From krjackson at LBL.GOV Thu Dec 2 22:33:58 2004 From: krjackson at LBL.GOV (Keith Jackson) Date: Thu, 2 Dec 2004 22:33:58 +0100 Subject: [PYTHON-CRYPTO] python2.4 support Message-ID: I had a simple problem with building m2crypto with python2.4. The swig support in distutils has been upgraded, and that causes errors when building. The good news is, the new swig support works fine. I'm adding a patch that fixes setup.py to support python2.4. --keith ---------------- patch ----------------------- *** setup.py Thu Dec 2 14:19:06 2004 --- setup.py.orig Thu Dec 2 14:18:04 2004 *************** *** 8,14 **** _RCS_id = '$Id: setup.py,v 1.13 2004/03/28 11:30:01 ngps Exp $' ! import os, shutil, sys from distutils.core import setup, Extension from distutils.command import build_ext --- 8,14 ---- _RCS_id = '$Id: setup.py,v 1.13 2004/03/28 11:30:01 ngps Exp $' ! import os, shutil from distutils.core import setup, Extension from distutils.command import build_ext *************** *** 60,67 **** return new_sources ! if sys.version_info < (2,4): ! build_ext.build_ext.swig_sources = swig_sources my_inc = os.path.join(os.getcwd(), 'SWIG') --- 60,66 ---- return new_sources ! build_ext.build_ext.swig_sources = swig_sources my_inc = os.path.join(os.getcwd(), 'SWIG') From gdang1 at GMAIL.COM Tue Dec 7 21:33:12 2004 From: gdang1 at GMAIL.COM (G Dang) Date: Tue, 7 Dec 2004 21:33:12 +0100 Subject: [PYTHON-CRYPTO] m2crypto-0.13 problem Message-ID: Hi, Don't know if you've resolved your issue yet... I've ran into a similar problem, with the SMIME.smime_load_pkcs* routimes. Drove me nuts for awhile. The problem was within the OpenSSL code, but the darn SystemError wasn't being very helpful. A simple patch for the 2 routines: -p7_ptr, bio_ptr = m2.smime_read_pkcs7(bio) +try: + p7_ptr = None + bio_ptr = None + p7_ptr, bio_ptr = m2.smime_read_pkcs7(bio) # or (p7_bio.ptr()) +except SystemError, e: + pass will let the Err.get_error() handler does its job in backtracking where the problem could be. In my case, it turns out to be somewhere in the OpenSSL \crypto\pkcs7 modules -- someone merged broken codes into the ver 97d. I had to go through the change logs and CVS to grab back revision I needed. BTW, your .eml file still generated errors, something to do with the base64 decoding, the SMIME_read_PKCS7 calls tries to read and return a BIO, along the the P7 pointer. The SMIME.smime_load_pkcs() call did not return a BIO (None). Your encoded message could be bad? (or outstanding issue with OpenSSL?) GD From robert.penz at OUTERTECH.COM Wed Dec 8 10:42:22 2004 From: robert.penz at OUTERTECH.COM (Robert Penz) Date: Wed, 8 Dec 2004 10:42:22 +0100 Subject: [PYTHON-CRYPTO] m2crypto-0.13 problem Message-ID: <200412081042.29777.robert.penz@outertech.com> On Tuesday 07 December 2004 21:33, G Dang wrote: > Don't know if you've resolved your issue yet... > > I've ran into a similar problem, with the SMIME.smime_load_pkcs* routimes. > Drove me nuts for awhile. The problem was within the OpenSSL code, but > the darn SystemError wasn't being very helpful. A simple patch for the > 2 routines: > > -p7_ptr, bio_ptr = m2.smime_read_pkcs7(bio) > +try: > + p7_ptr = None > + bio_ptr = None > + p7_ptr, bio_ptr = m2.smime_read_pkcs7(bio) # or (p7_bio.ptr()) > +except SystemError, e: > + pass > > will let the Err.get_error() handler does its job in backtracking where > the problem could be. In my case, it turns out to be somewhere in the I'll can try that. > OpenSSL \crypto\pkcs7 modules -- someone merged broken codes into the > ver 97d. I had to go through the change logs and CVS to grab back > revision I needed. I tried it with more than one openssl version. > BTW, your .eml file still generated errors, something to do with the > base64 decoding, the SMIME_read_PKCS7 calls tries to read and return > a BIO, along the the P7 pointer. The SMIME.smime_load_pkcs() call > did not return a BIO (None). Your encoded message could be bad? (or > outstanding issue with OpenSSL?) i can decode it with smime_load_pkcs7() and also on the command line with openssl. with smime_load_pkcs7_bio I even can't load it, so i think its an interal error and not a openssl error. -- Regards, Robert ---------- Robert Penz robert dot penz at outertech dot com -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From ngps at NETMEMETIC.COM Thu Dec 9 02:58:15 2004 From: ngps at NETMEMETIC.COM (Ng Pheng Siong) Date: Thu, 9 Dec 2004 09:58:15 +0800 Subject: [PYTHON-CRYPTO] m2crypto basic question In-Reply-To: <41B799B9.5050605@lbl.gov> References: <41B799B9.5050605@lbl.gov> Message-ID: <20041209015815.GA907@vista.netmemetic.com> On Wed, Dec 08, 2004 at 04:18:01PM -0800, Monte Goode wrote: > but when i call X509.get_pubkey() - i can not figure out what to do with > the pointer that is returned. this is the point at which i get stuck. > so: is there a way to take the return value of X509.get_pubkey() and get > it into some sort of RSA_pub-like object so i can examine it's contents? X509.get_pubkey calls get_pubkey() in SWIG/_x509.i and returns an EVP_PKEY*. OpenSSL has function EVP_PKEY_get1_RSA which returns an RSA* from the EVP_PKEY*. This function isn't available in M2Crypto. Its wrapper should go into M2Crypt.EVP.PKey which has method assign_rsa - "Assign the RSA key pair to self". This method you want should be called, say, extract_rsa (and analogously extract_rsa_pub) - "Extract self's RSA keypair (pubkey) into an RSA.RSA (RSA.RSA_pub) instance". I thank you in advance for your patches. ;-) > or is there a simpler way using the api to verify that the certifiate > matches my keypair? Dunno, by trying to use the certificate together with the key pair? I can't estimate the programming effort off hand. HTH. Cheers. -- Ng Pheng Siong http://sandbox.rulemaker.net/ngps -+- M2Crypto, ZServerSSL for Zope, Blog http://www.sqlcrypt.com -+- Database Engine with Transparent AES Encryption From MMGoode at LBL.GOV Thu Dec 9 01:18:01 2004 From: MMGoode at LBL.GOV (Monte Goode) Date: Wed, 8 Dec 2004 16:18:01 -0800 Subject: [PYTHON-CRYPTO] m2crypto basic question Message-ID: <41B799B9.5050605@lbl.gov> greetings all, i had a question about the m2crypto library. i'm rather new to this sort of thing, so if this question is overly obvious, i do apologize. i'm using the m2crypto library to generate a keypair, then generate a x509 request using said keypair. then i send my request off to a CA which then issues a certificate based on my request. all of this works and using the m2crypto lib for this is great. however my trouble begins when i recieve my certificate. i would like to verify that the public key in the certificate matches the one in my keypair. (i've used the openssl command-line tool to verify that they do, in fact, match). i have no problem opening up the key pair, isolating the public key and looking at the pem format of it using m2crypto. however, my adventures with the certificate has not been as smooth. i load the certificate up in and X509 object w/out any trouble. and by using the various get_* methods verify that it is successful. but when i call X509.get_pubkey() - i can not figure out what to do with the pointer that is returned. this is the point at which i get stuck. so: is there a way to take the return value of X509.get_pubkey() and get it into some sort of RSA_pub-like object so i can examine it's contents? or is there a simpler way using the api to verify