Menu
▾
▴
pyopenssl-list
|
From: <ex...@tw...> - 2008-03-22 18:11:55
|
Greetings all, Over the past several weeks, I've been working on integrating patches from the issue tracker and fixing long-standing bugs in the 0.6 release. I've gotten to the point where I think a release would be useful. So I've put together an alpha of what will become 0.7. You can find a source tarball or Windows Python 2.5 installers on the SourceForge download page. Any testing and feedback anyone can provide would be greatly appreciated. I'll probably aim for a final 0.7 release in between one to two weeks, barring any serious problems anyone may find. Thanks! Jean-Paul |
|
From: Sebastian V. <seb...@gm...> - 2008-03-22 21:16:57
|
Hi, Any chance of including the CRL patch found on http://tinyurl.com/2kj8o6 ? I found that the required pkcs12 patched cleanly against the 0.7 source, but the crl patch failed one hunk: patching file src/crypto/crypto.c Hunk #1 succeeded at 461 (offset -1 lines). Hunk #2 succeeded at 591 (offset -1 lines). Hunk #3 succeeded at 626 (offset -1 lines). Hunk #4 succeeded at 794 (offset 25 lines). Hunk #5 FAILED at 803. Hunk #6 succeeded at 872 (offset 26 lines). I ask this because my python/openvpn script depends on it :) kind regards, S. On Sat, Mar 22, 2008 at 7:11 PM, <ex...@tw...> wrote: > Greetings all, > > Over the past several weeks, I've been working on integrating patches from > the issue tracker and fixing long-standing bugs in the 0.6 release. I've > gotten to the point where I think a release would be useful. So I've put > together an alpha of what will become 0.7. You can find a source tarball > or Windows Python 2.5 installers on the SourceForge download page. Any > testing and feedback anyone can provide would be greatly appreciated. > I'll > probably aim for a final 0.7 release in between one to two weeks, barring > any serious problems anyone may find. > > Thanks! > > Jean-Paul > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > pyopenssl-list mailing list > pyo...@li... > https://lists.sourceforge.net/lists/listinfo/pyopenssl-list > |
|
From: Jean-Paul C. <ex...@di...> - 2008-03-22 23:20:30
|
On Sat, 22 Mar 2008 22:16:56 +0100, Sebastian Vieira <seb...@gm...> wrote: >Hi, > >Any chance of including the CRL patch found on http://tinyurl.com/2kj8o6 ? I >found that the required pkcs12 patched cleanly against the 0.7 source, but >the crl patch failed one hunk: > >patching file src/crypto/crypto.c >Hunk #1 succeeded at 461 (offset -1 lines). >Hunk #2 succeeded at 591 (offset -1 lines). >Hunk #3 succeeded at 626 (offset -1 lines). >Hunk #4 succeeded at 794 (offset 25 lines). >Hunk #5 FAILED at 803. >Hunk #6 succeeded at 872 (offset 26 lines). > >I ask this because my python/openvpn script depends on it :) > >kind regards, > Hey Sebastian, This is definitely a possibility. I may need some help with it, though. First, http://arnaud.desmons.free.fr/pyOpenSSL-0.6-crl.patch is the patch you're referring to, right? And the patch which must be applied first is http://arnaud.desmons.free.fr/pyOpenSSL-0.6-pkcs12.patch? If so, here are some specific questions the answers to which would help me out a bunch: * What is the proper usage of crypto_dump_pkcs12? * Is crypto_PKCS12_set_certificate stealing a reference (meaning memory corruption will likely follow a call to it)? * Same question for crypto_PKCS12_set_privatekey. * Why the commented out lines in crypto_PKCS12_dealloc and in the definition of crypto_PKCS12_Type? * What is the proper usage of crypto_dump_crl? And more generally: * Documentation would be greatly appreciated. Either in the form of C comments in the code, or docstrings exposed to Python (instead of the empty strings currently given to the new APIs), or in LaTeX as diffs against doc/pyOpenSSL.tex * Unit tests would be even better. ;) In the mean time, I've applied both patches (resolving the simple conflicts) and pushed a branch to launchpad - https://code.launchpad.net/~exarkun/pyopenssl/pkcs12-crl - in case you want to use that diff (since it applies clean to trunk now) or if you want to generate any patches. Jean-Paul |
|
From: Sebastian V. <seb...@gm...> - 2008-03-24 09:56:37
|
Hi Jean-Paul, I would love to take credit for the patches, and provide you with the documentation you asked for. But the truth is that i haven't written these, and to be honest my knowledge of C is extremely limited so i'm unable to answer these questions. Sorry. kind regards, Sebastian On Sun, Mar 23, 2008 at 12:20 AM, Jean-Paul Calderone <ex...@di...> wrote: > On Sat, 22 Mar 2008 22:16:56 +0100, Sebastian Vieira <seb...@gm...> > wrote: > >Hi, > > > >Any chance of including the CRL patch found on http://tinyurl.com/2kj8o6? I > >found that the required pkcs12 patched cleanly against the 0.7 source, > but > >the crl patch failed one hunk: > > > >patching file src/crypto/crypto.c > >Hunk #1 succeeded at 461 (offset -1 lines). > >Hunk #2 succeeded at 591 (offset -1 lines). > >Hunk #3 succeeded at 626 (offset -1 lines). > >Hunk #4 succeeded at 794 (offset 25 lines). > >Hunk #5 FAILED at 803. > >Hunk #6 succeeded at 872 (offset 26 lines). > > > >I ask this because my python/openvpn script depends on it :) > > > >kind regards, > > > > Hey Sebastian, > > This is definitely a possibility. I may need some help with it, though. > > First, http://arnaud.desmons.free.fr/pyOpenSSL-0.6-crl.patch is the patch > you're referring to, right? And the patch which must be applied first is > http://arnaud.desmons.free.fr/pyOpenSSL-0.6-pkcs12.patch? > > If so, here are some specific questions the answers to which would help me > out a bunch: > > * What is the proper usage of crypto_dump_pkcs12? > * Is crypto_PKCS12_set_certificate stealing a reference (meaning memory > corruption will likely follow a call to it)? > * Same question for crypto_PKCS12_set_privatekey. > * Why the commented out lines in crypto_PKCS12_dealloc and in the > definition of crypto_PKCS12_Type? > > * What is the proper usage of crypto_dump_crl? > > And more generally: > > * Documentation would be greatly appreciated. Either in the form of C > comments in the code, or docstrings exposed to Python (instead of the > empty strings currently given to the new APIs), or in LaTeX as diffs > against doc/pyOpenSSL.tex > * Unit tests would be even better. ;) > > In the mean time, I've applied both patches (resolving the simple > conflicts) > and pushed a branch to launchpad - > https://code.launchpad.net/~exarkun/pyopenssl/pkcs12-crl<https://code.launchpad.net/%7Eexarkun/pyopenssl/pkcs12-crl>- in case you want > to use that diff (since it applies clean to trunk now) or if you want to > generate any patches. > > Jean-Paul > |
|
From: Arnaud D. <arn...@fr...> - 2008-03-24 16:08:13
|
Hi, I am the author of those patches and I will try to document them this week. Nevertheless, I already made a quick synopsis of each patch : http://arnaud.desmons.free.fr/wordpress/?p=85 http://arnaud.desmons.free.fr/wordpress/?p=86 Nice to see that this code is useful for others ;-). Regards, -- Arnaud Selon Sebastian Vieira <seb...@gm...>: > Hi Jean-Paul, > > I would love to take credit for the patches, and provide you with the > documentation you asked for. But the truth is that i haven't written these, > and to be honest my knowledge of C is extremely limited so i'm unable to > answer these questions. Sorry. > > kind regards, > > Sebastian > > On Sun, Mar 23, 2008 at 12:20 AM, Jean-Paul Calderone <ex...@di...> > wrote: > > > On Sat, 22 Mar 2008 22:16:56 +0100, Sebastian Vieira <seb...@gm...> > > wrote: > > >Hi, > > > > > >Any chance of including the CRL patch found on http://tinyurl.com/2kj8o6? > I > > >found that the required pkcs12 patched cleanly against the 0.7 source, > > but > > >the crl patch failed one hunk: > > > > > >patching file src/crypto/crypto.c > > >Hunk #1 succeeded at 461 (offset -1 lines). > > >Hunk #2 succeeded at 591 (offset -1 lines). > > >Hunk #3 succeeded at 626 (offset -1 lines). > > >Hunk #4 succeeded at 794 (offset 25 lines). > > >Hunk #5 FAILED at 803. > > >Hunk #6 succeeded at 872 (offset 26 lines). > > > > > >I ask this because my python/openvpn script depends on it :) > > > > > >kind regards, > > > > > > > Hey Sebastian, > > > > This is definitely a possibility. I may need some help with it, though. > > > > First, http://arnaud.desmons.free.fr/pyOpenSSL-0.6-crl.patch is the patch > > you're referring to, right? And the patch which must be applied first is > > http://arnaud.desmons.free.fr/pyOpenSSL-0.6-pkcs12.patch? > > > > If so, here are some specific questions the answers to which would help me > > out a bunch: > > > > * What is the proper usage of crypto_dump_pkcs12? > > * Is crypto_PKCS12_set_certificate stealing a reference (meaning memory > > corruption will likely follow a call to it)? > > * Same question for crypto_PKCS12_set_privatekey. > > * Why the commented out lines in crypto_PKCS12_dealloc and in the > > definition of crypto_PKCS12_Type? > > > > * What is the proper usage of crypto_dump_crl? > > > > And more generally: > > > > * Documentation would be greatly appreciated. Either in the form of C > > comments in the code, or docstrings exposed to Python (instead of the > > empty strings currently given to the new APIs), or in LaTeX as diffs > > against doc/pyOpenSSL.tex > > * Unit tests would be even better. ;) > > > > In the mean time, I've applied both patches (resolving the simple > > conflicts) > > and pushed a branch to launchpad - > > > https://code.launchpad.net/~exarkun/pyopenssl/pkcs12-crl<https://code.launchpad.net/%7Eexarkun/pyopenssl/pkcs12-crl>- > in case you want > > to use that diff (since it applies clean to trunk now) or if you want to > > generate any patches. > > > > Jean-Paul > > > -- Arnaud |
|
From: Sebastian V. <seb...@gm...> - 2008-04-08 12:50:55
|
Hi,
I posted this msg to the ml some weeks ago (before your announcement), but
maybe it's worth posting it again now that development is active again:
-- begin original mail --
Now all works up to the point that i want to add an X509 extension. The
'Basic Constraints' extension works fine, but when i add another (or replace
it) like this:
extensions.append(crypto.X509Extension('basicConstraints',1, 'CA:true'))
extensions.append(crypto.X509Extension('nsComment', 0, 'OpenSSL Generated
Certificate'))
cert.add_extensions(extensions)
i get this error:
ValueError: Can't initialize exception
The same goes for
extensions.append(crypto.X509Extension('subjectKeyIdentifier', 0, 'hash'))
and authorityKeyIdentifier
-- end --
thanks,
S.
On Sat, Mar 22, 2008 at 8:11 PM, <ex...@tw...> wrote:
> Greetings all,
>
> Over the past several weeks, I've been working on integrating patches from
> the issue tracker and fixing long-standing bugs in the 0.6 release. I've
> gotten to the point where I think a release would be useful. So I've put
> together an alpha of what will become 0.7. You can find a source tarball
> or Windows Python 2.5 installers on the SourceForge download page. Any
> testing and feedback anyone can provide would be greatly appreciated.
> I'll
> probably aim for a final 0.7 release in between one to two weeks, barring
> any serious problems anyone may find.
>
> Thanks!
>
> Jean-Paul
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> pyopenssl-list mailing list
> pyo...@li...
> https://lists.sourceforge.net/lists/listinfo/pyopenssl-list
>
|
|
From: Jean-Paul C. <ex...@di...> - 2008-04-08 12:54:27
|
On Tue, 8 Apr 2008 14:50:57 +0200, Sebastian Vieira <seb...@gm...> wrote:
>Hi,
>
>I posted this msg to the ml some weeks ago (before your announcement), but
>maybe it's worth posting it again now that development is active again:
>
>-- begin original mail --
>Now all works up to the point that i want to add an X509 extension. The
>'Basic Constraints' extension works fine, but when i add another (or replace
>it) like this:
>
>extensions.append(crypto.X509Extension('basicConstraints',1, 'CA:true'))
>extensions.append(crypto.X509Extension('nsComment', 0, 'OpenSSL Generated
>Certificate'))
>cert.add_extensions(extensions)
>
>
>i get this error:
>
>ValueError: Can't initialize exception
>
>The same goes for
>
>extensions.append(crypto.X509Extension('subjectKeyIdentifier', 0, 'hash'))
>
>
>and authorityKeyIdentifier
>-- end --
>
>thanks,
>
Thanks for following up on this. I noticed your earlier post and did a
bit of investigation. One thing I learned is that there's a think-o in
the exception message for this error case. It says
ValueError: Can't initialize exception
But the case which fails would really be better described by
ValueError: Can't initialize extension
Unfortunately, I didn't make much progress beyond this. However, I'm
aware of the issue and I'll keep working on it. I don't know if a fix
will make it into 0.7, but I hope that any known issue which isn't
resolved in 0.7 will be resolved in 0.8.
Jean-Paul
|
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X