From morgan.s.reed at gmail.com Thu Oct 16 03:16:34 2008 From: morgan.s.reed at gmail.com (Morgan Reed) Date: Thu, 16 Oct 2008 12:16:34 +1100 Subject: [pyOpenSSL] Patch submission process Message-ID: Hi all, I've been working on extending the PyOpenSSL bindings to accommodate my needs over the past week or so, essentially building an interface to some of the low-level RSA functions. Thus far I've wrapped RSA_generate_key RSA_public_encrypt, RSA_private_encrypt, RSA_public_decrypt, RSA_private_decrypt, I'm planning completing my RSA_sign and RSA_verify wrappers in the next couple of days. Just wondering how I should go about submitting the new files an required patches (I'm extending the 0.8a1 codebase). Thanks, Morgan Reed From exarkun at divmod.com Thu Oct 16 03:21:36 2008 From: exarkun at divmod.com (Jean-Paul Calderone) Date: Wed, 15 Oct 2008 21:21:36 -0400 Subject: [pyOpenSSL] Patch submission process In-Reply-To: Message-ID: <20081016012136.29191.1687544780.divmod.quotient.39062@ohm> On Thu, 16 Oct 2008 12:16:34 +1100, Morgan Reed wrote: >Hi all, > > I've been working on extending the PyOpenSSL bindings to >accommodate my needs over the past week or so, essentially building an >interface to some of the low-level RSA functions. > >Thus far I've wrapped RSA_generate_key RSA_public_encrypt, >RSA_private_encrypt, RSA_public_decrypt, RSA_private_decrypt, I'm >planning completing my RSA_sign and RSA_verify wrappers in the next >couple of days. > >Just wondering how I should go about submitting the new files an >required patches (I'm extending the 0.8a1 codebase). > Patches attached to tickets in Launchpad are good. bzr branches are also good. Changes with unit tests and documentation are best. :) Jean-Paul From morgan.s.reed at gmail.com Thu Oct 16 12:52:06 2008 From: morgan.s.reed at gmail.com (Morgan Reed) Date: Thu, 16 Oct 2008 21:52:06 +1100 Subject: [pyOpenSSL] Patch submission process In-Reply-To: <20081016012136.29191.1687544780.divmod.quotient.39062@ohm> References: <20081016012136.29191.1687544780.divmod.quotient.39062@ohm> Message-ID: On Thu, Oct 16, 2008 at 12:21 PM, Jean-Paul Calderone wrote: > Patches attached to tickets in Launchpad are good. bzr branches are also > good. Changes with unit tests and documentation are best. :) No worries, is there a preferred patch format? (just give me a GNU diff commandline ;oD ) I've done the doco, I'll do unit tests for what I have so far shortly. I'll look at putting a branch up on launchpad. Thanks From exarkun at divmod.com Thu Oct 16 13:24:49 2008 From: exarkun at divmod.com (Jean-Paul Calderone) Date: Thu, 16 Oct 2008 07:24:49 -0400 Subject: [pyOpenSSL] Patch submission process In-Reply-To: Message-ID: <20081016112449.29191.1962261143.divmod.quotient.39137@ohm> On Thu, 16 Oct 2008 21:52:06 +1100, Morgan Reed wrote: >On Thu, Oct 16, 2008 at 12:21 PM, Jean-Paul Calderone > wrote: >> Patches attached to tickets in Launchpad are good. bzr branches are also >> good. Changes with unit tests and documentation are best. :) > >No worries, is there a preferred patch format? (just give me a GNU >diff commandline ;oD ) diff -u, please. :) >I've done the doco, I'll do unit tests for what I have so far shortly. > >I'll look at putting a branch up on launchpad. > Cool. Looking forward to it. :) Jean-Paul From morgan.s.reed at gmail.com Thu Oct 16 14:33:40 2008 From: morgan.s.reed at gmail.com (Morgan Reed) Date: Thu, 16 Oct 2008 23:33:40 +1100 Subject: [pyOpenSSL] Patch submission process In-Reply-To: <20081016112449.29191.1962261143.divmod.quotient.39137@ohm> References: <20081016112449.29191.1962261143.divmod.quotient.39137@ohm> Message-ID: On Thu, Oct 16, 2008 at 10:24 PM, Jean-Paul Calderone wrote: > Cool. Looking forward to it. :) Branch is now up on launchpad (mr-RSAadditions), haven't completed the unit tests yet, they'll have to wait until tomorrow. With regards to the unit tests, how do I go about executing them? From exarkun at divmod.com Thu Oct 16 14:40:02 2008 From: exarkun at divmod.com (Jean-Paul Calderone) Date: Thu, 16 Oct 2008 08:40:02 -0400 Subject: [pyOpenSSL] Patch submission process In-Reply-To: Message-ID: <20081016124002.29191.1602839831.divmod.quotient.39145@ohm> On Thu, 16 Oct 2008 23:33:40 +1100, Morgan Reed wrote: >On Thu, Oct 16, 2008 at 10:24 PM, Jean-Paul Calderone > wrote: >> Cool. Looking forward to it. :) > >Branch is now up on launchpad (mr-RSAadditions), haven't completed the >unit tests yet, they'll have to wait until