[PYTHON-CRYPTO] M2Crypto 0.18 Roadmap
Kershaw, PJ (Philip)
P.J.Kershaw at RL.AC.UK
Mon Jun 11 15:13:05 CEST 2007
Hi Heikki,
> -----Original Message-----
> From: generic crypto class API for Python
> [mailto:PYTHON-CRYPTO at NIC.SURFNET.NL] On Behalf Of Heikki Toivonen
> Sent: 08 June 2007 19:30
> To: PYTHON-CRYPTO at NIC.SURFNET.NL
> Subject: Re: M2Crypto 0.18 Roadmap
>
> Kershaw, PJ (Philip) wrote:
> > * I made an alteration to the setup.py so that you can
> create an egg and also, use build_ext options to set which
> OpenSSL to link with:
> >
> >
> http://glue.badc.rl.ac.uk/ndg/browser/TI12-security/branches/Dependenc
> > ies/m2crypto/setup.py
>
> Yeah, this would be nice. The current --openssl is kind of a
> hack so if you have something better, great!
>
> Could you file a bug and attach an svn diff against the trunk?
OK :)
>
> https://bugzilla.osafoundation.org/enter_bug.cgi?product=M2Crypto
>
> > * I'd like to be able to read ASN1 format from a string.
> To do this I added in a wrapper to OpenSSL d2i_X509_bio() but
> is there an alternative way to do this with the existing
> M2Crypto interface?
>
> There might be something like this. Could you give a specific
> code example what you want to do?
It was for use with a MyProxy client. I adapted code by Tom Uram:
http://www-unix.mcs.anl.gov/fl/research/accessgrid/myproxy/myproxy_logon
.py
This uses pyOpenSSL but I wanted to use M2Crypto. In one case, MyProxy
server returns a list of certificates which are parsed used in Tom's
code using pyOpenSSL OpenSSL.crypto.load_certificate ...
# extract der-format cert, and convert to pem
c = dat[ind:ind+len+4]
=> x509 = crypto.load_certificate(crypto.FILETYPE_ASN1,c)
pem_cert = crypto.dump_certificate(crypto.FILETYPE_PEM,x509)
pem_certs.append(pem_cert)
I couldn't see an M2Crypto equivalent so I looked into the pyOpenSSL C
source code. The C function used is d2i_X509_bio(). I made a wrapper
for this in my own version of M2Crypto adapting X509.load_cert_string()
My equivalent is at:
http://glue.badc.rl.ac.uk/ndg/browser/TI12-security/branches/Dependencie
s/m2crypto
>
> > * I have a question about the handling of proxy
> certificate DNs. X509_Name.CN will yield only one value even
> if there are multiple CN entries:
>
> This is bug https://bugzilla.osafoundation.org/show_bug.cgi?id=5380
>
> There is an OpenSSL API for getting this, but so far I
> haven't been able to wrap that successfully yet; there are
> parts of the API that I don't understand completely.
>
I saw your update on that thanks.
Cheers,
Phil
> --
> Heikki Toivonen
>
>
>
More information about the python-crypto
mailing list