that the certifiate matches my keypair? any insight very appreciated. cheers all, monte From ngps at NETMEMETIC.COM Fri Dec 10 18:03:40 2004 From: ngps at NETMEMETIC.COM (Ng Pheng Siong) Date: Sat, 11 Dec 2004 01:03:40 +0800 Subject: [PYTHON-CRYPTO] python2.4 support In-Reply-To: References: Message-ID: <20041210170340.GA491@vista.netmemetic.com> On Thu, Dec 02, 2004 at 10:33:58PM +0100, Keith Jackson wrote: > I had a simple problem with building m2crypto with python2.4. The swig > support in distutils has been upgraded, and that causes errors when > building. The good news is, the new swig support works fine. I'm adding a > patch that fixes setup.py to support python2.4. Thanks. Committed (by Heikki). -- Ng Pheng Siong http://sandbox.rulemaker.net/ngps -+- M2Crypto, ZServerSSL for Zope, Blog http://www.sqlcrypt.com -+- Database Engine with Transparent AES Encryption From gdang1 at GMAIL.COM Wed Dec 15 17:00:38 2004 From: gdang1 at GMAIL.COM (G Dang) Date: Wed, 15 Dec 2004 17:00:38 +0100 Subject: [PYTHON-CRYPTO] m2crypto-0.13 problem Message-ID: Robert, This issue is neither a M2Crypto or OpenSSL bug. It's explained in this thread: http://www.mail-archive.com/openssl-dev at openssl.org/msg16733.html I struggled with this one as well. When using in memory BIO (ie. BIO.MemoryBuffer -> BIO_s_mem) with base64 encoded data, like an enveloped message, you'll need to call m2.bio_set_mem_eof_return(bio._ptr(), 0) after loading the bio. GD From robert.penz at OUTERTECH.COM Wed Dec 15 17:28:24 2004 From: robert.penz at OUTERTECH.COM (Robert Penz) Date: Wed, 15 Dec 2004 17:28:24 +0100 Subject: [PYTHON-CRYPTO] m2crypto-0.13 problem In-Reply-To: References: Message-ID: G Dang writes: > This issue is neither a M2Crypto or OpenSSL bug. It's explained > in this thread: > http://www.mail-archive.com/openssl-dev at openssl.org/msg16733.html > > I struggled with this one as well. When using in memory BIO > (ie. BIO.MemoryBuffer -> BIO_s_mem) with base64 encoded data, > like an enveloped message, you'll need to call > m2.bio_set_mem_eof_return(bio._ptr(), 0) > after loading the bio. cool .. thx that works from M2Crypto import BIO, SMIME, X509, m2 X-Mozilla-Status: 8000 X-Mozilla-Status2: 00000000 .... bio = BIO.MemoryBuffer(out) m2.bio_set_mem_eof_return(bio._ptr(), 0) p7, data = SMIME.smime_load_pkcs7_bio(bio) work now ... doesn't look that good to call m2 directly .. but it works .. big thx! From python-crypto at CHOPIN.SGH.WAW.PL Sun Dec 19 05:09:31 2004 From: python-crypto at CHOPIN.SGH.WAW.PL (Piotr Kucharski) Date: Sun, 19 Dec 2004 05:09:31 +0100 Subject: [PYTHON-CRYPTO] SSL.Context('tlsv1'): unhashable type Message-ID: I'm sorry for probably lame question, but I wanted to install cjc (python jabber client), which uses pyxmpp, which requires m2crypto for TLS connections. Unfortunately when trying to run such, I get error: File "pyxmpp/streamtls.py", line 274, in _make_tls_connection ctx=SSL.Context('tlsv1') File "M2Crypto/SSL/Context.py", line 41, in __init__ map()[self.ctx] = self File "M2Crypto/SSL/Context.py", line 20, in __setitem__ self.map[key] = value TypeError: unhashable type python 2.3.4, m2crypt 0.13.1 What is wrong? From ngps at NETMEMETIC.COM Thu Dec 23 02:30:45 2004 From: ngps at NETMEMETIC.COM (Ng Pheng Siong) Date: Thu, 23 Dec 2004 09:30:45 +0800 Subject: [PYTHON-CRYPTO] SSL.Context('tlsv1'): unhashable type In-Reply-To: References: Message-ID: <20041223013045.GA935@vista.netmemetic.com> On Sun, Dec 19, 2004 at 05:09:31AM +0100, Piotr Kucharski wrote: > I'm sorry for probably lame question, but I wanted to install cjc (python > jabber client), which uses pyxmpp, which requires m2crypto for TLS > connections. Unfortunately when trying to run such, I get error: > File "pyxmpp/streamtls.py", line 274, in _make_tls_connection > ctx=SSL.Context('tlsv1') > File "M2Crypto/SSL/Context.py", line 41, in __init__ > map()[self.ctx] = self > File "M2Crypto/SSL/Context.py", line 20, in __setitem__ > self.map[key] = value > TypeError: unhashable type This __setitem__ operation happens very frequently. I run my echo servers and clients at will and have not encountered this. I'd suggest some strange goings in the file streamtls.py... Where to download that? This link gives me "url redirection limit exceeded": http://pyxmpp.jabberstudio.org/ -- Ng Pheng Siong http://sandbox.rulemaker.net/ngps -+- M2Crypto, ZServerSSL for Zope, Blog http://www.sqlcrypt.com -+- Database Engine with Transparent AES Encryption From ngps at NETMEMETIC.COM Thu Dec 23 03:09:26 2004 From: ngps at NETMEMETIC.COM (Ng Pheng Siong) Date: Thu, 23 Dec 2004 10:09:26 +0800 Subject: [PYTHON-CRYPTO] SSL.Context('tlsv1'): unhashable type In-Reply-To: <20041223014800.GB24917@sgh.waw.pl> References: <20041223013045.GA935@vista.netmemetic.com> <20041223014800.GB24917@sgh.waw.pl> Message-ID: <20041223020926.GA1176@vista.netmemetic.com> On Thu, Dec 23, 2004 at 02:48:00AM +0100, Piotr KUCHARSKI wrote: > I managed to fix the problem. Weird as it is, I uninstalled m2crypto, > uinstalled swig-1.3.24, installed swig-1.3.23 and installed m2crypto > again from scratch. It works now. I think you could mention this > incompatibility in your docs (or update to make it work). Ah, ok. I'm still at SWIG 1.3.21. Didn't realise there have been several new versions already... I'll check it out. Also, I think I will stick a good copy of the SWIG-generated C code around in the next distribution. -- Ng Pheng Siong http://sandbox.rulemaker.net/ngps -+- M2Crypto, ZServerSSL for Zope, Blog http://www.sqlcrypt.com -+- Database Engine with Transparent AES Encryption From ngps at NETMEMETIC.COM Thu Dec 23 04:37:40 2004 From: ngps at NETMEMETIC.COM (Ng Pheng Siong) Date: Thu, 23 Dec 2004 11:37:40 +0800 Subject: [PYTHON-CRYPTO] Heads Up: 0.15 branch for M2Crypto Message-ID: <20041223033740.GA8701@vista.netmemetic.com> Hi, A cursory glance at SWIG 1.3.24 indicates it needs to touch every .i file in M2Crypto for some cosmetic change. As such I've created a new branch - 0.15 - on the SVN repository for the purpose of SWIG 1.3.24 compatibility. http://svn.osafoundation.org/m2crypto/branches/0.15/ I'll send another update when SWIG 1.3.24 changes are complete. Cheers. -- Ng Pheng Siong http://sandbox.rulemaker.net/ngps -+- M2Crypto, ZServerSSL for Zope, Blog http://www.sqlcrypt.com -+- Database Engine with Transparent AES Encryption From conrad at HEP.CALTECH.EDU Tue Dec 28 17:57:47 2004 From: conrad at HEP.CALTECH.EDU (Conrad Steenberg) Date: Tue, 28 Dec 2004 08:57:47 -0800 Subject: [PYTHON-CRYPTO] Two utility patches Message-ID: <1104253067.17736.13.camel@heppc22.hep.caltech.edu> Hi Attached are two small patches that I've found useful and maintained for a while. I'd like to submit these for possible inclusion in the main tree. - The first patch wraps the library call int X509_verify(X509 *a, EVP_PKEY *r); and makes it available in the X509.X509 class. - The second provides a method to extract an RSA struct out of an EVP_PKEY struct, wrapping the library call RSA *EVP_PKEY_get1_RSA(EVP_PKEY *); These should obviously be adapted for the 0.15 branch eventually. Comments? Cheers Conrad -------------- next part -------------- A non-text attachment was scrubbed... Name: m2crypto-0.13.verify.diff Type: text/x-patch Size: 1264 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: m2crypto-0.11.getkey.diff Type: text/x-patch Size: 711 bytes Desc: not available URL: