Hi,
(i really hope this list is still somewhat active)
Let me say that i'm totally new to python, so please excuse me for that :)
I have modified the simple example script somewhat to have it generate a
client certificate, signed by an existing CA certificate.
Now all works up to the point that i want to add an X509 extension. The
'Basic Constraints' extension works fine, but when i add another (or replace
it) like this:
extensions.append(crypto.X509Extension('basicConstraints',1, 'CA:true'))
extensions.append(crypto.X509Extension('nsComment', 0, 'OpenSSL Generated
Certificate'))
cert.add_extensions(extensions)
i get this error:
ValueError: Can't initialize exception
The same goes for
extensions.append(crypto.X509Extension('subjectKeyIdentifier', 0, 'hash'))
and authorityKeyIdentifier
Am i doing something fundamentally wrong? Is this feature not implemented,
or shouldn't i be using pyopenssl for this? I appreciate any feedback
because so far Google hasn't been helpful.
I'm using an deb package python-pyopenssl from Debian Lenny's repo. I've
also tried downloading the source and patching it with the "[ 1166109 ]
(re)enabling X509Extensions" patch found on the sourceforge website, but
this gives me the same error.
kind regards,
Sebastian
|
