pyopenssl-list

[pyOpenSSL] CRL patch

[Arnaud D. <arn...@fr...>]

Hi,

I wrote a second patch for pyOpenSSL 0.6 (to be applied just after my
pkcs12 one). This allow generation of CRL like this :

crl =3D crypto.CRL()
crl.make_revoked("100928084218Z", "1")
crl.make_revoked("100928084218Z", "2")
print crypto.dump_crl(crl, cacert, capkey)

Maybe I will do a separate sign(cacert, cakey) fonction instead of
doing everything in dump_crl=E2=80=A6

This is mainly for web (not tested for others purposes)

This patch is available here :
http://arnaud.desmons.free.fr/pyOpenSSL-0.6-crl.patch

Let me know what you guys think about it.
Thanks.

--=20
Arnaud

Re: [pyOpenSSL] CRL patch

[Dave C. <da...@cr...>]

On Thu Dec 28 21:26:03 2006, Arnaud Desmons wrote:
> Maybe I will do a separate sign(cacert, cakey) fonction instead of
> doing everything in dump_crl=E2=80=A6

I get quite a few failed hunks on this, applying to my tree - I'll=20
take a look at this in more detail later, but would you like to have=20
a look?

My tree's in SVN at:=20
http://svn.dave.cridland.net/svn/projects/pyopenssl/dwd/

It might have some CRL capability already - I've not examined what=20
the pyopenssl-extended patches do, yet. So far, where there's been=20
clashes between that and your code, I've preferred yours, but you=20
might not want to reimplement everything. :-)

Dave.
--=20
Dave Cridland - mailto:da...@cr... - xmpp:dw...@ja...
  - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
  - http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade

Re: [pyOpenSSL] CRL patch

[Arnaud D. <arn...@fr...>]

On Wed, Jan 03, 2007 at 01:55:19PM +0000, Dave Cridland wrote:
> On Thu Dec 28 21:26:03 2006, Arnaud Desmons wrote:
> >Maybe I will do a separate sign(cacert, cakey) fonction instead of
> >doing everything in dump_crl???
> 
> I get quite a few failed hunks on this, applying to my tree - I'll 
> take a look at this in more detail later, but would you like to have 
> a look?

[...]

> It might have some CRL capability already - I've not examined what 
> the pyopenssl-extended patches do, yet. So far, where there's been 
> clashes between that and your code, I've preferred yours, but you 
> might not want to reimplement everything. :-)

Right, I'm not really interested in merging my code with
pyopenssl-extended as far as I don't need pyopenssl-extended... :-)

Anyway, I am not sure that users need both fonctionnalities at the
same time...

-- 
Arnaud

Re: [pyOpenSSL] CRL patch

[Dave C. <da...@cr...>]

On Wed Jan  3 14:24:25 2007, Arnaud Desmons wrote:
> Right, I'm not really interested in merging my code with
> pyopenssl-extended as far as I don't need pyopenssl-extended... :-)
> 
> 
My attitude is really that some people have needed the -extended 
stuff, so it might as well go in as long as it does no harm. Better 
to try to unify these forks.


> Anyway, I am not sure that users need both fonctionnalities at the
> same time...

True, but there's nowhere else to put it, unless we start fragmenting 
the pyOpenSSL modules further. I'm not sure that gains much other 
than complexity.

Dave.
-- 
Dave Cridland - mailto:da...@cr... - xmpp:dw...@ja...
  - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
  - http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade