Re: PHP's openssl_sign() using M2Crypto?
KW wrote: > The openssl module in PHP basicly does this (C code): > EVP_SignInit(&md_ctx, EVP_sha1()); > EVP_SignUpdate(&md_ctx, data, data_len); > EVP_SignFinal(&md_ctx, sigbuf, &siglen, pkey); > > Looks like some magic is used to get pkey, I think that's what I'm missing. > See php_openssl_evp_from_zval() in PHP's ext/openssl/openssl.c. > > I've tried the following: > key = M2Crypto.EVP.load_key(keyfile, lambda x: passphr) > hmac = M2Crypto.EVP.HMAC(key, 'sha1') > hmac.update(message) > hmac.final() Does this work?: key = M2Crypto.EVP.load_key(keyfile, lambda x: passphr) key.sign_init() key.sign_update(message) signature = key.final() > Unfortunately M2Crypto documentation is practically nonexistent.. A lot of the OpenSSL documentation works fine, the names are usually straight mapping. -- http://mail.python.org/mailman/listinfo/python-list
Re: PHP's openssl_sign() using M2Crypto?
That is really strange, because PKey has had sign_init method since 2004. That code works for me (just tested). What version of M2Crypto are you using? I'd advice you upgrade to 0.15 if possible. See http://wiki.osafoundation.org/bin/view/Projects/MeTooCrypto -- Heikki Toivonen -- http://mail.python.org/mailman/listinfo/python-list
Re: list implementation
Raymond Hettinger <[EMAIL PROTECTED]> wrote: > [sj] >> Thus, random access is an O(1) operation while insertion/deletion is an >> O(n) operation. > Yes. Unfortunately no. Check Terry Reeds answer. Random access is O(1), insertion/deletion to front is O(n), and i/d to back is O(1). The back i/d operation has amortized O(1) cost. -- Heikki Orsila Barbie's law: [EMAIL PROTECTED] "Math is hard, let's go shopping!" http://www.iki.fi/shd -- http://mail.python.org/mailman/listinfo/python-list
ANN: M2Crypto 0.15
M2crypto release 0.15 In this M2Crypto release: * Support for OpenSSL up to 0.9.8 * Support for SWIG 1.3.24 * Support for Python 2.4.1 * Twisted integration * Safer defaults for SSL context and post connection check for clients * Eliminated C pointers from interfaces (some may still remain in callbacks) * Many cases where Python interpreter crashed have been fixed * Improved thread safety of many callbacks * Memory leak fixes * And of course more of the OpenSSL API is covered, new docstrings and tests have been written To get the source: svn co http://svn.osafoundation.org/m2crypto/tags/0.15 m2crypto-0.15 Enjoy! -- Heikki Toivonen -- http://mail.python.org/mailman/listinfo/python-list
Re: Errors testing m2crypto
morphex wrote: > I get the following messages running the testall.py script with > m2crypto 0.13, can anyone tell me what's wrong? Those happened either because of SWIG or OpenSSL incompatibility. They have been fixed since. Either get the latest release (0.15) or the fresh bits from Subversion. This shows how to get those: http://wiki.osafoundation.org/bin/view/Projects/MeTooCrypto > > EE > == > ERROR: test_cipher_mismatch (test_ssl.SSLClientTestCase) > -- > Traceback (most recent call last): > File "/root/packages/files/m2crypto-0.13/tests/test_ssl.py", line 89, > in test_cipher_mismatch > ctx = SSL.Context() > File > "/usr/local/lib/python2.3/site-packages/M2Crypto/SSL/Context.py", > line 41, in __init__ > map()[self.ctx] = self > File > "/usr/local/lib/python2.3/site-packages/M2Crypto/SSL/Context.py", > line 20, in __setitem__ > self.map[key] = value > TypeError: unhashable type -- Heikki Toivonen -- http://mail.python.org/mailman/listinfo/python-list
Re: wing ide vs. komodo?
> "Eric is becoming an integral part of our Python development here at > Fluent. It's ability to set and trigger breakpoints in any thread is > unlike any other Python debugger we have tried. Through Eric's easy to > use interface and tight integration with PyQt, it has helped reduce > our debugging time, particularly on Windows platforms where it is used > heavily." > > --- Andrew Bushnell, Fluent Inc. I have found that both Komodo and Pydev can do this. Wing IDE does not (although you can debug any single thread). They are open to suggestions though, so if there is demand I am sure they would add it. Personally I have used Wing IDE, Komodo and Pydev. I think Wing IDE has the best debugging experience (for single threaded apps), and is the fastest. I really like the regex tool in Komodo, but eventually I more or less stopped using it. I am currently a Pydev user. I like Pydev because it is open source, cross platform, supports multi-threaded debugging, and simply because Eclipse provides so much stuff (although it is a pretty steep learning curve and it has its own annoyances). -- Heikki Toivonen -- http://mail.python.org/mailman/listinfo/python-list
Re: wing ide vs. komodo?
> "Eric is becoming an integral part of our Python development here at > Fluent. It's ability to set and trigger breakpoints in any thread is > unlike any other Python debugger we have tried. Through Eric's easy to > use interface and tight integration with PyQt, it has helped reduce > our debugging time, particularly on Windows platforms where it is used > heavily." > > --- Andrew Bushnell, Fluent Inc. I have found that both Komodo and Pydev can do this. Wing IDE does not (although you can debug any single thread). They are open to suggestions though, so if there is demand I am sure they would add it. Personally I have used Wing IDE, Komodo and Pydev. I think Wing IDE has the best debugging experience (for single threaded apps), and is the fastest. I really like the regex tool in Komodo, but eventually I more or less stopped using it. I am currently a Pydev user. I like Pydev because it is open source, cross platform, supports multi-threaded debugging, and simply because Eclipse provides so much stuff (although it is a pretty steep learning curve and it has its own annoyances). -- Heikki Toivonen -- http://mail.python.org/mailman/listinfo/python-list
Re: wing ide vs. komodo?
Paul Boddie wrote: > hg wrote: >> PS: I also was taken aback by the fact that the PyDev license was >> "per-year" ... it's like buying Word for a year only ... isn't it ? > > Flashbacks to the age of shareware seem to be commonplace in the realm > of Eclipse, or that's how the scene seems to me. You are confusing Pydev and Pydev Extensions. The former is free, the latter costs money and has some advanced features. The Pydev maintainer launched Pydev Extensions to get some extra cash and let him spend more time on Pydev development. -- Heikki Toivonen -- http://mail.python.org/mailman/listinfo/python-list
Re: httplib and HTTPS Connections
runningwild wrote: > This is the first time I have cared about httplib's HTTPSConnection. Please note that the Python builtin SSL support is not really secure. It does not make sure that you connect to the site you think you are connecting to, for example. If you really need secure SSL (what is the point of SSL if not secure I ask) you should look at other Python modules. There are several to choose from, for example M2Crypto (I am the maintainer of that), TLS Lite, PyOpenSSL, PyOpenSSL-extended, and possibly others that I am forgetting right now. -- Heikki Toivonen -- http://mail.python.org/mailman/listinfo/python-list
Re: httplib and HTTPS Connections
runningwild wrote: > This is the first time I have cared about httplib's HTTPSConnection. Please note that the Python builtin SSL support is not really secure. It does not make sure that you connect to the site you think you are connecting to, for example. If you really need secure SSL (what is the point of SSL if not secure I ask) you should look at other Python modules. There are several to choose from, for example M2Crypto (I am the maintainer of that), TLS Lite, PyOpenSSL, PyOpenSSL-extended, and possibly others that I am forgetting right now. -- Heikki Toivonen -- http://mail.python.org/mailman/listinfo/python-list
Re: httplib and HTTPS Connections
runningwild wrote: > When I try to run https_cli.py however I get the following exception: > This worked just fine showing me the directory listing and allowing me > to navigate. > This was also true for firefox when connecting to > https://localhost:9443/ from the server in > demos/httts.howto/orig_https_srv.py > > Any idea what is going on here? Sorry about that. I should put in prominent warnings that the demos aren't actively maintained. In this case the problem is that the old demo wants to use sslv2, but the updated Context constructor explicitly disables that, so we don't have any ssl versions available to do the connection. The easiest way to fix this is to take out the argument to SSL.Context() and let it use the defaults (defaults to all ssl versions). I am fixing that demo as we speak, so it will be included in the next M2Crypto release. -- Heikki Toivonen -- http://mail.python.org/mailman/listinfo/python-list
Re: https client certificate validation
Yogesh Chawla - PD wrote: > After writing a basic script using HTTPSConnection, I > found this in the docs: > > Warning: This does not do any certificate > verification! Right, for production you use almost certainly need to use some 3rd party SSL library, of which there are several. > I then tried to do the same using twisted, m2crypto > and a few other projects. M2Crypto does support client certificate validation, so I am a bit at a loss what problem you are facing. There is even a unit test that does mutual authentication: http://lxr.osafoundation.org/m2crypto/source/tests/test_ssl.py#478 -- Heikki Toivonen -- http://mail.python.org/mailman/listinfo/python-list
Re: Obtaining SSL certificate info from SSL object - BUG?
John Nagle wrote:
> The Python SSL object offers two methods from obtaining
> the info from an SSL certificate, "server()" and "issuer()".
> The actual values in the certificate are a series of name/value
> pairs in ASN.1 binary format. But what "server()" and "issuer()"
> return are strings, with the pairs separated by "/". The
Is it an option for you to use 3rd party libraries (please note that the
Python stdlib SSL library does not do certificate validation etc. which
you'd typically want in a production application)?
With M2Crypto you could do something like this:
from M2Crypto import SSL
ctx = SSL.Context()
conn = SSL.Connection(ctx)
conn.connect(('www.verisign.com', 443))
cert = conn.get_peer_cert()
print cert.get_issuer().as_text()
print cert.get_subject().as_text()
try:
print cert.get_ext('subjectAltName').get_value()
except LookupError:
print 'no subjectAltName'
try:
print cert.get_subject().CN
except AttributeError:
print 'no commonName'
Please note, however, that if you need the server name because you want
to validate that you connected to the server you intended to, it would
be better to let M2Crypto do it for you or use the M2Crypto SSL.Checker
class explicitly yourself.
Other Python crypto libraries probably have equivalent APIs.
--
Heikki Toivonen
--
http://mail.python.org/mailman/listinfo/python-list
Re: SSL follow up
Yogesh Chawla - PD wrote:
> I have 2 questions. 1) How do we get the Server cert
> in python. John wrote: "Nor does there seem to be a
> way to get at the certificate itself from within
> Python." Perhaps pycurl will allow us to do this. Is
> there another method to get the server cert?
Here's an example with M2Crypto:
from M2Crypto import SSL
ctx = SSL.Context()
conn = SSL.Connection(ctx)
conn.connect(('www.verisign.com', 443))
cert = conn.get_peer_cert()
> 2) I like the idea of calling openssl in a subprocess.
> Do you have any of those openssl commands handy? If
> not, I can look through the documentation tommorrow.
I would be surprised if M2Crypto did not provide what you want. If it
doesn't, I'd be happy to add the functionality.
--
Heikki Toivonen
--
http://mail.python.org/mailman/listinfo/python-list
Re: Python and SSL enabled
matey wrote:
> I am have version 2.3.4. I want to write a python script to access a
> secure HTTPS.
>
> I tried the following:
>
> import urllib
> urllib.urlopen("https://somesecuresite.com";)
> s = f.read()
> f.close()
I hope you know the Python stdlib SSL does not provide certificate
checking etc. security features you almost certainly want in a
production application. There are several 3rd party Python crypto
libraries that provide more secure SSL out of the box, for example M2Crypto.
