From cjm at ava.com.au Sun Jul 6 11:48:46 2003 From: cjm at ava.com.au (Chris Munchenberg) Date: Sun, 6 Jul 2003 19:18:46 +0930 Subject: [pyOpenSSL] Building pyopenssl on windows with mingw Message-ID: <012801c343a3$d036fa20$0100a8c0@mshome.net> Hi, I hope you can help, because I've exhausted my limited capabilites. I'm trying to build with mingw (as its free) on windows. OpenSSL 0.9.7b built flawlessly with mingw running the default ms\mingw32.bat script. It passes the included test scripts, so I presume it has done what it needs to. (You've probably guess I have extremely limited compiling/installing experience, which is 1 reason I chose Python). However I run into problems trying to build py-openssl. The default library build folder for openssl is out, the headers are in outinc. I copied libeay32.def and libeay32.dll into openssl-0.9.7b/out, but that didn't help. The platform is win-xp, with mingw 2.0.0.3. I know people have had it working previously, so I imagine it is me missing something obvious, but I am at the stage of going around in circles and would appreciate the help. Thanks, Chris Munchenberg cjm at ava.com.au C:\Python22\Lib\site-packages\pyOpenSSL-0.5.1>python setup.py build_ext --compiler=mingw32 -I C:\ope nssl-0.9.7b\outinc -L c:\openssl-0.9.7b\out running build_ext building 'OpenSSL.crypto' extension creating build\temp.win32-2.2 creating build\temp.win32-2.2\Release C:\MinGW\bin\gcc.exe -mno-cygwin -mdll -O -Wall -IC:\openssl-0.9.7b\outinc - IC:\Python22\include -c src/crypto/crypto.c -o build\temp.win32-2.2\Release\crypto.o src/crypto/crypto.c:20: warning: `CVSid' defined but not used C:\MinGW\bin\gcc.exe -mno-cygwin -mdll -O -Wall -IC:\openssl-0.9.7b\outinc - IC:\Python22\include -c src/crypto/x509.c -o build\temp.win32-2.2\Release\x509.o src/crypto/x509.c:15: warning: `CVSid' defined but not used C:\MinGW\bin\gcc.exe -mno-cygwin -mdll -O -Wall -IC:\openssl-0.9.7b\outinc - IC:\Python22\include -c src/crypto/x509name.c -o build\temp.win32-2.2\Release\x509name.o src/crypto/x509name.c:15: warning: `CVSid' defined but not used C:\MinGW\bin\gcc.exe -mno-cygwin -mdll -O -Wall -IC:\openssl-0.9.7b\outinc - IC:\Python22\include -c src/crypto/pkey.c -o build\temp.win32-2.2\Release\pkey.o src/crypto/pkey.c:14: warning: `CVSid' defined but not used C:\MinGW\bin\gcc.exe -mno-cygwin -mdll -O -Wall -IC:\openssl-0.9.7b\outinc - IC:\Python22\include -c src/crypto/x509store.c -o build\temp.win32-2.2\Release\x509store.o src/crypto/x509store.c:13: warning: `CVSid' defined but not used C:\MinGW\bin\gcc.exe -mno-cygwin -mdll -O -Wall -IC:\openssl-0.9.7b\outinc - IC:\Python22\include -c src/crypto/x509req.c -o build\temp.win32-2.2\Release\x509req.o src/crypto/x509req.c:13: warning: `CVSid' defined but not used C:\MinGW\bin\gcc.exe -mno-cygwin -mdll -O -Wall -IC:\openssl-0.9.7b\outinc - IC:\Python22\include -c src/crypto/x509ext.c -o build\temp.win32-2.2\Release\x509ext.o src/crypto/x509ext.c:14: warning: `CVSid' defined but not used C:\MinGW\bin\gcc.exe -mno-cygwin -mdll -O -Wall -IC:\openssl-0.9.7b\outinc - IC:\Python22\include -c src/crypto/pkcs7.c -o build\temp.win32-2.2\Release\pkcs7.o src/crypto/pkcs7.c:14: warning: `CVSid' defined but not used C:\MinGW\bin\gcc.exe -mno-cygwin -mdll -O -Wall -IC:\openssl-0.9.7b\outinc - IC:\Python22\include -c src/crypto/pkcs12.c -o build\temp.win32-2.2\Release\pkcs12.o src/crypto/pkcs12.c:17: warning: `CVSid' defined but not used C:\MinGW\bin\gcc.exe -mno-cygwin -mdll -O -Wall -IC:\openssl-0.9.7b\outinc - IC:\Python22\include -c src/util.c -o build\temp.win32-2.2\Release\util.o src/util.c:14: warning: `CVSid' defined but not used writing build\temp.win32-2.2\Release\crypto.def C:\MinGW\bin\dllwrap.exe -mno-cygwin -mdll -static --entry _DllMain at 12 --output-lib build\temp.win32 -2.2\Release\libcrypto.a --def build\temp.win32-2.2\Release\crypto.def -s build\temp.win32-2.2\Relea se\crypto.o build\temp.win32-2.2\Release\x509.o build\temp.win32-2.2\Release\x509name.o build\temp.w in32-2.2\Release\pkey.o build\temp.win32-2.2\Release\x509store.o build\temp.win32-2.2\Release\x509re q.o build\temp.win32-2.2\Release\x509ext.o build\temp.win32-2.2\Release\pkcs7.o build\temp.win32-2.2 \Release\pkcs12.o build\temp.win32-2.2\Release\util.o -Lc:\openssl-0.9.7b\out -LC:\Python22\li bs -ll ibeay32 -lssleay32 -lWs2_32 -lpython22 -o build\lib.win32-2.2\OpenSSL\crypto.pyd C:\MinGW\bin\..\lib\gcc-lib\mingw32\3.2\..\..\..\..\mingw32\bin\ld.exe: cannot find -llibeay32 dllwrap: gcc exited with status 1 error: command 'dllwrap' failed with exit status 1 From yannick.gingras at savoirfairelinux.com Tue Jul 29 19:54:01 2003 From: yannick.gingras at savoirfairelinux.com (Yannick Gingras) Date: Tue, 29 Jul 2003 13:54:01 -0400 Subject: [pyOpenSSL] 'internal error' on 0.5.1 Message-ID: <200307291354.01514.yannick.gingras@savoirfairelinux.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I try do customize the SafeTransport of xmlrpclib to do certificate validation (signature and the like). I use you SecureXMLRPCServer from the distribution. It works perfectly if I keep the standard SafeTransport but if I try : class CustomTransport(SafeTransport): def make_connection(self, host): conn = SafeTransport.make_connection(self, host) addr = (conn._conn.host, conn._conn.port) ctx = SSL.Context(SSL.SSLv23_METHOD) ctx.set_options(SSL.OP_NO_SSLv2) sslConn = SSL.Connection( ctx, socket.socket( socket.AF_INET, socket.SOCK_DGRAM) ) sslConn.connect(addr) sslConn.set_connect_state() sslConn.renegotiate() sslConn.do_handshake() # must update the socket in conn here print (sslConn.get_peer_certificate()) # do the certificate validation here return conn I receive this trace : File "/usr/lib/python2.2/xmlrpclib.py", line 821, in __call__ return self.__send(self.__name, args) File "/usr/lib/python2.2/xmlrpclib.py", line 975, in __request verbose=self.__verbose File "/usr/lib/python2.2/xmlrpclib.py", line 833, in request h = self.make_connection(host) File "/home/ygingras/BelugaERP/belugaerp/core/client/SimpleClient.py", line 32, in make_connection sslConn.do_handshake() SSL.Error [('SSL routines', 'SSL_clear', 'internal error')] I'm not a SSL guru so I wonder what I may have done wrong. Is this the right way to make a SLL connection with pyOpenSSL ? I use Python 2.2.2 on Red Hat 9. OpenSSL is a custom build of 0.9.7b (I tried M2Crypto). Thanks for your time ! - -- Yannick Gingras Byte Gardener, Savoir-faire Linux inc. (514) 276-5468 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE/JrS5rhy5Fqn/MRARAllXAJwPOadpSKyCHOabVAlrd2qpgEYIeQCglf+i e1MPRetViPH0ZXN/8G1AKKU= =D+iG -----END PGP SIGNATURE----- From martin at strakt.com Wed Jul 30 09:49:05 2003 From: martin at strakt.com (Martin =?ISO-8859-1?Q?Sj=F6gren?=) Date: 30 Jul 2003 09:49:05 +0200 Subject: [pyOpenSSL] 'internal error' on 0.5.1 In-Reply-To: <200307291354.01514.yannick.gingras@savoirfairelinux.com> References: <200307291354.01514.yannick.gingras@savoirfairelinux.com> Message-ID: <1059551345.8823.26.camel@lagos> tis 2003-07-29 klockan 19.54 skrev Yannick Gingras: > I try do customize the SafeTransport of xmlrpclib to do certificate > validation (signature and the like). I use you SecureXMLRPCServer > from the distribution. > > It works perfectly if I keep the standard SafeTransport but if I try : > > > class CustomTransport(SafeTransport): > def make_connection(self, host): > conn = SafeTransport.make_connection(self, host) > addr = (conn._conn.host, conn._conn.port) > ctx = SSL.Context(SSL.SSLv23_METHOD) > ctx.set_options(SSL.OP_NO_SSLv2) > sslConn = SSL.Connection( ctx, socket.socket( socket.AF_INET, > socket.SOCK_DGRAM) ) > sslConn.connect(addr) > sslConn.set_connect_state() > sslConn.renegotiate() > sslConn.do_handshake() > # must update the socket in conn here > print (sslConn.get_peer_certificate()) > # do the certificate validation here > return conn I'm not sure I follow what you're trying to do. It looks to me like you're connecting a regular socket to an address, and then create a new socket, using SSL, and connect it to the same address. But then you return the old connection. What's the point, really? Note that you can pass an already connected socket as argument to SSL.Connection. That's when you should use .set_connect_state() (if you're using .connect(), .set_connect_state() is redundant since it already is in connecting state). You shouldn't need to renegotiate()/do_handshake() since the handshake will be initiated automatically as soon as you try to read or write from/to the socket. Certificate validation is normally done in a callback fashion... I wish I could tell you what "internal error" means, but I can't, at least not without digging through the OpenSSL source code, and I don't really have the time for that right now. > I'm not a SSL guru so I wonder what I may have done wrong. Is this > the right way to make a SLL connection with pyOpenSSL ? I use Python > 2.2.2 on Red Hat 9. OpenSSL is a custom build of 0.9.7b (I tried > M2Crypto). What do you mean, you tried M2Crypto? Do you mean "I tried M2Crypto but it sucked so I went for pyOpenSSL instead"? ;) /Martin -- Martin Sj?gren martin at strakt.com Phone: +46 (0)31 7490880 Cell: +46 (0)739 169191 GPG key: http://www.strakt.com/~martin/gpg.html -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From dev-python at smartology.nl Wed Jul 30 11:28:05 2003 From: dev-python at smartology.nl (Remy C. Cool) Date: Wed, 30 Jul 2003 11:28:05 +0200 Subject: [pyOpenSSL] 'internal error' on 0.5.1 In-Reply-To: <200307291354.01514.yannick.gingras@savoirfairelinux.com> References: <200307291354.01514.yannick.gingras@savoirfairelinux.com> Message-ID: <200307301128.05853.dev-python@smartology.nl> Hi, For my application, I created a class sslTransport and used this in creating the server object. class sslTransport(xmlrpclib.SafeTransport): """Enables ssl transport with client certificates.""" def __init__(self, x509): """Added to enable client SSL certificates.""" self.x509 = x509 def make_connection(self, host): """Extended to include x509 certificate.""" return xmlrpclib.SafeTransport.make_connection(self, (host, self.x509)) And the client code: x509 = {'key_file': 'client.pkey', 'cert_file':'client.cert'} server = xmlrpclib.ServerProxy('https://host:port', sslTransport(x509)) Regards, Remy Cool On Tuesday 29 July 2003 19:54, Yannick Gingras wrote: > Hi, > I try do customize the SafeTransport of xmlrpclib to do > certificate validation (signature and the like). I use you > SecureXMLRPCServer from the distribution. > > It works perfectly if I keep the standard SafeTransport but if I > try : > > > class CustomTransport(SafeTransport): > def make_connection(self, host): > conn = SafeTransport.make_connection(self, host) > addr = (conn._conn.host, conn._conn.port) > ctx = SSL.Context(SSL.SSLv23_METHOD) > ctx.set_options(SSL.OP_NO_SSLv2) > sslConn = SSL.Connection( ctx, socket.socket( > socket.AF_INET, socket.SOCK_DGRAM) ) sslConn.connect(addr) > sslConn.set_connect_state() > sslConn.renegotiate() > sslConn.do_handshake() > # must update the socket in conn here > print (sslConn.get_peer_certificate()) > # do the certificate validation here > return conn > > > I receive this trace : > > File "/usr/lib/python2.2/xmlrpclib.py", line 821, in __call__ > return self.__send(self.__name, args) > File "/usr/lib/python2.2/xmlrpclib.py", line 975, in __request > verbose=self.