From misa at redhat.com  Fri Aug  6 16:54:37 2004
From: misa at redhat.com (Mihai Ibanescu)
Date: Fri, 6 Aug 2004 10:54:37 -0400
Subject: [pyOpenSSL] pyOpenSSL certificate information - how?
In-Reply-To: <1e1bb1f0040719121085f7b92@mail.gmail.com>
References: <200407141234.i6ECYAH04261@xos037.xos.nl> <1e1bb1f00407140740615c0121@mail.gmail.com> <20040719191347.A2537@xos037.xos.nl> <1e1bb1f0040719121085f7b92@mail.gmail.com>
Message-ID: <20040806145437.GN23717@abulafia.devel.redhat.com>

On a slightly related note.
I cannot seem to be able to retrieve notBefore and notAfter from an X509 cert.
I suppose that would be a good thing to add, wouldn't it?
(I found how to set them, but not how to retrieve them).

Misa



From msjogren at gmail.com  Sun Aug  8 14:02:33 2004
From: msjogren at gmail.com (=?ISO-8859-1?Q?Martin_Sj=F6gren?=)
Date: Sun, 8 Aug 2004 14:02:33 +0200
Subject: [pyOpenSSL] notBefore and notAfter (was Re: pyOpenSSL certificate information - how?)
In-Reply-To: <20040806145437.GN23717@abulafia.devel.redhat.com>
References: <200407141234.i6ECYAH04261@xos037.xos.nl> <1e1bb1f00407140740615c0121@mail.gmail.com> <20040719191347.A2537@xos037.xos.nl> <1e1bb1f0040719121085f7b92@mail.gmail.com> <20040806145437.GN23717@abulafia.devel.redhat.com>
Message-ID: <1e1bb1f0040808050217206fc0@mail.gmail.com>

On Fri, 6 Aug 2004 10:54:37 -0400, Mihai Ibanescu <misa at redhat.com> wrote:
> On a slightly related note.
> I cannot seem to be able to retrieve notBefore and notAfter from an X509 cert.
> I suppose that would be a good thing to add, wouldn't it?
> (I found how to set them, but not how to retrieve them).

Well, ASN1_TIME in openssl is something of a mess. There's no good way
to turn it into e.g. a time_t that could make sense in a python
program. From what I understand of the code, you can basically do the
following with an ASN1_TIME:
* print it (ASN1_TIME_print / ASN1_UTCTIME_print)
* set/adjust it (ASN1_TIME_set / X509_time_adj / X509_gmtime_adj / ...)
* compare it (ASN1_UTCTIME_cmp_time_t)

The X509.has_expired method compares the notAfter value to "now".

I'm not sure what makes sense to do here. I suppose we could add some
sort of print_notBefore/print_notAfter methods to X509. Another idea
would be to add a wrapper type for ASN1_TIME (crypto.ASN1Time?
asn1.Time?) that could have a __str__ for the printing, and some
comparison methods...

I'm loathe to do anything dramatic though, since I'm trying to get a
new version out the door before Debian sarge is released. ;-)

Ideas and suggestions are most welcome.


/Martin



From misa at redhat.com  Sun Aug  8 14:19:20 2004
From: misa at redhat.com (Mihai Ibanescu)
Date: Sun, 8 Aug 2004 08:19:20 -0400
Subject: [pyOpenSSL] notBefore and notAfter (was Re: pyOpenSSL certificate information - how?)
In-Reply-To: <1e1bb1f0040808050217206fc0@mail.gmail.com>
References: <200407141234.i6ECYAH04261@xos037.xos.nl> <1e1bb1f00407140740615c0121@mail.gmail.com> <20040719191347.A2537@xos037.xos.nl> <1e1bb1f0040719121085f7b92@mail.gmail.com> <20040806145437.GN23717@abulafia.devel.redhat.com> <1e1bb1f0040808050217206fc0@mail.gmail.com>
Message-ID: <20040808121920.GA6762@abulafia.devel.redhat.com>

On Sun, Aug 08, 2004 at 02:02:33PM +0200, Martin Sj?gren wrote:
> On Fri, 6 Aug 2004 10:54:37 -0400, Mihai Ibanescu <misa at redhat.com> wrote:
> > On a slightly related note.
> > I cannot seem to be able to retrieve notBefore and notAfter from an X509 cert.
> > I suppose that would be a good thing to add, wouldn't it?
> > (I found how to set them, but not how to retrieve them).
> 
> Well, ASN1_TIME in openssl is something of a mess. There's no good way
> to turn it into e.g. a time_t that could make sense in a python
> program. From what I understand of the code, you can basically do the
> following with an ASN1_TIME:
> * print it (ASN1_TIME_print / ASN1_UTCTIME_print)
> * set/adjust it (ASN1_TIME_set / X509_time_adj / X509_gmtime_adj / ...)
> * compare it (ASN1_UTCTIME_cmp_time_t)

That's what I figured when I tried to add them myself.


From msjogren at gmail.com  Tue Aug 10 15:23:10 2004
From: msjogren at gmail.com (=?ISO-8859-1?Q?Martin_Sj=F6gren?=)
Date: Tue, 10 Aug 2004 15:23:10 +0200
Subject: [pyOpenSSL] 0.6 RC 1
Message-ID: <1e1bb1f004081006233c126f19@mail.gmail.com>

Hello list.

I'm trying to get a version 0.6 released... well, pretty soon. Here's
the current state:

http://pyopenssl.sf.net/pyOpenSSL-0.6rc1.tar.gz

The more people who could give this a test and tell me what they
think, the happier I will be. And we all want me to be happy, right?
...
Well, at least I do... :)


Cheers,
Martin



From msjogren at gmail.com  Fri Aug 13 21:41:37 2004
From: msjogren at gmail.com (=?ISO-8859-1?Q?Martin_Sj=F6gren?=)
Date: Fri, 13 Aug 2004 21:41:37 +0200
Subject: [pyOpenSSL] [ANN] pyOpenSSL 0.6 released
Message-ID: <1e1bb1f00408131241676cf8c1@mail.gmail.com>

After a long hiatus during which I've somehow managed to write a
master's thesis, I'm pleased to announce the release of pyOpenSSL 0.6.

There are bug fixes, the most important being support for the cyclic
GC, which got rid of a few nasty memory leak bugs.

There is added functionality to some types, there is brand new support
for the Netscape SPKI extensions and much more. Much of this comes
from contributions from the user base and I'm really happy about that.

If anybody would like to contribute Windows binaries, I'd be happy to
put them on the sourceforge project page, I have no possibility to
compile them myself.

Grab the release from
http://sourceforge.net/project/showfiles.php?group_id=31249&package_id=23298&release_id=260375


/Martin Sj?gren



From ola at o-team.net  Thu Aug 19 23:05:39 2004
From: ola at o-team.net (Ola Natvig)
Date: Thu, 19 Aug 2004 23:05:39 +0200
Subject: [pyOpenSSL] Error using pyOpenSSL with IE and https
Message-ID: <E1Bxu6V-0002FO-IA@sc8-sf-mx2.sourceforge.net>

Hello

I am building a threaded ssl webserver, using pyOpenSSL. It works well with
Opera, but I encounter big problems
with IE and some minor once with Mozilla. When I connect to my server with
IE and tries to read from the connection 
an exeption are raised:

SysCallError: (-1, 'Unexpected EOF')

In the line whom I call "connection.recv(1024)"

In mozilla reading from the socket works fine, but I encounter problems
while trying to POST to the server,
Mozilla displays the errormassage "This document contain no data", the
headers are sent but the body of the request are empty, and the same form
works well when I post to the same server with Opera.

I hope someone out there have some solutions to my problems.
I am currently running the server on a Windows XP computer and I installed
pyOpenSSL using the windows installer supplied at the Twisted website.

Regards
Ola Natvig