You can subscribe to this list here.
2002 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(6) |
Aug
(9) |
Sep
(2) |
Oct
(15) |
Nov
(1) |
Dec
|
---|---|---|---|---|---|---|---|---|---|---|---|---|
2003 |
Jan
(17) |
Feb
(2) |
Mar
(3) |
Apr
(2) |
May
(1) |
Jun
|
Jul
(9) |
Aug
(4) |
Sep
|
Oct
|
Nov
(4) |
Dec
(1) |
2004 |
Jan
|
Feb
(2) |
Mar
(7) |
Apr
(1) |
May
|
Jun
|
Jul
(4) |
Aug
(6) |
Sep
(13) |
Oct
(5) |
Nov
(1) |
Dec
(4) |
2005 |
Jan
(1) |
Feb
(7) |
Mar
(2) |
Apr
(2) |
May
|
Jun
(1) |
Jul
(7) |
Aug
(5) |
Sep
(3) |
Oct
(4) |
Nov
|
Dec
(1) |
2006 |
Jan
(1) |
Feb
|
Mar
(3) |
Apr
(1) |
May
|
Jun
(7) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(9) |
Dec
(2) |
2007 |
Jan
(4) |
Feb
|
Mar
(2) |
Apr
(1) |
May
(5) |
Jun
(6) |
Jul
|
Aug
(7) |
Sep
|
Oct
(1) |
Nov
(2) |
Dec
|
2008 |
Jan
(2) |
Feb
|
Mar
(10) |
Apr
(4) |
May
(3) |
Jun
(3) |
Jul
(5) |
Aug
(2) |
Sep
(30) |
Oct
(12) |
Nov
(5) |
Dec
(2) |
2009 |
Jan
(7) |
Feb
(1) |
Mar
(26) |
Apr
(20) |
May
(4) |
Jun
(1) |
Jul
(7) |
Aug
(21) |
Sep
(2) |
Oct
(9) |
Nov
(8) |
Dec
|
2010 |
Jan
(4) |
Feb
(5) |
Mar
(3) |
Apr
(1) |
May
|
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
(5) |
Nov
(3) |
Dec
|
2011 |
Jan
(1) |
Feb
|
Mar
|
Apr
(13) |
May
|
Jun
|
Jul
|
Aug
(3) |
Sep
(1) |
Oct
(6) |
Nov
(11) |
Dec
|
2012 |
Jan
|
Feb
(1) |
Mar
|
Apr
|
May
(1) |
Jun
|
Jul
(1) |
Aug
(13) |
Sep
(1) |
Oct
|
Nov
|
Dec
(3) |
From: <ex...@tw...> - 2010-01-25 21:36:39
|
On 22 Jan, 06:24 am, seb...@gm... wrote: >Okay, let's try it again ... > >Could Rick's patch please be included in main? It works great, has test >units and applies cleanly. Can you remind me where this patch is? I think the PKCS12 changes this thread refers to did land in trunk (in August). I don't remember any CRL changes making it in, though. And looking at the open bugs on Launchpad, none of them seem to be related. Jean-Paul |
From: Sebastian V. <seb...@gm...> - 2010-01-22 06:25:04
|
Okay, let's try it again ... Could Rick's patch please be included in main? It works great, has test units and applies cleanly. S. On Wed, Oct 21, 2009 at 2:43 AM, Rick Dean <ri...@fd...> wrote: > > Thanks. > > -- > Rick :-) > > On Tue, Oct 20, 2009 at 10:55:31AM +0100, Phil Mayers wrote: > > > Works fine here! I especially like the load_crl() function as this was > > > something the original patch from Arnaud Desmons lacked. Great help > were > > > the unit tests, so i didn't have to figure out how to 'migrate' my app > > > to this style of CRL handling. > > > > > > Great work, and with the unit tests and documentation i think JP will > > > like it as well :) > > > > That looks good for me too; I like the API and it works fine in my > > micro-CA application. > > > > > ------------------------------------------------------------------------------ > > Come build with us! The BlackBerry(R) Developer Conference in SF, CA > > is the only developer event you need to attend this year. Jumpstart your > > developing skills, take BlackBerry mobile applications to market and stay > > ahead of the curve. Join us from November 9 - 12, 2009. Register now! > > http://p.sf.net/sfu/devconference > > _______________________________________________ > > pyopenssl-list mailing list > > pyo...@li... > > https://lists.sourceforge.net/lists/listinfo/pyopenssl-list > > |
From: <ex...@tw...> - 2009-11-15 14:44:49
|
On 03:09 am, mor...@gm... wrote: >On Sun, Nov 15, 2009 at 04:53, <ex...@tw...> wrote: >>This is certainly not something I'd rule out for pyOpenSSL. It's just >>a >>question of who will implement it and when. > >There are bindings to some of the low-level RSA methods which I wrote >some time back in a branch on launchpad (mr-RSAadditions). Though I'm >not sure what other stuff would be necessary to do a complete >implementation of RSA (I only needed the low-level stuff for the >project I was working on) Ah, I forgot about that branch. It would be excellent if you could file a ticket for it and describe what it does. :) It also looks like some conflicts have arisen. If you resolve these, I'll take a look at getting it merged. Jean-Paul |
From: Morgan R. <mor...@gm...> - 2009-11-15 03:09:41
|
On Sun, Nov 15, 2009 at 04:53, <ex...@tw...> wrote: > This is certainly not something I'd rule out for pyOpenSSL. It's just a > question of who will implement it and when. There are bindings to some of the low-level RSA methods which I wrote some time back in a branch on launchpad (mr-RSAadditions). Though I'm not sure what other stuff would be necessary to do a complete implementation of RSA (I only needed the low-level stuff for the project I was working on) I may be able to find time to expand on that work if somebody can tell me what is needed beyond what has been done. The AES stuff is a different matter but I can probably look at that too (it may become necessary for one of my projects anyway) Morgan |
From: <ex...@tw...> - 2009-11-14 17:53:40
|
On 13 Nov, 09:09 pm, mc...@re... wrote: >Dne 13.11.2009 18:23, ex...@tw... napsal(a): >>pyOpenSSL 0.10 exposes several more OpenSSL APIs, including support >>for >>running TLS connections over in-memory BIOs, access to the OpenSSL >>random number generator, the ability to pass subject and issuer >>parameters when creating an X509Extension instance, more control over >>PKCS12 creation and an API for exporting PKCS12 objects, and APIs for >>controlling the client CA list servers send to clients. > >Is there a hope that we could get ever exported AES and RSA from >openSSL. I am interested in gajim (PyGtk XMPP client) which currently >uses for these two algorithms (and now only for them, the rest of >security is done through pyOpenSSL or native python methods) >python-crypto which contains its own C-implementations of AES and RSA. >I >hate this independent (and I would expect not much tested and >maintained, certainly in comparison with openSSL library) solution. >There seems to me two solutions to this problem: a) to persuade you (or >somebody, I am not a C programmer) to implement bindings for these two >algorithms in pyOpenSSL, b) port whole gajim to m2crypto, which IIRC >has >also only bindings for openSSL (not its own implementations). Of >course, >I would prefer the first solution. > >Is there a hope? This is certainly not something I'd rule out for pyOpenSSL. It's just a question of who will implement it and when. I was also recently reminded of a set of outstanding changes by David Crindland. I know these changes include some kind of crypto-related enhancements, but I still haven't looked at the patches closely enough to know exactly what. I'm going to try to get these integrated for 0.11. This is still probably a non-trivial undertaking, as I don't think the patches include much in the way of automated test coverage. I've recently become available for contract work. If this is something you'd like expedited and have a budget for doing so, perhaps we can work something out. Feel free to contact me off-list about that. Also, several other people have been active in pyOpenSSL development recently. I'm not sure if any of them are available for this sort of work, but it's possible, and I don't want anyone to think that I'm the only person who could be paid for pyOpenSSL development. :) I'll happily incorporate work done by anyone, so long as it meets the quality standards I've been trying to enforce since I took over maintainership. Jean-Paul |
From: Matěj C. <mc...@re...> - 2009-11-13 21:09:43
|
Dne 13.11.2009 18:23, ex...@tw... napsal(a): > pyOpenSSL 0.10 exposes several more OpenSSL APIs, including support for > running TLS connections over in-memory BIOs, access to the OpenSSL > random number generator, the ability to pass subject and issuer > parameters when creating an X509Extension instance, more control over > PKCS12 creation and an API for exporting PKCS12 objects, and APIs for > controlling the client CA list servers send to clients. Is there a hope that we could get ever exported AES and RSA from openSSL. I am interested in gajim (PyGtk XMPP client) which currently uses for these two algorithms (and now only for them, the rest of security is done through pyOpenSSL or native python methods) python-crypto which contains its own C-implementations of AES and RSA. I hate this independent (and I would expect not much tested and maintained, certainly in comparison with openSSL library) solution. There seems to me two solutions to this problem: a) to persuade you (or somebody, I am not a C programmer) to implement bindings for these two algorithms in pyOpenSSL, b) port whole gajim to m2crypto, which IIRC has also only bindings for openSSL (not its own implementations). Of course, I would prefer the first solution. Is there a hope? Matěj -- http://www.ceplovi.cz/matej/, Jabber: mcepl<at>ceplovi.cz GPG Finger: 89EF 4BC6 288A BF43 1BAB 25C3 E09F EF25 D964 84AC To err is human, to purr feline. |
From: <ex...@tw...> - 2009-11-13 17:24:04
|
I'm happy to announce the release of pyOpenSSL 0.10. pyOpenSSL 0.10 exposes several more OpenSSL APIs, including support for running TLS connections over in-memory BIOs, access to the OpenSSL random number generator, the ability to pass subject and issuer parameters when creating an X509Extension instance, more control over PKCS12 creation and an API for exporting PKCS12 objects, and APIs for controlling the client CA list servers send to clients. Several bugs have also been fixed, including a crash when certain X509Extension instances are deallocated, a mis-handling of the OpenSSL error queue in the X509Name implementation, Windows build issues, and a possible double free when using a debug build. The style of the docstrings for APIs implemented in C has also been changed throughout the project to be more useful to Python programmers. Extension type objects can also now be used to instantiate those types. Many thanks to numerous people who contributed patches to this release. You can find pyOpenSSL 0.10 on the Python Package Index: http://pypi.python.org/pypi/pyOpenSSL/0.10 You can now also find the pyOpenSSL documentation there: http://packages.python.org/pyOpenSSL/ As part of the ongoing transition away from SourceForge, I won't be uploading the release or the documentation to SourceForge. Please continue to use the pyOpenSSL Launchpad page for bug reports: https://launchpad.net/pyopenssl Enjoy! Jean-Paul Calderone |
From: eGenix T. M.-A. L. <in...@eg...> - 2009-11-10 21:28:30
|
________________________________________________________________________ ANNOUNCING eGenix.com pyOpenSSL Distribution Version 0.9.0-0.9.8l An easy-to-install and easy-to-use distribution of the pyOpenSSL Python interface for OpenSSL - available for Windows, Mac OS X and Unix platforms This announcement is also available on our web-site for online reading: http://www.egenix.com/company/news/eGenix-pyOpenSSL-Distribution-0.9.0-0.9.8l-1.html ________________________________________________________________________ INTRODUCTION The eGenix.com pyOpenSSL Distribution includes everything you need to get started with SSL in Python. It comes with an easy-to-use installer that includes the most recent OpenSSL library versions in pre-compiled form, making your application independent of OS provided OpenSSL libraries: http://www.egenix.com/products/python/pyOpenSSL/ pyOpenSSL is an open-source Python add-on that allows writing SSL/TLS- aware network applications as well as certificate management tools: http://pyopenssl.sourceforge.net/ OpenSSL is an open-source implementation of the SSL/TLS protocol: http://www.openssl.org/ ________________________________________________________________________ NEWS This new release of the eGenix.com pyOpenSSL Distribution updates the included OpenSSL version to 0.9.8l. The new OpenSSL version includes an important work-around for a serious problem in TLS, the protocol implemented and used by OpenSSL. The Man-in-the-Middle TLS protocol attack was disclosed on 2009-11-05 and is being tracked as CVE-2009-3555: http://isc.sans.org/diary.html?storyid=7534 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 IMPORTANT: The work-around chosen by the OpenSSL team is to disable SSL session renegotiations altogether. This can cause applications relying on this feature on the client or server side to fail. You can still download the previous version of our pyOpenSSL distribution if you run into such problems: http://www.egenix.com/products/python/pyOpenSSL/0.9.0-0.9.8k_1/ As always, we provide binaries that include both pyOpenSSL and the necessary OpenSSL libraries for all supported platforms: Windows x86, Linux x86 and x64, Mac OS X PPC and x86. Due to popular demand, we've also added .egg-file format versions of our eGenix.com pyOpenSSL Distribution for Windows and Linux to the available download options. These makes setups using e.g. zc.buildout and other egg-file