--
Heikki Toivonen
--
http://mail.python.org/mailman/listinfo/python-list
Re: Python and SSL enabled
matey wrote: > However, when I use the following command: python setup.py install > I get the following error: > > creating /usr/local/lib/python2.3/site-packages/M2Crypto > error: could not create > '/usr/local/lib/python2.3/site-packages/M2Crypto': Permission denied Ok, it looks like you M2Crypto built ok, but now you face this permission problem which is not specific to M2Crypto. You'd run into this with any 3rd party python module. > Since I don't have root privleges can I install the M2Crypto somewhere > else? You could manually copy the built M2Crypto directory somewhere in your home directory, for example: /home/mmedina/python2.3/site-packages/M2Crypto Then, you'd edit (or create) PYTHONPATH environment variable so that it contained /home/mmedina/python2.3/site-packages. After that you should be able to import M2Crypto in your scripts. In the future if you needed more 3rd party libs you could just place them as siblings of M2Crypto in your personal site-packages dir we created above. An alternative is to copy M2Crypto and any other 3rd party libs into the same dir where your python script is so that when you do an import, the 3rd party libs are found in the same dir. -- Heikki Toivonen -- http://mail.python.org/mailman/listinfo/python-list
Re: Python and SSL enabled
matey wrote:
> I tried to run the following simple program
>
> #!/usr/local/bin/python
>
> import M2Crypto
>
> u = M2Crypto.m2urllib.URLopener()
> u.open('http://www.yahoo.com')
>
> However I got the following errror:
>
> Traceback (most recent call last):
> File "test.py", line 3, in ?
> import M2Crypto
> File "/home/mmedina/python2.3/site-packages/M2Crypto/__init__.py",
> line 14, in ?
> import __m2crypto
> ImportError: ld.so.1: python: fatal: relocation error: file
> /home/mmedina/python2.3/site-packages/M2Crypto/__m2crypto.so: symbol
> d2i_SSL_SESSION: referenced symbol not found
> cengsu01:/home/mmedina/scripts/python >
Sorry, no idea why you are getting this.
Btw, I think even the M2Crypto m2urllib is unsafe, you'd be better of
using some of the other convenience libs libs httpslib or something.
> However, I went back to INSTALL instructions for m2crytpo. I saw I
> forgot to run alltests.py
>
> I ran the alltests.py and received the following:
>
> Traceback (most recent call last):
> ImportError: No module named __m2crypto
Currently you need to install M2Crypto before you can run the tests.
Next version of M2Crypto will have an option to run tests without
installing. I'd assume if copied the sources to your own site-packages
dir and set the PYTHONPATH environment variable this would have worked.
Notice that you'd need to copy the *built* M2Crypto dir, not the source
M2Crypto dir which does not include the .so file.
--
Heikki Toivonen
--
http://mail.python.org/mailman/listinfo/python-list
ANN: M2Crypto 0.16beta1
I am happy to announce the first beta of the M2Crypto 0.16 release. Please give these bits a spin and report any problems. I will be making new betas once a week (or more often if needed) until regressions are fixed. I expect the final 0.16 bits will be out by the end of June 2006. Highlights: - All known memory leaks fixed - All known regressions fixed - Added --openssl option to build command which can be used to specify where OpenSSL is installed, by Matt Rodriguez - ECDSA signatures and ECDH key agreement, requires OpenSSL 0.9.8+, by Arno Bakker - Added sha224, sha256, sha384 and sha512, by Larry Bugbee - Added serialNumber, SN, surname, GN and givenName fields to X509_Name, by Martin Paljak - And various other improvements and bugfixes, see CHANGES file Requirements: * Python 2.3 or newer * OpenSSL 0.9.7 or newer o Some optional new features will require OpenSSL 0.9.8 or newer * SWIG 1.3.24 or newer Get it while it's hot from M2Crypto homepage: http://wiki.osafoundation.org/bin/view/Projects/MeTooCrypto -- Heikki Toivonen -- http://mail.python.org/mailman/listinfo/python-list
ANN: M2Crypto 0.16
I am happy to announce the M2Crypto 0.16 release. Highlights: - All known memory leaks fixed - All known regressions fixed - Added --openssl option to setup.py which can be used to specify where OpenSSL is installed, by Matt Rodriguez - ECDSA signatures and ECDH key agreement, requires OpenSSL 0.9.8+, by Arno Bakker - Added sha224, sha256, sha384 and sha512, by Larry Bugbee - Added serialNumber, SN, surname, GN and givenName fields to X509_Name, by Martin Paljak - And various other improvements and bugfixes, see CHANGES file Requirements: * Python 2.3 or newer * OpenSSL 0.9.7 or newer o Some optional new features will require OpenSSL 0.9.8 or newer * SWIG 1.3.24 or newer Get it while it's hot from M2Crypto homepage: http://wiki.osafoundation.org/bin/view/Projects/MeTooCrypto -- Heikki Toivonen -- http://mail.python.org/mailman/listinfo/python-list
Re: DirectPython
Jérôme Le Bougeant wrote: > Hello, > > I have DirectPython 0.5 (http://directpython.sourceforge.net/) and python2.4 > (directx9.0C installed). > Samples do not work, I have this error : "RuntimeError: Failed to create a > device" > For example with sampleBasic.py : > > Traceback (most recent call last): > File "sampleBasic.py", line 147, in ? > mainloop() > File "sampleBasic.py", line 75, in mainloop > d3d.createDevice(title, u"textures/x.ico", window[2], window[3], False, > CREATE.HARDWARE) > RuntimeError: Failed to create a device > > > Why ? > > please help me... any help would be appreciated. > Thanks > > I guess that you have pretty old or some cheap integrated graphics card. Either that or you should upgrade your drivers. createDevice() tests if some basic requirements are met and fails if they are not. You can try to use CREATE.SOFTWARE | CREATE.NOCAPCHECK combination to pass these checks, but most of the advanced samples probably don't work. -- Heikki Salo -- http://mail.python.org/mailman/listinfo/python-list
Cross-platform application restart?
Is there any way to restart a Python (GUI) application that would work on Windows, Mac OS X and Linux? I'd like to provide a "restart" button to a dialog that would restart the application to pick new changes or start with different options. -- Heikki Toivonen -- http://mail.python.org/mailman/listinfo/python-list
Re: How to measure memory footprint of Python objects?
Neagu, Adrian wrote: > I try to solve the following problem: I have a python program that takes a > lot of memory (>hundred Mb). I made an improvement (I hope) and I want to > measure the gain (if possible on several platforms). I would like to be able > to print the max memory taken during the run upon exiting my Python program > (like I already do for the time taken to run). You could try PySizer: http://pysizer.8325.org/ -- Heikki Toivonen -- http://mail.python.org/mailman/listinfo/python-list
Re: does anybody earn a living programming in python?
walterbyrd wrote: > If so, I doubt there are many. > > I wonder why that is? Software Development Magazine (maybe? been a while since I read the article) interviews lots of programmers yearly, asking - among other things - what programming languages they use. The article mentioned that Python's share has grown by about 1% a year for several years in a row. I think it was around 10-13% a year or two ago. Interestingly enough, Pythonistas earned relatively high salaries compared to others. -- Heikki Toivonen -- http://mail.python.org/mailman/listinfo/python-list
ANN: M2Crypto 0.17beta1
First beta of M2Crypto 0.17 is available for testing. This is a pretty minor release compared to the previous one. The planned release date is December 15, 2006. Please try this beta out and let me know if there are any issues. Homepage has information on how to get the source and how to report bugs: http://wiki.osafoundation.org/bin/view/Projects/MeTooCrypto Changelog: 0.17 - Added m2urllib2, by James Bowes (python 2.4 and later, at least for now) - Added CONNECT proxy for httpslib and m2urllib2, by James Bowes - Added PKey.get_modulus, X509.get_fingerprint, X509_Name.as_der and m2.bn_to_hex, by Thomas Uram - Fixed m2urllib.open_https to return the response headers, otherwise code that relied on that would break (for example msnlib-3.5), by Arno Bakker - Fixed twisted wrapper to work with >16kb BIO buffers, by Martin Paljak - Added support for remaining ECs, by Larry Bugbee - Fixed DSA.save_key and DSA_.save_pub_key, by Larry Bugbee - SSL.Context.load_verify_locations raises ValueError if cafile and capath are both None - Fixed X509.check_purpose() (was always raising exceptions) - smime_read_pkcs7 was changed to automatically call BIO_set_mem_eof_return on memory BIOs because otherwise the read would fail with "SMIME_Error: not enough data" -- Heikki Toivonen -- http://mail.python.org/mailman/listinfo/python-list
ANN: M2Crypto 0.17
M2Crypto is the most complete Python wrapper for OpenSSL.
Homepage: http://wiki.osafoundation.org/bin/view/Projects/MeTooCrypto
Changes in 0.17:
- setup.py has new test command to run unit tests (requires setuptools)
- Added m2urllib2, by James Bowes (python 2.4 and later, at least for now)
- Added CONNECT proxy for httpslib and m2urllib2, by James Bowes
- Added PKey.get_modulus, X509.get_fingerprint, X509_Name.as_der and
m2.bn_to_hex, by Thomas Uram
- Prevent Connection.makefile from freeing bio redundantly, by Thomas Uram
- Added Err.peek_error_code, by Thomas Uram
- Fixed m2urllib.open_https to return the response headers, otherwise
code that relied on that would break (for example msnlib-3.5), by Arno
Bakker
- Fixed twisted wrapper to work with >16kb BIO buffers, by Martin Paljak
- Added support for remaining ECs, by Larry Bugbee
- Fixed DSA.save_key and DSA_.save_pub_key, by Larry Bugbee
- SSL.Context.load_verify_locations raises ValueError if cafile and
capath are both None
- Fixed X509.check_purpose() (was always raising exceptions)
- smime_read_pkcs7 was changed to automatically call
BIO_set_mem_eof_return on memory BIOs because otherwise the read would
fail with "SMIME_Error: not enough data"
- X509.new_extension('subjectKeyIdentifier', 'hash') raises ValueError
instead of crashing Python
--
Heikki Toivonen
--
http://mail.python.org/mailman/listinfo/python-list
Re: RSA in python
Abhisek Datta wrote: > I am looking for good RSA implementations in python that can import a > public key in PEM format and encrypt a buffer using the imported > public key. I tried m2crypto, but somehow it is giving me exceptions > which I couldnt solve as of now. What you are trying to do should be covered by M2Crypto. Without more context for the error (what was the file you were trying load, etc.) it is hard to say what is wrong. My first guess is that your pem file did not include the BEGIN/END lines. I would suggest you take a look at the tests and samples included in M2Crypto. They do show how to work with PEM files. M2Crypto 0.15: http://wiki.osafoundation.org/bin/view/Projects/MeTooCrypto -- http://mail.python.org/mailman/listinfo/python-list
Re: RSA in python
Abhisek Datta wrote: > -BEGIN RSA PUBLIC KEY- > MIGJAoGBALxi3tGXlSwRgn7/Km6mTSge+5ijQgIn3GvnZOeYyOo1DkubVtTaFj26 > GWtJo43MEe1a5UlWKJEOpbKVCr4AASfFj8YmmRewH4SXdZ+w1Bad8amyzL2h8F7J > wJojOnocSs6xDE7o86CpZRUlojBefanMdCpu074QFktE63OD1zBBAgMBAAE= > -END RSA PUBLIC KEY- > > Traceback (most recent call last): [...] > M2Crypto.RSA.RSAError: no start line The files in M2Crypto tests directory don't have any files that have "BEGIN RSA PUBLIC KEY" in them - haven't checked if this is legal or not. However, plain OpenSSL does not like that file either: $ openssl rsa -in rsa_heikki.pem -pubin 3440:error:0906D06C:PEM routines:PEM_read_bio:no startline:pem_lib.c:644:Expecting: PUBLIC KEY $ openssl rsa -in rsa_heikki.pem -check 2140:error:0906D06C:PEM routines:PEM_read_bio:no startline:pem_lib.c:644:Expecting: ANY PRIVATE KEY If I take out the "RSA " part from the delimiter lines I get: $ openssl rsa -in rsa_heikki2.pem -pubin unable to load Public Key 3124:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c: 1282: 3124:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:ta sn_dec.c:374:Type=X509_ALGOR 3124:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 e rror:tasn_dec.c:743:Field=algor, Type=X509_PUBKEY 3124:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_oth.c:83: $ openssl rsa -in rsa_heikki2.pem -check unable to load Private Key 2304:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:644:Expect ing: ANY PRIVATE KEY My suggestion would be to ask on the openssl-users list. -- Heikki Toivonen signature.asc Description: OpenPGP digital signature -- http://mail.python.org/mailman/listinfo/python-list
Re: Multi-threaded SSL
Kris Kowal wrote: > I started with Twisted, but, having looked as far as I can see, SSL is > either not implemented, or not documented for that library. There are > hints that it's in the works, but that's all. So, I've moved on. > > I'm using PyOpenSSL on a Debian box, and I started with the ActiveState Twisted actually supports SSL if you have PyOpenSSL installed. Alex already pointed that out. If you want to work with Twisted, alternative solutions for the SSL part could be TLS Lite (see http://trevp.net/tlslite/) or M2Crypto (http://wiki.osafoundation.org/bin/view/Projects/MeTooCrypto), both of which provide an alternative SSL transport implementation for Twisted. -- Heikki Toivonen -- http://mail.python.org/mailman/listinfo/python-list
Re: Using ElementTree to tidy up an XML string to my liking
[EMAIL PROTECTED] wrote: > Yes I am but, I'm using a DOM Serializer in Firefox which for some > reason turns myCamelNames into MYCAMELNAMES for the nodenames. I'll > therefore need to control the case-spelling of these things as I'm > formatting the XML string. I am almost certain there is something wrong you are doing in Mozilla if that is happening. My first guess is that you are really doing HTML even thought you think you are doing XML, and therefore Mozilla converts your stuff to uppercase. Without seeing the source it is hard to say. I would advice you write to the Mozilla forums for advice on that. -- Heikki Toivonen -- http://mail.python.org/mailman/listinfo/python-list
Re: M2Crypto-0.17 blocks python threads?
[EMAIL PROTECTED] wrote: > I am having a problem with python threads and M2Crypto. It appears > the M2Crypto used in multi-thread application blocks other threads > from running: This turned into https://bugzilla.osafoundation.org/show_bug.cgi?id=9401 Thanks for the report! -- Heikki Toivonen -- http://mail.python.org/mailman/listinfo/python-list
ANN: CaltrainPy 0.1
CaltrainPy is a Caltrain (http://caltrain.com/) schedule program written in Python. It uses Tkinter for GUI. Download link and screenshot here: http://www.heikkitoivonen.net/blog/?p=11 The reason I wrote CaltrainPy was because I recently switched from a Palm OS device to a Windows Mobile device, and I could not find a good Caltrain schedule program for Windows Mobile. I lucked out by noticing that there is a Python port for Windows Mobile (http://pythonce.sourceforge.net/Wikka/HomePage). There seem to be 3 GUI options for Windows Mobile, and I originally chose Tkinter since it seemed the easiest to get started with on Windows Mobile. Since this was my first program using Tkinter there are some rough edges. Most notably I was not able to figure out how to make a working full screen application. Any ideas on how to fix my app to make it a work full screen much appreciated. And any other ideas and patches welcome as well. -- Heikki Toivonen -- http://mail.python.org/mailman/listinfo/python-list
ANN: M2Crypto 0.18
M2Crypto is the most complete Python wrapper for OpenSSL featuring RSA, DSA, DH, HMACs, message digests, symmetric ciphers (including AES); SSL functionality to implement clients and servers; HTTPS extensions to Python's httplib, urllib, and xmlrpclib; unforgeable HMAC'ing AuthCookies for web session management; FTP/TLS client and server; S/MIME; ZServerSSL: A HTTPS server for Zope and ZSmime: An S/MIME messenger for Zope. Download links on the homepage at http://chandlerproject.org/Projects/MeTooCrypto. Changelog: - Added EVP.pbkdf2 to derive key from password - X509_Store_Context.get1_chain added - Added X509_Name.__iter__, __getitem__, get_entries_by_nid which allow iterating over all X509_Name_Entries or getting just all commonName entries, for example - Added X509_Name_Entry.get_object, get_data, set_data - Added back PKCS7.get0_signers (was removed in 0.16) - X509_Extension.get_value accepts flag and indent parameters. - support multiple dNSName fields in subjectAltName - support multiple commonName fields for SSL peer hostname checking - Checking for erroneous returns from more OpenSSL EVP_* functions, which means that certain things that used to fail silently will now raise an EVP.EVPError; affected m2 functions are: digest_final, cipher_init, cipher_update, cipher_final and sign_update. sign_final will now raise EVP.EVPError instead of SystemError as well. - Fixed Pkey.verify_final to take a sign parameter - If a subjectAltName extension of type dNSName is present in peer certificate, use only the dNSNames when checking peer certificate hostname, as specified by RFC 2818. If no dNSNames are present, use subject commonName. - Fixed memory leaks in m2 functions ec_key_new_by_curve_name, pkey_get_modulus, ecdsa_verify, threading_init and X509.X509.verify, X509.X509_Stack (which manifested for example when calling X509.new_stack_from_der), SSL.Connection (which manifested with some connection errors or when connect was never called), twisted wrapper, SSL.Connection.makefile (in BIO.IOBuffer really) - Fixed threading regressions introduced in 0.16, by Aaron Reizes and Keith Jackson - Added SSL session caching support to HTTPSConnection, by Keith Jackson - Added the ability to save and load DER formatted X509 certificates and certificate requests, by Keith Jackson - m2xmlrpclib.py fixed to work with Python 2.5, by Miloslav Trmac - 64-bit correctness fixes, by Miloslav Trmac - Added X509_Name.as_hash, by Thomas Uram - Moved --openssl option from general setup.py option to build_ext option, meaning you need to do: python setup.py build build_ext --openssl=/path, by Philip Kershaw - Fixed build problem affecting certain systems where OpenSSL was built without EC support - M2CRYPTO_TEST_SSL_SLEEP environment variable controls how long to sleep after starting the test SSL server. Default is 0.5, but 0.1 or even 0.05 might work with modern computers. Makes tests finish significantly faster. -- Heikki Toivonen -- http://mail.python.org/mailman/listinfo/python-list
Re: wxPython before MainLoop
[david] wrote: > I'd like to refresh the display before I start the main loop. We have this kind of situation in Chandler, where we display and update the splash screen before we enter MainLoop. 1. Create app object http://lxr.osafoundation.org/source/chandler/Chandler.py#080 2. During app object creation, in OnInit, put up splash screen and update it http://lxr.osafoundation.org/source/chandler/application/Application.py#433 3. The splash screen refresh is basically: draw new stuff, self.Layout(), self.Update(), wx.Yield() http://lxr.osafoundation.org/source/chandler/application/Application.py#1421 3. Start MainLoop http://lxr.osafoundation.org/source/chandler/Chandler.py#086 -- Heikki Toivonen -- http://mail.python.org/mailman/listinfo/python-list
Python 2.5 fails where 2.4 works when running external program
We have successfully used a script to run external programs for several
years. Now we upgraded our Python to 2.5, and are hitting a mysterious
error.
The expected output from the sample script (see below) with 2.4 looks
like this:
ret ['5\n']
else
ExternalCommandErrorWithOutputList 1 ['Traceback (most recent call
last):\n', ' File "", line 1, in ?\n', 'ZeroDivisionError:
integer division or modulo by zero\n']
ret ['6\n', '7\n', '8\n']
else
With 2.5 we get:
ret ['5\n']
else
Exception 'int' object is not iterable
Traceback (most recent call last):
File "...test.py", line 43, in
ret = executeCommandReturnOutput(cmd)
File "...test.py", line 6, in __init__
self.args = args[0]
TypeError: 'int' object is not iterable
ret ['6\n', '7\n', '8\n']
else
What is going on? How do we fix this? We'd like to be able to run with
both python 2.4 and 2.5.
And here is the script:
---CLIP---
import os, traceback, sys
class ExternalCommandErrorWithOutputList(Exception):
def __init__(self,args=None):
if args:
self.args = args[0]
self.outputList = args[1]
else:
self.args = args
self.outputList = []
def executeCommandReturnOutput(args):
args_str = ' '.join(args)
if os.name not in ['nt', 'os2']:
import popen2
p = popen2.Popen4(args_str)
p.tochild.close()
outputList = p.fromchild.readlines()
exitCode = p.wait()
if exitCode == 0:
exitCode = None
else:
exitCode >>= 8
else:
i,k = os.popen4(args_str)
i.close()
outputList = k.readlines()
exitCode = k.close()
if exitCode is not None:
raise ExternalCommandErrorWithOutputList, [exitCode, outputList]
return outputList
if __name__ == "__main__":
for cmd in [['python', '-c', '"print 5"'],
['python', '-c', '"1/0"'],
['python', '-c', '"print 6;import
sys;sys.stdout.flush();print >>sys.stderr, 7;print 8"'],
]:
try:
ret = executeCommandReturnOutput(cmd)
print 'ret', ret
except ExternalCommandErrorWithOutputList, e:
print 'ExternalCommandErrorWithOutputList', e, e.outputList
except Exception, e:
print 'Exception', e
type, value, stack = sys.exc_info()
print ''.join(traceback.format_exception(type, value, stack))
except:
print 'except'
type, value, stack = sys.exc_info()
print ''.join(traceback.format_exception(type, value, stack))
else:
print 'else'
print '*' * 20
---CLIP---
--
Heikki Toivonen
--
http://mail.python.org/mailman/listinfo/python-list
Re: Python 2.5 fails where 2.4 works when running external program
Peter Otten wrote: > I think Exception.args always was supposed to be a tuple. Starting with 2.5 > Python enforces that constraint: [...] > http://docs.python.org/tut/node10.html#SECTION001030 > """ > But use of .args is discouraged. Instead, the preferred use is to pass a > single argument to an exception (which can be a tuple if multiple arguments > are needed) and have it bound to the message attribute. > """ Excellent, thank you! -- Heikki Toivonen -- http://mail.python.org/mailman/listinfo/python-list
Re: Debugging multithreaded program using Eclipse/Pydev
John Henry wrote: >>From what I can gather, it appears the only *real* option I have is to > debug under Eclipse/Pydev. I did a google search of this newsgroup > and didn't turn up too many hits. Before I invest the time to learn > Eclipse/Pydev, I like to hear from somebody that have gone this path. > Have you been successful in using Eclipse/Pydev to debug multi- > threaded Python applications? Is so, what was the learning curve like > to you? ActiveState Komodo can also do multithreaded debugging. And if all else fails, you can insert: import pdb pdb.set_trace() in your code and that way you will break on any thread. Currently I am using pydev myself, having gone through WingIDE and Komodo. -- Heikki Toivonen -- http://mail.python.org/mailman/listinfo/python-list
Re: M2Crypto 0.18 - new version, same old build bugs.
