From pyopenssl.xlist.tbnt at 9ox.net Sat Nov 4 08:39:09 2006 From: pyopenssl.xlist.tbnt at 9ox.net (Junglecow) Date: Sat, 4 Nov 2006 08:39:09 +0100 Subject: [pyOpenSSL] Traceback: first num too large Message-ID: <20061104073909.GA27283@kolibri.invalid> Hi, I am new to pyOpenSSL and OpenSSL. I'm currently trying to make Gajim run on pyOpenSSL. This seems to be working fine, but when joining a room (any room), I get this OpenSSL error: Traceback (most recent call last): File "/tmp/gajim-svn/src/common/xmpp/transports_nb.py", line 244, in _do_receive received = self._recv(RECV_BUFSIZE) File "/tmp/gajim-svn/src/common/xmpp/transports_nb.py", line 57, in recv if flags is None: return self.sock.recv(bufsize) OpenSSL.SSL.Error: [('asn1 encoding routines', 'a2d_ASN1_OBJECT', 'first num too large'), ('asn1 encoding routines', 'a2d_ASN1_OBJECT', 'first num too large')] What is this error, what is causing it, and what can I do about it? Where should I look for more information? Google is being rather unhelpful, and searching this mailing list, python-crypto and the OpenSSL lists didn't turn up anything useful either. I am using python-pyopenssl 0.6-2.3 with openssl 0.9.8c-3 and python 2.4.3-8 from Debian testing. If anyone wants to get their hands on some code to try, get Gajim svn using: svn checkout svn://svn.gajim.org/gajim/trunk gajim and apply my preliminary patch at: If you just want to look, prettified patch is as: For more information, see ticket at Please advise. -J From pyopenssl.xlist.tbnt at 9ox.net Tue Nov 7 12:42:26 2006 From: pyopenssl.xlist.tbnt at 9ox.net (Junglecow) Date: Tue, 7 Nov 2006 12:42:26 +0100 Subject: [pyOpenSSL] [REPOST] Traceback: first num too large Message-ID: <20061107114226.GA28418@kolibri.invalid> Hi, Please forgive me if you receive this mail twice. Even though it was echoed back to me with all the right headers, it hasn't shown up on SF's mail archives in 3 days. Furthermore, I received a subscription confirmation one day *later*, adding to my suspicion that it got lost in limboland. ============================================================================ Hi, I am new to pyOpenSSL and OpenSSL. I'm currently trying to make Gajim run on pyOpenSSL. This seems to be working fine, but when joining a room (any room), I get this OpenSSL error: Traceback (most recent call last): File "/tmp/gajim-svn/src/common/xmpp/transports_nb.py", line 244, in _do_receive received = self._recv(RECV_BUFSIZE) File "/tmp/gajim-svn/src/common/xmpp/transports_nb.py", line 57, in recv if flags is None: return self.sock.recv(bufsize) OpenSSL.SSL.Error: [('asn1 encoding routines', 'a2d_ASN1_OBJECT', 'first num too large'), ('asn1 encoding routines', 'a2d_ASN1_OBJECT', 'first num too large')] What is this error, what is causing it, and what can I do about it? Where should I look for more information? Google is being rather unhelpful, and searching this mailing list, python-crypto and the OpenSSL lists didn't turn up anything useful either. I am using python-pyopenssl 0.6-2.3 with openssl 0.9.8c-3 and python 2.4.3-8 from Debian testing. If anyone wants to get their hands on some code to try, get Gajim svn using: svn checkout svn://svn.gajim.org/gajim/trunk gajim and apply my preliminary patch at: If you just want to look, prettified patch is as: For more information, see ticket at Please advise. -J From dave at cridland.net Wed Nov 22 21:24:01 2006 From: dave at cridland.net (Dave Cridland) Date: Wed, 22 Nov 2006 20:24:01 +0000 Subject: [pyOpenSSL] PyOpenSSL patches and stuff Message-ID: <4994.1164227042.409805@peirce.dave.cridland.net> Hiya folks, My little email client, Polymer, has been using PyOpenSSL for a while. I've been missing certain functionality, so I've patched it in as best I can. I'd like to guage interest in putting the patch into the main distribution. Basically: 1) Add a get_cipher_name method, returns current cipher name or None (if there's no cipher). 2) Add a get_comp_name method, returns current compression algorithm name or None. 3) Added support for Python file protocol objects. Basically, if you pass in something that has a read and write method, then PyOpenSSL will use them. Sockets don't have these methods, so you still get the efficient C-path direct to the socket if you pass in a socket, but it allows you to insert Python code after the TLS layer. I find this useful to capture statistics, but it could be useful for other things. These three could, of course, be three patches, or they could be one. I don't much care either way. :-) Dave. -- Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at jabber.org - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/ - http://dave.cridland.net/ Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade From pyopenssl.xlist.tbnt at 9ox.net Thu Nov 23 15:29:48 2006 From: pyopenssl.xlist.tbnt at 9ox.net (Junglecow) Date: Thu, 23 Nov 2006 15:29:48 +0100 Subject: [pyOpenSSL] PyOpenSSL patches and stuff In-Reply-To: <4994.1164227042.409805@peirce.dave.cridland.net> References: <4994.1164227042.409805@peirce.dave.cridland.net> Message-ID: <20061123142948.GA8910@kolibri.invalid> On Wed, Nov 22, 2006 at 08:24:01PM +0000, Dave Cridland wrote: > My little email client, Polymer, has been using PyOpenSSL for a > while. I've been missing certain functionality, so I've patched it in > as best I can. I'd like to guage interest in putting the patch into > the main distribution. Hello Dave, Your patch seems very useful to me. I am currently adding PyOpenSSL to Gajim, and I have missed some functionality as well, especially getting the current cipher name. By the way, if anyone is interested in that OpenSSL.SSL.Error 'first num too large' problem: I am now treating it like a WantRead/WantWrite exception, i.e. basically just ignoring it, which seems to work fine. However, I don't feel good about ignoring an error which I don't understand and for which I can find no documentation. From dave at cridland.net Thu Nov 23 17:13:45 2006 From: dave at cridland.net (Dave Cridland) Date: Thu, 23 Nov 2006 16:13:45 +0000 Subject: [pyOpenSSL] PyOpenSSL patches and stuff In-Reply-To: <20061123142948.GA8910@kolibri.invalid> References: <4994.1164227042.409805@peirce.dave.cridland.net> <20061123142948.GA8910@kolibri.invalid> Message-ID: <19283.1164298426.802057@peirce.dave.cridland.net> On Thu Nov 23 14:29:48 2006, Junglecow wrote: > On Wed, Nov 22, 2006 at 08:24:01PM +0000, Dave Cridland wrote: > > > My little email client, Polymer, has been using PyOpenSSL for a > > while. I've been missing certain functionality, so I've patched it > in > as best I can. I'd like to guage interest in putting the patch > into > the main distribution. > > Hello Dave, > > Your patch seems very useful to me. I am currently adding PyOpenSSL > to > Gajim, and I have missed some functionality as well, especially > getting > the current cipher name. > > Gajim, being XMPP, will benefit from the get_comp_name method added - I did that as a relatively easy way for my mail client to detirmine whether or not to use COMPRESS=DEFLATE support (assuming it's available). XMPP also has application level stream compression (albeit it's a little weirdly specified), so that might be handy too. Given there's some interest, I'll tidy up the patch and mail it to the list, and redistribute a complete Python package from my personal dev site. Is there anything else people want added while I fiddle? Dave. -- Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at jabber.org - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/ - http://dave.cridland.net/ Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade From dave at cridland.net Fri Nov 24 00:23:47 2006 From: dave at cridland.net (Dave Cridland) Date: Thu, 23 Nov 2006 23:23:47 +0000 Subject: [pyOpenSSL] PyOpenSSL patches and stuff In-Reply-To: <19283.1164298426.802057@peirce.dave.cridland.net> References: <4994.1164227042.409805@peirce.dave.cridland.net> <20061123142948.GA8910@kolibri.invalid> <19283.1164298426.802057@peirce.dave.cridland.net> Message-ID: <19283.1164324228.611948@peirce.dave.cridland.net> On Thu Nov 23 16:13:45 2006, Dave Cridland wrote: > Given there's some interest, I'll tidy up the patch and mail it to > the list, and redistribute a complete Python package from my > personal dev site. > > Done the latter, it's at http://trac.dave.cridland.net/cgi-bin/trac/cgi/downloads as a standard Python source package. It's probably excrutiatingly hacky, and I do apologise. Dave. -- Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at jabber.org - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/ - http://dave.cridland.net/ Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade From arnaud.desmons at free.fr Wed Nov 29 23:04:01 2006 From: arnaud.desmons at free.fr (Arnaud Desmons) Date: Wed, 29 Nov 2006 23:04:01 +0100 Subject: [pyOpenSSL] PKCS12 patch Message-ID: <20061129220401.GA14143@parmesan.excellance.biz> Hi, I wrote a patch for pyOpenSSL 0.6 to allow generation of PKCS12 files like this : p12 = crypto.PKCS12() p12.set_privatekey(pkey) p12.set_certificate(cert) open("test.p12", "w").write(crypto.dump_pkcs12(p12, "my_passphrase")) This patch is available here : http://arnaud.desmons.free.fr/pyOpenSSL-0.6-pkcs12.patch Let me know what you guys think about it. Regards, -- Arnaud From dave at cridland.net Wed Nov 29 23:28:20 2006 From: dave at cridland.net (Dave Cridland) Date: Wed, 29 Nov 2006 22:28:20 +0000 Subject: [pyOpenSSL] PKCS12 patch In-Reply-To: <20061129220401.GA14143@parmesan.excellance.biz> References: <20061129220401.GA14143@parmesan.excellance.biz> Message-ID: <21413.1164839301.788219@peirce.dave.cridland.net> On Wed Nov 29 22:04:01 2006, Arnaud Desmons wrote: > p12 = crypto.PKCS12() > p12.set_privatekey(pkey) > p12.set_certificate(cert) > open("test.p12", "w").write(crypto.dump_pkcs12(p12, > "my_passphrase")) > > > This patch is available here : > http://arnaud.desmons.free.fr/pyOpenSSL-0.6-pkcs12.patch I'll take a look - PKCS12 is the stuff used in S/MIME, isn't it? Dave. -- Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at jabber.org - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/ - http://dave.cridland.net/ Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade From arnaud.desmons at free.fr Wed Nov 29 23:35:23 2006 From: arnaud.desmons at free.fr (Arnaud Desmons) Date: Wed, 29 Nov 2006 23:35:23 +0100 Subject: [pyOpenSSL] PKCS12 patch In-Reply-To: <21413.1164839301.788219@peirce.dave.cridland.net> References: <20061129220401.GA14143@parmesan.excellance.biz> <21413.1164839301.788219@peirce.dave.cridland.net> Message-ID: <20061129223523.GB14143@parmesan.excellance.biz> On Wed, Nov 29, 2006 at 10:28:20PM +0000, Dave Cridland wrote: > On Wed Nov 29 22:04:01 2006, Arnaud Desmons wrote: > >p12 = crypto.PKCS12() > >p12.set_privatekey(pkey) > >p12.set_certificate(cert) > >open("test.p12", "w").write(crypto.dump_pkcs12(p12, > >"my_passphrase")) > > > > > >This patch is available here : > >http://arnaud.desmons.free.fr/pyOpenSSL-0.6-pkcs12.patch > > I'll take a look - PKCS12 is the stuff used in S/MIME, isn't it? No. This is a file format used to import your certificate/private key in your browser for website authentication for instance. -- Arnaud