From alex.wied at GMAIL.COM Sun Jul 8 14:49:00 2007 From: alex.wied at GMAIL.COM (Alex Wied) Date: Sun, 8 Jul 2007 14:49:00 +0200 Subject: [PYTHON-CRYPTO] RandomPool instance has no attribute '__len__' Message-ID: Greetings, I trying to run the "Crypto.PublicKey: Public Key Algorithms" example from pycrypt (under Python 2.5.1) http://www.amk.ca/python/writing/pycrypt/ Here'y my code: === Begin RSATest.py === 1) from Crypto.Cipher import * 2) from Crypto.Util import randpool 3) from Crypto.Hash import MD5 4) from Crypto.PublicKey import RSA 5) 6) class RSATest(): 7) 8) def foo(self): 9) 10) plaintext = "this is some text" 11) RSAkey=RSA.generate(384, randpool.RandomPool) 12) hash=MD5.new(plaintext).digest() 13) signature=RSAkey.sign(hash, "") 14) print RSAkey.verify(hash, signature) # will check out 15) print RSAkey.verify(hash[:-1], signature)# will fail 16) 17)__name__ == "__main__": 18) d = RSATest() 19)d.foo() === End RSATest.py === I'm getting the following error when entering line 19 above: AttributeError: RandomPool instance has no attribute '__len__' Here's the stack trace: === Start trace === (...) RSAkey=RSA.generate(384, randpool.RandomPool) File "D:\Python25\Lib\site-packages\Crypto\PublicKey\RSA.py", line 40, in generate p = pubkey.getPrime(bits/2, randfunc) File "D:\Python25\lib\site-packages\Crypto\Util\number.py", line 89, in getPrime number=getRandomNumber(N, randfunc) | 1 File "D:\Python25\lib\site-packages\Crypto\Util\number.py", line 53, in getRandomNumber value = bytes_to_long(S) File "D:\Python25\lib\site-packages\Crypto\Util\number.py", line 185, in bytes_to_long length = len(s) AttributeError: RandomPool instance has no attribute '__len__' === End trace === The error is raised in bytes_to_long() in number.py. Did anybody else run into this problem? What am I doing wrong here? Any help is much appreciated. --Alex From heikki at OSAFOUNDATION.ORG Tue Jul 10 20:12:53 2007 From: heikki at OSAFOUNDATION.ORG (Heikki Toivonen) Date: Tue, 10 Jul 2007 11:12:53 -0700 Subject: [PYTHON-CRYPTO] ANN: M2Crypto 0.18beta1 Message-ID: <4693CC25.8020501@osafoundation.org> M2Crypto is the most complete Python wrapper for OpenSSL featuring RSA, DSA, DH, HMACs, message digests, symmetric ciphers (including AES); SSL functionality to implement clients and servers; HTTPS extensions to Python's httplib, urllib, and xmlrpclib; unforgeable HMAC'ing AuthCookies for web session management; FTP/TLS client and server; S/MIME; ZServerSSL: A HTTPS server for Zope and ZSmime: An S/MIME messenger for Zope. This is the first beta of the 0.18 release cycle. Final release is scheduled for the end of July 2007. Please test this out and report any issues. Download links and bug filing instructions on the homepage at http://chandlerproject.org/Projects/MeTooCrypto. Changelog: - Added EVP.pbkdf2 to derive key from password - X509_Store_Context.get1_chain added - Added X509_Name.__iter__, __getitem__, get_entries_by_nid which allow iterating over all X509_Name_Entries or getting just all commonName entries, for example - Added X509_Name_Entry.get_object, get_data, set_data - Added back PKCS7.get0_signers (was removed in 0.16) - X509_Extension.get_value accepts flag and indent parameters. - support multiple dNSName fields in subjectAltName - support multiple commonName fields for SSL peer hostname checking - Checking for erroneous returns from more OpenSSL EVP_* functions, which means that certain things that used to fail silently will now raise an EVP.EVPError; affected m2 functions are: digest_final, cipher_init, cipher_update, cipher_final and sign_update. sign_final will now raise EVP.EVPError instead of SystemError as well. - Fixed Pkey.verify_final to take a sign parameter - If a subjectAltName extension of type dNSName is present in peer certificate, use only the dNSNames when checking peer certificate hostname, as specified by RFC 2818. If no dNSNames are present, use subject commonName. - Fixed memory leaks in m2 functions ec_key_new_by_curve_name, pkey_get_modulus, ecdsa_verify, threading_init and X509.X509.verify, X509.X509_Stack (which manifested for example when calling X509.new_stack_from_der), SSL.Connection (which manifested with some connection errors or when connect was never called), twisted wrapper, SSL.Connection.makefile (in BIO.IOBuffer really) - Fixed threading regressions introduced in 0.16, by Aaron Reizes and Keith Jackson - Added SSL session caching support to HTTPSConnection, by Keith Jackson - Added the ability to save and load DER formatted X509 certificates and certificate requests, by Keith Jackson - m2xmlrpclib.py fixed to work with Python 2.5, by Miloslav Trmac - 64-bit correctness fixes, by Miloslav Trmac - Added X509_Name.as_hash, by Thomas Uram - Moved --openssl option from general setup.py option to build_ext option, meaning you need to do: python setup.py build build_ext --openssl=/path, by Philip Kershaw - Fixed build problem affecting certain systems where OpenSSL was built without EC support - M2CRYPTO_TEST_SSL_SLEEP environment variable controls how long to sleep after starting the test SSL server. Default is 0.5, but 0.1 or even 0.05 might work with modern computers. Makes tests finish significantly faster. -- Heikki Toivonen -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 254 bytes Desc: OpenPGP digital signature URL: From turam at MCS.ANL.GOV Wed Jul 11 18:23:49 2007 From: turam at MCS.ANL.GOV (Thomas D. Uram) Date: Wed, 11 Jul 2007 11:23:49 -0500 Subject: [PYTHON-CRYPTO] ANN: M2Crypto 0.18beta1 In-Reply-To: <4693CC25.8020501@osafoundation.org> References: <4693CC25.8020501@osafoundation.org> Message-ID: <46950415.4030707@mcs.anl.gov> (Responding here since 0.18beta1 is not in bugzilla) With Python < 2.4, setup.py fails with: File "setup.py", line 113, in swig_sources swig_cmd.append(swig_opts_str) NameError: global name 'swig_opts_str' is not defined The following patch fixes this problem by using self.swig_opts instead of swig_opts_str which is required with the recent reorganization of the command-line options: --- setup.py (revision 571) +++ setup.py (working copy) @@ -110,7 +110,7 @@ if self.swig_cpp: swig_cmd.append("-c++") - swig_cmd.append(swig_opts_str) + swig_cmd += self.swig_opts for source in swig_sources: target = swig_targets[source] Tom On 7/10/07 1:12 PM, Heikki Toivonen wrote: > M2Crypto is the most complete Python wrapper for OpenSSL featuring RSA, > DSA, DH, HMACs, message digests, symmetric ciphers (including AES); SSL > functionality to implement clients and servers; HTTPS extensions to > Python's httplib, urllib, and xmlrpclib; unforgeable HMAC'ing > AuthCookies for web session management; FTP/TLS client and server; > S/MIME; ZServerSSL: A HTTPS server for Zope and ZSmime: An S/MIME > messenger for Zope. > > This is the first beta of the 0.18 release cycle. Final release is > scheduled for the end of July 2007. Please test this out and report any > issues. Download links and bug filing instructions on the homepage at > http://chandlerproject.org/Projects/MeTooCrypto. > > Changelog: > > - Added EVP.pbkdf2 to derive key from password > - X509_Store_Context.get1_chain added > - Added X509_Name.__iter__, __getitem__, get_entries_by_nid which allow > iterating over all X509_Name_Entries or getting just all commonName > entries, > for example > - Added X509_Name_Entry.get_object, get_data, set_data > - Added back PKCS7.get0_signers (was removed in 0.16) > - X509_Extension.get_value accepts flag and indent parameters. > - support multiple dNSName fields in subjectAltName > - support multiple commonName fields for SSL peer hostname checking > - Checking for erroneous returns from more OpenSSL EVP_* functions, which > means that certain things that used to fail silently will now raise an > EVP.EVPError; affected m2 functions are: digest_final, cipher_init, > cipher_update, cipher_final and sign_update. sign_final will now raise > EVP.EVPError instead of SystemError as well. > - Fixed Pkey.verify_final to take a sign parameter > - If a subjectAltName extension of type dNSName is present in peer > certificate, > use only the dNSNames when checking peer certificate hostname, as > specified > by RFC 2818. If no dNSNames are present, use subject commonName. > - Fixed memory leaks in m2 functions ec_key_new_by_curve_name, > pkey_get_modulus, ecdsa_verify, threading_init and > X509.X509.verify, X509.X509_Stack (which manifested for example when > calling X509.new_stack_from_der), SSL.Connection (which manifested > with some > connection errors or when connect was never called), twisted wrapper, > SSL.Connection.makefile (in BIO.IOBuffer really) > - Fixed threading regressions introduced in 0.16, > by Aaron Reizes and Keith Jackson > - Added SSL session caching support to HTTPSConnection, by Keith Jackson > - Added the ability to save and load DER formatted X509 certificates and > certificate requests, by Keith Jackson > - m2xmlrpclib.py fixed to work with Python 2.5, by Miloslav Trmac > - 64-bit correctness fixes, by Miloslav Trmac > - Added X509_Name.as_hash, by Thomas Uram > - Moved --openssl option from general setup.py option to build_ext option, > meaning you need to do: python setup.py build build_ext --openssl=/path, > by Philip Kershaw > - Fixed build problem affecting certain systems where OpenSSL was built > without > EC support > - M2CRYPTO_TEST_SSL_SLEEP environment variable controls how long to sleep > after starting the test SSL server. Default is 0.5, but 0.1 or even 0.05 > might work with modern computers. Makes tests finish significantly faster. > > From heikki at OSAFOUNDATION.ORG Wed Jul 11 19:48:27 2007 From: heikki at OSAFOUNDATION.ORG (Heikki Toivonen) Date: Wed, 11 Jul 2007 10:48:27 -0700 Subject: [PYTHON-CRYPTO] ANN: M2Crypto 0.18beta1 In-Reply-To: <46950415.4030707@mcs.anl.gov> References: <4693CC25.8020501@osafoundation.org> <46950415.4030707@mcs.anl.gov> Message-ID: <469517EB.3020705@osafoundation.org> Thomas D. Uram wrote: > (Responding here since 0.18beta1 is not in bugzilla) I just added 0.18 version. You can also use 'unspecified', but mention in the comments what exact version it is. > With Python < 2.4, setup.py fails with: Thanks, fixed. There may be other issues with python 2.3 as well since it has received the least testing... I'll be waiting to hear from other issues for a day or so before rolling the next beta. -- Heikki Toivonen -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 254 bytes Desc: OpenPGP digital signature URL: From heikki at OSAFOUNDATION.ORG Fri Jul 13 07:17:16 2007 From: heikki at OSAFOUNDATION.ORG (Heikki Toivonen) Date: Thu, 12 Jul 2007 22:17:16 -0700 Subject: [PYTHON-CRYPTO] ANN: M2Crypto 0.18beta2 Message-ID: <46970ADC.9090002@osafoundation.org> M2Crypto is the most complete Python wrapper for OpenSSL featuring RSA, DSA, DH, HMACs, message digests, symmetric ciphers (including AES); SSL functionality to implement clients and servers; HTTPS extensions to Python's httplib, urllib, and xmlrpclib; unforgeable HMAC'ing AuthCookies for web session management; FTP/TLS client and server; S/MIME; ZServerSSL: A HTTPS server for Zope and ZSmime: An S/MIME messenger for Zope. This is the second beta of the 0.18 release cycle. Final release is scheduled for the end of July 2007. Please test this out and report any issues. Download links and bug filing instructions on the homepage at http://chandlerproject.org/Projects/MeTooCrypto. Changes since beta1: - fixed build regression with Python 2.3 Changelog: - Added EVP.pbkdf2 to derive key from password - X509_Store_Context.get1_chain added - Added X509_Name.__iter__, __getitem__, get_entries_by_nid which allow iterating over all X509_Name_Entries or getting just all commonName entries, for example - Added X509_Name_Entry.get_object, get_data, set_data - Added back PKCS7.get0_signers (was removed in 0.16) - X509_Extension.get_value accepts flag and indent parameters. - support multiple dNSName fields in subjectAltName - support multiple commonName fields for SSL peer hostname checking - Checking for erroneous returns from more OpenSSL EVP_* functions, which means that certain things that used to fail silently will now raise an EVP.EVPError; affected m2 functions are: digest_final, cipher_init, cipher_update, cipher_final and sign_update. sign_final will now raise EVP.EVPError instead of SystemError as well. - Fixed Pkey.verify_final to take a sign parameter - If a subjectAltName extension of type dNSName is present in peer certificate, use only the dNSNames when checking peer certificate hostname, as specified by RFC 2818. If no dNSNames are present, use subject commonName. - Fixed memory leaks in m2 functions ec_key_new_by_curve_name, pkey_get_modulus, ecdsa_verify, threading_init and X509.X509.verify, X509.X509_Stack (which manifested for example when calling X509.new_stack_from_der), SSL.Connection (which manifested with some connection errors or when connect was never called), twisted wrapper, SSL.Connection.makefile (in BIO.IOBuffer really) - Fixed threading regressions introduced in 0.16, by Aaron Reizes and Keith Jackson - Added SSL session caching support to HTTPSConnection, by Keith Jackson - Added the ability to save and load DER formatted X509 certificates and certificate requests, by Keith Jackson - m2xmlrpclib.py fixed to work with Python 2.5, by Miloslav Trmac - 64-bit correctness fixes, by Miloslav Trmac - Added X509_Name.as_hash, by Thomas Uram - Moved --openssl option from general setup.py option to build_ext option, meaning you need to do: python setup.py build build_ext --openssl=/path, by Philip Kershaw - Fixed build problem affecting certain systems where OpenSSL was built without EC support - M2CRYPTO_TEST_SSL_SLEEP environment variable controls how long to sleep after starting the test SSL server. Default is 0.5, but 0.1 or even 0.05 might work with modern computers. Makes tests finish significantly faster. -- Heikki Toivonen -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 254 bytes Desc: OpenPGP digital signature URL: From shramov at MEXMAT.NET Fri Jul 13 10:21:01 2007 From: shramov at MEXMAT.NET (Pavel Shramov) Date: Fri, 13 Jul 2007 12:21:01 +0400 Subject: [PYTHON-CRYPTO] OBJ_* ASN1_OBJECT functions Message-ID: <20070713082101.GA23581@qwe.ipib.msu.ru> As for m2crypto revision 576 (trunk) there are no OBJ_ functions to manipulate with ASN1_OBJECTS (OIDs). They are needed to convert X509_Name_Entry to something usable. Since current implementation (after r538) is much more friendly it's difficult to deal with subjects. Maybe attached patch will be useful. Also what's your opinion on representing X509 Name and Name Entry as some native python data types with marshalling functions? For example Name Entry is equivalent to native tuple of 2 elements - OID and Data. Name is list of Name Entries. No binding to OpenSSL except of marshalling functions for Name and NE. So one may work with names as native types. As for current state every new manipulation function, e.g. element deletion, must be implemented as FFI call of OpenSSL library. If somebody is interested in sample implementation of such approach I may post it to list. Pavel -------------- next part -------------- A non-text attachment was scrubbed... Name: objects.patch Type: text/x-diff Size: 3559 bytes Desc: not available URL: From shramov at MEXMAT.NET Fri Jul 13 13:09:41 2007 From: shramov at MEXMAT.NET (Pavel Shramov) Date: Fri, 13 Jul 2007 15:09:41 +0400 Subject: [PYTHON-CRYPTO] X509_NAME_ENTRY_create_by_txt type signature fix Message-ID: <20070713110941.GA13730@qwe.ipib.msu.ru> X509_NAME_ENTRY_create_by_txt as other OpenSSL functions take 'bytes' parameter of type 'unsigned char *' Python string is represented in SWIG as 'char *'. Some functions that are used in Python code are exported with 'char * bytes'. For example code from SWIG/_x509.i 412 /* x509_name_add_entry_by_txt */ 413 int x509_name_add_entry_by_txt(X509_NAME *name, char *field, int type, char *bytes, int len, int loc, int set) { 414 return X509_NAME_add_entry_by_txt(name, field, type, bytes, len, loc, set); 415 } Attached patch fixes type signature of x509_name_entry_create_by_txt function. Pavel -------------- next part -------------- A non-text attachment was scrubbed... Name: name_entry_create.patch Type: text/x-diff Size: 825 bytes Desc: not available URL: From heikki at OSAFOUNDATION.ORG Fri Jul 13 19:42:48 2007 From: heikki at OSAFOUNDATION.ORG (Heikki Toivonen) Date: Fri, 13 Jul 2007 10:42:48 -0700 Subject: [PYTHON-CRYPTO] X509_NAME_ENTRY_create_by_txt type signature fix In-Reply-To: <20070713110941.GA13730@qwe.ipib.msu.ru> References: <20070713110941.GA13730@qwe.ipib.msu.ru> Message-ID: <4697B998.7060206@osafoundation.org> Pavel Shramov wrote: > X509_NAME_ENTRY_create_by_txt as other OpenSSL functions take 'bytes' > parameter of type 'unsigned char *' Python string is represented in > SWIG as 'char *'. Some functions that are used in Python code are exported > with 'char * bytes'. For example code from SWIG/_x509.i This is a bummer, yes, but I'd rather not change this in 0.18 release because it would break backwards compatibility. -- Heikki Toivonen -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 254 bytes Desc: OpenPGP digital signature URL: From heikki at OSAFOUNDATION.ORG Fri Jul 13 19:50:28 2007 From: heikki at OSAFOUNDATION.ORG (Heikki Toivonen) Date: Fri, 13 Jul 2007 10:50:28 -0700 Subject: [PYTHON-CRYPTO] OBJ_* ASN1_OBJECT functions In-Reply-To: <20070713082101.GA23581@qwe.ipib.msu.ru> References: <20070713082101.GA23581@qwe.ipib.msu.ru> Message-ID: <4697BB64.1080205@osafoundation.org> Pavel Shramov wrote: > As for m2crypto revision 576 (trunk) there are no OBJ_ functions to > manipulate with ASN1_OBJECTS (OIDs). They are needed to convert > X509_Name_Entry to something usable. Since current implementation (after > r538) is much more friendly it's difficult to deal with subjects. > > Maybe attached patch will be useful. Thanks, I'll see about putting this on the trunk soonish. > Also what's your opinion on representing X509 Name and Name Entry as > some native python data types with marshalling functions? > > For example Name Entry is equivalent to native tuple of 2 elements - > OID and Data. Name is list of Name Entries. No binding to OpenSSL > except of marshalling functions for Name and NE. So one may work > with names as native types. As for current state every new > manipulation function, e.g. element deletion, must be > implemented as FFI call of OpenSSL library. It would be great if we didn't need to worry about backwards compatibility. I don't think it can be put into M2Crypto at this point. (It does have one minor weakness, in that tuple is not as self-documenting as a class.) -- Heikki Toivonen -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 254 bytes Desc: OpenPGP digital signature URL: From shramov at MEXMAT.NET Fri Jul 13 22:41:03 2007 From: shramov at MEXMAT.NET (Pavel Shramov) Date: Sat, 14 Jul 2007 00:41:03 +0400 Subject: [PYTHON-CRYPTO] OBJ_* ASN1_OBJECT functions In-Reply-To: <4697BB64.1080205@osafoundation.org> References: <20070713082101.GA23581@qwe.ipib.msu.ru> <4697BB64.1080205@osafoundation.org> Message-ID: <20070713204103.GA3156@buka.psha-ns.mexmat.net> On Fri, Jul 13, 2007 at 10:50:28AM -0700, Heikki Toivonen wrote: > It would be great if we didn't need to worry about backwards > compatibility. I don't think it can be put into M2Crypto at this point. This interface may be built on top of M2 as an extansion. There is no need to replace current code. I'd suggested it as a subject to discuss :) So correct subject would be "[RFC] Native python representation of Name/Name Entry objects" > (It does have one minor weakness, in that tuple is not as > self-documenting as a class.) Tuples have weak points such as hard constructor overloading and immutability. But they are extremly simple. Name Entry may be implemented as Python class with oid/data fields and function that convers this native python representation to libssl objects. Major point here is that all manipulations are performed in python and only interaction with other OpenSSL code require conversion. I'd mentioned reason why it may be useful - new functions may be implemented as 'addons' and not library modification involving SWIG. Pavel From garabatus at GMAIL.COM Thu Jul 26 16:59:50 2007 From: garabatus at GMAIL.COM (Gara Batus) Date: Thu, 26 Jul 2007 16:59:50 +0200 Subject: [PYTHON-CRYPTO] installing M2Crypto Message-ID: Hi there, I'm trying to install and use m2crypto-0.18beta2 in Windows Vista. I download and installed: python-2.5 (windows installer Package) Win32OpenSSL-0_9_8e and when I try: pyhton setup.py build I'm getting the following error: error: Python was built with Visual Studio 2003; extensions must be built with a compiler than can generate compatible binaries. Visual Studio 2003 was not found on this system. If you have Cygwin installed, you can try compiling with MingW32, by passing "-c mingw32" to setup.py. Currently, I'm using VS 2005. I was googling for a while and I found this post in this list: https://listserv.surfnet.nl/scripts/wa.cgi?A2=ind0703&L=PYTHON-CRYPTO&P=R1014&D=0&H=0&I=-3&O=T&T=1 _but_ I opened the Visual Studio Command Prompt and tried a lot of command lines trying to set the SWIGLIB environment variable but I couldn't get it. Please, if someone can give me more details of how I can install the m2crypto will be perfect to me. best regards, gara. From heikki at OSAFOUNDATION.ORG Thu Jul 26 19:17:31 2007 From: heikki at OSAFOUNDATION.ORG (Heikki Toivonen) Date: Thu, 26 Jul 2007 10:17:31 -0700 Subject: [PYTHON-CRYPTO] installing M2Crypto In-Reply-To: References: Message-ID: <46A8D72B.2050004@osafoundation.org> Gara Batus wrote: > error: Python was built with Visual Studio 2003; > extensions must be built with a compiler than can generate compatible binaries. > Visual Studio 2003 was not found on this system. If you have Cygwin installed, > you can try compiling with MingW32, by passing "-c mingw32" to setup.py. > > Currently, I'm using VS 2005. You must have the exact same version of Visual Studio that Python was compiled with. Since you don't have Visual Studio 2003, the best option would probably be to build everything from sources yourself using your Visual Studio 2005. -- Heikki Toivonen -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 254 bytes Desc: OpenPGP digital signature URL: From heikki at OSAFOUNDATION.ORG Thu Jul 26 22:36:55 2007 From: heikki at OSAFOUNDATION.ORG (Heikki Toivonen) Date: Thu, 26 Jul 2007 13:36:55 -0700 Subject: [PYTHON-CRYPTO] ANN: M2Crypto 0.18 Message-ID: <46A905E7.4050504@osafoundation.org> M2Crypto is the most complete Python wrapper for OpenSSL featuring RSA, DSA, DH, HMACs, message digests, symmetric ciphers (including AES); SSL functionality to implement clients and servers; HTTPS extensions to Python's httplib, urllib, and xmlrpclib; unforgeable HMAC'ing AuthCookies for web session management; FTP/TLS client and server; S/MIME; ZServerSSL: A HTTPS server for Zope and ZSmime: An S/MIME messenger for Zope. Download links and bug filing instructions on the homepage at http://chandlerproject.org/Projects/MeTooCrypto. Changelog: - Added EVP.pbkdf2 to derive key from password - X509_Store_Context.get1_chain added - Added X509_Name.__iter__, __getitem__, get_entries_by_nid which allow iterating over all X509_Name_Entries or getting just all commonName entries, for example - Added X509_Name_Entry.get_object, get_data, set_data - Added back PKCS7.get0_signers (was removed in 0.16) - X509_Extension.get_value accepts flag and indent parameters. - support multiple dNSName fields in subjectAltName - support multiple commonName fields for SSL peer hostname checking - Checking for erroneous returns from more OpenSSL EVP_* functions, which means that certain things that used to fail silently will now raise an EVP.EVPError; affected m2 functions are: digest_final, cipher_init, cipher_update, cipher_final and sign_update. sign_final will now raise EVP.EVPError instead of SystemError as well. - Fixed Pkey.verify_final to take a sign parameter - If a subjectAltName extension of type dNSName is present in peer certificate, use only the dNSNames when checking peer certificate hostname, as specified by RFC 2818. If no dNSNames are present, use subject commonName. - Fixed memory leaks in m2 functions ec_key_new_by_curve_name, pkey_get_modulus, ecdsa_verify, threading_init and X509.X509.verify, X509.X509_Stack (which manifested for example when calling X509.new_stack_from_der), SSL.Connection (which manifested with some connection errors or when connect was never called), twisted wrapper, SSL.Connection.makefile (in BIO.IOBuffer really) - Fixed threading regressions introduced in 0.16, by Aaron Reizes and Keith Jackson - Added SSL session caching support to HTTPSConnection, by Keith Jackson - Added the ability to save and load DER formatted X509 certificates and certificate requests, by Keith Jackson - m2xmlrpclib.py fixed to work with Python 2.5, by Miloslav Trmac - 64-bit correctness fixes, by Miloslav Trmac - Added X509_Name.as_hash, by Thomas Uram - Moved --openssl option from general setup.py option to build_ext option, meaning you need to do: python setup.py build build_ext --openssl=/path, by Philip Kershaw - Fixed build problem affecting certain systems where OpenSSL was built without EC support - M2CRYPTO_TEST_SSL_SLEEP environment variable controls how long to sleep after starting the test SSL server. Default is 0.5, but 0.1 or even 0.05 might work with modern computers. Makes tests finish significantly faster. -- Heikki Toivonen -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 254 bytes Desc: OpenPGP digital signature URL: