From shahaf at gmail.com Thu Jun 5 17:06:30 2014 From: shahaf at gmail.com (Shahaf Abileah) Date: Thu, 5 Jun 2014 08:06:30 -0700 Subject: [pyOpenSSL-Users] New OpenSSL vulnerabilities (not heartbleed) Message-ID: I hear that new vulnerabilities were discovered in OpenSSL: http://www.zdnet.com/openssl-fixes-another-severe-vulnerability-7000030253/ Is there a need to patch pyopenssl? Or is pyopenssl simply a python wrapper and the problem lies only in the underlying openssl library? thanks, --Shahaf -- http://twitter.com/shahafabileah -------------- next part -------------- An HTML attachment was scrubbed... URL: From hs at ox.cx Fri Jun 6 20:36:39 2014 From: hs at ox.cx (Hynek Schlawack) Date: Fri, 6 Jun 2014 20:36:39 +0200 Subject: [pyOpenSSL-Users] New OpenSSL vulnerabilities (not heartbleed) In-Reply-To: References: Message-ID: <4287CEE7-F090-4DB7-BCE7-943D779A7301@ox.cx> Hi, generally speaking OpenSSL bugs are mitigated by updating OpenSSL. Due to dynamic linking, neither pyOpenSSL nor PyCa cryptography (which is the actual library wrapper from 0.14 on) require special actions. You have to restart your server daemons after the OpenSSL update though. Regards, ?h Sent from my phone. > Am 05.06.2014 um 17:06 schrieb Shahaf Abileah : > > I hear that new vulnerabilities were discovered in OpenSSL: > http://www.zdnet.com/openssl-fixes-another-severe-vulnerability-7000030253/ > > Is there a need to patch pyopenssl? Or is pyopenssl simply a python wrapper and the problem lies only in the underlying openssl library? > > thanks, > > --Shahaf > > -- > > http://twitter.com/shahafabileah > > _______________________________________________ > pyopenssl-users mailing list > pyopenssl-users at python.org > https://mail.python.org/mailman/listinfo/pyopenssl-users -------------- next part -------------- An HTML attachment was scrubbed... URL: From info at egenix.com Mon Jun 9 13:55:33 2014 From: info at egenix.com (eGenix Team: M.-A. Lemburg) Date: Mon, 09 Jun 2014 13:55:33 +0200 Subject: [pyOpenSSL-Users] ANN: eGenix pyOpenSSL Distribution 0.13.3.1.0.1.8 Message-ID: <5395A0B5.9020409@egenix.com> ________________________________________________________________________ ANNOUNCING eGenix.com pyOpenSSL Distribution Version 0.13.3.1.0.1.8 An easy-to-install and easy-to-use distribution of the pyOpenSSL Python interface for OpenSSL - available for Windows, Mac OS X and Unix platforms This announcement is also available on our web-site for online reading: http://www.egenix.com/company/news/eGenix-pyOpenSSL-Distribution-0.13.3.1.0.1.8.html ________________________________________________________________________ INTRODUCTION The eGenix.com pyOpenSSL Distribution includes everything you need to get started with SSL in Python. It comes with an easy-to-use installer that includes the most recent OpenSSL library versions in pre-compiled form, making your application independent of OS provided OpenSSL libraries: http://www.egenix.com/products/python/pyOpenSSL/ pyOpenSSL is an open-source Python add-on that allows writing SSL/TLS- aware network applications as well as certificate management tools: https://launchpad.net/pyopenssl/ OpenSSL is an open-source implementation of the SSL/TLS protocol: http://www.openssl.org/ ________________________________________________________________________ NEWS This new release of the eGenix.com pyOpenSSL Distribution updates the included OpenSSL version to the latest OpenSSL 1.0.1h version and adds a few more context options: New in OpenSSL -------------- * Updated included OpenSSL libraries from OpenSSL to 1.0.1h. See http://www.openssl.org/news/secadv_20140605.txt for a complete list of changes, most important: - CVE-2014-0224: An attacker can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. - CVE-2014-0221: By sending an invalid DTLS handshake to an OpenSSL DTLS