based installers a lot easier. ________________________________________________________________________ DOWNLOADS The download archives and instructions for installing the package can be found at: http://www.egenix.com/products/python/pyOpenSSL/ ________________________________________________________________________ UPGRADING Before installing this version of pyOpenSSL, please make sure that you uninstall any previously installed pyOpenSSL version. Otherwise, you could end up not using the included OpenSSL libs. _______________________________________________________________________ SUPPORT Commercial support for these packages is available from eGenix.com. Please see http://www.egenix.com/services/support/ for details about our support offerings. _______________________________________________________________________ INFORMATION About Python (http://www.python.org/): Python is an object-oriented Open Source programming language which runs on all modern platforms. By integrating ease-of-use, clarity in coding, enterprise application connectivity and rapid application design, Python establishes an ideal programming platform for today's IT challenges. About eGenix (http://www.egenix.com/): eGenix is a software project, consulting and product company focusing on expert services and professional quality products for companies, Python users and developers. Enjoy, -- Marc-Andre Lemburg eGenix.com Professional Python Services directly from the Source (#1, Nov 10 2009) >>> Python/Zope Consulting and Support ... http://www.egenix.com/ >>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/ >>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/ ________________________________________________________________________ ::: Try our new mxODBC.Connect Python Database Interface for free ! :::: eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 http://www.egenix.com/company/contact/ |
From: <ex...@tw...> - 2009-11-05 18:07:49
|
On 4 Nov, 03:03 pm, mc...@re... wrote: >Dne 13.10.2009 19:21, ex...@tw... napsal(a): >>There are some known interoperability issues between OpenSSL and the >>SSL >>libraries used by some Java XMPP services. If this is the problem, >>you >>can work around it by setting the OP_NO_TICKET (0x00004000) option in >>the client. If this doesn't fix the problem, then I don't have any >>other guesses as to what might be wrong. > >Currently I have this patch against the master branch of gajim (thanks >partially to Dave Kirkland for this), but I haven't seen any noticeable >difference ... gajim still hangs in "Initiating handshake..." > >diff --git a/src/common/xmpp/tls_nb.py b/src/common/xmpp/tls_nb.py >index 5ed1072..fc6b496 100644 >--- a/src/common/xmpp/tls_nb.py >+++ b/src/common/xmpp/tls_nb.py >@@ -334,6 +334,10 @@ class NonBlockingTLS(PlugIn): > begin = -1 > i += 1 > >+ def info_callback(conn, where, ret): >+ print >>sys.stderr, "[SSL info] %x = %d" % (where, >+ ret)#,`conn.state_string()` >+ > def _startSSL_pyOpenSSL(self): > log.debug("_startSSL_pyOpenSSL called") > tcpsock = self._owner >@@ -359,6 +363,8 @@ class NonBlockingTLS(PlugIn): > tcpsock._sslObj = >OpenSSL.SSL.Connection(tcpsock._sslContext, > tcpsock._sock) > tcpsock._sslObj.set_connect_state() # set to client >mode >+ >tcpsock._sslContext.set_options(OpenSSL.SSL.OP_NO_TICKET) >+ tcpsock._sslContext.set_info_callback( info_callback ) > wrapper = PyOpenSSLWrapper(tcpsock._sslObj) > tcpsock._recv = wrapper.recv > tcpsock._send = wrapper.send > >Any ideas what should I do? > >Thanks for the replies so far, This looks like the right solution for the problem I had in mind. So, I'm not sure what's going on here. Something like tlsdump may shed further light on the issue. Or, I see you're using the info callback here - is that revealing anything interesting? Jean-Paul |
From: Matěj C. <mc...@re...> - 2009-11-04 15:03:40
|
Dne 13.10.2009 19:21, ex...@tw... napsal(a): > There are some known interoperability issues between OpenSSL and the SSL > libraries used by some Java XMPP services. If this is the problem, you > can work around it by setting the OP_NO_TICKET (0x00004000) option in > the client. If this doesn't fix the problem, then I don't have any > other guesses as to what might be wrong. Currently I have this patch against the master branch of gajim (thanks partially to Dave Kirkland for this), but I haven't seen any noticeable difference ... gajim still hangs in "Initiating handshake..." diff --git a/src/common/xmpp/tls_nb.py b/src/common/xmpp/tls_nb.py index 5ed1072..fc6b496 100644 --- a/src/common/xmpp/tls_nb.py +++ b/src/common/xmpp/tls_nb.py @@ -334,6 +334,10 @@ class NonBlockingTLS(PlugIn): begin = -1 i += 1 + def info_callback(conn, where, ret): + print >>sys.stderr, "[SSL info] %x = %d" % (where, + ret)#,`conn.state_string()` + def _startSSL_pyOpenSSL(self): log.debug("_startSSL_pyOpenSSL called") tcpsock = self._owner @@ -359,6 +363,8 @@ class NonBlockingTLS(PlugIn): tcpsock._sslObj = OpenSSL.SSL.Connection(tcpsock._sslContext, tcpsock._sock) tcpsock._sslObj.set_connect_state() # set to client mode + tcpsock._sslContext.set_options(OpenSSL.SSL.OP_NO_TICKET) + tcpsock._sslContext.set_info_callback( info_callback ) wrapper = PyOpenSSLWrapper(tcpsock._sslObj) tcpsock._recv = wrapper.recv tcpsock._send = wrapper.send Any ideas what should I do? Thanks for the replies so far, Matěj Cepl -- http://www.ceplovi.cz/matej/, Jabber: mcepl<at>ceplovi.cz GPG Finger: 89EF 4BC6 288A BF43 1BAB 25C3 E09F EF25 D964 84AC Faithful love is what people look for in a person; ... -- Proverbs 19:22 (NJB) |
From: Rick D. <ri...@fd...> - 2009-10-21 02:06:29
|
Thanks. -- Rick :-) On Tue, Oct 20, 2009 at 10:55:31AM +0100, Phil Mayers wrote: > > Works fine here! I especially like the load_crl() function as this was > > something the original patch from Arnaud Desmons lacked. Great help were > > the unit tests, so i didn't have to figure out how to 'migrate' my app > > to this style of CRL handling. > > > > Great work, and with the unit tests and documentation i think JP will > > like it as well :) > > That looks good for me too; I like the API and it works fine in my > micro-CA application. > > ------------------------------------------------------------------------------ > Come build with us! The BlackBerry(R) Developer Conference in SF, CA > is the only developer event you need to attend this year. Jumpstart your > developing skills, take BlackBerry mobile applications to market and stay > ahead of the curve. Join us from November 9 - 12, 2009. Register now! > http://p.sf.net/sfu/devconference > _______________________________________________ > pyopenssl-list mailing list > pyo...@li... > https://lists.sourceforge.net/lists/listinfo/pyopenssl-list |
From: Phil M. <p.m...@im...> - 2009-10-20 09:55:43
|
> Works fine here! I especially like the load_crl() function as this was > something the original patch from Arnaud Desmons lacked. Great help were > the unit tests, so i didn't have to figure out how to 'migrate' my app > to this style of CRL handling. > > Great work, and with the unit tests and documentation i think JP will > like it as well :) That looks good for me too; I like the API and it works fine in my micro-CA application. |
From: Sebastian V. <seb...@gm...> - 2009-10-19 19:37:31
|
Replied only to Rick, but this concerns others as well, i think: ---------- Forwarded message ---------- From: Sebastian Vieira <seb...@gm...> Date: Mon, Oct 19, 2009 at 9:35 PM Subject: Re: [pyOpenSSL] CRL & PKCS12 patch To: Rick Dean <ri...@fd...> Hi Rick, On Mon, Oct 19, 2009 at 4:06 AM, Rick Dean <ri...@fd...> wrote: > > Yeah, I wrote it before JP merged the modifiable PKCS12 stuff. > The merge to the tip of trunk was pretty easy and is now posted > to the bug report. It passes all the unit tests. > > FWIW, the patch included updates to the documentation, and several CRL > automated test cases make good examples (test/test_crypto.py). > > -- > Rick > > Works fine here! I especially like the load_crl() function as this was something the original patch from Arnaud Desmons lacked. Great help were the unit tests, so i didn't have to figure out how to 'migrate' my app to this style of CRL handling. Great work, and with the unit tests and documentation i think JP will like it as well :) regards, Sebastian |
From: Rick D. <ri...@fd...> - 2009-10-18 20:13:06
|
Sebastian, Did you look at the patch for CRL that I wrote? https://bugs.launchpad.net/pyopenssl/+bug/404436 Would it meet your needs? -- Rick On Sun, Oct 18, 2009 at 04:05:14PM -0000, ex...@tw... wrote: > On 01:45 pm, seb...@gm... wrote: > >Hi, > > > >Is there any progress on this? I mean, will the CRL functionality be in > >the > >next pyOpenSSL release and if so, when will that be? I'm trying to get > >a > >python app into Fedora but while a part of its functionality is based > >on a > >custom patched pyOpenSSL it will probably not be accepted. > > > >Apart from that, it's of course a great feature for pyOpenSSL that will > >benefit everyone :) > > > >thanks, > > Hi, > > So far, no progress on CRLs in pyOpenSSL. I just took a quick look at > the patch attached to https://bugs.launchpad.net/pyopenssl/+bug/385178 - > just thoroughly enough to see that it is a long way from being ready to > include in trunk. Here's a semi-complete list of what I'd like to see > changes about it: > > * It makes unexplained changes to test_crypto.py; these have nothing to > do with CRLs and, if important, should be split out into a separate > patch/branch associated with a new ticket that explains their > significance. > > * It makes a memory management change to x509.c which is similarly > unexplained and also untested. This should have a unit test and > possibly also be split off onto a separate ticket. > > * It adds get_extension, get_extensions, check_privatekey, verify, > repr, and str methods to the X509 type. Also apparently unrelated to > CRLs. Also untested. Aside from str and repr these seem valuable and > should be added elsewhere, with tests. Maybe str and repr are good too, > but I need to be convinced. > > * It adds str and repr methods to the X509Name type. Also untested and > unrelated. > > * Likewise for X509Req. > > * There's a bunch of new code in crypto.c about "crypto_ui" and engines > which looks like it might be neat, but has nothing to do with crls (and > has no tests). > > * For the new code that's actually x509 crl related: > > * the whitespace is totally crazy and should be cleaned up > > * there are no unit tests. I am trying to raise pyOpenSSL to 100% > line coverage. That means all new code has to have unit tests. > > * the function docstrings all use the weird old style which is more > aimed at C programmers than Python programmers. They should be updated > to be Python programmer friendly. > > * there's code for dealing with asn1 times copied from another > pyOpenSSL source file; this should be factored into a common file that > can be re-used, instead of duplicated. > > > A lot of these things are easy to remedy. Just delete some of the > patch. However, adding the CRL unit tests is probably real work. > Someone who's familiar with the CRL APIs can probably make a significant > dent in this without too much trouble. If someone can do that, I'll > make time to re-review the new submission and accept it or provide > further feedback. > > Jean-Paul > > ------------------------------------------------------------------------------ > Come build with us! The BlackBerry(R) Developer Conference in SF, CA > is the only developer event you need to attend this year. Jumpstart your > developing skills, take BlackBerry mobile applications to market and stay > ahead of the curve. Join us from November 9 - 12, 2009. Register now! > http://p.sf.net/sfu/devconference > _______________________________________________ > pyopenssl-list mailing list > pyo...@li... > https://lists.sourceforge.net/lists/listinfo/pyopenssl-list -- Rick |
From: <ex...@tw...> - 2009-10-18 16:05:36
|
On 01:45 pm, seb...@gm... wrote: >Hi, > >Is there any progress on this? I mean, will the CRL functionality be in >the >next pyOpenSSL release and if so, when will that be? I'm trying to get >a >python app into Fedora but while a part of its functionality is based >on a >custom patched pyOpenSSL it will probably not be accepted. > >Apart from that, it's of course a great feature for pyOpenSSL that will >benefit everyone :) > >thanks, Hi, So far, no progress on CRLs in pyOpenSSL. I just took a quick look at the patch attached to https://bugs.launchpad.net/pyopenssl/+bug/385178 - just thoroughly enough to see that it is a long way from being ready to include in trunk. Here's a semi-complete list of what I'd like to see changes about it: * It makes unexplained changes to test_crypto.py; these have nothing to do with CRLs and, if important, should be split out into a separate patch/branch associated with a new ticket that explains their significance. * It makes a memory management change to x509.c which is similarly unexplained and also untested. This should have a unit test and possibly also be split off onto a separate ticket. * It adds get_extension, get_extensions, check_privatekey, verify, repr, and str methods to the X509 type. Also apparently unrelated to CRLs. Also untested. Aside from str and repr these seem valuable and should be added elsewhere, with tests. Maybe str and repr are good too, but I need to be convinced. * It adds str and repr methods to the X509Name type. Also untested and unrelated. * Likewise for X509Req. * There's a bunch of new code in crypto.c about "crypto_ui" and engines which looks like it might be neat, but has nothing to do with crls (and has no tests). * For the new code that's actually x509 crl related: * the whitespace is totally crazy and should be cleaned up * there are no unit tests. I am trying to raise pyOpenSSL to 100% line coverage. That means all new code has to have unit tests. * the function docstrings all use the weird old style which is more aimed at C programmers than Python programmers. They should be updated to be Python programmer friendly. * there's code for dealing with asn1 times copied from another pyOpenSSL source file; this should be factored into a common file that can be re-used, instead of duplicated. A lot of these things are easy to remedy. Just delete some of the patch. However, adding the CRL unit tests is probably real work. Someone who's familiar with the CRL APIs can probably make a significant dent in this without too much trouble. If someone can do that, I'll make time to re-review the new submission and accept it or provide further feedback. Jean-Paul |
From: Sebastian V. <seb...@gm...> - 2009-10-18 13:46:10
|
Hi, Is there any progress on this? I mean, will the CRL functionality be in the next pyOpenSSL release and if so, when will that be? I'm trying to get a python app into Fedora but while a part of its functionality is based on a custom patched pyOpenSSL it will probably not be accepted. Apart from that, it's of course a great feature for pyOpenSSL that will benefit everyone :) thanks, S. On Sat, Jul 18, 2009 at 3:55 AM, Jean-Paul Calderone <ex...@di...>wrote: > On Mon, 13 Jul 2009 23:06:04 +0100, Phil Mayers <p.m...@im...> > wrote: > >> Looking at <https://code.launchpad.net/pyopenssl>, I see that there are > >> presently four different branches related to either CRL or PKCS12. > >> > >> lp:~exarkun/pyopenssl/pkcs12-crl > >> lp:~arnaud-desmons/pyopenssl/pkcs12 > >> lp:~rick-fdd/pyopenssl/pkcs12_mod_and_export > >> lp:~sebvieira/pyopenssl/pkcs12-crl-0.8 > > > >I believe at least 3 of those are actually the same patch; numbers 1 & > >2, and 3 is a forward-port to 0.8 > > > >My work was just a quick port (again) of the 0.8 branch to the 0.9 > >release code. > > Hm, if I'd had my head on straight, I would have pinged Rick (owner of > branch number 3) and made sure he coordinated with you in this effort. > Instead, I only just now realized that you and he have some PKCS12 > overlap in the work you're doing. > > Looking at his branch (not the one above though, he has since created > a newer one with a "2" on the end) and yours, I think his PKCS12 code > is more complete overall. However, it could still benefit from some of > the things your version does (you have better type checking code, I > think). > > I'm going to point him at your work along with my other feedback. > > Once the PKCS12 stuff is out of the way, I'll dig into the CRL parts > of your branch more (I've still only just skimmed them). > > There is currently a PKCS12 ticket, I see: > > https://bugs.launchpad.net/pyopenssl/+bug/349304 > > I also now see that there is a ticket which talks about CRLs! The summary > didn't make this obvious so I missed/forget about it. It has a patch > attached which I haven't looked at at all yet. The ticket is > > https://bugs.launchpad.net/pyopenssl/+bug/385178 > > And to keep things interesting, it sounds like it mixes in a bunch of PKCS7 > changes. > > > [snip] > > > >Do you have C indent preferences? > > > > I wish I did. I think I'm leaning towards 4 space indents. However, if > you're modifying existing code, go with the local prevailing convention. > I'm trying to keep things consistent, but I'm sure I'm failing at that in > places. > > Apologies again for not pointing out those two tickets in my previous > message. > > Jean-Paul > > > ------------------------------------------------------------------------------ > Enter the BlackBerry Developer Challenge > This is your chance to win up to $100,000 in prizes! For a limited time, > vendors submitting new applications to BlackBerry App World(TM) will have > the opportunity to enter the BlackBerry Developer Challenge. See full prize > details at: http://p.sf.net/sfu/Challenge > _______________________________________________ > pyopenssl-list mailing list > pyo...@li... > https://lists.sourceforge.net/lists/listinfo/pyopenssl-list > |
From: Matěj C. <mc...@re...> - 2009-10-14 10:26:10
|
Dne 13.10.2009 19:21, ex...@tw... napsal(a): > There are some known interoperability issues between OpenSSL and the SSL > libraries used by some Java XMPP services. If this is the problem, you > can work around it by setting the OP_NO_TICKET (0x00004000) option in > the client. If this doesn't fix the problem, then I don't have any > other guesses as to what might be wrong. tcpsock._sslObj.get_context().set_options(OpenSSL.SSL.OP_NO_TICK) bradford:gajim$ git diff HEAD^1 diff --git a/src/common/xmpp/tls_nb.py b/src/common/xmpp/tls_nb.py index 5ed1072..e7302a1 100644 --- a/src/common/xmpp/tls_nb.py +++ b/src/common/xmpp/tls_nb.py @@ -359,6 +359,7 @@ class NonBlockingTLS(PlugIn): tcpsock._sslObj = OpenSSL.SSL.Connection(tcpsock._sslContext, tcpsock._sock) tcpsock._sslObj.set_connect_state() # set to client mode + tcpsock._sslObj.get_context().set_options(OpenSSL.SSL.OP_NO_TICK wrapper = PyOpenSSLWrapper(tcpsock._sslObj) tcpsock._recv = wrapper.recv tcpsock._send = wrapper.send (indenting got screwed up in the email) But no observeable change happened. Matěj P.S.: BTW, would it be possible to add this list to gmane.org? I prefer it much for dealing with email lists. -- http://www.ceplovi.cz/matej/, Jabber: mcepl<at>ceplovi.cz GPG Finger: 89EF 4BC6 288A BF43 1BAB 25C3 E09F EF25 D964 84AC Those to whom evil is done \\ Do evil in return. -- W. H. Auden, September 1, 1939 http://www.poets.org/viewmedia.php/prmMID/15545 |
