[pyOpenSSL] Verification of SSL Signature

[James Clemence]

Hi,

I believe that as of 0.11, pyOpenSSL has started supporting the
verification of signatures. I am working on a project which was
started by someone else using M2Crypto. M2Crypto is really painful to
include on platforms such as Heroku as it requires the use of SWIG.
Consequently I am trying to remove the dependency on M2Crypto and
replace with pyOpenSSL which is easy to install via Pip, and doesn't
require custom buildpacks and more which SWIG-related things do.

The link to the original code is
[here](https://github.com/pyroven/django-pyroven) and requires a
reasonably significant refactoring, as it falls a long way from 12
Factor App ideals. However, I wanted to know whether I was on the
right track for replacing the M2Crypto functions, which at present
consist:

key = cert.get_pubkey() # Cert is an M2Crypto X509 object
key = key.get_rsa()
ret = key.verify(hashed, self.sig)
if ret != 1:
    # Cert invalid ... etc.

I tried to replace this with:

crypto.verify(cert, self.sig, hashed, 'sha1') # cert X509 object from
crypto.load_certificate()

Which I had assumed was roughly equivalent to the above, but I wonder
whether I got the wrong end of the stick having read through the
source as to what crypto.verify was actually doing.

At the present time I end up with the Exception:

[('rsa routines', 'RSA_verify', 'bad signature')]

Which is difficult to tell whether the code is right and the
hash/verification is correctly failing, or whether I'm actually doing
something which is fundamentally incorrect.

Thanks for your help!

J