__verbose > File "/usr/lib/python2.2/xmlrpclib.py", line 833, in request > h = self.make_connection(host) > File > "/home/ygingras/BelugaERP/belugaerp/core/client/SimpleClient.py", > line 32, in make_connection > sslConn.do_handshake() > SSL.Error [('SSL routines', 'SSL_clear', 'internal error')] > > I'm not a SSL guru so I wonder what I may have done wrong. Is this > the right way to make a SLL connection with pyOpenSSL ? I use > Python 2.2.2 on Red Hat 9. OpenSSL is a custom build of 0.9.7b (I > tried M2Crypto). > > Thanks for your time ! From yannick.gingras at savoirfairelinux.com Wed Jul 30 16:02:16 2003 From: yannick.gingras at savoirfairelinux.com (Yannick Gingras) Date: Wed, 30 Jul 2003 10:02:16 -0400 Subject: [pyOpenSSL] 'internal error' on 0.5.1 In-Reply-To: <200307300804.51409.ygingras@ygingras.net> References: <200307300804.51409.ygingras@ygingras.net> Message-ID: <200307301002.16412.yannick.gingras@savoirfairelinux.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On July 30, 2003 08:04 am, you wrote: > I'm not sure I follow what you're trying to do. It looks to me like > you're connecting a regular socket to an address, and then create a new > socket, using SSL, and connect it to the same address. But then you > return the old connection. What's the point, really? Note that you can > pass an already connected socket as argument to SSL.Connection. That's > when you should use .set_connect_state() (if you're using .connect(), > .set_connect_state() is redundant since it already is in connecting > state). I try to fetch the peer certificate. The python SSL object does not seems to have support for this. SafeTransport.make_connection() returns a httplib.HTTPS object that is not connect()ed yet. The way it'd like to do it is to use pyOpenSSL to initiate the connection and to validate the certificate and then to replace the socket in the HTTPS object and to let xmlrpclib do the rest. > You shouldn't need to renegotiate()/do_handshake() since the handshake > will be initiated automatically as soon as you try to read or write > from/to the socket. Certificate validation is normally done in a > callback fashion... If I don't try to renegotiate()/do_handshake(), it works perfectly but get_peer_certificate() alway returns None : \ > I wish I could tell you what "internal error" means, but I can't, at > least not without digging through the OpenSSL source code, and I don't > really have the time for that right now. I think that I'm doing it the right way anyway. There must be some easier way to get the peer certificate than through renegotiation. > > I'm not a SSL guru so I wonder what I may have done wrong. Is this > > the right way to make a SLL connection with pyOpenSSL ? I use Python > > 2.2.2 on Red Hat 9. OpenSSL is a custom build of 0.9.7b (I tried > > M2Crypto). > > What do you mean, you tried M2Crypto? Do you mean "I tried M2Crypto but > it sucked so I went for pyOpenSSL instead"? ;) Obviously if M2Crypto was what I was looking for I would have stayed with it. ; ) The main problem was that M2Crypto needs major tweaks to compile and that I expect many users to give up early in the process. Thanks for your time ! - -- Yannick Gingras Byte Gardener, Savoir-faire Linux inc. (514) 276-5468 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE/J8/orhy5Fqn/MRARArjLAJ0ZoSIGsfCNgbvUSCRc55wzYuHEkQCeJrUp BGHvSOvgNRiKHs41pDyf3HE= =hKtC -----END PGP SIGNATURE----- From yannick.gingras at savoirfairelinux.com Wed Jul 30 16:08:17 2003 From: yannick.gingras at savoirfairelinux.com (Yannick Gingras) Date: Wed, 30 Jul 2003 10:08:17 -0400 Subject: [pyOpenSSL] 'internal error' on 0.5.1 In-Reply-To: <200307300805.32949.ygingras@ygingras.net> References: <200307300805.32949.ygingras@ygingras.net> Message-ID: <200307301008.17668.yannick.gingras@savoirfairelinux.