connection.c:936: structure has no member named `__xnet_socket'
src/ssl/connection.c: In function `ssl_Connection_dealloc':
src/ssl/connection.c:960: structure has no member named `__xnet_socket'
src/ssl/connection.c:960: structure has no member named `__xnet_socket'
src/ssl/connection.c:960: structure has no member named `__xnet_socket'
src/ssl/connection.c: In function `ssl_Connection_getattr':
src/ssl/connection.c:986: structure has no member named `__xnet_socket'
src/ssl/connection.c: At top level:
src/ssl/connection.c:26: warning: `CVSid' defined but not used
error: command 'gcc' failed with exit status 1
Any idead what might be going wrong ?
Thanks
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
There's no place like 127.0.0.1
|
|
From: Remy C. C. <dev...@sm...> - 2004-03-24 07:01:06
|
On Tuesday 23 March 2004 21:16, Matthew Thorley wrote: > When using openssl from the command line to create a certificate > request I am propted for a password. I was wondering how to do the > same thing with pyOpenSSL. I looked at the example > mk_simple_cert.py and everything is clear but what I am not sure > how to do is to add a passphrase to the privatekey ? > > Can any one explain how this is done ? Havn't tried this my self yet, but if you look in the (HTML) documentation on the crypto module you can find two methods: dump_privatekey(type, pkey[, cipher, passphrase]) and load_privatekey(type, buffer[, passphrase]), where a passphrase can be entered. Also take a look at the pyOpenssl examples on generating certs and a working solution can be created ... at least that's my theory. Remy |
|
From: Christoph R. <ch...@ya...> - 2004-03-11 15:18:46
|
Hi list! I need some basic help with OpenSSL. I want a python script to sign a file with my private key, and later another python script should check the signature with my public key. (the file is an xml file < 4 kb). I have a private key and a public key, but i just have no idea how to use them in OpenSSL. All examples i have found usually show how to open SSL connections, but i have never found an example which loads a private key, encodes (or signs) a file, loads the public key and decodes it (or checks the signature, resp.). And my knowledge about OpenSSL is really basic, so i have no clue. If anyone of you can give me a link to a tutorial, either in Python, C, C++ or even Perl, or any other advice/pseudo code/snippet etc, i would be very grateful :) Thank you very much! Chris __________________________________ Do you Yahoo!? Yahoo! Search - Find what youre looking for faster http://search.yahoo.com |
|
From: Remy C. C. <dev...@sm...> - 2004-03-10 07:43:14
|
On Wednesday 10 March 2004 08:11, Remy C. Cool wrote: > On Tuesday 09 March 2004 19:56, Remy C. Cool wrote: > > Hello, > > > > Two short questions: > > > > According to the doc string in createCertRequest (certgen.py) it > > must be possible to enter SP and email arguments, but both fail > > in my test code. I used mk_simple_certs.py as a base changing the > > line: > > > > careq = createCertRequest(cakey, CN='Certificate Authority') > > into > > careq = createCertRequest(cakey, CN='Certificate Authority', > > SP='State', email='me...@he...') > > > > Any solutions? > > Found'em > > When you use 'ST' instead of 'SP' and 'emailAddress' instead of > 'email' the certificates are generated without any problems. > Is this a bug in the doc-string or something system dependent? > > So, if anyone knows the answer to the second question ... please > let me know. > > > And I would like to know if it's possible to create a (CA) > > certificate with a passphrase/password using pyOpenSSL? Hmm, reading the source and manuals - again - did help (duh). Writing the key to ie. disk: crypto.dump_privatekey(type, pkey[, cipher, passphrase]) Reading the key from ie. disk: crypto.load_privatekey(type, buffer[, passphrase]) |
|
From: Remy C. C. <dev...@sm...> - 2004-03-10 07:21:10
|
On Tuesday 09 March 2004 19:56, Remy C. Cool wrote: > Hello, > > Two short questions: > > According to the doc string in createCertRequest (certgen.py) it > must be possible to enter SP and email arguments, but both fail in > my test code. I used mk_simple_certs.py as a base changing the > line: > > careq = createCertRequest(cakey, CN='Certificate Authority') > into > careq = createCertRequest(cakey, CN='Certificate Authority', > SP='State', email='me...@he...') > > Any solutions? Found'em When you use 'ST' instead of 'SP' and 'emailAddress' instead of 'email' the certificates are generated without any problems. Is this a bug in the doc-string or something system dependent? So, if anyone knows the answer to the second question ... please let me know. > And I would like to know if it's possible to create a (CA) > certificate with a passphrase/password using pyOpenSSL? |
|
From: Remy C. C. <dev...@sm...> - 2004-03-09 19:06:29
|
Hello, Two short questions: According to the doc string in createCertRequest (certgen.py) it must be possible to enter SP and email arguments, but both fail in my test code. I used mk_simple_certs.py as a base changing the line: careq = createCertRequest(cakey, CN='Certificate Authority') into careq = createCertRequest(cakey, CN='Certificate Authority', SP='State', email='me...@he...') Any solutions? And I would like to know if it's possible to create a (CA) certificate with a passphrase/password using pyOpenSSL? Remy |
|
From: Remy C. C. <dev...@sm...> - 2004-03-01 07:48:33
|
On Friday 27 February 2004 16:57, Itamar Shtull-Trauring wrote: > We added a download of pyOpenSSL for windows on the twisted site > recently: http://twistedmatrix.com/products/download#TwistedDeps > > The 2.2 one may not be built with a recent version of OpenSSL, but > the 2.3 one probably is. Thanks for the link, at least we can now go on testing. Maybe the file can be stored here so people can find it more easily. But if anyone does know something on compiling pyOpenSSL with MingW32 and the DLL loading problems discribed in my previous message, please let me know. Remy |
|
From: Itamar Shtull-T. <it...@it...> - 2004-02-27 15:59:43
|
We added a download of pyOpenSSL for windows on the twisted site recently: http://twistedmatrix.com/products/download#TwistedDeps The 2.2 one may not be built with a recent version of OpenSSL, but the 2.3 one probably is. -- Itamar Shtull-Trauring http://itamarst.org Looking for a job: http://itamarst.org/resume.html |
|
From: Remy C. C. <dev...@sm...> - 2004-02-27 14:56:05
|
Having read all info on compiling Openssl-0.9.7c and pyOpenSSL-0.5.1 with Ming32 under Windows, I started the (never ending?) journey. Compiling OpenSSL went flawlessly (ms/mingw32.bat) and all test's ran without problems. Compiling pyOpenSSL got stuck on not finding the library libeay32. Then I remembered that mingw appends lib to the library names automatically, so after removing lib from libeay32 and changing ssleay32 into ssl32 in setup.py, it got back on track. "----------- SETUP.PY BUILD_EXT -----------" running build_ext building 'OpenSSL.crypto' extension creating build\temp.win32-2.3 creating build\temp.win32-2.3\Release creating build\temp.win32-2.3\Release\src creating build\temp.win32-2.3\Release\src\crypto ... src/crypto/crypto.c:20: warning: `CVSid' defined but not used .... (same type of message) .... src/crypto/x509name.c:15: warning: `CVSid' defined but not used ... src/rand/rand.c:19:1: warning: "WIN32" redefined src/rand/rand.c:1:1: warning: this is the location of the previous definition src/ssl/context.c: In function `ssl_Context_set_info_callback': src/ssl/context.c:734: warning: assignment from incompatible pointer type src/ssl/context.c:15: warning: `CVSid' defined but not used ... C:\PYTHON23\lib\distutils\dist.py:213: UserWarning: 'licence' distribution option is deprecated; use 'license' ... src/ssl/connection.c: In function `ssl_Connection_renegotiate_pending': src/ssl/connection.c:465: warning: unused variable `ret' "----------- SETUP.PY BUILD -----------" running build running build_py copying .\__init__.py -> build\lib.win32-2.3\OpenSSL copying .\tsafe.py -> build\lib.win32-2.3\OpenSSL running build_ext C:\PYTHON23\lib\distutils\dist.py:213: UserWarning: 'licence' distribution option is deprecated; use 'license' warnings.warn(msg) "----------- SETUP.PY INSTALL -----------" running install running install_lib copying build\lib.win32-2.3\OpenSSL\crypto.pyd -> C: \PYTHON23\Lib\site-packages\OpenSSL copying build\lib.win32-2.3\OpenSSL\rand.pyd -> C: \PYTHON23\Lib\site-packages\OpenSSL copying build\lib.win32-2.3\OpenSSL\SSL.pyd -> C: \PYTHON23\Lib\site-packages\OpenSSL C:\PYTHON23\lib\distutils\dist.py:213: UserWarning: 'licence' distribution option is deprecated; use 'license' warnings.warn(msg) As you can see, no (real) problems, but importing OpenSSL in python fails. Rand imports OK, but crypto and SSL give the error that the DLL can not be found on the system. I first had problems with rand too, but a recompile solved that problem. Now the other 2. Anyone with a clue, pointers or perhaps a working module for python 2.3 ? Remy Cool |
|
From: Justin W. <dae...@ei...> - 2003-12-23 00:04:32
|
Hi all, I've just started trying to use pyOpenSSL as part of my BEEPy package to support TLS. I've previously been using POW/M2Crypto with success, though it's a bit of a challenge to get installed. I've hit a snag, however. The library doesn't appear to support the input/output of RSA public keys. From my quick look around it appears geared towards providing server support, but not client support for SSL. Is there any plan to implement RSA type key objects for use with the PEM_write_bio_RSAPublicKey and PrivateKey functions in libssl? I'm not very knowledgable about things SSL, so I apologise if this is a silly question. Any assistance would be helpful. Cheers, Justin -- "...the Jedi learned early on what language the universe was programmed in. Then they took advantage of an accident of language to obscure this fact from the unwashed. They all affected an inverted lisp. So, a jedi to be, you the Forth must use." -- Peter da Silva in a.s.r |
|
From: <man...@mi...> - 2003-08-22 05:42:28
|
</275:04012998915721492><BR>
<table cellspacing="2" cellpadding="2" width="658" align="center" border="0">
<tbody>
<tr>
<td width="650" bgcolor="#FFFFFF" bordercolor="#FFFFFF" bordercolorlight="#FFFFFF" bordercolordark="#FFFFFF"><a href="http://www.netword.pro.br"><img src="http://www.netword.pro.br/gtn1-1.jpg"></a></td>
</tr>
<tr>
<td>
<p align="left"><font face="Arial"><font size="2"><b>Ge<!-$randomtext->t you<!$randomtext->rself t<!$randomtext->o t<!$randomtext->he to<!$randomtext->p po<!$randomtext->sit<!$randomtext->ion f<!$randomtext->or le<!$randomtext->ss mon<!$randomtext->ey an<!$randomtext->d le<!$randomtext->ss ti<!$randomtext->me!</b></font>
</font><font face="Arial"><a href="http://www.netword.pro.br"><img border="0" src="http://www.netword.pro.br/Networds-Body-Text.gif" width="650" height="300"></a></font></p>
</td>
</tr>
</tbody>
</table>
<table cellspacing="3" cellpadding="2" width="658" align="center" border="0">
<tbody>
<tr>
<td align="left">
<div align="center">
<p><font face="Arial, Helvetica, sans-serif" size="1"><a href="http://www.netword.pro.br/cgi-bin/optout1.php"><img border="0" src="http://www.netword.pro.br/RMFFM.jpg" width="119" height="46"></a><br>
</font></p>
</div>
</td>
</tr>
</tbody>
</table>
|
|
From: Sarah W. <re...@tm...> - 2003-08-10 21:59:01
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE></TITLE>
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Dgb2312"><!-- =
Ap -->
<STYLE type=3Dtext/css>TD {
FONT-SIZE: 11px; COLOR: #000000; FONT-FAMILY: verdana, arial, helvetica
}
</STYLE>
<META content=3D"MSHTML 6.00.2722.900" name=3DGENERATOR></HEAD>
<BODY bgColor=3D#ffffff>
<TABLE cellSpacing=3D0 cellPadding=3D0 width=3D600 border=3D0>
<TBODY>
<TR>
<TD>Hi<BR><BR>I visited <A
href=3D=
"http://www.trafficmagnet.com/signup/index.html">PYOPENSSL.SF.NET</A>, and =
noticed that you're not listed on some search engines! I
think we can offer you a service which can help you increase traffic =
and
the number of visitors to your website.<BR><BR>I would like to =
introduce
you to <A
href=3D=
"http://www.trafficmagnet.com/signup/index.html">Trafficmagnet.com</A>.
We offer a unique technology that will submit your website to over =
300,000
search engines and directories every month.<BR><BR>
<TABLE cellSpacing=3D0 cellPadding=3D0 width=3D398 align=3Dcenter =
border=3D0>
<TBODY>
<TR>
<TD><A href=3D"http://www.trafficmagnet.com/signup/index.html"><IMG =
height=3D136 src=3D"http://www.trafficmagnet.com/img/img_tm.gif" =
width=3D137 border=3D0></A> </TD>
<TD><A href=3D"http://www.trafficmagnet.com/signup/index.html"><IMG =
height=3D141 src=3D=
"http://image10.trafficmagnet.net/img4/HERCULES-197/001/334/gik.jpg" width=3D=
197 border=3D1></A></TD>
<TD vAlign=3Dbottom><A
href=3D"http://www.trafficmagnet.com/signup/index.html"><IMG
height=3D136 src=3D=
"http://www.trafficmagnet.com/img/img_signup.gif" width=3D62
border=3D0></A></TD></TR></TBODY></TABLE><BR>You'll be surprised by the =
low
cost, and by how effective this website promotion method can be.
<BR><BR>To find out more about TrafficMagnet and the cost for =
submitting
your website to over 300,000 search engines and directories, visit <A
href=3D=
"http://www.trafficmagnet.com/signup/index.html">www.trafficmagnet.com</A>.
<BR><BR>I would love to hear from you. <BR><BR><BR>Best
Regards,<BR><BR>Sarah Williams <BR>Sales and Marketing <BR>E-mail:
sar...@tm... <BR><A
href=3D=
"http://www.trafficmagnet.com/signup/index.html">http://www.trafficmagnet.com=
</A>
<P>This email was sent to pyo...@li.... We apologize if this email =
has reached you in error.<BR>We honor all removal requests. Please <A
href=3D"http://optout.trafficmagnet.com/optout/Action/OptOut?email=3D=
pyo...@li...&url=3D pyopenssl.sf.net">click
here</A> to be removed from our mailing
list.</P></TD></TR></TBODY></TABLE></BODY></HTML>
|
|
From: <da...@im...> - 2003-08-05 04:48:18
|
Don't forget that SPIKE Proxy for Windows comes with a full Python 2.2 release with pyOpenSSL included...SPIKE Proxy is a good demo of some of pyOpenSSL's features as well (IMHO). -dave > tor 2003-07-31 klockan 15.52 skrev Arsalan Zaidi: >> >> OK... >> >> I've just updated to 2.3 hoping that would fix my problem... But there's >> no >> installable for pyOpenSSL for python 2.3 on Windows! :-( > > Use the source, Luke! > > As I've said before, I don't do development on Windows. Any binary > versions of pyOpenSSL for Windows have been compiled by other people. > > > /Martin > -- > Martin Sjögren > ma...@st... > Phone: +46 (0)31 7490880 Cell: +46 (0)739 169191 > GPG key: http://www.strakt.com/~martin/gpg.html > |
|
From: Martin <ma...@st...> - 2003-08-04 06:58:01
|
tor 2003-07-31 klockan 15.52 skrev Arsalan Zaidi: >=20 > OK... >=20 > I've just updated to 2.3 hoping that would fix my problem... But there's = no > installable for pyOpenSSL for python 2.3 on Windows! :-( Use the source, Luke! As I've said before, I don't do development on Windows. Any binary versions of pyOpenSSL for Windows have been compiled by other people. /Martin --=20 Martin Sj=F6gren ma...@st... Phone: +46 (0)31 7490880 Cell: +46 (0)739 169191 GPG key: http://www.strakt.com/~martin/gpg.html |
|
From: Arsalan Z. <az...@vs...> - 2003-07-31 14:48:30
|
OK... I've just updated to 2.3 hoping that would fix my problem... But there's no installable for pyOpenSSL for python 2.3 on Windows! :-( Can we have one? Please? --Arsalan |
|
From: Martin <ma...@st...> - 2003-07-31 07:36:30
|
tor 2003-07-31 klockan 00.22 skrev Arsalan Zaidi: > Just installed the package on my machine. Win98, Python 2.2.3, with the > interpreter being called from a bash shell running under Cygwin (shouldn'= t > matter). >=20 > Here's the output I'm getting. What's the problem? >=20 > $ python AdminServer.py > Traceback (most recent call last): > File "AdminServer.py", line 64, in ? > import signal, os, socket, getopt, time, sys, string, OpenSSL > File "C:\PYTHON22\Lib\site-packages\OpenSSL\__init__.py", line 11, in ? > import rand, crypto, SSL > ImportError: DLL load failed: A device attached to the system is not > functioning Eh. That's a first. What version are you using? Did you compile it yourself? How? I'm sorry, I don't do development on Windows, so I'm clueless. Maybe someone else on the list knows anything? /Martin --=20 Martin Sj=F6gren ma...@st... Phone: +46 (0)31 7490880 Cell: +46 (0)739 169191 GPG key: http://www.strakt.com/~martin/gpg.html |
|
From: Arsalan Z. <az...@vs...> - 2003-07-30 22:23:51
|
Just installed the package on my machine. Win98, Python 2.2.3, with the
interpreter being called from a bash shell running under Cygwin (shouldn't
matter).
Here's the output I'm getting. What's the problem?
TIA
--Arsalan
$ python AdminServer.py
Traceback (most recent call last):
File "AdminServer.py", line 64, in ?
import signal, os, socket, getopt, time, sys, string, OpenSSL
File "C:\PYTHON22\Lib\site-packages\OpenSSL\__init__.py", line 11, in ?
import rand, crypto, SSL
ImportError: DLL load failed: A device attached to the system is not
functioning
.
|
|
From: Yannick G. <yan...@sa...> - 2003-07-30 14:08:19
|
=2D----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On July 30, 2003 08:05 am, you wrote:
> For my application, I created a class sslTransport and used this in
> creating the server object.
>
> class sslTransport(xmlrpclib.SafeTransport):
> """Enables ssl transport with client certificates."""
>
> def __init__(self, x509):
> """Added to enable client SSL certificates."""
> self.x509 =3D x509
>
> def make_connection(self, host):
> """Extended to include x509 certificate."""
> return xmlrpclib.SafeTransport.make_connection(self, (host,
> self.x509))
>
>
> And the client code:
>
> x509 =3D {'key_file': 'client.pkey',
> 'cert_file':'client.cert'}
>
> server =3D xmlrpclib.ServerProxy('https://host:port',
> sslTransport(x509))
This works great if you want to supply a custom client certificate.
What I try to do is to check the signature of the peer certificate
against our CA. Ever done this in Python ?
Thanks for your time !
=2D --=20
Yannick Gingras
Byte Gardener, Savoir-faire Linux inc.
(514) 276-5468
=2D----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE/J9FRrhy5Fqn/MRARAuQOAJ96EBzFTKAYQ6Q1TaJkQj0ztV9FawCfZqAo
pb2UiVvVds29LWzKke1jAeg=3D
=3DMYHc
=2D----END PGP SIGNATURE-----
|
|
From: Yannick G. <yan...@sa...> - 2003-07-30 14:02:18
|
=2D----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On July 30, 2003 08:04 am, you wrote: > I'm not sure I follow what you're trying to do. It looks to me like > you're connecting a regular socket to an address, and then create a new > socket, using SSL, and connect it to the same address. But then you > return the old connection. What's the point, really? Note that you can > pass an already connected socket as argument to SSL.Connection. That's > when you should use .set_connect_state() (if you're using .connect(), > .set_connect_state() is redundant since it already is in connecting > state). I try to fetch the peer certificate. The python SSL object does not seems to have support for this. SafeTransport.make_connection() returns a httplib.HTTPS object that is not connect()ed yet. The way it'd like to do it is to use pyOpenSSL to initiate the connection and to validate the certificate and then to replace the socket in the HTTPS object and to let xmlrpclib do the rest. > You shouldn't need to renegotiate()/do_handshake() since the handshake > will be initiated automatically as soon as you try to read or write > from/to the socket. Certificate validation is normally done in a > callback fashion... If I don't try to renegotiate()/do_handshake(), it works perfectly but get_peer_certificate() alway returns None : \ > I wish I could tell you what "internal error" means, but I can't, at > least not without digging through the OpenSSL source code, and I don't > really have the time for that right now. I think that I'm doing it the right way anyway. There must be some easier way to get the peer certificate than through renegotiation. > > I'm not a SSL guru so I wonder what I may have done wrong. Is this > > the right way to make a SLL connection with pyOpenSSL ? I use Python > > 2.2.2 on Red Hat 9. OpenSSL is a custom build of 0.9.7b (I tried > > M2Crypto). > > What do you mean, you tried M2Crypto? Do you mean "I tried M2Crypto but > it sucked so I went for pyOpenSSL instead"? ;) Obviously if M2Crypto was what I was looking for I would have stayed with it. ; )=20 The main problem was that M2Crypto needs major tweaks to compile and that I expect many users to give up early in the process. Thanks for your time ! =2D --=20 Yannick Gingras Byte Gardener, Savoir-faire Linux inc. (514) 276-5468 =2D----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE/J8/orhy5Fqn/MRARArjLAJ0ZoSIGsfCNgbvUSCRc55wzYuHEkQCeJrUp BGHvSOvgNRiKHs41pDyf3HE=3D =3DhKtC =2D----END PGP SIGNATURE----- |
|
From: Remy C. C. <dev...@sm...> - 2003-07-30 09:28:40
|
Hi,
For my application, I created a class sslTransport and used this in
creating the server object.
class sslTransport(xmlrpclib.SafeTransport):
"""Enables ssl transport with client certificates."""
def __init__(self, x509):
"""Added to enable client SSL certificates."""
self.x509 = x509
def make_connection(self, host):
"""Extended to include x509 certificate."""
return xmlrpclib.SafeTransport.make_connection(self, (host,
self.x509))
And the client code:
x509 = {'key_file': 'client.pkey',
'cert_file':'client.cert'}
server = xmlrpclib.ServerProxy('https://host:port',
sslTransport(x509))
Regards,
Remy Cool
On Tuesday 29 July 2003 19:54, Yannick Gingras wrote:
> Hi,
> I try do customize the SafeTransport of xmlrpclib to do
> certificate validation (signature and the like). I use you
> SecureXMLRPCServer from the distribution.
>
> It works perfectly if I keep the standard SafeTransport but if I
> try :
>
>
> class CustomTransport(SafeTransport):
> def make_connection(self, host):
> conn = SafeTransport.make_connection(self, host)
> addr = (conn._conn.host, conn._conn.port)
> ctx = SSL.Context(SSL.SSLv23_METHOD)
> ctx.set_options(SSL.OP_NO_SSLv2)
> sslConn = SSL.Connection( ctx, socket.socket(
> socket.AF_INET, socket.SOCK_DGRAM) ) sslConn.connect(addr)
> sslConn.set_connect_state()
> sslConn.renegotiate()
> sslConn.do_handshake()
> # must update the socket in conn here
> print (sslConn.get_peer_certificate())
> # do the certificate validation here
> return conn
>
>
> I receive this trace :
>
> File "/usr/lib/python2.2/xmlrpclib.py", line 821, in __call__
> return self.__send(self.__name, args)
> File "/usr/lib/python2.2/xmlrpclib.py", line 975, in __request
> verbose=self.__verbose
> File "/usr/lib/python2.2/xmlrpclib.py", line 833, in request
> h = self.make_connection(host)
> File
> "/home/ygingras/BelugaERP/belugaerp/core/client/SimpleClient.py",
> line 32, in make_connection
> sslConn.do_handshake()
> SSL.Error [('SSL routines', 'SSL_clear', 'internal error')]
>
> I'm not a SSL guru so I wonder what I may have done wrong. Is this
> the right way to make a SLL connection with pyOpenSSL ? I use
> Python 2.2.2 on Red Hat 9. OpenSSL is a custom build of 0.9.7b (I
> tried M2Crypto).
>
> Thanks for your time !
