From beepandbop at YAHOO.COM Fri Sep 3 23:43:34 2004 From: beepandbop at YAHOO.COM (Jon Doe) Date: Fri, 3 Sep 2004 23:43:34 +0200 Subject: [PYTHON-CRYPTO] m2crypto Segmentation Fault Message-ID: Hello, I wrote a python script that contacts an https apache server, hands the sever its cert, so that the server can verify the machine, and then proceeds to download a file from the server. The script works perfectly when the key contained in the x509 (.pem) certificate is valid. However, when the key for a certificate is not valid(ie, when certs are mixed up) m2crypto gives a seg fault. I did gdb on the script, and traced the problem to the m2crypto function SSL_FREE(). That function is where the seg fault occurs.Does anyone have any ideas how to get around that bug? (The code for my script is posted below) #!/usr/bin/python import sys import string from M2Crypto import SSL, httpslib, X509 X-Mozilla-Status: 8000 X-Mozilla-Status2: 00000000 def get_URL(cert_name): cert=X509.load_cert(cert_name) try: url=cert.get_subject().__str__() except: print '%s corrupted or generated inccorectly' %(cert_name) #URL is on the right side of the = sign url=string.split(url, "=")[1] return url def get_ISO(certname,fname): ctx = SSL.Context('sslv3') ctx.load_client_ca(certname) ctx.load_cert(certname) #Uncommenting the line below will #cause Segmentation faults #ctx.set_info_callback() url=get_URL(certname) host=string.split(url, "/")[0] h = httpslib.HTTPSConnection(host, 443,ssl_context=ctx) h.set_debuglevel(0) arg="" for i in string.split(url, "/")[1:]: arg=arg+"/"+i h.putrequest('GET', arg) h.putheader('Accept', 'text/html') h.putheader('Accept', 'text/plain') h.putheader('Connection', 'close') h.endheaders() resp = h.getresponse() file=open(fname, 'wb') f = resp.fp while 1: data = resp.read(1024) if not data: break file.write(data) file.flush() f.close() h.close() From beepandbop at YAHOO.COM Fri Sep 3 23:45:04 2004 From: beepandbop at YAHOO.COM (Jon Doe) Date: Fri, 3 Sep 2004 23:45:04 +0200 Subject: [PYTHON-CRYPTO] m2crypto Segmentation Fault Message-ID: Hello, I wrote a python script that contacts an https apache server, hands the sever its cert, so that the server can verify the machine, and then proceeds to download a file from the server. The script works perfectly when the key contained in the x509 (.pem) certificate is valid. However, when the key for a certificate is not valid(ie, when certs are mixed up) m2crypto gives a seg fault. I did gdb on the script, and traced the problem to the m2crypto function SSL_FREE(). That function is where the seg fault occurs.Does anyone have any ideas how to get around that bug? (The code for my script is posted below) #!/usr/bin/python import sys import string from M2Crypto import SSL, httpslib, X509 X-Mozilla-Status: 8000 X-Mozilla-Status2: 00000000 def get_URL(cert_name): cert=X509.load_cert(cert_name) try: url=cert.get_subject().__str__() except: print '%s corrupted or generated inccorectly' %(cert_name) #URL is on the right side of the = sign url=string.split(url, "=")[1] return url def get_ISO(certname,fname): ctx = SSL.Context('sslv3') ctx.load_client_ca(certname) ctx.load_cert(certname) #Uncommenting the line below will #cause Segmentation faults #PLEASE NOTE: the segmentation fault caused by uncommenting #the line below is different from the segmentation fault #that I am referring to in my post #Uncommenting the line below will cause a seg fault, whether #the cert is valid or not #ctx.set_info_callback() url=get_URL(certname) host=string.split(url, "/")[0] h = httpslib.HTTPSConnection(host, 443,ssl_context=ctx) h.set_debuglevel(0) arg="" for i in string.split(url, "/")[1:]: arg=arg+"/"+i h.putrequest('GET', arg) h.putheader('Accept', 'text/html') h.putheader('Accept', 'text/plain') h.putheader('Connection', 'close') h.endheaders() resp = h.getresponse() file=open(fname, 'wb') f = resp.fp while 1: data = resp.read(1024) if not data: break file.write(data) file.flush() f.close() h.close() From ngps at NETMEMETIC.COM Sat Sep 4 16:58:12 2004 From: ngps at NETMEMETIC.COM (Ng Pheng Siong) Date: Sat, 4 Sep 2004 22:58:12 +0800 Subject: [PYTHON-CRYPTO] m2crypto Segmentation Fault In-Reply-To: References: Message-ID: <20040904145812.GA300@vista.netmemetic.com> On Fri, Sep 03, 2004 at 11:45:04PM +0200, Jon Doe wrote: > I did gdb on the script, and traced the problem to the m2crypto > function SSL_FREE(). Please send gdb's backtrace. Can you tell at which point in your Python code's execution the failure occurs? Is it at the end of your program? -- Ng Pheng Siong http://firewall.rulemaker.net -+- Cisco PIX & Netscreen Config Version Control http://sandbox.rulemaker.net/ngps -+- M2Crypto, ZServerSSL for Zope, Blog From beepandbop at YAHOO.COM Thu Sep 9 00:06:06 2004 From: beepandbop at YAHOO.COM (Jon Doe) Date: Thu, 9 Sep 2004 00:06:06 +0200 Subject: [PYTHON-CRYPTO] m2crypto Segmentation Fault Message-ID: Here is the backtrace: #0 0x70795465 in ?? () #1 0x400c927e in SSL_free () from /lib/libssl.so.4 #2 0x400d4589 in BIO_f_ssl () from /lib/libssl.so.4 #3 0x4014a06d in BIO_free () from /lib/libcrypto.so.4 #4 0x4007a20e in util_string_to_hex () from /usr/lib/python2.2/site-packages/M2Crypto/__m2crypto.so #5 0x080d0df4 in PyCFunction_Call () #6 0x0807a65e in PyEval_EvalCode () #7 0x0807b0ce in PyEval_EvalCodeEx () #8 0x080c447c in PyFunction_SetClosure () #9 0x080b3797 in PyObject_Call () #10 0x080ba4ab in PyMethod_New () #11 0x080b3797 in PyObject_Call () #12 0x0807c2d0 in PyEval_CallObjectWithKeywords () #13 0x080b6510 in PyInstance_New () #14 0x080ce8a2 in PyDict_Next () #15 0x080b65bf in PyInstance_New () #16 0x080c2b69 in PyFloat_Fini () #17 0x0809a47f in PySys_WriteStderr () #18 0x0809a48a in PySys_WriteStderr () #19 0x080ce4e9 in PyDict_DelItem () #20 0x080d095f in PyDict_DelItemString () #21 0x08098bc4 in PySys_SetObject () #22 0x0807b7c5 in PyEval_EvalCodeEx () #23 0x080784b9 in PyEval_EvalCode () #24 0x0807b0ce in PyEval_EvalCodeEx () #25 0x08077fc5 in PyEval_EvalCode () #26 0x08097e29 in PyRun_FileExFlags () #27 0x08096d90 in PyRun_SimpleFileExFlags () #28 0x080966da in PyRun_AnyFileExFlags () #29 0x08053a19 in Py_Main () #30 0x08053469 in main () #31 0x42015574 in __libc_start_main () from /lib/tls/libc.so.6 The Seg Fault occurs as the program exists. From trust_no_1 at SPYMAC.COM Tue Sep 14 18:26:12 2004 From: trust_no_1 at SPYMAC.COM (Jean Christophe) Date: Tue, 14 Sep 2004 10:26:12 -0600 Subject: [PYTHON-CRYPTO] Newbie question Message-ID: <20040914162613.1D51E38069@spy23.spymac.net> Hi all, I'm very new to M2Crypto, and I'd like to obtain a detached digital signature (pkcs#7 format) for a file , let's say a png file for example: sample.png -> sample.png + sample.png.pkcs7 Is that possible via M2Crypto ? Any suggestion / sample code ? Best Regards, Jean ---- Introducing Spymac MailPro: http://www.spymac.com/mailpro/ From jtbpizac at AINTEL.BI.EHU.ES Thu Sep 23 17:34:20 2004 From: jtbpizac at AINTEL.BI.EHU.ES (Christian Pinedo Zamalloa) Date: Thu, 23 Sep 2004 17:34:20 +0200 Subject: [PYTHON-CRYPTO] IPv6 support at M2Crypto.httpslib Message-ID: <1095953660.3140.8.camel@bipt36.bi.ehu.es> Hi, I'm a student of the University of Basque Country, Spain, and I have made some changes to M2Crypto.httpslib in order to support IPv6. Theses changes are very similar to httplib module that has already IPv6 support. Initially I sent this email to python-crypto-request at nic.surfnet.nl but Michael Stroder recommended me to post it at public mailing list. So, I follow his advice. I hope this is useful for community. -- Christian Pinedo Zamalloa jtbpizac at aintel.bi.ehu.es PGP key: gpg --keyserver pgp.rediris.es --recv-key 78B39814 http://www.rediris.es/servicios/cert/keyserver, keyID 0x78B39814 Fingerprint: 21E6 A55D 995D AC7A A497 B3A7 0B93 00DC 78B3 9814 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Esta parte del mensaje est? firmada digitalmente URL: From jtbpizac at AINTEL.BI.EHU.ES Sat Sep 25 11:13:42 2004 From: jtbpizac at AINTEL.BI.EHU.ES (Christian Pinedo Zamalloa) Date: Sat, 25 Sep 2004 11:13:42 +0200 Subject: [PYTHON-CRYPTO] IPv6 support at M2Crypto.httpslib In-Reply-To: <1095953660.3140.8.camel@bipt36.bi.ehu.es> References: <1095953660.3140.8.camel@bipt36.bi.ehu.es> Message-ID: <20040925091342.GA6706@birgadista.rebelbase.dyns.cx> Sorry. The attachment. -- Christian Pinedo Zamalloa jtbpizac at aintel.bi.ehu.es PGP key: gpg --keyserver pgp.rediris.es --recv-key 78B39814 http://www.rediris.es/servicios/cert/keyserver, keyID 0x78B39814 Fingerprint: 21E6 A55D 995D AC7A A497 B3A7 0B93 00DC 78B3 9814 -------------- next part -------------- A non-text attachment was scrubbed... Name: httpslib.py Type: text/x-python Size: 6176 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: From ajay.brar at GMAIL.COM Sun Sep 26 15:20:50 2004 From: ajay.brar at GMAIL.COM (Ajay Brar) Date: Sun, 26 Sep 2004 23:20:50 +1000 Subject: [PYTHON-CRYPTO] M2Crypto for Pocket PC Message-ID: <4450c49f040926062050ac918b@mail.gmail.com> hi! has anyone build M2Crypto for a PocketPC/ cheers From pschmied at YAHOO.COM Mon Sep 27 04:10:11 2004 From: pschmied at YAHOO.COM (Peter Schmiedeskamp) Date: Mon, 27 Sep 2004 04:10:11 +0200 Subject: [PYTHON-CRYPTO] M2Crypto: X509.CRL Message-ID: Hello, I'm attempting to use the M2Crypto library to do something relatively simple. I'm using it to verify a SHA1 digest of a file. Here is the algorithm I'm using: Sign the file: 1. Intranet root CA signs & revokes certificates. Also maintains a CRL. This is done on the command line with the OpenSSL command line tools. 2. The x.509 certificate used to verify the digest of a file is generated with OpenSSL on the command line and is certified by the root CA. 3. An SHA1 hash is generated for the file "foo.data", and the digest is encrypted with the private key counterpart to the public key in the x.509 cert. This is also done with the OpenSSL command line tools. Verify the file: 1. With M2Crypto instantiate two X509.X509 objects: "rootcacert" and "mycert". The client has the root CA's certificate distributed out of band. 2. Verify that "mycert" is signed by the root CA. 3. Instantiate an X509.CRL object using the root CA's CRL pem file. 4. Verify that "mycert" is not in the CRL. 5. Verify that the time is neither before the get_not_before nor after the get_not_after. 6. Generate SHA1 hash of "foo.data" using python's built-in SHA1 module. 7. Decrypt the SHA1 hash with the "mycert" public key. Compare with the generated SHA1 hash. 8. Return a success or failure depending on whether or not the hashes match. Now, I notice that the X509.X509 class has some higher level methods for getting things like the "not before" date, the "not after" date, the public key, the issuer, etc. The X509.CRL class only defines the "as_text()" method. Am I doomed to parse the CRL's as_text() output using regex? Or am I making this too hard and missing some key feature of the library? Does my algorithm sound sane? Or are there higher level certificate verification functions that I'm missing somewhere? Thank you very much for any help you can provide. -Peter From ngps at NETMEMETIC.COM Mon Sep 27 17:26:26 2004 From: ngps at NETMEMETIC.COM (Ng Pheng Siong) Date: Mon, 27 Sep 2004 23:26:26 +0800 Subject: [PYTHON-CRYPTO] Newbie question In-Reply-To: <20040914162613.1D51E38069@spy23.spymac.net> References: <20040914162613.1D51E38069@spy23.spymac.net> Message-ID: <20040927152626.GE371@vista.netmemetic.com> On Tue, Sep 14, 2004 at 10:26:12AM -0600, Jean Christophe wrote: > I'm very new to M2Crypto, and I'd like to obtain a detached digital signature > (pkcs#7 format) for a file , let's say a png file for example: > > sample.png -> sample.png + sample.png.pkcs7 > > Is that possible via M2Crypto ? Any suggestion / sample code ? Does the S/MIME programming howto cover what you want? http://sandbox.rulemaker.net/ngps/m2/howto.smime.html Cheers. -- Ng Pheng Siong http://sandbox.rulemaker.net/ngps -+- M2Crypto, ZServerSSL for Zope, Blog From ajay.brar at GMAIL.COM Tue Sep 28 15:05:10 2004 From: ajay.brar at GMAIL.COM (Ajay Brar) Date: Tue, 28 Sep 2004 23:05:10 +1000 Subject: [PYTHON-CRYPTO] building M2Crypto Message-ID: <4450c49f040928060545a904d2@mail.gmail.com> hi! i am trying to build M2Crypto and get the following error. building '__m2crypto' extension swig -python -ISWIG -o SWIG/_m2crypto.c SWIG/_m2crypto.i Generating wrappers for Python SWIG/_bio.i : Line 30. Syntax error in input. SWIG/_bio.i : Line 31. Syntax error in input. SWIG/_bio.i : Line 32. Variable %constant multiply defined (2nd definition ignored). SWIG/_bio.i : Line 32. Syntax error in input. SWIG/_bio.i : Line 33. Variable %constant multiply defined (2nd definition ignored). SWIG/_bio.i : Line 33. Syntax error in input. SWIG/_bio.i : Line 34. Variable %constant multiply defined (2nd definition ignored). SWIG/_bio.i : Line 34. Syntax error in input. SWIG/_bio.i : Line 35. Variable %constant multiply defined (2nd definition ignored). SWIG/_bio.i : Line 35. Syntax error in input. SWIG/_bio.i : Line 36. Variable %constant multiply defined (2nd definition ignored). SWIG/_bio.i : Line 36. Syntax error in input. SWIG/_bio.i : Line 37. Variable %constant multiply defined (2nd definition ignored). SWIG/_bio.i : Line 37. Syntax error in input. SWIG/_bio.i : Line 39. Syntax error in input. SWIG/_m2crypto.i : Line 26. Syntax error in input. SWIG/_m2crypto.i : Line 40. Unable to find include file %constant (ignored). SWIG/_m2crypto.i : Line 41. Misplaced endif error: command 'swig' failed with exit status 11 any help would be great cheers From ngps at NETMEMETIC.COM Tue Sep 28 15:50:49 2004 From: ngps at NETMEMETIC.COM (Ng Pheng Siong) Date: Tue, 28 Sep 2004 21:50:49 +0800 Subject: [PYTHON-CRYPTO] building M2Crypto In-Reply-To: <4450c49f040928060545a904d2@mail.gmail.com> References: <4450c49f040928060545a904d2@mail.gmail.com> Message-ID: <20040928135049.GB357@vista.netmemetic.com> On Tue, Sep 28, 2004 at 11:05:10PM +1000, Ajay Brar wrote: > i am trying to build M2Crypto and get the following error. > error: command 'swig' failed with exit status 11 most likely wrong swig version -- Ng Pheng Siong http://sandbox.rulemaker.net/ngps -+- M2Crypto, ZServerSSL for Zope, Blog