473,788 Members | 3,101 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

More M2Crypto issues. Not big ones, though.

A list of small problems and bugs in the current M2Crypto:
I need to look at SSL certificates in some detail, so this
is all about the access functions for certificates.

Bugs:

1. Off by one error at "X509.get_ext_c ount()". Reports
eight extensions on a certificate that only has seven.
get_ext_at works for extensions 0..6, then returns
an undefined for the nonexistent #7.
Test against "https://www.verisign.co m".
Entered into Bugzilla as #7717.

3. /M2Crypto/SSL/Connection.py:1 47:
DeprecationWarn ing: Old style callback, use cb_func(ok, store)
instead return m2.ssl_connect( self.ssl)
(Also reported, in Polish, here:
http://www.mail-archive.com/pl******.../msg12433.html)
Entered into Bugzilla as #7718.

4. "close()" on an SSL socket that's just finished certificate
negotiation hangs, at least on Windows. "del" does not hang,
but I don't know if there's a leak problem.
Not enough info yet to file a bug report. I might be doing
something wrong there. Any known "close" issues?

Other issues:

1. X509.X509_name. __getattr__:
Field retrieval from X.509 name items with x509_name_by_ni d
retrieves only first instance of field, not all instances.
Really should return a list. The same key is used more
than once very frequently; these keys aren't unique.
It's tempting to treat these things like a hash, but they
don't really work that way. As for simply iterating through
the name elements, there's no direct way to just get the
elements one at a time. X509_Name has an "entry_coun t"
method, but no way to get the Nth entry.

As a workaround, I'm converting the X508_name to a string with
subjectstr = peer.get_subjec t().as_text(
flags=(m2.XN_FL AG_RFC2253 | m2.ASN1_STRFLGS _UTF8_CONVERT)
& ~m2.XN_FLAG_DUM P_UNKNOWN_FIELD S) # in RFC2253 format
This is safely parseable. While the default format doesn't have
escapes around the delimiter characters, with these flags,
entries are comma-separated with backslash escapes where
necessary. This works, unlike the "server()" function in
Python's built-in SSL, which returns a debug format that
has the same characters as delimiters and text.

2. Unclear if M2Crypto's X.509 interface is UTF-8 compatible.
OpenSSL will return info in UTF-8 if you use the
ASN1_STRFLGS_UT F8_CONVERT flag on as_text, but unclear if the
M2 glue code handles this correctly. Haven't found a UTF8 cert
to test it on yet.

Other than that, I'm having relatively good results with M2Crypto.

John Nagle
Jan 12 '07 #1
2 1900
John Nagle wrote:
A list of small problems and bugs in the current M2Crypto:
I need to look at SSL certificates in some detail, so this
is all about the access functions for certificates.
Thanks, got the reports, will check them out.
3. /M2Crypto/SSL/Connection.py:1 47:
DeprecationWarn ing: Old style callback, use cb_func(ok, store)
instead return m2.ssl_connect( self.ssl)
(Also reported, in Polish, here:
http://www.mail-archive.com/pl******.../msg12433.html)
Entered into Bugzilla as #7718.
This is actually intended. Once I figure out how to implement all the
functionality in the new way I'd like to remove the old way.
>
4. "close()" on an SSL socket that's just finished certificate
negotiation hangs, at least on Windows. "del" does not hang,
but I don't know if there's a leak problem.
Not enough info yet to file a bug report. I might be doing
something wrong there. Any known "close" issues?
No known issues, but the ending of an SSL connection is a little grey
area to me so I wouldn't be surprised if there are some cases where we
shut down prematurely or too late. But I don't know why we'd hang.
1. X509.X509_name. __getattr__:
Field retrieval from X.509 name items with x509_name_by_ni d
retrieves only first instance of field, not all instances.
Yes, I've been battling with this myself as well. OpenSSL provides
objects to get things as a list, but they are so weird I haven't yet
figured out a way to wrap them in Python so that you would actually be
able to get some values out.
2. Unclear if M2Crypto's X.509 interface is UTF-8 compatible.
OpenSSL will return info in UTF-8 if you use the
ASN1_STRFLGS_UT F8_CONVERT flag on as_text, but unclear if the
M2 glue code handles this correctly. Haven't found a UTF8 cert
to test it on yet.
Yeah, I am not convinced everything works as it should. Any UTF8 (and
other encoding) samples would be welcome.
Other than that, I'm having relatively good results with M2Crypto.
Glad to hear.

--
Heikki Toivonen
Jan 13 '07 #2
Heikki Toivonen wrote:
John Nagle wrote:
> A list of small problems and bugs in the current M2Crypto:
I need to look at SSL certificates in some detail, so this
is all about the access functions for certificates.


Thanks, got the reports, will check them out.

> 3. /M2Crypto/SSL/Connection.py:1 47:
DeprecationWarn ing: Old style callback, use cb_func(ok, store)
instead return m2.ssl_connect( self.ssl)
(Also reported, in Polish, here:
http://www.mail-archive.com/pl******.../msg12433.html)
Entered into Bugzilla as #7718.


This is actually intended. Once I figure out how to implement all the
functionality in the new way I'd like to remove the old way.
OK.
> 4. "close()" on an SSL socket that's just finished certificate
negotiation hangs, at least on Windows.

No known issues, but the ending of an SSL connection is a little grey
area to me so I wouldn't be surprised if there are some cases where we
shut down prematurely or too late. But I don't know why we'd hang.
I'll check that again.
>
> 1. X509.X509_name. __getattr__:
Field retrieval from X.509 name items with x509_name_by_ni d
retrieves only first instance of field, not all instances.

Yes, I've been battling with this myself as well. OpenSSL provides
objects to get things as a list, but they are so weird I haven't yet
figured out a way to wrap them in Python so that you would actually be
able to get some values out.
I convert X509_name items to a list of tuples. Here's an example:

Server: [
('CN', 'www.apartments apart.com'),
('OU', 'Travel Services'),
('O', 'Niche Travel Ltd.'),
('L', 'Nicosia'),
('ST', 'Nicosia'),
('C', 'CY')]

That's straightforward .

But to do this I have to convert the X509_name item to a string, like this:

subjectstr = subject.as_text (flags=(m2.XN_F LAG_RFC2253 |
m2.ASN1_STRFLGS _UTF8_CONVERT) & ~m2.XN_FLAG_DUM P_UNKNOWN_FIELD S)

which yields a string of items like "L=Nicosia, OU=Travel Services", with
backslash escapes where necessary. (The default formatting does not
have proper escaping; it's just for debug use.) So I parse that,
obeying the escapes, and get out the tuples. This works OK, but
shouldn't be necessary. It's not something I need now, though.

Most things in X509 certificates map well to lists of tuples.
> 2. Unclear if M2Crypto's X.509 interface is UTF-8 compatible.
OpenSSL will return info in UTF-8 if you use the
ASN1_STRFLGS_UT F8_CONVERT flag on as_text, but unclear if the
M2 glue code handles this correctly. Haven't found a UTF8 cert
to test it on yet.


Yeah, I am not convinced everything works as it should. Any UTF8 (and
other encoding) samples would be welcome.
Looking for one. I think all that's needed is to recognize when
ASN1_STRFLGS_UT F8_CONVERT is set when converting to a Python string,
and convert to the appropriate form of Python string.

Just rediscovered bug #5277, "Support certificates with multiple DNS
names", which is fixed in 0.18. Looking forward to version 0.18.
If you want to test that, try to open "https://www.autumngalle ryforthehome.co m".

John Nagle

Jan 13 '07 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
303
17776
BIG successes of Lisp (was ...)
by: mike420 | last post by:
In the context of LATEX, some Pythonista asked what the big successes of Lisp were. I think there were at least three *big* successes. a. orbitz.com web site uses Lisp for algorithms, etc. b. Yahoo store was originally written in Lisp. c. Emacs The issues with these will probably come up, so I might as well mention them myself (which will also make this a more balanced
Python
5
2271
Zope, M2Crypto, and Gentoo
by: jsmilan | last post by:
Hi, all; I'm strictly an amateur developer who has dabbled in a half dozen languages on eight or nine systems over 20 years or so. I have never devoted the time or energy to thoroughly learn any one of them, so I have become a true JOATAMON (Jack Of All Trades And Master Of None). I apologize in advance for any truly newb sounding questions. I did Google for this in several places first (Zope.org, Gentoo forums, and Google UseNet...
Python
1
1816
Errors testing m2crypto
by: morphex | last post by:
Hi, I get the following messages running the testall.py script with m2crypto 0.13, can anyone tell me what's wrong? .................................................................EEEEEE ====================================================================== ERROR: test_cipher_mismatch (test_ssl.SSLClientTestCase) ---------------------------------------------------------------------- Traceback (most recent call last):
Python
8
3287
Wierd M2Crypto bug - phony "peer did not return certificate" error
by: John Nagle | last post by:
Here's a wierd problem: I have a little test case for M2Crypto, which just opens up SSL connections to web servers and reads their certificates. This works fine. But if I execute socket.setdefaulttimeout(5.0) so that the sockets don't wait too long if there's no SSL server, I get
Python
8
2982
More M2Crypto issues
by: John Nagle | last post by:
I've been running M2Crypto successfully using Python 2.4 on Windows 2000, and now I'm trying to get it to work on Python 2.3.4 on Linux. Attempting to initialize a context results in Traceback (most recent call last): File "/www/htdocs/sitetruth.com/cgi/ratingdetails.cgi", line 46, in ? DetailsPageBuilder.detailspage(kdbfile,ktemplatefile,url) # check and display domain or URL as web page File "./sitetruth/DetailsPageBuilder.py", line...
Python
2
5154
More M2Crypto build problems
by: John Nagle | last post by:
Trying to build M2Crypto on a dedicated server running Red Hat Fedora Core 6. I'm trying to do this right, without manual patching. The error message I'm getting during build is: python setup.py build .... swig -python -I/usr/include -o SWIG/_m2crypto_wrap.c SWIG/_m2crypto.i /usr/include/openssl/opensslconf.h:27: Error: CPP #error ""This openssl-devel package does not work your architecture?"". Use the -cpperraswarn option to
Python
10
3590
Socket exceptions aren't in the standard exception hierarchy
by: John Nagle | last post by:
Here are three network-related exceptions. These were caught by "except" with no exception type, because none of the more specific exceptions matched. This is what a traceback produced: 1. File "D:\Python24\lib\socket.py", line 295, in read data = self._sock.recv(recv_size) timeout: timed out
Python
5
7701
More urllib timeout issues.
by: John Nagle | last post by:
I thought I had all the timeout problems with urllib worked around, but no. socket.setdefaulttimeout is useful, but not always effective. I'm setting that to 15 seconds. If the host end won't open the connection within 15 seconds, urllib times out. But if the host end opens the connection, then never sends anything, urllib waits for many minutes before timing out. Any idea how to deal with this? And don't just say "use urllib2"...
Python
7
4243
M2Crypto 0.18 - new version, same old build bugs.
by: John Nagle | last post by:
Back in March, I posted this: That was for M2Crypto 0.17. It's still broken in M2Crypto 0.18. And there's no RPM or Windows binary. Nobody actually uses this stuff, do they?
Python
0
9498
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
Windows Server
0
10363
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
C / C++
0
10172
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
0
9964
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
General
0
8993
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
Career Advice
1
7517
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
Microsoft Access / VBA
0
6749
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
C# / C Sharp
1
4069
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp
2
3670
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us