[PYTHON-CRYPTO] patches for X509_EXTENSION and a few other things

Conrad Steenberg conrad at HEP.CALTECH.EDU
Wed Nov 30 23:19:35 CET 2005 

Hi Matt

Could you perhaps send a link to the code you use to create the proxy
certificates with M2Crypto?

Thanks!

Conrad

On Tue, 2005-11-29 at 17:45 -0800, Matt Rodriguez wrote:
> I've done a little work with M2Crypto because I've been using it to 
> generate proxy certificates. Proxy Certificates need to have a proxy 
> certificate info extension for openssl to recognize them. Openssl 
> versions 0.9.8 and later have support for proxy certificates. 
> 
> So here are the changes that I've made.
> 
> 1. I added a as_der method to the EVP class in EVP.py. This calls 
> i2d_PUBKEY to
> get the DER encoding.
> 
> 2. I changed the new_extensions function in X509. It initializes a LHASH 
> and a
> X509V3_CTX objects, and passes them into the X509V3_ext_conf function. I 
> did this
> was because to use the ProxyCertInfo extension it needed an initialized 
> context object,
> otherwise I would get a segmentation fault. This is because the 
> X509_EXTENSION_METHOD object assoctiated with PCI does not contain v2i 
> or s2i functions. The method does have an r2i function, but the 
> do_ext_nconf  does a check
> on the context to see if it has a db or db_meth object. If the context 
> is NULL then there is
> a segmentation fault.
> 
> If there is another way to create a PCI extension using M2Crypto without 
> this patch, I'd like
> to know about it. 
> 
> 3. Changes to setup.py. I've mentioned this in previous posts. I added 
> an option so that one
> could build M2Crypto against openssl that is installed in an arbitrary 
> location.
> 
> 4. I added a quick test to test_evp.py that tests the as_der method.
> 
> 5. I fixed an obvious memory leak in _x509.i in the x509_extension_get_name.
> 
> I've tested these changes with openssl-0.9.8a using valgrind to make 
> sure my changes
> didn't leak any more memory.
> 
> 
> Please let me know if there are any problems with the patches or if 
> there is anything I can
> do to facilitate adding these patches to M2Crypto.
> 
> Matt Rodriguez
-- 
Conrad Steenberg <conrad at hep.caltech.edu>
California Institute of Technology
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2531 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/python-crypto/attachments/20051130/6eb4dfa8/attachment.bin>

More information about the python-crypto mailing list