From adria at ecm.ub.es  Fri Apr 15 11:55:51 2005
From: adria at ecm.ub.es (Adria Casajus)
Date: Fri, 15 Apr 2005 11:55:51 +0200
Subject: [pyOpenSSL] Hi + modifs to pyOpenSSL
Message-ID: <425F8FA7.8010704@ecm.ub.es>

Hi,

   My name is Adrian and I'm working in grid related apps. For some time 
we've been developing a secure python XMLRPC server using pyOpenSSL. We 
found pyOpenSSL was a really nice platform to start working but it 
missed some features. And had a little threads problem. After some time 
working with it we've managed to add some features and debug the memory 
problem it had.

The major features added are:

  GSI proxy support added.
  SSL Sessions added.
  SSL thread-safe callbacks added.

It's not a huge deal but we find them very useful. I'm sending you the 
complete tar.


Cheers,

   Adri.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: pyOpenSSL-HSGE-redist.tar.gz
Type: application/gzip
Size: 46949 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/pyopenssl-users/attachments/20050415/475d9a99/attachment.bin>

From MKRodriguez at lbl.gov  Mon Apr 18 20:09:39 2005
From: MKRodriguez at lbl.gov (Matthew Rodriguez DSD staff)
Date: Mon, 18 Apr 2005 11:09:39 -0700
Subject: [pyOpenSSL] Hi + modifs to pyOpenSSL
In-Reply-To: <425F8FA7.8010704@ecm.ub.es>
References: <425F8FA7.8010704@ecm.ub.es>
Message-ID: <4263F7E3.6000300@lbl.gov>

Adria Casajus wrote:

> Hi,
>
>   My name is Adrian and I'm working in grid related apps. For some 
> time we've been developing a secure python XMLRPC server using 
> pyOpenSSL. We found pyOpenSSL was a really nice platform to start 
> working but it missed some features. And had a little threads problem. 
> After some time working with it we've managed to add some features and 
> debug the memory problem it had.
>
> The major features added are:
>
>  GSI proxy support added.
>  SSL Sessions added.
>  SSL thread-safe callbacks added.
>
> It's not a huge deal but we find them very useful. I'm sending you the 
> complete tar.
>
>
> Cheers,
>
>   Adri.
>

Thanks for submitting the tarball, Adrian. I've been working on adding 
features that help pyOpenssl work with
GSI as well. FYI the newest development releases of openssl have proxy 
ceritificate support, and the globus toolkit
out of cvs is now generating proxy certificates that are compliant to 
RFC 3820. It is possible to verify the proxy certificate chain using the 
verification function provided by the development version of openssl.

For the older versions openssl and globus we need to use the 
verification callback that you have in your tarball.

Thanks,
Matt Rodriguez