[PYTHON-CRYPTO] M2Crypto 0.18 Roadmap

Kershaw, PJ (Philip) P.J.Kershaw at RL.AC.UK
Mon Jun 11 15:13:05 CEST 2007 

Hi Heikki, 

> -----Original Message-----
> From: generic crypto class API for Python 
> [mailto:PYTHON-CRYPTO at NIC.SURFNET.NL] On Behalf Of Heikki Toivonen
> Sent: 08 June 2007 19:30
> To: PYTHON-CRYPTO at NIC.SURFNET.NL
> Subject: Re: M2Crypto 0.18 Roadmap
> 
> Kershaw, PJ (Philip) wrote:
> >  * I made an alteration to the setup.py so that you can 
> create an egg and also, use build_ext options to set which 
> OpenSSL to link with:
> > 
> > 
> http://glue.badc.rl.ac.uk/ndg/browser/TI12-security/branches/Dependenc
> > ies/m2crypto/setup.py
> 
> Yeah, this would be nice. The current --openssl is kind of a 
> hack so if you have something better, great!
> 
> Could you file a bug and attach an svn diff against the trunk?

OK :)
> 
> https://bugzilla.osafoundation.org/enter_bug.cgi?product=M2Crypto
> 
> >  * I'd like to be able to read ASN1 format from a string.  
> To do this I added in a wrapper to OpenSSL d2i_X509_bio() but 
> is there an alternative way to do this with the existing 
> M2Crypto interface?
> 
> There might be something like this. Could you give a specific 
> code example what you want to do?

It was for use with a MyProxy client.  I adapted code by Tom Uram:

http://www-unix.mcs.anl.gov/fl/research/accessgrid/myproxy/myproxy_logon
.py

This uses pyOpenSSL but I wanted to use M2Crypto.  In one case, MyProxy
server returns a list of certificates which are parsed used in Tom's
code using pyOpenSSL OpenSSL.crypto.load_certificate ...

        # extract der-format cert, and convert to pem
        c = dat[ind:ind+len+4]
=>      x509 = crypto.load_certificate(crypto.FILETYPE_ASN1,c)
        pem_cert = crypto.dump_certificate(crypto.FILETYPE_PEM,x509)
        pem_certs.append(pem_cert)

I couldn't see an M2Crypto equivalent so I looked into the pyOpenSSL C
source code.  The C function used is d2i_X509_bio().  I made a wrapper
for this in my own version of M2Crypto adapting X509.load_cert_string()

My equivalent is at: 
http://glue.badc.rl.ac.uk/ndg/browser/TI12-security/branches/Dependencie
s/m2crypto

> 
> >  * I have a question about the handling of proxy 
> certificate DNs.  X509_Name.CN will yield only one value even 
> if there are multiple CN entries: 
> 
> This is bug https://bugzilla.osafoundation.org/show_bug.cgi?id=5380
> 
> There is an OpenSSL API for getting this, but so far I 
> haven't been able to wrap that successfully yet; there are 
> parts of the API that I don't understand completely.
> 
I saw your update on that thanks.  

Cheers,
Phil
> --
>   Heikki Toivonen
> 
> 
>

More information about the python-crypto mailing list