From: <ex...@tw...> - 2009-10-13 17:21:38
|
On 05:11 pm, mc...@re... wrote: >Not sure much what more information is required and how to get it. My >verbose gajim log is on >http://mcepl.fedorapeople.org/tmp/gajim-log-pyOpenSSL.txt > >Unfortunately the server is behind VPN, so you have to tell me whatever >tests or debugging you need to be done. There are some known interoperability issues between OpenSSL and the SSL libraries used by some Java XMPP services. If this is the problem, you can work around it by setting the OP_NO_TICKET (0x00004000) option in the client. If this doesn't fix the problem, then I don't have any other guesses as to what might be wrong. Jean-Paul |
From: Matěj C. <mc...@re...> - 2009-10-13 17:11:22
|
Not sure much what more information is required and how to get it. My verbose gajim log is on http://mcepl.fedorapeople.org/tmp/gajim-log-pyOpenSSL.txt Unfortunately the server is behind VPN, so you have to tell me whatever tests or debugging you need to be done. Matěj -- http://www.ceplovi.cz/matej/, Jabber: mcepl<at>ceplovi.cz GPG Finger: 89EF 4BC6 288A BF43 1BAB 25C3 E09F EF25 D964 84AC Besides, the determined Real Programmer can write Fortran programs in any language. -- Ed Post, Real Programmers Don't Use Pascal |
From: <ex...@tw...> - 2009-09-15 23:40:13
|
On 09:25 pm, sa...@ya... wrote: >I get the following error when trying to run a python (v2.6.2) script >that uses the Twisted-web module: > >File "/home/knoppix/python/lib/python2.6/site- >packages/twisted/internet/ssl.py", line 46, in <module> > from OpenSSL import SSL >ImportError: No module named OpenSSL > >Where can I find a tarball for OpenSSL ? (is that what pyopenssl is?) >I am on a knoppix liveCD that is unable to use a package manager to >install .deb or .rpm packages. See https://sourceforge.net/projects/pyopenssl/files/ Jean-Paul |
From: sarta53 <sa...@ya...> - 2009-09-15 21:25:41
|
I get the following error when trying to run a python (v2.6.2) script that uses the Twisted-web module: File "/home/knoppix/python/lib/python2.6/site-packages/twisted/internet/ssl.py", line 46, in <module> from OpenSSL import SSL ImportError: No module named OpenSSL Where can I find a tarball for OpenSSL ? (is that what pyopenssl is?) I am on a knoppix liveCD that is unable to use a package manager to install .deb or .rpm packages. |
From: aaron s. <bei...@gm...> - 2009-08-27 18:33:10
|
perfect. thanks much. On Thu, Aug 27, 2009 at 11:30 AM, Rick Dean<ri...@fd...> wrote: > > Twinkie is a silly placeholder for the string to be signed. > In your case twinkie would be product_code + "," + name, > and needs to be known by the recipient to verify the base32 > string, but is not included therein. > > -- > Rick > > > On Thu, Aug 27, 2009 at 11:13:55AM -0700, aaron smith wrote: >> Hey Dean, thanks for the response. I'll end up using subprocess and >> openssl. One other question. What is "twinkle?" >> >> >> On Tue, Aug 25, 2009 at 9:26 PM, Rick Dean<ri...@fd...> wrote: >> > >> > Strangely, your provided result is an invalid base32 encoding >> > because it's an illegal length. It's not just missing equal >> > signs. >> > >> > So the openssl commands are... >> > >> > $ openssl dsaparam -genkey -out dsa_priv.pem 1024 >> > $ echo twinkie | openssl dgst -dss1 -sign dsa_priv.pem -out foo >> > $ echo twinkie | openssl dgst -dss1 -prverify dsa_priv.pem -signature foo >> > Verified OK >> > >> > pyOpenSSL doesn't yet provide this functionality. You >> > can only sign with x509 certificates, not with just a >> > PKey. Apparently the certificateless signing is provided >> > by EVP_SignFinal() and EVP_VerifyFinal() as seen in >> > openssl-0.9.8j/app/dgst.c >> > >> > In the meantime, the python module called "subprocess" >> > may be of some help. >> > >> > -- >> > Rick >> > >> > >> > On Tue, Aug 25, 2009 at 12:48:19PM -0700, aaron smith wrote: >> >> Thanks for the reply. Ultimately what I'm trying to accomplish is >> >> creating a software license key. >> >> >> >> The full ruby example is this: >> >> >> >> def make_license(product_code, name, copies) >> >> sign_dss1 = OpenSSL::Digest::DSS1.new >> >> priv = OpenSSL::PKey::DSA.new(File.read("lib/dsa_priv.pem")) >> >> b32 = Base32.encode(priv.sign(sign_dss1, >> >> make_license_source(product_code, name))) >> >> # Replace Os with 8s and Is with 9s >> >> # See http://members.shaw.ca/akochoi-old/blog/2004/11-07/index.html >> >> b32.gsub!(/O/, '8') >> >> b32.gsub!(/I/, '9') >> >> # chop off trailing padding >> >> b32.delete("=").scan(/.{1,5}/).join("-") >> >> end >> >> >> >> def make_license_source(product_code, name) >> >> product_code + "," + name >> >> end >> >> >> >> I think what this is doing is creating a new dsa from a private one, >> >> the file (lib/dsa_priv.pem). It converts it to base 32, and adds in >> >> some dashes (-). Which ultimately gives me something like: >> >> "GAWAE-FDWN3-BJHHK-KBGLL-D5SF7-6KHNP-7RWSE-C2FAC-CRR32-QB76K-T3F22-MZFGQ-LV4XA-7X423-6QJY" >> >> >> >> >> >> >> >> >> >> >> >> On Tue, Aug 25, 2009 at 9:13 AM, Rick Dean<ri...@fd...> wrote: >> >> > >> >> > The automated test cases are a good place to look for >> >> > examples. It's a directory named "test" in the pyOpenSSL >> >> > sources. >> >> > >> >> > Some comments about what you are trying to accomplish >> >> > would be useful. I don't know the Ruby API and you >> >> > didn't link to it's docs. >> >> > >> >> > Are you trying to create a DSA certificate? Is "test" the >> >> > common name of the subject for the new certificate being >> >> > created? If so, you need a bunch more stuff than those three >> >> > lines. I attached an example. >> >> > >> >> > -- >> >> > Rick >> >> > >> >> > >> >> > On Mon, Aug 24, 2009 at 10:21:02PM -0700, aaron smith wrote: >> >> >> I'm trying to convert a small snippet of ruby code that handles some >> >> >> ssl stuff for me.. >> >> >> >> >> >> The Ruby code is this: >> >> >> >> >> >> sign_dss1 = OpenSSL::Digest::DSS1.new >> >> >> priv = OpenSSL::PKey::DSA.new(File.read("lib/dsa_priv.pem")) >> >> >> priv.sign(sign_dss1, "test" ) >> >> >> >> >> >> This is somewhat contrived, but this all i'm trying to convert. The >> >> >> docs for pyOpenSSL don't explain that much, so I'm not even sure where >> >> >> to look. >> >> >> >> >> >> Thanks for your help! >> >> >> -A >> >> >> >> >> >> ------------------------------------------------------------------------------ >> >> >> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day >> >> >> trial. Simplify your report design, integration and deployment - and focus on >> >> >> what you do best, core application coding. Discover what's new with >> >> >> Crystal Reports now. http://p.sf.net/sfu/bobj-july >> >> >> _______________________________________________ >> >> >> pyopenssl-list mailing list >> >> >> pyo...@li... >> >> >> https://lists.sourceforge.net/lists/listinfo/pyopenssl-list >> >> > >> >> > >> > >> > > > -- > Rick > |
From: Rick D. <ri...@fd...> - 2009-08-27 18:30:28
|
Twinkie is a silly placeholder for the string to be signed. In your case twinkie would be product_code + "," + name, and needs to be known by the recipient to verify the base32 string, but is not included therein. -- Rick On Thu, Aug 27, 2009 at 11:13:55AM -0700, aaron smith wrote: > Hey Dean, thanks for the response. I'll end up using subprocess and > openssl. One other question. What is "twinkle?" > > > On Tue, Aug 25, 2009 at 9:26 PM, Rick Dean<ri...@fd...> wrote: > > > > Strangely, your provided result is an invalid base32 encoding > > because it's an illegal length. It's not just missing equal > > signs. > > > > So the openssl commands are... > > > > $ openssl dsaparam -genkey -out dsa_priv.pem 1024 > > $ echo twinkie | openssl dgst -dss1 -sign dsa_priv.pem -out foo > > $ echo twinkie | openssl dgst -dss1 -prverify dsa_priv.pem -signature foo > > Verified OK > > > > pyOpenSSL doesn't yet provide this functionality. You > > can only sign with x509 certificates, not with just a > > PKey. Apparently the certificateless signing is provided > > by EVP_SignFinal() and EVP_VerifyFinal() as seen in > > openssl-0.9.8j/app/dgst.c > > > > In the meantime, the python module called "subprocess" > > may be of some help. > > > > -- > > Rick > > > > > > On Tue, Aug 25, 2009 at 12:48:19PM -0700, aaron smith wrote: > >> Thanks for the reply. Ultimately what I'm trying to accomplish is > >> creating a software license key. > >> > >> The full ruby example is this: > >> > >> def make_license(product_code, name, copies) > >> sign_dss1 = OpenSSL::Digest::DSS1.new > >> priv = OpenSSL::PKey::DSA.new(File.read("lib/dsa_priv.pem")) > >> b32 = Base32.encode(priv.sign(sign_dss1, > >> make_license_source(product_code, name))) > >> # Replace Os with 8s and Is with 9s > >> # See http://members.shaw.ca/akochoi-old/blog/2004/11-07/index.html > >> b32.gsub!(/O/, '8') > >> b32.gsub!(/I/, '9') > >> # chop off trailing padding > >> b32.delete("=").scan(/.{1,5}/).join("-") > >> end > >> > >> def make_license_source(product_code, name) > >> product_code + "," + name > >> end > >> > >> I think what this is doing is creating a new dsa from a private one, > >> the file (lib/dsa_priv.pem). It converts it to base 32, and adds in > >> some dashes (-). Which ultimately gives me something like: > >> "GAWAE-FDWN3-BJHHK-KBGLL-D5SF7-6KHNP-7RWSE-C2FAC-CRR32-QB76K-T3F22-MZFGQ-LV4XA-7X423-6QJY" > >> > >> > >> > >> > >> > >> On Tue, Aug 25, 2009 at 9:13 AM, Rick Dean<ri...@fd...> wrote: > >> > > >> > The automated test cases are a good place to look for > >> > examples. It's a directory named "test" in the pyOpenSSL > >> > sources. > >> > > >> > Some comments about what you are trying to accomplish > >> > would be useful. I don't know the Ruby API and you > >> > didn't link to it's docs. > >> > > >> > Are you trying to create a DSA certificate? Is "test" the > >> > common name of the subject for the new certificate being > >> > created? If so, you need a bunch more stuff than those three > >> > lines. I attached an example. > >> > > >> > -- > >> > Rick > >> > > >> > > >> > On Mon, Aug 24, 2009 at 10:21:02PM -0700, aaron smith wrote: > >> >> I'm trying to convert a small snippet of ruby code that handles some > >> >> ssl stuff for me.. > >> >> > >> >> The Ruby code is this: > >> >> > >> >> sign_dss1 = OpenSSL::Digest::DSS1.new > >> >> priv = OpenSSL::PKey::DSA.new(File.read("lib/dsa_priv.pem")) > >> >> priv.sign(sign_dss1, "test" ) > >> >> > >> >> This is somewhat contrived, but this all i'm trying to convert. The > >> >> docs for pyOpenSSL don't explain that much, so I'm not even sure where > >> >> to look. > >> >> > >> >> Thanks for your help! > >> >> -A > >> >> > >> >> ------------------------------------------------------------------------------ > >> >> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day > >> >> trial. Simplify your report design, integration and deployment - and focus on > >> >> what you do best, core application coding. Discover what's new with > >> >> Crystal Reports now. http://p.sf.net/sfu/bobj-july > >> >> _______________________________________________ > >> >> pyopenssl-list mailing list > >> >> pyo...@li... > >> >> https://lists.sourceforge.net/lists/listinfo/pyopenssl-list > >> > > >> > > > > > -- Rick |
From: aaron s. <bei...@gm...> - 2009-08-27 18:14:25
|
Whoops, meant to say hey "Rick". Sorry. On Thu, Aug 27, 2009 at 11:13 AM, aaron smith<bei...@gm...> wrote: > Hey Dean, thanks for the response. I'll end up using subprocess and > openssl. One other question. What is "twinkle?" > > > On Tue, Aug 25, 2009 at 9:26 PM, Rick Dean<ri...@fd...> wrote: >> >> Strangely, your provided result is an invalid base32 encoding >> because it's an illegal length. It's not just missing equal >> signs. >> >> So the openssl commands are... >> >> $ openssl dsaparam -genkey -out dsa_priv.pem 1024 >> $ echo twinkie | openssl dgst -dss1 -sign dsa_priv.pem -out foo >> $ echo twinkie | openssl dgst -dss1 -prverify dsa_priv.pem -signature foo >> Verified OK >> >> pyOpenSSL doesn't yet provide this functionality. You >> can only sign with x509 certificates, not with just a >> PKey. Apparently the certificateless signing is provided >> by EVP_SignFinal() and EVP_VerifyFinal() as seen in >> openssl-0.9.8j/app/dgst.c >> >> In the meantime, the python module called "subprocess" >> may be of some help. >> >> -- >> Rick >> >> >> On Tue, Aug 25, 2009 at 12:48:19PM -0700, aaron smith wrote: >>> Thanks for the reply. Ultimately what I'm trying to accomplish is >>> creating a software license key. >>> >>> The full ruby example is this: >>> >>> def make_license(product_code, name, copies) >>> sign_dss1 = OpenSSL::Digest::DSS1.new >>> priv = OpenSSL::PKey::DSA.new(File.read("lib/dsa_priv.pem")) >>> b32 = Base32.encode(priv.sign(sign_dss1, >>> make_license_source(product_code, name))) >>> # Replace Os with 8s and Is with 9s >>> # See http://members.shaw.ca/akochoi-old/blog/2004/11-07/index.html >>> b32.gsub!