From zsolt at fmt.vein.hu Wed Mar 8 18:11:39 2006 From: zsolt at fmt.vein.hu (Cserna Zsolt) Date: Wed, 8 Mar 2006 18:11:39 +0100 (CET) Subject: [pyOpenSSL] pyopenssl segfault Message-ID: Hi, I would like to generate a "CA" certificate, so I need to set the basic constraints extension to "CA:TRUE". I know it is not requied for CA certificates but it is a recommendation. I try to set the extensions by this code: from OpenSSL import crypto crypto.X509Extension("basicConstraints", True, "CA:TRUE") But I get Segmentation fault as result. pyopenssl: 0.6 openssl: 0.9.7a I get the same result with openssl 0.9.8a so I think it is not an openssl bug. Regards, Zsolt -- E-mail: zsolt at fmt.vein.hu Web: http://zsolt.cserna.hu/ From MKRodriguez at lbl.gov Wed Mar 8 19:18:52 2006 From: MKRodriguez at lbl.gov (Matthew Rodriguez DSD staff) Date: Wed, 08 Mar 2006 10:18:52 -0800 Subject: [pyOpenSSL] pyopenssl segfault In-Reply-To: References: Message-ID: <440F200C.5070204@lbl.gov> Cserna Zsolt wrote: I would suggest looking at M2Crypto, nobody seems to be maintaining pyOpenssl anymore. M2Crypto allows you to create and set extensions in X509 certificates. Matt Rodriguez > Hi, > > I would like to generate a "CA" certificate, so I need to set the basic > constraints extension to "CA:TRUE". I know it is not requied for CA > certificates but it is a recommendation. > > I try to set the extensions by this code: > > from OpenSSL import crypto > crypto.X509Extension("basicConstraints", True, "CA:TRUE") > > But I get Segmentation fault as result. > > pyopenssl: 0.6 > openssl: 0.9.7a > > I get the same result with openssl 0.9.8a so I think it is not an openssl > bug. > > Regards, > Zsolt > -- > E-mail: zsolt at fmt.vein.hu > Web: http://zsolt.cserna.hu/ > > > ------------------------------------------------------- > This SF.Net email is sponsored by xPML, a groundbreaking scripting language > that extends applications into web and mobile media. Attend the live webcast > and join the prime developer group breaking into this new coding territory! > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 > _______________________________________________ > pyopenssl-list mailing list > pyopenssl-list at lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/pyopenssl-list > From belred at gmail.com Sat Mar 11 04:47:59 2006 From: belred at gmail.com (Bryan) Date: Fri, 10 Mar 2006 19:47:59 -0800 Subject: [pyOpenSSL] can't send large messages over SSL socket Message-ID: <4412486F.5060504@gmail.com> i'm having some trouble this code which i hope someone can help me with. the following client side code works correctly if the length of the message being sent in the POST request is 16384 (1024 * 16) chars or less. if the length of message is greater than 16384 an OpenSSL.SSL.SysCallError: (-1, 'Unexpected EOF') exception is raised. this is a port of code that exists in c++ and java implementations where they are able to send messages with lengths of 100,000 bytes. all three implementations are using openssl 0.9.7d and are sharing the exact same binary in a common area, so odds are openssl is not the problem. as for python, i'm using python 2.4.2 and pyOpenSSL wrapper 0.6. is this a limitation with httplib or pyopensll? i googled for this problem, but came up empty handed. import socket import httplib import SSL def verify(conn, cert, err, width, ok): return ok header = {'Content-Type': 'text/foo', 'Connection': 'Keep-Alive'} ctx = SSL.Context(SSL.SSLv3_METHOD) ctx.set_verify(SSL.VERIFY_NONE, verify) ctx.set_options(SSL.OP_ALL | SSL.OP_NO_SSLv2) ctx.set_cipher_list('ALL:!aNULL:!eNULL:!LOW:!EXP:!MD5:@STRENGTH') sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) ssl = SSL.Connection(ctx, sock) ssl.connect((host, port)) con = httplib.HTTPSConnection(host, port) con.sock = httplib.FakeSocket(sock, ssl) # raises exception if len(message) > 1024*16 con.request('POST', '/foo', message, header) res = con.getresponse().read() thanks, bryan -------------- next part -------------- An HTML attachment was scrubbed... URL: