From dave at cridland.net Wed Jan 3 14:55:19 2007 From: dave at cridland.net (Dave Cridland) Date: Wed, 03 Jan 2007 13:55:19 +0000 Subject: [pyOpenSSL] CRL patch In-Reply-To: <20061228212603.GA5408@localhost.localdomain> References: <20061228212603.GA5408@localhost.localdomain> Message-ID: <6991.1167832520.359876@peirce.dave.cridland.net> On Thu Dec 28 21:26:03 2006, Arnaud Desmons wrote: > Maybe I will do a separate sign(cacert, cakey) fonction instead of > doing everything in dump_crl? I get quite a few failed hunks on this, applying to my tree - I'll take a look at this in more detail later, but would you like to have a look? My tree's in SVN at: http://svn.dave.cridland.net/svn/projects/pyopenssl/dwd/ It might have some CRL capability already - I've not examined what the pyopenssl-extended patches do, yet. So far, where there's been clashes between that and your code, I've preferred yours, but you might not want to reimplement everything. :-) Dave. -- Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at jabber.org - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/ - http://dave.cridland.net/ Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade From arnaud.desmons at free.fr Wed Jan 3 15:24:25 2007 From: arnaud.desmons at free.fr (Arnaud Desmons) Date: Wed, 3 Jan 2007 15:24:25 +0100 Subject: [pyOpenSSL] CRL patch In-Reply-To: <6991.1167832520.359876@peirce.dave.cridland.net> References: <20061228212603.GA5408@localhost.localdomain> <6991.1167832520.359876@peirce.dave.cridland.net> Message-ID: <20070103142424.GA31217@parmesan.excellance.biz> On Wed, Jan 03, 2007 at 01:55:19PM +0000, Dave Cridland wrote: > On Thu Dec 28 21:26:03 2006, Arnaud Desmons wrote: > >Maybe I will do a separate sign(cacert, cakey) fonction instead of > >doing everything in dump_crl??? > > I get quite a few failed hunks on this, applying to my tree - I'll > take a look at this in more detail later, but would you like to have > a look? [...] > It might have some CRL capability already - I've not examined what > the pyopenssl-extended patches do, yet. So far, where there's been > clashes between that and your code, I've preferred yours, but you > might not want to reimplement everything. :-) Right, I'm not really interested in merging my code with pyopenssl-extended as far as I don't need pyopenssl-extended... :-) Anyway, I am not sure that users need both fonctionnalities at the same time... -- Arnaud From dave at cridland.net Wed Jan 3 17:47:36 2007 From: dave at cridland.net (Dave Cridland) Date: Wed, 03 Jan 2007 16:47:36 +0000 Subject: [pyOpenSSL] CRL patch In-Reply-To: <20070103142424.GA31217@parmesan.excellance.biz> References: <20061228212603.GA5408@localhost.localdomain> <6991.1167832520.359876@peirce.dave.cridland.net> <20070103142424.GA31217@parmesan.excellance.biz> Message-ID: <6991.1167842857.305115@peirce.dave.cridland.net> On Wed Jan 3 14:24:25 2007, Arnaud Desmons wrote: > Right, I'm not really interested in merging my code with > pyopenssl-extended as far as I don't need pyopenssl-extended... :-) > > My attitude is really that some people have needed the -extended stuff, so it might as well go in as long as it does no harm. Better to try to unify these forks. > Anyway, I am not sure that users need both fonctionnalities at the > same time... True, but there's nowhere else to put it, unless we start fragmenting the pyOpenSSL modules further. I'm not sure that gains much other than complexity. Dave. -- Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at jabber.org - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/ - http://dave.cridland.net/ Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade From kunz at rvs.uni-hannover.de Mon Jan 29 10:34:33 2007 From: kunz at rvs.uni-hannover.de (Christopher Kunz) Date: Mon, 29 Jan 2007 10:34:33 +0100 Subject: [pyOpenSSL] Example for crypto.X509Extension Message-ID: <45BDBFA9.4070206@rvs.uni-hannover.de> Hi, I'm currently fiddling around with extending certificates with a custom X509 extension (identified by OID), but can't seem to get it working. When using an OID for the first method argument to crypto.X509Extension, the error message is "ValueError: Unknown extension name". Using a known extension name or OID (from objects.h), the error message changes to "ValueError: Unknown extension". >From looking into the source code to src/crypto/x509ext.c, it seems that the second error message is triggered by the extension not having any methods (?). Could somebody point me to more literature regarding X509 extensions in pyOpenSSL and/or provide some working examples for this? Thanks a lot, --ck