From sebvieira at gmail.com  Tue Apr  8 14:50:57 2008
From: sebvieira at gmail.com (Sebastian Vieira)
Date: Tue, 8 Apr 2008 14:50:57 +0200
Subject: [pyOpenSSL] Call for testing - pyOpenSSL 0.7a1
In-Reply-To: <20080322181158.6859.691484542.divmod.quotient.21755@ohm>
References: <20080322181158.6859.691484542.divmod.quotient.21755@ohm>
Message-ID: <279239c70804080550j3e89c047jbb5692bf88b57129@mail.gmail.com>

Hi,

I posted this msg to the ml some weeks ago (before your announcement), but
maybe it's worth posting it again now that development is active again:

-- begin original mail --
Now all works up to the point that i want to add an X509 extension. The
'Basic Constraints' extension works fine, but when i add another (or replace
it) like this:

extensions.append(crypto.X509Extension('basicConstraints',1, 'CA:true'))
extensions.append(crypto.X509Extension('nsComment', 0, 'OpenSSL Generated
Certificate'))
cert.add_extensions(extensions)


i get this error:

ValueError: Can't initialize exception

The same goes for

extensions.append(crypto.X509Extension('subjectKeyIdentifier', 0, 'hash'))


and authorityKeyIdentifier
-- end --

thanks,

S.

On Sat, Mar 22, 2008 at 8:11 PM, <exarkun at twistedmatrix.com> wrote:

> Greetings all,
>
> Over the past several weeks, I've been working on integrating patches from
> the issue tracker and fixing long-standing bugs in the 0.6 release.  I've
> gotten to the point where I think a release would be useful.  So I've put
> together an alpha of what will become 0.7.  You can find a source tarball
> or Windows Python 2.5 installers on the SourceForge download page.  Any
> testing and feedback anyone can provide would be greatly appreciated.
>  I'll
> probably aim for a final 0.7 release in between one to two weeks, barring
> any serious problems anyone may find.
>
> Thanks!
>
> Jean-Paul
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> pyopenssl-list mailing list
> pyopenssl-list at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/pyopenssl-list
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/pyopenssl-users/attachments/20080408/c77b359b/attachment.html>

From exarkun at divmod.com  Tue Apr  8 14:54:24 2008
From: exarkun at divmod.com (Jean-Paul Calderone)
Date: Tue, 8 Apr 2008 08:54:24 -0400
Subject: [pyOpenSSL] Call for testing - pyOpenSSL 0.7a1
In-Reply-To: <279239c70804080550j3e89c047jbb5692bf88b57129@mail.gmail.com>
Message-ID: <20080408125424.6859.91899085.divmod.quotient.26675@ohm>

On Tue, 8 Apr 2008 14:50:57 +0200, Sebastian Vieira <sebvieira at gmail.com> wrote:
>Hi,
>
>I posted this msg to the ml some weeks ago (before your announcement), but
>maybe it's worth posting it again now that development is active again:
>
>-- begin original mail --
>Now all works up to the point that i want to add an X509 extension. The
>'Basic Constraints' extension works fine, but when i add another (or replace
>it) like this:
>
>extensions.append(crypto.X509Extension('basicConstraints',1, 'CA:true'))
>extensions.append(crypto.X509Extension('nsComment', 0, 'OpenSSL Generated
>Certificate'))
>cert.add_extensions(extensions)
>
>
>i get this error:
>
>ValueError: Can't initialize exception
>
>The same goes for
>
>extensions.append(crypto.X509Extension('subjectKeyIdentifier', 0, 'hash'))
>
>
>and authorityKeyIdentifier
>-- end --
>
>thanks,
>

Thanks for following up on this.  I noticed your earlier post and did a
bit of investigation.  One thing I learned is that there's a think-o in
the exception message for this error case.  It says

    ValueError: Can't initialize exception

But the case which fails would really be better described by

    ValueError: Can't initialize extension

Unfortunately, I didn't make much progress beyond this.  However, I'm
aware of the issue and I'll keep working on it.  I don't know if a fix
will make it into 0.7, but I hope that any known issue which isn't
resolved in 0.7 will be resolved in 0.8.

Jean-Paul



From exarkun at divmod.com  Fri Apr 11 19:23:13 2008
From: exarkun at divmod.com (Jean-Paul Calderone)
Date: Fri, 11 Apr 2008 13:23:13 -0400
Subject: [pyOpenSSL] pyOpenSSL 0.7
In-Reply-To: 0
Message-ID: <20080411172541.6859.1858079706.divmod.quotient.28170@ohm>

pyOpenSSL is a wrapper around a subset of the OpenSSL API, including support
for X509 certificates, public and private keys, and and SSL connections.

pyOpenSSL 0.7 fixes a number of memory leaks and memory corruption issues.  It
also exposes several new OpenSSL APIs to Python:

  * SSL_get_shutdown and SSL_set_shutdown exposed as
    OpenSSL.SSL.Connection.get_shutdown and
    OpenSSL.SSL.Connection.set_shutdown
  * SSL_SENT_SHUTDOWN and SSL_RECEIVED_SHUTDOWN exposed
    as OpenSSL.SSL.SENT_SHUTDOWN and OpenSSL.SSL.RECEIVED_SHUTDOWN
  * X509_verify_cert_error_string exposed as
    OpenSSL.crypto.X509_verify_cert_error_string
  * X509.get_serial_number and X509.set_serial_number now accept
    long integers
  * Expose notBefore and notAfter on X509 certificates for
    inspection and mutation
  * Expose low-level X509Name state with X509Name.get_components
  * Expose hashing and DER access on X509Names

pyOpenSSL home page: http://pyopenssl.sourceforge.net/
pyOpenSSL downloads: http://sourceforge.net/project/showfiles.php?group_id=31249

Jean-Paul Calderone



From exarkun at divmod.com  Fri Apr 11 19:49:51 2008
From: exarkun at divmod.com (Jean-Paul Calderone)
Date: Fri, 11 Apr 2008 13:49:51 -0400
Subject: [pyOpenSSL] pyOpenSSL 0.7
In-Reply-To: 0
Message-ID: <20080411174951.6859.549213384.divmod.quotient.28179@ohm>

pyOpenSSL is a wrapper around a subset of the OpenSSL API, including support
for X509 certificates, public and private keys, and and SSL connections.

pyOpenSSL 0.7 fixes a number of memory leaks and memory corruption issues.  It
also exposes several new OpenSSL APIs to Python:

 * SSL_get_shutdown and SSL_set_shutdown exposed as
   OpenSSL.SSL.Connection.get_shutdown and
   OpenSSL.SSL.Connection.set_shutdown
 * SSL_SENT_SHUTDOWN and SSL_RECEIVED_SHUTDOWN exposed
   as OpenSSL.SSL.SENT_SHUTDOWN and OpenSSL.SSL.RECEIVED_SHUTDOWN
 * X509_verify_cert_error_string exposed as
   OpenSSL.crypto.X509_verify_cert_error_string
 * X509.get_serial_number and X509.set_serial_number now accept
   long integers
 * Expose notBefore and notAfter on X509 certificates for
   inspection and mutation
 * Expose low-level X509Name state with X509Name.get_components

pyOpenSSL home page: http://pyopenssl.sourceforge.net/
pyOpenSSL downloads: http://sourceforge.net/project/showfiles.php?group_id=31249

Jean-Paul Calderone