tomorrow. > >With regards to the unit tests, how do I go about executing them? > Any xUnit runner should do. I use Twisted's `trial?. Unfortunately the repository layout is not friendly to unit testing (re-arranging it is on my todo list), so you have to actually install your development version in order to test it. I typically install it to a scratch directory. eg, $ python setup.py install --prefix /tmp/pyOpenSSL-test ... $ PYTHONPATH=/tmp/pyOpenSSL-test/lib/python2.5/site-packages/:$PYTHONPATH python -c 'import OpenSSL; print OpenSSL' $ PYTHONPATH=/tmp/pyOpenSSL-test/lib/python2.5/site-packages/:$PYTHONPATH trial OpenSSL ... PASSED (successes=36) $ Jean-Paul From morgan.s.reed at gmail.com Fri Oct 17 15:07:29 2008 From: morgan.s.reed at gmail.com (Morgan Reed) Date: Sat, 18 Oct 2008 00:07:29 +1100 Subject: [pyOpenSSL] Unit tests Message-ID: I've started writing unit tests for my additions now, I've got an issue though, I've updated test_crypto.py changes summarised below; ================================================ from OpenSSL.crypto import RSA, RSAType ... class RSATests(TestCase, _Python23TestCaseHelper): def test_construction(self): """ L{RSA} takes no arguments and returns an instance of L{RSAType}. """ rsaobj = RSA() self.assertTrue( isinstance(rsaobj, RSAType), "%r is of type %r, should be %r" % (rsaobj, type(rsaobj), RSAType)) def test_generate_key(self): """ L{generate_key} generates a new RSA key the given size and stores it in the internal structure """ bits = 1024 rsaobj = RSA() rsaobj.generate_key(bits) self.assertEqual(rsaobj.key_bits(), bits) ================================================ When I execute the tests only test_construction is being executed (or it's the only one appearing in the log), is there anything I need to do besides defining the test method in the test class? (apologies for the basic questions, I've never done automated unit testing in python before) Thanks, Morgan From exarkun at divmod.com Fri Oct 17 15:33:15 2008 From: exarkun at divmod.com (Jean-Paul Calderone) Date: Fri, 17 Oct 2008 09:33:15 -0400 Subject: [pyOpenSSL] Unit tests In-Reply-To: Message-ID: <20081017133315.29191.476236168.divmod.quotient.40853@ohm> On Sat, 18 Oct 2008 00:07:29 +1100, Morgan Reed wrote: >I've started writing unit tests for my additions now, I've got an >issue though, I've updated test_crypto.py changes summarised below; > >================================================ > >from OpenSSL.crypto import RSA, RSAType > >... > >class RSATests(TestCase, _Python23TestCaseHelper): > > def test_construction(self): > """ > L{RSA} takes no arguments and returns an instance of L{RSAType}. > """ > rsaobj = RSA() > self.assertTrue( > isinstance(rsaobj, RSAType), > "%r is of type %r, should be %r" % (rsaobj, > type(rsaobj), > RSAType)) > > def test_generate_key(self): > """ > L{generate_key} generates a new RSA key the given size and stores it in > the internal structure > """ > bits = 1024 > rsaobj = RSA() > rsaobj.generate_key(bits) > self.assertEqual(rsaobj.key_bits(), bits) > >================================================ > >When I execute the tests only test_construction is being executed (or >it's the only one appearing in the log), is there anything I need to >do besides defining the test method in the test class? (apologies for >the basic questions, I've never done automated unit testing in python >before) > The code you included looks right. I would certainly expect two tests to be run, test_construction and test_generate_key, if I ran a command like "trial OpenSSL.test.test_crypto.RSATests", after doing the needed song and dance to get the code and tests into a state where they could be imported. Jean-Paul From morgan.s.reed at gmail.com Sat Oct 18 10:45:06 2008 From: morgan.s.reed at gmail.com (Morgan Reed) Date: Sat, 18 Oct 2008 19:45:06 +1100 Subject: [pyOpenSSL] Unit tests In-Reply-To: <20081017133315.29191.476236168.divmod.quotient.40853@ohm> References: <20081017133315.29191.476236168.divmod.quotient.40853@ohm> Message-ID: On Sat, Oct 18, 2008 at 12:33 AM, Jean-Paul Calderone wrote: > The code you included looks right. I would certainly expect two tests > to be run, test_construction and test_generate_key, if I ran a command > like "trial OpenSSL.test.test_crypto.RSATests", after doing the needed > song and dance to get the code and tests into a state where they could > be imported. Still no joy, I've written a couple of further tests and none of them are running (except test_construction as previously). ======================== ..... testPlaintext = "testing" ..... class RSATests(TestCase, _Python23TestCaseHelper): ..... def test_public_encrypt(self): """ L{public_encrypt} generates a new key and encrypts a static value with the public key, then decrypts it with the private and compare the result """ bits = 1024 rsaobj = RSA() rsaobj.generate_key(bits) crypt = rsaobj.public_encrypt(testPlaintext) decrypt = rsaobj.private_decrypt(crypt) self.assertEqual(decrypt, testPlaintext) def test_private_encrypt(self): """ L{private_encrypt} generates a new key and encrypts a static value with the private key, then decrypts it with the public and compares the result """ bits = 1024 rsaobj = RSA() rsaobj.generate_key(bits) crypt = rsaobj.private_encrypt(testPlaintext) decrypt = rsaobj.public_decrypt(crypt) self.assertEqual(decrypt, testPlaintext) ======================== This is the script I'm using to execute the tests ======================== #!/bin/sh python setup.py install --prefix=/tmp/pyOpenSSL-test PYTHONPATH=/tmp/pyOpenSSL-test/lib/python2.5/site-packages/:$PYTHONPATH python -c 'import OpenSSL; print OpenSSL' PYTHONPATH=/tmp/pyOpenSSL-test/lib/python2.5/site-packages/:$PYTHONPATH trial OpenSSL ======================== And the output ======================== ..... test_rsaGeneration ... [OK] RSATests test_construction ... [OK] X509NameTests ..... ======================== Any suggestions would be greatly appreciated, I've pushed the latest revision if anybody wants to look at the code in situ Thanks, Morgan From andres.riancho at gmail.com Sun Oct 19 20:36:50 2008 From: andres.riancho at gmail.com (Andres Riancho) Date: Sun, 19 Oct 2008 16:36:50 -0200 Subject: [pyOpenSSL] stunnel in pyopenssl Message-ID: List, Hi! I'm a complete pyopenssl newbie, so bare with me please =) I'm looking for a project, code snippet, or something to get me started in the writing of a "stunnel clone" with python + pyopenssl. What I'm trying to do is not a complete stunnel port,but just one of the use cases: SSL client <----> pyopenssl <----> non-ssl capable server Anyone has ideas, experiences, or a link to show me how this is done using pyopenssl? Cheers, -- Andres Riancho http://w3af.sourceforge.net/ Web Application Attack and Audit Framework From scott.simpson at rackspace.com Mon Oct 20 17:14:58 2008 From: scott.simpson at rackspace.com (Scott Simpson) Date: Mon, 20 Oct 2008 10:14:58 -0500 Subject: [pyOpenSSL] PKCS7 and extracting certs Message-ID: <21027_1224515698_m9KFEwJA000817_F3B1FF9A-8604-4D5D-9110-9DCB82A7AB73@rackspace.com> I have a bunch of PKCS7 certificates that i can pull apart with the openssl command line app, but when i load them with pyOpenSSL i just get a PKCS7 object with only a few methods, none which allow me to extract the certificates. Is there a way to get the certs from that object? Thanks! Confidentiality Notice: This e-mail message (including any attached or embedded documents) is intended for the exclusive and confidential use of the individual or entity to which this message is addressed, and unless otherwise expressly indicated, is confidential and privileged information of Rackspace. Any dissemination, distribution or copying of the enclosed material is prohibited. If you receive this transmission in error, please notify us immediately by e-mail at abuse at rackspace.com, and delete the original message. Your cooperation is appreciated. From morgan.s.reed at gmail.com Sat Oct 25 14:22:02 2008 From: morgan.s.reed at gmail.com (Morgan Reed) Date: Sat, 25 Oct 2008 23:22:02 +1100 Subject: [pyOpenSSL] PKCS7 and extracting certs In-Reply-To: <21027_1224515698_m9KFEwJA000817_F3B1FF9A-8604-4D5D-9110-9DCB82A7AB73@rackspace.com> References: <21027_1224515698_m9KFEwJA000817_F3B1FF9A-8604-4D5D-9110-9DCB82A7AB73@rackspace.com> Message-ID: On Tue, Oct 21, 2008 at 2:14 AM, Scott Simpson wrote: > I have a bunch of PKCS7 certificates that i can pull apart with the > openssl command line app, but when i load them with pyOpenSSL i just > get a PKCS7 object with only a few methods, none which allow me to > extract the certificates. Is there a way to get the certs from that > object? Currently the implementation of pyOpenSSL is essentially only geared for working with SSL connections (as opposed to certificate management), there's some development in other areas too but none that I know of relating specifically to PKCS7. What exactly are you trying to do? Morgan