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On July 30, 2003 08:05 am, you wrote: > For my application, I created a class sslTransport and used this in > creating the server object. > > class sslTransport(xmlrpclib.SafeTransport): > """Enables ssl transport with client certificates.""" > > def __init__(self, x509): > """Added to enable client SSL certificates.""" > self.x509 = x509 > > def make_connection(self, host): > """Extended to include x509 certificate.""" > return xmlrpclib.SafeTransport.make_connection(self, (host, > self.x509)) > > > And the client code: > > x509 = {'key_file': 'client.pkey', > 'cert_file':'client.cert'} > > server = xmlrpclib.ServerProxy('https://host:port', > sslTransport(x509)) This works great if you want to supply a custom client certificate. What I try to do is to check the signature of the peer certificate against our CA. Ever done this in Python ? Thanks for your time ! - -- Yannick Gingras Byte Gardener, Savoir-faire Linux inc. (514) 276-5468 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE/J9FRrhy5Fqn/MRARAuQOAJ96EBzFTKAYQ6Q1TaJkQj0ztV9FawCfZqAo pb2UiVvVds29LWzKke1jAeg= =MYHc -----END PGP SIGNATURE----- From azaidi at vsnl.com Thu Jul 31 00:22:59 2003 From: azaidi at vsnl.com (Arsalan Zaidi) Date: Thu, 31 Jul 2003 06:22:59 +0800 Subject: [pyOpenSSL] ImportError: DLL load failed Message-ID: <001401c356e9$3614b000$f6459cca@LocalHost> Just installed the package on my machine. Win98, Python 2.2.3, with the interpreter being called from a bash shell running under Cygwin (shouldn't matter). Here's the output I'm getting. What's the problem? TIA --Arsalan $ python AdminServer.py Traceback (most recent call last): File "AdminServer.py", line 64, in ? import signal, os, socket, getopt, time, sys, string, OpenSSL File "C:\PYTHON22\Lib\site-packages\OpenSSL\__init__.py", line 11, in ? import rand, crypto, SSL ImportError: DLL load failed: A device attached to the system is not functioning . From martin at strakt.com Thu Jul 31 09:36:07 2003 From: martin at strakt.com (Martin =?ISO-8859-1?Q?Sj=F6gren?=) Date: 31 Jul 2003 09:36:07 +0200 Subject: [pyOpenSSL] ImportError: DLL load failed In-Reply-To: <001401c356e9$3614b000$f6459cca@LocalHost> References: <001401c356e9$3614b000$f6459cca@LocalHost> Message-ID: <1059636967.22194.6.camel@lagos> tor 2003-07-31 klockan 00.22 skrev Arsalan Zaidi: > Just installed the package on my machine. Win98, Python 2.2.3, with the > interpreter being called from a bash shell running under Cygwin (shouldn't > matter). > > Here's the output I'm getting. What's the problem? > > $ python AdminServer.py > Traceback (most recent call last): > File "AdminServer.py", line 64, in ? > import signal, os, socket, getopt, time, sys, string, OpenSSL > File "C:\PYTHON22\Lib\site-packages\OpenSSL\__init__.py", line 11, in ? > import rand, crypto, SSL > ImportError: DLL load failed: A device attached to the system is not > functioning Eh. That's a first. What version are you using? Did you compile it yourself? How? I'm sorry, I don't do development on Windows, so I'm clueless. Maybe someone else on the list knows anything? /Martin -- Martin Sj?gren martin at strakt.com Phone: +46 (0)31 7490880 Cell: +46 (0)739 169191 GPG key: http://www.strakt.com/~martin/gpg.html -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From azaidi at vsnl.com Thu Jul 31 15:52:21 2003 From: azaidi at vsnl.com (Arsalan Zaidi) Date: Thu, 31 Jul 2003 21:52:21 +0800 Subject: [pyOpenSSL] ImportError: DLL load failed References: <001401c356e9$3614b000$f6459cca@LocalHost> <1059636967.22194.6.camel@lagos> Message-ID: <002101c3576a$fb14cc60$f6459cca@LocalHost> OK... I've just updated to 2.3 hoping that would fix my problem... But there's no installable for pyOpenSSL for python 2.3 on Windows! :-( Can we have one? Please? --Arsalan