John Nagle wrote: > Back in March, I posted this: > >> Hit that with OpenSSL. Red Hat took elliptical curve cryptography >> out of Fedora 6 for patent reasons. With that missing, M2Crypto won't >> build. It ought to; the implementor of M2Crypto thought of that, because >> it's an optional feature. But M2Crypto uses SWIG. SWIG doesn't normally >> process nested include files. OpenSSL had changed their configuration >> approach to use nested include files. So SWIG didn't see the #define >> that >> said to turn off elliptical curve crypto support. This resulted in >> compile errors in the 24,000 lines of code that come out of SWIG. > >That was for M2Crypto 0.17. > >It's still broken in M2Crypto 0.18. This was reported as https://bugzilla.osafoundation.org/show_bug.cgi?id=9404 and fixed, at least according to the person who reported the bug. I'd be curious to know why the fix does not work for you... As an alternative, does it work if you add line 130 to setup.py: '-DOPENSSL_NO_EC', # Uncomment if you have trouble compiling without EC support -- Heikki Toivonen -- http://mail.python.org/mailman/listinfo/python-list
Re: M2Crypto 0.18 - new version, same old build bugs - more details
John Nagle wrote: > But notice that the -D entry didn't appear on the SWIG command line. > Neither did the "-includeall". The "swig_opts" values around line > 129 aren't actually being used. I think that's left over from the code > intended > to allow builds with Python 2.3 and earlier. The "self.swig_opts" up at > line 53 of "setup.py" seems to be controlling. The patch was to > the obsolete code. Aha! Good find. I reopened https://bugzilla.osafoundation.org/show_bug.cgi?id=9404 and attached a patch that should address this for real this time. At least -includeall appears in my Ubuntu Dapper Drake environment. Could you give it a go and let me know how it works? -- Heikki Toivonen -- http://mail.python.org/mailman/listinfo/python-list
Re: directpython question
veki wrote:
> Hello,
> I've got IBM Thinkpad 30 laptop with configuration:
>
> IBM Thinkpad R30
> P3 Mobile Celeron 900mhz
> 128mb sdram pc133
> 15gb hdd
> cd-rom Teac cd-224e
> 56K V.90/92
> 10/100 Ethernet
> lpt port
> ps2 port
> 2 x usb port
> vga-out
> pcmcia
>
> ,then I have been install directx 9.0c,Python 2.5 and directpython for
> python 2.5.On my two computers directpython works but on this
> laptop it don't want work e.g:
>
> When I want execute this script on laptop:
>
> import d3dx
> frame=d3dx.Frame(u'SOME FRAME')
> frame.mainloop()
>
> I get this error:
>
> Traceback (most recent call last):
> File "C:\Python25\Lib\site-packages\veki1.py", line 2, in
> fr=d3dx.Frame(u'SOME FRAME')
> File "C:\Python25\lib\site-packages\directpy\d3dx.py", line 639, in
> __init__
> self._createDevice(area[2:4])
> File "C:\Python25\lib\site-packages\directpy\d3dx.py", line 659, in
> _createDevice
> raise RuntimeError("No valid mode found")
> RuntimeError: No valid mode found
>
> Regards,
> Vedran
>
>
As Tim already noted, your laptop apparently uses Trident
CyberBlade Ai1 graphics card, which is quite old and designed
for DirectX 6-8. This is not a problem if the device driver is
up to date, but the newest I found seems to be from 2003. This
can be a problem if it does not correctly support DirectX 9.0c
(released in 2004).
You should see what the DirectX diagnostics tool says
(dxdiag.exe - found in WINDIR\system32) and possibly update
the driver. Then cross your fingers and see what happens.
--
Heikki Salo
--
http://mail.python.org/mailman/listinfo/python-list
Re: Python and SSL
Johny wrote: > I need to use Python with SSL comunication betweeen servers. > (I use hhtplib but I think urllib2 can also be used ) > I think I need to use SSL root certificate and tell a program to > trust this certificate. You can't do secure SSL with the builtin SSL support, you need to use a third party module. There are a few available, including M2Crypto, TLS Lite, pyOpenSSL and pyOpenSSL-extended. Since I am the maintainer of M2Crypto I will naturally recommend that ;) http://chandlerproject.org/Projects/MeTooCrypto -- Heikki Toivonen -- http://mail.python.org/mailman/listinfo/python-list
Re: Python and SSL
John Nagle wrote: > Any progress on getting M2Crypto 0.18 to build successfully > on Fedora Core? I have had no luck getting a Fedora Core environment running. Ubuntu is my main OS, but I do have VMWare installed. I tried to install FC7 from the live CD into VMWare, but the installer dies. I also tried to download a ready-made FC8t1 VMWare appliance, but it fails to boot. So currently I am dead in the water. -- Heikki Toivonen -- http://mail.python.org/mailman/listinfo/python-list
ANN: Chandler Preview (0.7.0.1)
Open Source Applications Foundation (OSAF) released Chandler Preview (0.7.0.1) on September 10, 2007. Chandler is a Personal Information Management (PIM) client application with innovative design and ambitious plans for sharing, extensibility and cross-platform support. Chandler is written mainly in Python. We now have public-beta quality releases of our products; we believe them to be full featured enough and stable enough for daily use. Check out a full overview of features (including screenshots and screencasts). Download Chandler Desktop, create an account on Chandler Hub. Check out the source. Get involved in the project, help us build a really great 1.0 release. Chandler desktop adds a central dashboard for managing tasks, notes, events, and messages to the basic calendar functionality found in the 0.6 release. You can share calendars, task lists, messages and notes in collections that can hold whatever you choose to put in them, regardless of data type. The performance has improved greatly, the application has basic search functionality, and now there’s a way to to manage and resolve conflicts on shared data. You can collaborate on individual items via email with the ability to edit and update messages you’ve already received or sent. Although Chandler Preview is not meant to replace your email application, you can configure your IMAP account so that Chandler can see some messages from your regular mail client. Get it from http://chandlerproject.org/ -- Heikki Toivonen -- http://mail.python.org/mailman/listinfo/python-list
Re: TwistedMatrix missing OpenSSL?
Mike C. Fletcher wrote: > Lamonte Harris wrote: >> Where can I get it? Anyone got any idea? > http://www.voidspace.org.uk/python/modules.shtml#pycrypto Last I checked Twisted actually required pyOpenSSL (maybe pyOpenSSL-extended would also work but I haven't checked). http://pyopenssl.sourceforge.net/ http://www.keyphrene.com/products/pyOpenSSL-extended/index.php?lng=en -- Heikki Toivonen -- http://mail.python.org/mailman/listinfo/python-list
Re: TwistedMatrix missing OpenSSL?
>> Lamonte Harris wrote: >>> Where can I get it? Anyone got any idea? Btw, M2Crypto and TLS Lite can also provide SSL for applications using Twisted, by wrapping Twisted'd ProtocolWrapper and doing SSL in memory. Here's the code for M2Crypto for example: http://viewcvs.osafoundation.org/m2crypto/trunk/M2Crypto/SSL/TwistedProtocolWrapper.py?view=markup And you can find the said projects here: http://chandlerproject.org/Projects/MeTooCrypto http://trevp.net/tlslite/ -- Heikki Toivonen -- http://mail.python.org/mailman/listinfo/python-list
ANN: M2Crypto 0.18.1
M2Crypto is the most complete Python wrapper for OpenSSL featuring RSA, DSA, DH, HMACs, message digests, symmetric ciphers (including AES); SSL functionality to implement clients and servers; HTTPS extensions to Python's httplib, urllib, and xmlrpclib; unforgeable HMAC'ing AuthCookies for web session management; FTP/TLS client and server; S/MIME; ZServerSSL: A HTTPS server for Zope and ZSmime: An S/MIME messenger for Zope. http://chandlerproject.org/Projects/MeTooCrypto Changelog: - Redo build fix when OpenSSL configured without Elliptic Curves (EC), see also INSTALL file. This affects at least Fedora Core systems. -- Heikki Toivonen -- http://mail.python.org/mailman/listinfo/python-list
Re: M2Crypto possible intermittent bug
John Nagle wrote: > Still having trouble reproducing the problem. But somewhere, > something raised that bogus no-error exception three times. > Anything that returns "(0, 'Error')" as exception data is a bug. If you can, build python and m2crypto with debug symbols, and place breakpoints in |case SSL_ERROR_SYSCALL| blocks (from _ssl.i). Then rerun the tests. That would be my first guess as to where these might be coming from. -- Heikki Toivonen -- http://mail.python.org/mailman/listinfo/python-list
ANN: Chandler 0.7.1
The Chandler Project is pleased to announce the 0.7.1 release of Chandler Desktop! Chandler Desktop is an open source, standards-based personal information manager (PIM) built around small group collaboration and a core set of information management workflows modeled on Inbox usage patterns and David Allen's GTD methodology. Download link, information on mailinglists, and how to get the sources are available from the homepage: http://chandlerproject.org/ The 0.7.1 release is the first in a series of quick, time-based releases since Chandler Preview 0.7.0.1 intended to respond to the feedback we received from 0.7.0.1 and continue to receive from these quick releases. 0.7.1 fixes over 30 bugs, including: Bug #8981 Bug in Twisted IMAP Capabilities Parsing Bug #9454 (Partial fix) Memory leaks in SSL code Bug #9920 AttributeError: 'pem' while syncing with https://hub.chandlerproject.org Bug #10308 Test sharing settings when there is an SSL error times out on first try Bug #10309 Canceling account creation still leaves password filled in Bug #10514 Changing triage status on newly created task crashes Chandler Bug #10543 Attribute Error dropping .eml into Chandler (AttributeError: 'tuple' object has no attribute 'itsItem') Bug #10702 changing back from "all day" event (recurring) puts event at midnight Bug #10726 (Partial fix) --undo command line arg change Bug #10728 Send button doesn't change to update on adding an email address to the To field Bug #10788 Old DONE Message item popping back into NOW section Bug #10790 Unstamping taskness from an occurrence while another Chandler makes a change to same occurrence results in server error Bug #10794 Update root certificates Bug #10815 Subscribe error when no rrules or rrdates Bug #10817 invalid index in wxListBox::SetString on deleting the outgoing mail account in debug Bug #10821 iCal (private) import from Google calendar locks up in the same place each try. Bug #10824 Don't prepopulate reload dialog with a non-existent file, it's annoying Bug #10828 Work with Mac OSX 10.4 IMAP Server Bug #10829 Allow self-signed certificates (but show warning dialog) Bug #10853 Search doesn't find matching notes Bug #10855 Traceback when publishing to Oracle Server Bug #10881 Orphans should have their icalUID deleted Bug #10882 Export of chex should dump masters before occurrences Bug #10913 AttributeError: 'NoneType' object has no attribute 'status' when resubmitting an HTTP request Bug #10941 SSL certificate errors should not be hijacked by the generic sharing error dialog Thanks for your interest in Chandler Desktop! -- Heikki Toivonen -- http://mail.python.org/mailman/listinfo/python-list
ANN: M2Crypto 0.18.2
M2Crypto is the most complete Python wrapper for OpenSSL featuring RSA, DSA, DH, HMACs, message digests, symmetric ciphers (including AES); SSL functionality to implement clients and servers; HTTPS extensions to Python's httplib, urllib, and xmlrpclib; unforgeable HMAC'ing AuthCookies for web session management; FTP/TLS client and server; S/MIME; ZServerSSL: A HTTPS server for Zope and ZSmime: An S/MIME messenger for Zope. http://chandlerproject.org/Projects/MeTooCrypto Changelog: - typedef Py_ssize_t was insufficiently guarded, now follows PEP 353. This prevented building on at least Red Hat Linux and Debian Linux (unstable). -- Heikki Toivonen -- http://mail.python.org/mailman/listinfo/python-list
Re: Eclipse Plugins
Martin Marcher wrote: > 2007/10/26, Robert Rawlins - Think Blue <[EMAIL PROTECTED]>: >> For my other languages, such as HTML, ColdFusion, JAVA etc I make good use >> of the Eclipse SDK, and I'm looking for some advice on the best and most >> popular python plug-ins available, what would you suggest? I downloaded one >> called PyDev which looked ok but nothing too exciting. I'm a very happy user of PyDev. The main reason I got PyDev was to get automatic error reporting in the editor (it uses PyLint for this, you need to install PyLint first). The debugger is also pretty good (supports even multiple threads). Exceptions could perhaps be handled better, and getting a shell in the debugger context is only available in the commercial extension to PyDev I think. Having come from (X)Emacs, perhaps my IDE needs are primitive. I've tried to use some automatic refactoring tools but support that that is pretty primitive for Python at the moment. PyDev is open source, and the developer is pretty responsive, so if you could describe what is missing there is a good chance it would get implemented. I even fixed two bugs myself, my first ever real Java contribution... -- Heikki Toivonen -- http://mail.python.org/mailman/listinfo/python-list
Re: Wierd M2Crypto bug - phony "peer did not return certificate" error
John Nagle wrote: > I have a little test case for M2Crypto, which just opens up SSL > connections to > web servers and reads their certificates. This works fine. > > But if I execute > > socket.setdefaulttimeout(5.0) Yup, this is a known problem, this breaks all M2Crypto code that uses sockets. The Twisted wrapper part still works, as it hands the network activity to Twisted. If you can make do without setdefaulttimeout you should be fine. This is bug https://bugzilla.osafoundation.org/show_bug.cgi?id=2341 The bug has a patch that works on Linux, but it would need Windows and Mac specific parts before it can be checked in. -- Heikki Toivonen -- http://mail.python.org/mailman/listinfo/python-list
Re: Wierd M2Crypto bug - phony "peer did not return certificate" error
[EMAIL PROTECTED] wrote: > That's a problem for me. I need short timeouts; I'm accessing sites > that might or might not have SSL support, and I need to quickly time > out when there's no SSL server. You should be able to do short timeouts, just not using the global setdefaulttimeout. Have you tried Connection.set_socket_read/write_timeout? Also like I mentioned before, if you use the Twisted wrapper and let Twisted handle network stuff you should be fine. > Python needs a merge here. Read Guido van Rossum's rant on M2Crypto: > > http://www.artima.com/weblogs/viewpost.jsp?thread=95863 That's old news, I believe I have fixed all of the issues mentioned there already in the 0.16 release. > What's probably needed is to implement the additional API functions of > the M2Crypto wrapper in the PyOpenSSL wrapper, so that the M2Crypto > components written in Python could be used with it. Then we'd have one > good implementation instead of two broken ones. M2Crypto and pyOpenSSL (and pyOpenSSL-extended, which you might want to take a look at as well) are implemented pretty differently, so merging seems unlikely. They are pretty small code wise, though, so it is not an impossible task. Personally I think I'd prefer if Python stdlib contained a better SSL module that did at least all the checks required for safe SSL connection. (Yeah, yeah, maybe I need to write it myself if nobody else gets to it;) -- Heikki Toivonen -- http://mail.python.org/mailman/listinfo/python-list
Re: More M2Crypto issues. Not big ones, though.
John Nagle wrote: > A list of small problems and bugs in the current M2Crypto: > I need to look at SSL certificates in some detail, so this > is all about the access functions for certificates. Thanks, got the reports, will check them out. > 3. /M2Crypto/SSL/Connection.py:147: > DeprecationWarning: Old style callback, use cb_func(ok, store) > instead return m2.ssl_connect(self.ssl) > (Also reported, in Polish, here: > http://www.mail-archive.com/pld-devel-pl@lists.pld-linux.org/msg12433.html) > Entered into Bugzilla as #7718. This is actually intended. Once I figure out how to implement all the functionality in the new way I'd like to remove the old way. > > 4. "close()" on an SSL socket that's just finished certificate > negotiation hangs, at least on Windows. "del" does not hang, > but I don't know if there's a leak problem. > Not enough info yet to file a bug report. I might be doing > something wrong there. Any known "close" issues? No known issues, but the ending of an SSL connection is a little grey area to me so I wouldn't be surprised if there are some cases where we shut down prematurely or too late. But I don't know why we'd hang. > 1. X509.X509_name.__getattr__: > Field retrieval from X.509 name items with x509_name_by_nid > retrieves only first instance of field, not all instances. Yes, I've been battling with this myself as well. OpenSSL provides objects to get things as a list, but they are so weird I haven't yet figured out a way to wrap them in Python so that you would actually be able to get some values out. > 2. Unclear if M2Crypto's X.509 interface is UTF-8 compatible. > OpenSSL will return info in UTF-8 if you use the > ASN1_STRFLGS_UTF8_CONVERT flag on as_text, but unclear if the > M2 glue code handles this correctly. Haven't found a UTF8 cert > to test it on yet. Yeah, I am not convinced everything works as it should. Any UTF8 (and other encoding) samples would be welcome. > Other than that, I'm having relatively good results with M2Crypto. Glad to hear. -- Heikki Toivonen -- http://mail.python.org/mailman/listinfo/python-list
Re: Wierd M2Crypto bug - phony "peer did not return certificate" error
John Nagle wrote: > def connect(self, addr): > self.socket.connect(addr) > self.addr = addr > self.socket.settimeout(None) # Back to normal timeout (NEW) I am not sure if this is always appropriate. In fact, doesn't this just eliminate the timeout completely from this connection? In your case you could achieve what you want by calling connection_object.socket.settimeout(4.0) method just before calling connect, without needing to edit M2Crypto itself. setdefaulttimeout, socket.settimeout and socket.setblocking are pretty confusing... -- Heikki Toivonen -- http://mail.python.org/mailman/listinfo/python-list
Re: More M2Crypto issues
John Nagle wrote: > I've been running M2Crypto successfully using Python 2.4 on Windows 2000, > and now I'm trying to get it to work on Python 2.3.4 on Linux. > > Attempting to initialize a context results in > > Traceback (most recent call last): [...] > map()[long(self.ctx)] = self > ValueError: invalid literal for long(): _480e1008_p_SSL_CTX This is almost certainly because of SWIG that is too old. The minimum required is SWIG 1.3.24. If you cannot upgrade SWIG, the alternative would be to play around with these values to fit your version of SWIG. I'm adding this to the FAQ. -- Heikki Toivonen -- http://mail.python.org/mailman/listinfo/python-list
Re: More M2Crypto issues
John Nagle wrote: > Actually, at the moment I'm having an M2Crypto problem related > to a SWIG/OpenSSL conflict. Older versions of OpenSSL have an > include file that needs __i386__ defined, which is something GCC > does based on what platform you're on. SWIG uses CPP, but > doesn't set the platform defines, so the SWIG phase of the > M2Crypto build fails. I'm currently trying to get the shared > host where that build took place upgraded to a later version of > OpenSSL, but that requires a server restart, so it may take > a few days. I'm doing something that requires M2Crypto to > run on a range of machines, which turns out to be rather harder > than expected. Which version of OpenSSL is that? -- Heikki Toivonen -- http://mail.python.org/mailman/listinfo/python-list
Re: More M2Crypto issues
John Nagle wrote: > OpenSSL version: "OpenSSL 0.9.7a Feb 19 2003" Hmm, I've never actually used that old OpenSSL myself, just assumed from the original author's notes that anything from 0.9.7 onward worked. Guess not. I am thinking of changing the requirements to state which one works... I think the oldest that I have personally tested may have been 0.9.7d. -- Heikki Toivonen -- http://mail.python.org/mailman/listinfo/python-list
ANN: Chandler 0.7.2
The Chandler Project is pleased to announce the 0.7.2 release of Chandler Desktop! Download links, information on mailing lists, and how to get the sources are available from the homepage[1]. The 0.7.2 release is the second in a series of quick, time-based releases since Chandler Preview 0.7.0.1 intended to respond to the feedback we received from 0.7.0.1 and continue to receive from these quick releases. 0.7.2 fixes over 80 bugs and includes some major improvements: * Dashboard: Following up on users logged bugs and remarks, we improved the Dashboard display of the Who column and made it work more in sync with the other columns. We also changed how the triage status cycles. * Support for Ubuntu Gutsy Gibbon: We’re now using wxPython 2.8.6.0 which fixes crashes reported by several users of Ubuntu Gutsy Gibbon. This fixes Bug #10906. * New version of PyLucene: Chandler’s PyLucene is not using gcj anymore, but rather our own home brew jcc. This fixes Bug #10803 among others. * Auto fill for common email providers: Account settings now fill automatically for the most common email providers. Just type your email address and if the provider is recognized, most of the settings will be filled out automatically. * Chandler-on-a-stick, a.k.a. “Portable Chandler”: Though not built automatically and available for download, it is now possible to build a relocatable distribution of Chandler that can be stored on, and run from a removable device such as a USB memory stick or an iPod. * Getting ready for l10n (localization): Chandler Desktop 0.7.2 is not completely ready for localizers yet (still a handful of bugs to fix; this will happen in 0.7.3) but we solved a significant set of issues that will make the localization process much easier. For a more complete list of bug fixes and known issues, please visit our Release Notes[2]. Thanks for your interest in Chandler Desktop! [1] http://chandlerproject.org/ [2] http://chandlerproject.org/Projects/ReleaseNotes -- http://mail.python.org/mailman/listinfo/python-list
ANN: Chandler 0.7.3
The Chandler Project is pleased to announce the 0.7.3 release of Chandler Desktop! Chandler Desktop is an open source, standards-based personal information manager (PIM) built around small group collaboration and a core set of information management workflows modeled on Inbox usage patterns and David Allen's GTD methodology. Download link, information on mailing lists, and how to get the sources available from the homepage: http://chandlerproject.org/ The 0.7.3 release is the third in a series of quick, time-based releases since Chandler Preview 0.7.0 intended to respond to the feedback we received from 0.7.0 and continue to receive from these quick releases. 0.7.3 fixes over 50 bugs and includes some major improvements: * *Month View*:Yes! Month View! This has been pretty much at the very top of everyone's wish list so we decided to bite the bullet and just did it. Month View can be reached by simply clicking the month name in the top area of the calendar. Switch back to week view simply clicking on the week number on the left side. This fixes bugs: * Bug #5361: 30-day view? Variable multi-day view. * *Bundled Localizations*: Chandler now comes bundled with localizations in *French*, *Swedish* and *Finnish*. If you'd like to join the localization effort in your own native language, we are looking for volunteers. This is a great way to get familiarized with Chandler ideas and its community. We fixed the following bugs along the way: * Bug #11197 Normalize dialog title capitalization * Bug #11199 Bogus message in MasterPassword * Bug #11201 Incorrect strings in GetPasswordDialog * Bug #11260 Export dialog text says 'Exported' not Dumped * Bug #11333 Reword Unpublish Confirmation dialog * Bug #11405 Need different strings for no encryption and no alarm (currently 'None') * Bug #11419 Fixed running with localed using ',' instead of '.' for decimal point (was : invalid literal for float() error when reloading a .chex) * Bug #11470 File > Sync manager... has mnemonic * Bug #11490 Reminders dialog missing mnemonics, default button * *Share Management*: There's a new feature under the File menu called *Sync Manager*. This allows users to view and choose which of the published collections on their Chandler Server need to be synced with the Chandler Desktop. Additionally, this dialog shows up automatically in some situation (like restoring settings). This helps the user to avoid "forgetting" collections on the server. * Bug #10971 Auto-restore published shares * Bug #11334 Sync Menu items * *Support and build for Mac OS X Leopard, Ubuntu Gutsy Gibbon and Use System Libraries*: Modern OSes are now catching up with Chandler's use of cutting edge releases of Python. So the good news is that, for those systems, we don't have to bundle all these, resulting in much smaller downloads. We now provide special downloads for those Systems. * Bug #11088 Use system python on Mac (Leopard), Ubuntu Feisty and forward * *Automate Upgrade Process*: User now have the option to let Chandler export a .chex on quit. This is convenient for new users (small data base) with fast machines. For old timers with thousands of items, there's an option to bypass this (don't forget to export though _before_ upgrading to a new version of Chandler): * Bug #11139 Automate upgrade process For a more complete list of bug fixes and known issues, please visit our Release Notes at: http://chandlerproject.org/Projects/ReleaseNotes Thanks for your interest in Chandler Desktop! -- http://mail.python.org/mailman/listinfo/python-list
Building Python (2.4.x) with Visual C++ 2005 Express Edition?
I did some searches but did not find any definitive answers as to whether or not it should be possible to build Python 2.4+ with Microsoft Visual C++ 2005 Express Edition. I tried it myself (have VC++ project files that work with Visual Studio 2003 .NET commercial version, just opened and closed them in vcexpress to convert the projects) and the compilation finished without errors (although with a bunch of deprecation warnings). But when I try to run, python crashes on startup. Has anyone gotten this to work? -- Heikki Toivonen -- http://mail.python.org/mailman/listinfo/python-list
ANN: CaltrainPy 0.2
CaltrainPy is a Caltrain (http://caltrain.com/) schedule program and library written in Python. It uses Tkinter for GUI. What is new in version 0.2? - AM/PM indicators - train types - can be used as a module to parse Caltrain schedule - MIT License - setup.py Parsing of Caltrain schedule requires BeautifulSoup. The results can be returned as Python, HTML or JSON (python-json required). It is available on Cheeseshop, but unfortunately it does not seem to work correctly if installed with easy_install. Downloading and installing with: python setup.py install works ok. Blog post with screenshot here: http://www.heikkitoivonen.net/blog/2008/01/16/caltrainpy-02/ -- Heikki Toivonen -- http://mail.python.org/mailman/listinfo/python-list
Re: Any experience with Python on a PDA ?
Martin Blume wrote: > - Mio A701 > (Windows Mobile) > > Experience is very good (with the exception of Tkinter > not running on the Zaurus), scripts can be moved to and > from PC and PDA and run unchanged (except for speed and > screen size issues). Hmm, my experience running Python 2.5 on Cingular 8525 was not very good. Launching Python itself took close to 10 seconds, and then you add your application launch on top of that. I used Tkinter for UI, and Tkinter often failed to load, requiring soft reset. Once the app was running, though, the speed was ok. -- Heikki Toivonen -- http://mail.python.org/mailman/listinfo/python-list
Re: m2crypto loading cert file from memory buffer
netpork wrote:
> ctx = SSL.Context('sslv3')
> ctx.load_cert_chain('client.pem')
>
> anyone knows a way of loading cert file from memory buffer and not
> from a file?
Yeah, see for example how I did it for Chandler:
http://svn.osafoundation.org/chandler/trunk/chandler/parcels/osaf/framework/certstore/ssl.py
(the loadCertificatesToContext function). You just need an SSL.Context,
get_cert_store() from it, and call the store's add_x509() for each cert.
> i just do not want to have my cert file in the directory of my app
> that anyone can get.
Typically certificates are public, for example all of your peers will
get the certificate anyway, so I don't see this as a problem. Your
private key is what you want to protect. Just make sure it is not
concatenated to your certificate file and there would probably be no
problem leaving the cert file publicly available.
--
Heikki Toivonen - http://heikkitoivonen.net/blog/
--
http://mail.python.org/mailman/listinfo/python-list
pexpect and inconsistent exit codes
I don't seem to be able to figure out how to get the exit values of commands executed with pexpect reliably. Here's first with regular shell: [EMAIL PROTECTED]:~$ true; echo $? 0 Let's try with pexpect. Below is the program: ---CLIP--- import sys, pexpect cmd = "true" print 'cmd=', cmd child = pexpect.spawn(cmd, logfile=sys.stdout) child.close() print 'child exitstatus=', child.exitstatus print 'child signalstatus=', child.signalstatus print 'child status=', child.status ---CLIP--- The output: (fabexp)[EMAIL PROTECTED]:~/python_virtualenvs/fabexp$ python dep.py cmd= true child exitstatus= 1 child signalstatus= None child status= 256 (fabexp)[EMAIL PROTECTED]:~/python_virtualenvs/fabexp$ python dep.py cmd= true child exitstatus= 0 child signalstatus= None child status= 0 (fabexp)[EMAIL PROTECTED]:~/python_virtualenvs/fabexp$ python dep.py cmd= true child exitstatus= None child signalstatus= 1 child status= 1 I have tried various other commands, and I just can't seem to be able to get reliable exit codes from commands I execute. Any ideas what is going on? -- Heikki Toivonen - http://heikkitoivonen.net -- http://mail.python.org/mailman/listinfo/python-list
pexpect and inconsistent exit values
I don't seem to be able to figure out how to get the exit values of commands executed with pexpect reliably. Here's first with regular shell: hei...@ubuntu:~$ true; echo $? 0 Let's try with pexpect. Below is the program: ---CLIP--- import sys, pexpect cmd = "true" print 'cmd=', cmd child = pexpect.spawn(cmd, logfile=sys.stdout) child.close() print 'child exitstatus=', child.exitstatus print 'child signalstatus=', child.signalstatus print 'child status=', child.status ---CLIP--- The output: (fabexp)hei...@ubuntu:~/python_virtualenvs/fabexp$ python dep.py cmd= true child exitstatus= 1 child signalstatus= None child status= 256 (fabexp)hei...@ubuntu:~/python_virtualenvs/fabexp$ python dep.py cmd= true child exitstatus= 0 child signalstatus= None child status= 0 (fabexp)hei...@ubuntu:~/python_virtualenvs/fabexp$ python dep.py cmd= true child exitstatus= None child signalstatus= 1 child status= 1 I have tried various other commands, and I just can't seem to be able to get reliable exit codes from commands I execute. Any ideas what is going on? -- Heikki Toivonen - http://heikkitoivonen.net -- http://mail.python.org/mailman/listinfo/python-list
ANN: M2Crypto 0.19
I am happy to announce the M2Crypto 0.19 release! M2Crypto is the most complete Python wrapper for OpenSSL featuring RSA, DSA, DH, HMACs, message digests, symmetric ciphers (including AES); SSL functionality to implement clients and servers; HTTPS extensions to Python's httplib, urllib, and xmlrpclib; unforgeable HMAC'ing AuthCookies for web session management; FTP/TLS client and server; S/MIME; ZServerSSL: A HTTPS server for Zope and ZSmime: An S/MIME messenger for Zope. M2Crypto can also be used to provide SSL for Twisted. Note: Python 2.6 shipped with optional timeout parameters to many network modules; there is no support for these in M2Crypto 0.19. Otherwise 2.6 is supported. Changes: - OpenSSL OBJ_* functions wrapped by Pavel Shramov - OpenSSL ENGINE interface wrapped, providing support for smart cards, by Martin Paljak and Pavel Shramov - EVP.PKey.get_rsa() now returns RSA_pub, which fixes segmentation fault when trying to encrypt using public key from X509 certificate, by Ben Timby - httpslib.ProxyHTTPSConnection now sends the required Host header, by Karl Grindley - Use the proxied User-Agent value in CONNECT requests, by James Antill and Miloslav Trmac - Fixed m2urllib.build_opener when optional handlers were in use, affected Python 2.5 and later, by Miloslav Trmac - Reverted the incorrect GIL change done in 0.18 to m2.passphrase_callback, which caused a deadlock when called from mod_python for example. Thanks to Michal Kochel and Keith Jackson. - SSL.Connection.accept() passed wrong certificate to postConnectionCheck callback - httpslib.HTTPSConnection now raises ValueError for illegal keyword argument - m2.pkey_write_pem[_no_cipher] changed to use the recommended (more secure) PEM_write_bio_PKCS8PrivateKey (used by PEM_write_bio_PrivateKey). - X509.load_cert, load_cert_bio, load_cert_der_string, new_stack_from_der, load_request and load_crl now raise X509Error for invalid data. Previously some of these raised a string as an error, some did not raise but caused strange errors later, for example x509.verify() would return -1. - Fixed SSL.Connection.get_socket_read_timeout and set_socket_read_timeout on 64bit platforms by adding SSL.timeout.struct_size() and using it instead of hardcoded size for socket.getsockopt - X509_Store.load_info now returns the value from the underlying m2.x509_store_load_locations call, and in case of error raises X509Error - Fixed SMIME.verify to raise the correct PKCS7_Error (used to raise SMIME_Error) when verification fails with Python 2.6 Requirements: * Python 2.3 or newer o m2urllib2 requires Python 2.4 or newer * OpenSSL 0.9.7 or newer o Some optional new features will require OpenSSL 0.9.8 or newer * SWIG 1.3.24 or newer required for building o SWIG 1.3.30 or newer may be required with Python 2.5 or newer and Python 2.4 with Py_ssize_t patches Download link available from the M2Crypto homepage: http://chandlerproject.org/Projects/MeTooCrypto Or use easy_install (may not work on all systems): easy_install M2Crypto -- Heikki Toivonen - http://www.heikkitoivonen.net -- http://mail.python.org/mailman/listinfo/python-list
ANN: Solu 0.1 - Office Resource Finder
Solu is a simple web application meant for making it easy to find colleagues, meeting rooms and other resources in an office. Great when you are new in a company and don't know where everyone and everything is located in! In other words, Solu is the "cubicle finder". And if you have ever configured a printer for a computer and being frustrated with the printer dialog that only showed the IP address but not where the printer was located, Solu can help! It has a self service model without any authentication or permission checks, where anyone can find and update any resource's information. Besides the easy installation, all you need to set up an instance is your office map or office floorplan or blueprints stored as an image file. This is the first public release. Solu Project Homepage: http://www.heikkitoivonen.net/solu/ Enjoy! -- Heikki Toivonen - http://www.heikkitoivonen.net -- http://mail.python.org/mailman/listinfo/python-list
ANN: M2Crypto 0.19.1
The 0.19.1 release fixes the build when OpenSSL has been configured without EC support, thanks to Miloslav Trmac. M2Crypto is the most complete Python wrapper for OpenSSL featuring RSA, DSA, DH, HMACs, message digests, symmetric ciphers (including AES); SSL functionality to implement clients and servers; HTTPS extensions to Python's httplib, urllib, and xmlrpclib; unforgeable HMAC'ing AuthCookies for web session management; FTP/TLS client and server; S/MIME; ZServerSSL: A HTTPS server for Zope and ZSmime: An S/MIME messenger for Zope. M2Crypto can also be used to provide SSL for Twisted. Requirements: * Python 2.3 or newer o m2urllib2 requires Python 2.4 or newer * OpenSSL 0.9.7 or newer o Some optional new features will require OpenSSL 0.9.8 or newer * SWIG 1.3.24 or newer required for building o SWIG 1.3.30 or newer may be required with Python 2.5 or newer and Python 2.4 with Py_ssize_t patches Download link available from the M2Crypto homepage: http://chandlerproject.org/Projects/MeTooCrypto Or use easy_install (may not work on all systems): easy_install M2Crypto -- Heikki Toivonen - http://www.heikkitoivonen.net -- http://mail.python.org/mailman/listinfo/python-list
Undocumented Python 2.6 change: Py_None vs NULL when C implementation raises exception
I was debugging M2Crypto function written in C which changed behavior between Python 2.6 and earlier Python versions. In an error condition the function was supposed to raise exception type A, but with 2.6 it raised type B, and further, there was no string value for the exception. I tracked this down to the C code incorrectly returning Py_None when it should have returned NULL. Changing the C code to return NULL made it behave correctly in 2.6. I don't know how common a mistake it is to return Py_None when NULL should have been returned, but it might be worth a note in the list of changes for 2.6 that this behavior changed, don't you think? -- Heikki Toivonen -- http://mail.python.org/mailman/listinfo/python-list
Re: Undocumented Python 2.6 change: Py_None vs NULL when C implementation raises exception
Martin v. Löwis wrote: > Heikki Toivonen wrote: >> I tracked this down to the C code incorrectly returning Py_None when it >> should have returned NULL. Changing the C code to return NULL made it >> behave correctly in 2.6. > > Can you please be specific what function you are talking about? Perhaps it wasn't clear that I was referring to the C code in an extension, M2Crypto. I assumed that this affected all extension code like this, which is why I didn't mention the actual lines. It appears from Fredrik's comment that this might not be just a 2.6 issue, but that this problem has cropped up in the past as well more or less randomly. >> I don't know how common a mistake it is to return Py_None when NULL >> should have been returned, but it might be worth a note in the list of >> changes for 2.6 that this behavior changed, don't you think? > > Perhaps. OTOH, perhaps the change is completely erroneous. In that case, > rather than documenting it, it should be reverted. > > Unfortunately, as you keep the specific issue secret, none of this will > happen, as we have no clue what you are talking about. I don't know what change in Python caused the change in M2Crypto behavior. I can only point you to the change I made in M2Crypto if you are interested: http://viewcvs.osafoundation.org/m2crypto/trunk/SWIG/_pkcs7.i?rev=531&r1=611&r2=531 If you revert that change and run the M2Crypto unit tests you will see the single error in the tests. > I'm sure there are tons of silent changes, in this release, all past > releases, and all future releases, not only in Python, but in any > software. Given that there is a long document showing the changes in each Python release, I would hope all intended changes of significance would be listed. Of course mistakes can happen, which was why I posted in the first place. I have no plans to track down the exact change in Python code that caused this. There does not seem to be much point, since according to Fredrik this seems to be an area that is practically undefined and the M2Crypto code was clearly buggy. -- Heikki Toivonen -- http://mail.python.org/mailman/listinfo/python-list
ANN: Chandler 1.0
The Chandler Project is pleased to announce the release of Chandler Desktop 1.0! The Chandler Project is an open source, standards-based information manager designed for personal use and small group collaboration. For more information on the Chandler Desktop 1.0, including the major changes we've made since the previous full release, 0.7, see the following blog post: http://blog.chandlerproject.org/2008/08/08/chandler-10/ Chandler Desktop 1.0 is available for download for Windows, Mac, and Linux at: http://chandlerproject.org/download Additional information is available from the Chandler Project homepage. Thanks for your interest in Chandler Desktop! -- Heikki Toivonen - http://www.heikkitoivonen.net -- http://mail.python.org/mailman/listinfo/python-list
Re: [Python 2.4/2.5] subprocess module is sorely deficient?