client the code can be made to recurse eventually crashing in a DoS attack. Only applications using OpenSSL as a DTLS client are affected. - CVE-2014-3470: OpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a DoS attack. New in pyOpenSSL ---------------- * Added the following new options for context.set_options(): OP_TLSEXT_PADDING, OP_SAFARI_ECDHE_ECDSA_BUG, OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION, OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION. * Documented all supported context.set_options() options (to the extent possible using the OpenSSL documentation itself). pyOpenSSL / OpenSSL Binaries Included ------------------------------------- In addition to providing sources, we make binaries available that include both pyOpenSSL and the necessary OpenSSL libraries for all supported platforms: Windows x86 and x64, Linux x86 and x64, Mac OS X PPC, x86 and x64. We've also added egg-file distribution versions of our eGenix.com pyOpenSSL Distribution for Windows, Linux and Mac OS X to the available download options. These make setups using e.g. zc.buildout and other egg-file based installers a lot easier. ________________________________________________________________________ DOWNLOADS The download archives and instructions for installing the package can be found at: http://www.egenix.com/products/python/pyOpenSSL/ ________________________________________________________________________ UPGRADING Before installing this version of pyOpenSSL, please make sure that you uninstall any previously installed pyOpenSSL version. Otherwise, you could end up not using the included OpenSSL libs. _______________________________________________________________________ SUPPORT Commercial support for these packages is available from eGenix.com. Please see http://www.egenix.com/services/support/ for details about our support offerings. ________________________________________________________________________ MORE INFORMATION For more information about the eGenix pyOpenSSL Distribution, licensing and download instructions, please visit our web-site or write to sales at egenix.com. Enjoy, -- Marc-Andre Lemburg eGenix.com Professional Python Services directly from the Source (#1, Jun 09 2014) >>> Python Projects, Consulting and Support ... http://www.egenix.com/ >>> mxODBC.Zope/Plone.Database.Adapter ... http://zope.egenix.com/ >>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/ ________________________________________________________________________ 2014-05-28: Released mxODBC.Connect 2.1.0 ... http://egenix.com/go56 2014-07-02: Python Meeting Duesseldorf ... 23 days to go ::::: Try our mxODBC.Connect Python Database Interface for free ! :::::: eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 http://www.egenix.com/company/contact/ From seanstozki at me.com Wed Jun 25 17:30:12 2014 From: seanstozki at me.com (Sean Stozki) Date: Wed, 25 Jun 2014 15:30:12 +0000 (GMT) Subject: [pyOpenSSL-Users] Error when installing Message-ID: <4b6749cf-a101-468c-99c0-633e71a2dd72@me.com> As a follow up to my post on github. I have using Cygwin64 currently. I have tried to install this on a windows 7 machine as well and have been getting different errors: Cygwin64 This was the first error $ python alarmserver.py Traceback (most recent call last): File "alarmserver.py", line 18, in from twisted.internet import ssl, reactor File "/usr/lib/python2.7/site-packages/twisted/internet/ssl.py", line 25, in from OpenSSL import SSL File "/home/Sean/.local/lib/python2.7/site-packages/pyOpenSSL-0.14-py2.7.egg/OpenSSL/init.py", line 8, in from OpenSSL import rand, crypto, SSL File "/home/Sean/.local/lib/python2.7/site-packages/pyOpenSSL-0.14-py2.7.egg/OpenSSL/rand.py", line 11, in from OpenSSL._util import ( File "/home/Sean/.local/lib/python2.7/site-packages/pyOpenSSL-0.14-py2.7.egg/OpenSSL/_util.py", line 