(/O/, '8') >>> b32.gsub!(/I/, '9') >>> # chop off trailing padding >>> b32.delete("=").scan(/.{1,5}/).join("-") >>> end >>> >>> def make_license_source(product_code, name) >>> product_code + "," + name >>> end >>> >>> I think what this is doing is creating a new dsa from a private one, >>> the file (lib/dsa_priv.pem). It converts it to base 32, and adds in >>> some dashes (-). Which ultimately gives me something like: >>> "GAWAE-FDWN3-BJHHK-KBGLL-D5SF7-6KHNP-7RWSE-C2FAC-CRR32-QB76K-T3F22-MZFGQ-LV4XA-7X423-6QJY" >>> >>> >>> >>> >>> >>> On Tue, Aug 25, 2009 at 9:13 AM, Rick Dean<ri...@fd...> wrote: >>> > >>> > The automated test cases are a good place to look for >>> > examples. It's a directory named "test" in the pyOpenSSL >>> > sources. >>> > >>> > Some comments about what you are trying to accomplish >>> > would be useful. I don't know the Ruby API and you >>> > didn't link to it's docs. >>> > >>> > Are you trying to create a DSA certificate? Is "test" the >>> > common name of the subject for the new certificate being >>> > created? If so, you need a bunch more stuff than those three >>> > lines. I attached an example. >>> > >>> > -- >>> > Rick >>> > >>> > >>> > On Mon, Aug 24, 2009 at 10:21:02PM -0700, aaron smith wrote: >>> >> I'm trying to convert a small snippet of ruby code that handles some >>> >> ssl stuff for me.. >>> >> >>> >> The Ruby code is this: >>> >> >>> >> sign_dss1 = OpenSSL::Digest::DSS1.new >>> >> priv = OpenSSL::PKey::DSA.new(File.read("lib/dsa_priv.pem")) >>> >> priv.sign(sign_dss1, "test" ) >>> >> >>> >> This is somewhat contrived, but this all i'm trying to convert. The >>> >> docs for pyOpenSSL don't explain that much, so I'm not even sure where >>> >> to look. >>> >> >>> >> Thanks for your help! >>> >> -A >>> >> >>> >> ------------------------------------------------------------------------------ >>> >> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day >>> >> trial. Simplify your report design, integration and deployment - and focus on >>> >> what you do best, core application coding. Discover what's new with >>> >> Crystal Reports now. http://p.sf.net/sfu/bobj-july >>> >> _______________________________________________ >>> >> pyopenssl-list mailing list >>> >> pyo...@li... >>> >> https://lists.sourceforge.net/lists/listinfo/pyopenssl-list >>> > >>> > >> >> > |
From: aaron s. <bei...@gm...> - 2009-08-27 18:14:07
|
Hey Dean, thanks for the response. I'll end up using subprocess and openssl. One other question. What is "twinkle?" On Tue, Aug 25, 2009 at 9:26 PM, Rick Dean<ri...@fd...> wrote: > > Strangely, your provided result is an invalid base32 encoding > because it's an illegal length. It's not just missing equal > signs. > > So the openssl commands are... > > $ openssl dsaparam -genkey -out dsa_priv.pem 1024 > $ echo twinkie | openssl dgst -dss1 -sign dsa_priv.pem -out foo > $ echo twinkie | openssl dgst -dss1 -prverify dsa_priv.pem -signature foo > Verified OK > > pyOpenSSL doesn't yet provide this functionality. You > can only sign with x509 certificates, not with just a > PKey. Apparently the certificateless signing is provided > by EVP_SignFinal() and EVP_VerifyFinal() as seen in > openssl-0.9.8j/app/dgst.c > > In the meantime, the python module called "subprocess" > may be of some help. > > -- > Rick > > > On Tue, Aug 25, 2009 at 12:48:19PM -0700, aaron smith wrote: >> Thanks for the reply. Ultimately what I'm trying to accomplish is >> creating a software license key. >> >> The full ruby example is this: >> >> def make_license(product_code, name, copies) >> sign_dss1 = OpenSSL::Digest::DSS1.new >> priv = OpenSSL::PKey::DSA.new(File.read("lib/dsa_priv.pem")) >> b32 = Base32.encode(priv.sign(sign_dss1, >> make_license_source(product_code, name))) >> # Replace Os with 8s and Is with 9s >> # See http://members.shaw.ca/akochoi-old/blog/2004/11-07/index.html >> b32.gsub!(/O/, '8') >> b32.gsub!(/I/, '9') >> # chop off trailing padding >> b32.delete("=").scan(/.{1,5}/).join("-") >> end >> >> def make_license_source(product_code, name) >> product_code + "," + name >> end >> >> I think what this is doing is creating a new dsa from a private one, >> the file (lib/dsa_priv.pem). It converts it to base 32, and adds in >> some dashes (-). Which ultimately gives me something like: >> "GAWAE-FDWN3-BJHHK-KBGLL-D5SF7-6KHNP-7RWSE-C2FAC-CRR32-QB76K-T3F22-MZFGQ-LV4XA-7X423-6QJY" >> >> >> >> >> >> On Tue, Aug 25, 2009 at 9:13 AM, Rick Dean<ri...@fd...> wrote: >> > >> > The automated test cases are a good place to look for >> > examples. It's a directory named "test" in the pyOpenSSL >> > sources. >> > >> > Some comments about what you are trying to accomplish >> > would be useful. I don't know the Ruby API and you >> > didn't link to it's docs. >> > >> > Are you trying to create a DSA certificate? Is "test" the >> > common name of the subject for the new certificate being >> > created? If so, you need a bunch more stuff than those three >> > lines. I attached an example. >> > >> > -- >> > Rick >> > >> > >> > On Mon, Aug 24, 2009 at 10:21:02PM -0700, aaron smith wrote: >> >> I'm trying to convert a small snippet of ruby code that handles some >> >> ssl stuff for me.. >> >> >> >> The Ruby code is this: >> >> >> >> sign_dss1 = OpenSSL::Digest::DSS1.new >> >> priv = OpenSSL::PKey::DSA.new(File.read("lib/dsa_priv.pem")) >> >> priv.sign(sign_dss1, "test" ) >> >> >> >> This is somewhat contrived, but this all i'm trying to convert. The >> >> docs for pyOpenSSL don't explain that much, so I'm not even sure where >> >> to look. >> >> >> >> Thanks for your help! >> >> -A >> >> >> >> ------------------------------------------------------------------------------ >> >> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day >> >> trial. Simplify your report design, integration and deployment - and focus on >> >> what you do best, core application coding. Discover what's new with >> >> Crystal Reports now. http://p.sf.net/sfu/bobj-july >> >> _______________________________________________ >> >> pyopenssl-list mailing list >> >> pyo...@li... >> >> https://lists.sourceforge.net/lists/listinfo/pyopenssl-list >> > >> > > > |