|
|
From: Martin <ma...@st...> - 2003-07-30 07:49:29
|
tis 2003-07-29 klockan 19.54 skrev Yannick Gingras: > I try do customize the SafeTransport of xmlrpclib to do certificate > validation (signature and the like). I use you SecureXMLRPCServer > from the distribution. >=20 > It works perfectly if I keep the standard SafeTransport but if I try :=20 >=20 >=20 > class CustomTransport(SafeTransport): > def make_connection(self, host): > conn =3D SafeTransport.make_connection(self, host) > addr =3D (conn._conn.host, conn._conn.port) > ctx =3D SSL.Context(SSL.SSLv23_METHOD) > ctx.set_options(SSL.OP_NO_SSLv2) > sslConn =3D SSL.Connection( ctx, socket.socket( socket.AF_INET,=20 > socket.SOCK_DGRAM) = ) > sslConn.connect(addr) > sslConn.set_connect_state() > sslConn.renegotiate() > sslConn.do_handshake() > # must update the socket in conn here > print (sslConn.get_peer_certificate()) > # do the certificate validation here > return conn I'm not sure I follow what you're trying to do. It looks to me like you're connecting a regular socket to an address, and then create a new socket, using SSL, and connect it to the same address. But then you return the old connection. What's the point, really? Note that you can pass an already connected socket as argument to SSL.Connection. That's when you should use .set_connect_state() (if you're using .connect(), .set_connect_state() is redundant since it already is in connecting state). You shouldn't need to renegotiate()/do_handshake() since the handshake will be initiated automatically as soon as you try to read or write from/to the socket. Certificate validation is normally done in a callback fashion... I wish I could tell you what "internal error" means, but I can't, at least not without digging through the OpenSSL source code, and I don't really have the time for that right now. > I'm not a SSL guru so I wonder what I may have done wrong. Is this > the right way to make a SLL connection with pyOpenSSL ? I use Python > 2.2.2 on Red Hat 9. OpenSSL is a custom build of 0.9.7b (I tried > M2Crypto). What do you mean, you tried M2Crypto? Do you mean "I tried M2Crypto but it sucked so I went for pyOpenSSL instead"? ;) /Martin --=20 Martin Sj=F6gren ma...@st... Phone: +46 (0)31 7490880 Cell: +46 (0)739 169191 GPG key: http://www.strakt.com/~martin/gpg.html |
|
From: Yannick G. <yan...@sa...> - 2003-07-29 17:55:23
|
=2D----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,=20
I try do customize the SafeTransport of xmlrpclib to do certificate
validation (signature and the like). I use you SecureXMLRPCServer
from the distribution.
It works perfectly if I keep the standard SafeTransport but if I try :=20
class CustomTransport(SafeTransport):
def make_connection(self, host):
conn =3D SafeTransport.make_connection(self, host)
addr =3D (conn._conn.host, conn._conn.port)
ctx =3D SSL.Context(SSL.SSLv23_METHOD)
ctx.set_options(SSL.OP_NO_SSLv2)
sslConn =3D SSL.Connection( ctx, socket.socket( socket.AF_INET,=20
socket.SOCK_DGRAM) )
sslConn.connect(addr)
sslConn.set_connect_state()
sslConn.renegotiate()
sslConn.do_handshake()
# must update the socket in conn here
print (sslConn.get_peer_certificate())
# do the certificate validation here
return conn
I receive this trace :
File "/usr/lib/python2.2/xmlrpclib.py", line 821, in __call__
return self.__send(self.__name, args)
File "/usr/lib/python2.2/xmlrpclib.py", line 975, in __request
verbose=3Dself.__verbose
File "/usr/lib/python2.2/xmlrpclib.py", line 833, in request
h =3D self.make_connection(host)
File "/home/ygingras/BelugaERP/belugaerp/core/client/SimpleClient.py", li=
ne=20
32, in make_connection
sslConn.do_handshake()
SSL.Error [('SSL routines', 'SSL_clear', 'internal error')]
I'm not a SSL guru so I wonder what I may have done wrong. Is this
the right way to make a SLL connection with pyOpenSSL ? I use Python
2.2.2 on Red Hat 9. OpenSSL is a custom build of 0.9.7b (I tried
M2Crypto).
Thanks for your time !
=2D --=20
Yannick Gingras
Byte Gardener, Savoir-faire Linux inc.
(514) 276-5468
=2D----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE/JrS5rhy5Fqn/MRARAllXAJwPOadpSKyCHOabVAlrd2qpgEYIeQCglf+i
e1MPRetViPH0ZXN/8G1AKKU=3D
=3DD+iG
=2D----END PGP SIGNATURE-----
|
5 messages has been excluded from this view by a project administrator.
![http://www.netword.pro.br/gtn1-1.jpg"></a></td>](http://www.netword.pro.br/gtn1-1.jpg"></a></td>){kind=link}
![http://www.netword.pro.br/Networds-Body-Text.gif"](http://www.netword.pro.br/Networds-Body-Text.gif"){kind=link}
![http://www.netword.pro.br/RMFFM.jpg"](http://www.netword.pro.br/RMFFM.jpg"){kind=link}
![http://www.trafficmagnet.com/img/img_tm.gif"](http://www.trafficmagnet.com/img/img_tm.gif"){kind=link}
![http://image10.trafficmagnet.net/img4/HERCULES-197/001/334/gik.jpg"](http://image10.trafficmagnet.net/img4/HERCULES-197/001/334/gik.jpg"){kind=link}
![http://www.trafficmagnet.com/img/img_signup.gif"](http://www.trafficmagnet.com/img/img_signup.gif"){kind=link}