3, in from cryptography.hazmat.bindings.openssl.binding import Binding ImportError: No module named cryptography.hazmat.bindings.openssl.binding I tried to install cryptography manually and not i am getting this error:? Processing cffi-0.8.2.tar.gz Writing /tmp/easy_install-ocKWq_/cryptography-0.4/temp/easy_install-POm42x/cffi-0.8.2/setup.cfg Running cffi-0.8.2/setup.py -q bdist_egg --dist-dir /tmp/easy_install-ocKWq_/cryptography-0.4/temp/easy_install-POm42x/cffi-0.8.2/egg-dist-tmp-XAtpPb cc -c c/check__thread.c -o c/check__thread.o unable to execute cc: No such file or directory the above error message can be safely ignored; will not use '__thread' in the C code unable to execute gcc: No such file or directory error: Setup script exited with error: command 'gcc' failed with exit status 1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From exarkun at twistedmatrix.com Wed Jun 25 18:47:27 2014 From: exarkun at twistedmatrix.com (exarkun at twistedmatrix.com) Date: Wed, 25 Jun 2014 16:47:27 -0000 Subject: [pyOpenSSL-Users] Error when installing (Windows 7) In-Reply-To: <4b6749cf-a101-468c-99c0-633e71a2dd72@me.com> References: <4b6749cf-a101-468c-99c0-633e71a2dd72@me.com> Message-ID: <20140625164727.8005.1585811946.divmod.xquotient.8@top> On 03:30 pm, seanstozki at me.com wrote: >As a follow up to my post on github. >I have using Cygwin64 currently. I have tried to install this on a >windows 7 machine as well and have been getting different errors: Cygwin64? Does that mean you built your own Python? Or downloaded an alternate Python version built with/for Cygwin64? pyOpenSSL is not tested against any kind of cygwin configuration. As far as I know, cryptography, pyOpenSSL's principle dependency, also is not tested in such a configuration. This may mean you have some issues to find and fix yourself. >Cygwin64 > >This was the first error > >$ python alarmserver.py >Traceback (most recent call last): >File "alarmserver.py", line 18, in >from twisted.internet import ssl, reactor >File "/usr/lib/python2.7/site-packages/twisted/internet/ssl.py", line >25, in >from OpenSSL import SSL >File "/home/Sean/.local/lib/python2.7/site- >packages/pyOpenSSL-0.14-py2.7.egg/OpenSSL/init.py", line 8, in >from OpenSSL import rand, crypto, SSL >File "/home/Sean/.local/lib/python2.7/site- >packages/pyOpenSSL-0.14-py2.7.egg/OpenSSL/rand.py", line 11, in >from OpenSSL._util import ( >File "/home/Sean/.local/lib/python2.7/site- >packages/pyOpenSSL-0.14-py2.7.egg/OpenSSL/_util.py", line 3, in >from cryptography.hazmat.bindings.openssl.binding import Binding >ImportError: No module named >cryptography.hazmat.bindings.openssl.binding > >I tried to install cryptography manually and not i am getting this >error:? > >Processing cffi-0.8.2.tar.gz Writing /tmp/easy_install- >ocKWq_/cryptography-0.4/temp/easy_install-POm42x/cffi-0.8.2/setup.cfg >Running cffi-0.8.2/setup.py -q bdist_egg --dist-dir /tmp/easy_install- >ocKWq_/cryptography-0.4/temp/easy_install-POm42x/cffi-0.8.2/egg-dist- >tmp- XAtpPb cc -c c/check__thread.c -o c/check__thread.o unable to >execute cc: No such file or directory the above error message can be >safely ignored; will not use '__thread' in the C code unable to execute >gcc: No such file or directory error: Setup script exited with error: >command 'gcc' failed with exit status 1 This line: >unable to execute gcc: No such file or directory seems to suggest that you are missing a compiler or your environment is configured in such a way that distutils cannot find your compiler. For pyOpenSSL on Windows, I recommend using the official python.org Python build/distribution and installing the pre-built packages of pyOpenSSL and cryptography (available at https://pypi.python.org/pypi/pyopenssl and https://pypi.python.org/pypi/cryptography - or try `pip install pyOpenSSL`). Jean-Paul