Harishankar wrote: > Sorry to start off on a negative note in the list, but I feel that the Python > subprocess module is sorely deficient because it lacks a mechanism to: At OSAF we used a slightly modified killableprocess module with a wrapper to deal with complexities of various redirections in cross-platform way. I actually blogged about this a week ago so rather than rehash the issues I'll point you to the article which contains links to all the pieces we used: http://www.heikkitoivonen.net/blog/2008/04/16/pythons-ossystem-considered-harmful/ -- Heikki Toivonen -- http://mail.python.org/mailman/listinfo/python-list
Re: SSL through python. possible ?
Mike Driscoll wrote: > On Apr 29, 8:56 am, TkNeo <[EMAIL PROTECTED]> wrote: >> I need to do SSL file transfer using python? Is there a library i can >> use ? > > http://sandbox.rulemaker.net/ngps/m2/ M2Crypto has since moved to http://chandlerproject.org/Projects/MeTooCrypto -- Heikki Toivonen -- http://mail.python.org/mailman/listinfo/python-list
Python and SOAP status
I have started researching the Python SOAP (and web services in general) options out there. Python 2.5 should be supported. I used Python for some web services stuff (demo quality) a few years back without major problems. However, it seems many of the libraries I remember from that time have become dormant or have been explicitly discontinued. A colleague also commented that he run into lots of problems trying to use Python for SOAP a year ago. What is your experience with Python SOAP, WSDL etc. libraries? What are the good, maintained options out there right now? How is standards compliance, how robust are the libraries, how do they interoperate with other libraries written in other languages (I am especially interested in interoperability with Java and PHP web services stacks). It seems like the top 3 candidates on my list are ZSI (http://pywebsvcs.sourceforge.net/), soaplib (http://trac.optio.webfactional.com/) and suds (http://trac.optio.webfactional.com/). If you have any experience in using these, I'd very much like to hear from you. There was quite a depressing post about ZSI's status at http://www.kunxi.org/archives/2008/01/pythonsoap-second-encounter/. -- Heikki Toivonen -- http://mail.python.org/mailman/listinfo/python-list
Re: Python and SOAP status
Sorry, suds link should have been https://fedorahosted.org/suds -- Heikki Toivonen -- http://mail.python.org/mailman/listinfo/python-list
Re: SSL through python. possible ?
TkNeo wrote: > ok i have tried around a lot but no luck. I think M2Crypto is my best > option except it requires a minimum of python 2.4 which i don't have. M2Crypto requires Python 2.3. There are optional features that require newer Python. If you run into anything else (=bugs) that does not work with 2.3, let me know and I'll fix it. -- Heikki Toivonen -- http://mail.python.org/mailman/listinfo/python-list
Re: urllib getting SSL certificate info
Ghirai wrote:
> Would you mind sharing some code? The module is pretty ugly and on top has no
> docs whatsoever; got tired of reading the source...
Did you find out the right homepage at
http://chandlerproject.org/Projects/MeTooCrypto? The original author,
ngps, hasn't been involved in the project for years, yet for some reason
his page still comes up first when you search with Google.
The real M2Crypto homepage includes a short SSL howto. In there is a 5
line sample client script. But here is the equivalent of what JP wrote
in M2Crypto:
from M2Crypto import SSL
ctx = SSL.Context('sslv3')
# If you comment out these lines, the connection won't be secure
#ctx.set_verify(SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, depth=9)
#if ctx.load_verify_locations('ca.pem') != 1: raise Exception('No CA certs')
c = SSL.Connection(ctx)
c.connect(('www.google.com', 443)) # automatically checks cert matches host
c.send('GET / HTTP/1.1\r\n\r\n')
cert = c.get_peer_cert()
print cert.get_issuer() # actually returns X509_Name object
print cert.get_subject() # actually returns X509_Name object
I should point out that M2Crypto really tries to make things safe by
default. For example with SSL, you will have to explicitly request weak
crypto to get SSLv2 and weak ciphers, and by default in client mode it
will check that the certificate hostname matches the hostname you tried
to connect to. You can override these if you want. The examples
typically show how to do things the safe way.
M2Crypto has over 200 unit tests, which I think offer a reasonable way
of checking how to use the API.
You can generate the M2Crypto API documentation yourself, but it is
pretty minimal. I'll see if I can find some cycles to flesh it out.
pyOpenSSL has the API documentation online, arguably in a nicer format
even, but there doesn't seem to be much more of it IMO. Both M2Crypto
and pyOpenSSL recommend you to go read the OpenSSL documentation since
most things are pretty thin wrappers around OpenSSL. But really, for
anyone doing any serious SSL development using OpenSSL or any OpenSSL
wrappers I recommend you go read "Network Security with OpenSSL" by John
Viega, Matt Messier and Pravir Chandra, ISBN 059600270X.
But just for your viewing pleasure, I just generated the M2Crypto API
documentation and put a link to it from the M2Crypto homepage:
http://chandlerproject.org/Projects/MeTooCrypto
--
Heikki Toivonen - http://www.heikkitoivonen.net
--
http://mail.python.org/mailman/listinfo/python-list
Re: C-API: A beginner's problem
Fabian Steiner wrote:
> What did I do wrong? As I am quite new to C, I probably made many
> mistakes, so please feel free to correct me.
The following line:
> for (i = 0; i <= seqlen; i++) {
Should be "for (i = 0; i < seqlen; i++) {". Otherwise the last
assignment will be out of bounds and probably corrupts heap.
--
http://mail.python.org/mailman/listinfo/python-list
Re: C-API: A beginner's problem
Heikki Salo wrote:
> Fabian Steiner wrote:
>> What did I do wrong? As I am quite new to C, I probably made many
>> mistakes, so please feel free to correct me.
>
> The following line:
>
> > for (i = 0; i <= seqlen; i++) {
>
> Should be "for (i = 0; i < seqlen; i++) {". Otherwise the last
> assignment will be out of bounds and probably corrupts heap.
And closer look tells that the code should not even compile. Is the code
cut & pasted directly? Line "list[i] = item;" tries to assign a pointer
to an int-array, which should not compile. There are other similar oddities.
--
http://mail.python.org/mailman/listinfo/python-list
Re: python xmlrpc client with ssl client certificates and standard modules
News123 wrote: > This will probably work, but it requires the module M2Crypto. > > In order to avoid installing M2Crypto an all hosts that want to run the > script I wondered, whether there is no other solution. > > I can do xmlrpc over ssl WITHOUT certificates with following code: [...] Please note that if you just use the stdlib it is not secure out of the box. With Python 2.6 and the ssl module you can make it so, but it requires some work on your part. See for example http://www.heikkitoivonen.net/blog/2008/10/14/ssl-in-python-26/ -- Heikki Toivonen - http://heikkitoivonen.net -- http://mail.python.org/mailman/listinfo/python-list
Re: M2Crypto 0.20.1 won't build on Red Hat Linux
John Nagle wrote: > M2Crypto, from > > http://pypi.python.org/packages/source/M/M2Crypto/M2Crypto-0.20.1.tar.gz > > won't build on Red Hat Linux / 386. The error is > > It's some incompatibility between Red Hat include file packaging and > M2Crypto. Yup, all Fedora Core-based systems actually. > There was at one time a note on how to deal with this problem, but it's > been deleted. It's still in Google's cache, though. Not deleted, but my hosting provider made some changes that put my blog and a number of sites down, without advance notice, while I was on vacation :( Blog is back up, so the URL works again: http://www.heikkitoivonen.net/blog/2009/02/09/m2crypto-build-wrapper-for-fedora-core-based-distributions/ I've also added this to the FAQ: http://chandlerproject.org/Projects/MeTooCrypto#Code -- Heikki Toivonen - http://heikkitoivonen.net -- http://mail.python.org/mailman/listinfo/python-list
Re: M2Crypto 0.20.1 won't build on Red Hat Linux
John Nagle wrote: > The right question is "uname --hardware-platform". That returns "i386" if > running on something emulating a 386, even it it's 64-bit capable. Thanks, I'll make a note that I'll need to clarify that part. > With that change, the build runs to completion and and the regression tests > mostly run. Test failure occurred at: > > == > FAIL: test_cipher_ok (tests.test_ssl.MiscSSLClientTestCase) > -- > Traceback (most recent call last): > File > "/var/www/vhosts/sitetruth.com/private/downloads/M2Crypto/M2Crypto-0.20.1/tests/test_ssl.py", > line 485, in test_cipher_ok > assert s.get_cipher().name() == 'AES128-SHA', s.get_cipher().name() > AssertionError: AES256-SHA > > -- > Ran 226 tests in 91.672s > > Is 'AES128-SHA' a cypher that Fedora Core doesn't support, or what? That seems strange. OpenSSL does allow fine tuning what ciphers to build and operate with, but this is the first I hear AES128-SHA might not be turned on anymore. And even stranger still is that the test is explicitly asking for 128 yet it is getting 256 back. Could you rerun the test again just to make sure you can repeat it, and if so, let me know the fedora core, openssl, swig and python versions? -- Heikki Toivonen - http://heikkitoivonen.net -- http://mail.python.org/mailman/listinfo/python-list
ANN: M2Crypto 0.20.2
M2Crypto is the most complete Python wrapper for OpenSSL featuring RSA, DSA, DH, HMACs, message digests, symmetric ciphers (including AES); SSL functionality to implement clients and servers; HTTPS extensions to Python's httplib, urllib, and xmlrpclib; unforgeable HMAC'ing AuthCookies for web session management; FTP/TLS client and server; S/MIME; ZServerSSL: A HTTPS server for Zope and ZSmime: An S/MIME messenger for Zope. Smartcards supported with the Engine interface. This is the 0.20.2 release. Download links and bug filing instructions on the homepage at: http://chandlerproject.org/Projects/MeTooCrypto. Changelog: - (Re)Enable configuration and use with OpenSSL 0.9.7g and older by disabling RSA PSS methods when using such old OpenSSL that don't support it, thanks to Stef Walter NOTE: If you are using OpenSSL that is newer than 0.9.7g there is no need to update. -- Heikki Toivonen - http://heikkitoivonen.net -- http://mail.python.org/mailman/listinfo/python-list
Re: AES decrypting in Python
Mike Driscoll wrote: > EVP.Cipher(alg="aes_256_ecb", key=SomeKey, iv=SomeIV, op=dec, > padding=False) > > I don't really see where I pass the data that needs the decrypting > though. Can someone shed some light on this? Look at test_AES method in http://svn.osafoundation.org/m2crypto/trunk/tests/test_evp.py Basically EVP.Cipher returns the cipher object. You call the update update(data) method on it (you can call this many times if you have lots of data), which returns (possibly partial) result and finally call the final() method to finish, which will return the last piece of the decrypted data. You might also want to take a look at m2secret[1] which is a small library/utility built on top of M2Crypto to encrypt/decrypt stuff. By default it uses AES. [1] http://www.heikkitoivonen.net/m2secret/ -- Heikki Toivonen - http://heikkitoivonen.net -- http://mail.python.org/mailman/listinfo/python-list
ANN: M2Crypto 0.21.1
Announcing M2Crypto 0.21.1 Changes: 0.21.1 - 2011-01-15 --- - Distribution fix 0.21 - 2011-01-12 - - Support OpenSSL 1.0. Thanks to Miloslav Trmac for figuring out how to fix test_smime.py - Rename m2.engine_init to engine_init_error so that ENGINE_init and ENGINE_finish can be exposed, thanks to Erlo - 0.20 started releasing Python locks even around some operations that interacted with the Python runtime, potentially causing crashes and other weirdness, fix by Miloslav Trmac - Make httpslib.ProxyHTTPSConnection work with Python 2.3 M2Crypto is the most complete Python wrapper for OpenSSL featuring RSA, DSA, DH, EC, HMACs, message digests, symmetric ciphers (including AES); SSL functionality to implement clients and servers; HTTPS extensions to Python's httplib, urllib, and xmlrpclib; unforgeable HMAC'ing AuthCookies for web session management; FTP/TLS client and server; S/MIME; ZServerSSL: A HTTPS server for Zope and ZSmime: An S/MIME messenger for Zope. M2Crypto can also be used to provide SSL for Twisted. Smartcards supported through the Engine interface. -- Heikki Toivonen - http://heikkitoivonen.net -- http://mail.python.org/mailman/listinfo/python-list
Re: M2Crypto-0.20.2, SWIG-2.0.0, and OpenSSL-1.0.0a build problem
On 07/13/2010 02:18 PM, Adam Mercer wrote: I'm trying to build M2Crypto on Mac OS X 10.6.4 against python2.5 (python2.6 fails in the same way), with SWIG 2.0.0 and OpenSSL 1.0.0a and it is failing with the following: That version of M2Crypto does not work with OpenSSL 1.0.x because OpenSSL changed APIs. M2Crypto trunk works, as will the next M2Crypto release. So at this time, you should check out M2Crypto from the Subversion repository. See http://chandlerproject.org/Projects/MeTooCrypto for details on how to get the sources. -- Heikki Toivonen - http://heikkitoivonen.net -- http://mail.python.org/mailman/listinfo/python-list
Re: M2Crypto-0.20.2, SWIG-2.0.0, and OpenSSL-1.0.0a build problem
On 07/16/2010 08:18 AM, Adam Mercer wrote: That version of M2Crypto does not work with OpenSSL 1.0.x because OpenSSL changed APIs. M2Crypto trunk works, as will the next M2Crypto release. So at this time, you should check out M2Crypto from the Subversion repository. See http://chandlerproject.org/Projects/MeTooCrypto for details on how to get the sources. Thanks any ETA on a new release supporting OpenSSL 1.0.x? I was actually planning on doing a release by the end of June, but life happened. Maybe by the end of August... -- Heikki Toivonen - http://heikkitoivonen.net -- http://mail.python.org/mailman/listinfo/python-list
Re: Newbie question regarding SSL and certificate verification
Jeffrey Gaynor wrote: > A final question -- how widely is M2Crypto used? Since I will have to now > pitch >to our group that this is preferable the first questions they will ask are about >stability, who is using it and how secure is it really, especially since it is >at version 0.20.2 (i.e. no major release yet). The M2Crypto homepage lists dozens of applications and libraries that use M2Crypto. Additionally I believe certain Linux distros use it as more or less required piece. I know it has been used at some of the world's most largest companies. As for version number, that is pretty much irrelevant in open source. Take a look at the number and frequency of releases, how long the project has existed and so forth, and community around the project. M2Crypto is over 7 years old, has had at least one release a year, and although it doesn't have a large community around it, most of the changes over the last few years have been submitted by someone else than the maintainer. -- Heikki Toivonen - http://heikkitoivonen.net -- http://mail.python.org/mailman/listinfo/python-list
Re: validating HTTPS certificates?
andras.horv...@cern.ch wrote: > I'm in the process of picking a language for a client application that > accesses a HTTPS (actually SOAP) server. This would be easy enough in > Python, but I came across a strange fact: neither httplib nor urllib > offer the possibility to actually verify the server's certificate. Right, stdlib does not do this for you automatically. You'd either need to write that code yourself, or use a third party library. I wrote a long post about this when 2.6 came out: http://www.heikkitoivonen.net/blog/2008/10/14/ssl-in-python-26/ -- Heikki Toivonen -- http://mail.python.org/mailman/listinfo/python-list
Re: M2Crypto hangs on this URL
John Nagle wrote:
> There's something strange about this URL:
>
> "https://sagar310.pontins.com/sraep/";
The following program finishes fine for me using M2Crypto 0.20beta1 +
openssl 0.9.8g. Like Martin mentioned in another message, maybe someone
fixed the site.
from M2Crypto import SSL
ctx = SSL.Context()
# If you comment out the next 2 lines, the connection won't be secure
#ctx.set_verify(SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, depth=9)
#if ctx.load_verify_locations('ca.pem') != 1: raise Exception('No CA certs')
c = SSL.Connection(ctx)
c.connect(('sagar310.pontins.com', 443))
c.send('GET /sraep/ \n')
c.close()
--
Heikki Toivonen - http://heikkitoivonen.net
--
http://mail.python.org/mailman/listinfo/python-list
Re: M2Crypto: AttributeError: 'CSR' object has no attribute 'pkey'
Matthias Güntert wrote: > class CSR(object): > def __init__(self): > pass > > def create_cert_signing_request(keypair, cert_name, > cert_extension_stack=None): You missed self. Although this method does not seem to be using any instance data so there isn't actually much reason to have a CSR object unless you intend to expand it in ways that require it. > if cert_extension_stack != None: A word of advice: always check equality/inequality to None with 'is', because that way it is a straight pointer conversion which is faster and won't cause any surprises. In other words, write the above as: if cert_extension_stack is not None: -- Heikki Toivonen - http://heikkitoivonen.net -- http://mail.python.org/mailman/listinfo/python-list
Re: M2Crypto: X509.X509_Extension_Stack() throws AssertionError
Matthias Güntert wrote:
> Why is the following code snippet throwing an AssertionError? Is that
> behavior a bug within X509.X509_Extension_Stack()? How would you suggest
> popping every element from the stack?
>
> cert_extension_2 = X509.new_extension("keyUsage", "10100")
Maybe your OpenSSL is too old. keyUsage needs to be defined in OpenSSL
obj_dat.h file for this to work.
> cert_extension_3 = X509.new_extension("subjectAlternativeName",
> "DNS:www.mydomain.tld")
And I believe you mispelled this, try subjectAltName.
With the change in spelling for subjectAltName your test passes for me
using OpenSSL 1.0.0beta3 and M2Crypto 0.20beta with the (still
incomplete) patch to make M2Crypto work with OpenSSL 1.0:
https://bugzilla.osafoundation.org/show_bug.cgi?id=12855
--
Heikki Toivonen - http://heikkitoivonen.net
--
http://mail.python.org/mailman/listinfo/python-list
Re: M2Crypto: How to generate subjectKeyIdentifier / authorityKeyIdentifier
Matthias Güntert wrote: > I am trying to add the extensions "subjectKeyIdentifier" and > "authorityKeyIdentifier" to a x509v3 certificate. M2Crypto has a couple of bugs open related that, with potential workarounds that I haven't yet deemed polished enough to checkin, but which might help you out: https://bugzilla.osafoundation.org/show_bug.cgi?id=7530 https://bugzilla.osafoundation.org/show_bug.cgi?id=12151 -- Heikki Toivonen - http://heikkitoivonen.net -- http://mail.python.org/mailman/listinfo/python-list
Re: Setuptools - help!
Peter Chant wrote: > Thanks, it worked. Any ideas how to run the resulting scripts without > installing or running as root? If you install as root, you should be able to run the scripts as normal user. However, I don't recommend this approach since it could conflict with your system Python packages. I like using virtualenv to create isolated Python environments. I can easily install whatever Python packages I want into each environment, delete them when I am done with them or messed up etc. http://pypi.python.org/pypi/virtualenv -- Heikki Toivonen - http://heikkitoivonen.net -- http://mail.python.org/mailman/listinfo/python-list
ANN: M2Crypto 0.20
I am please to announce the M2Crypto 0.20 release, which was in development for over nine months. Over 30 bugs fixed by more than ten people. Download links and bug filing instructions on the homepage at http://chandlerproject.org/Projects/MeTooCrypto. M2Crypto is the most complete Python wrapper for OpenSSL featuring RSA, DSA, DH, HMACs, message digests, symmetric ciphers (including AES); SSL functionality to implement clients and servers; HTTPS extensions to Python's httplib, urllib, and xmlrpclib; unforgeable HMAC'ing AuthCookies for web session management; FTP/TLS client and server; S/MIME; ZServerSSL: A HTTPS server for Zope and ZSmime: An S/MIME messenger for Zope. Smartcards supported with the Engine interface. Changelog: - Deprecated M2Crypto.PGP subpackage since nobody seems to be using it nor is it being maintained (if you do use it, please let me know) - Added fedora_setup.sh to help work around differences on Fedora Core -based distributions (RedHat, CentOS, ...); thanks to Miloslav Trmac - Added X509.load_request_bio and load_request_string, by Hartmut Goebel and Pavel Shramov - Added alias X509.Request.set_subject for set_subject_name to match X509.X509, by Pavel Shramov - OBJ_* wrappers did not work properly with OpenSSL 0.9.8a and earlier, fix by Pavel Shramov - Added ASN1_UTCTIME.get_datetime and set_datetime, by Pavel Shramov - Fixed obj_obj2txt, which returned nonsense, fix by Barney Stratford - m2urllib did not close sockets properly, fix by Miloslav Trmac - Allow SSL peer certificate to have subjectAltName without dNSName and use commonName for hostname check, fix by Miloslav Trmac - threading_locking_callback did not block on a lock when the lock was held by another thread, by Miloslav Trmac - Allow more blocking OpenSSL functions to run without GIL, by Miloslav Trmac - Fixed httpslib to send only the path+query+fragment part of the URL when using CONNECT proxy, by James Bowes - SSLServer.__init__ now takes optional bind_and_activate parameter and initializes by calling SocketServer.BaseServer.__init__, which are Python 2.6 compatibility fixes, by Christian - ftpslib now works with Python 2.6, by Theodore A. Roth - httpslib.ProxyHTTPSConnection needs to cast port into integer, by John M. Schanck - Added support for RSASSA-PSS signing and verifying, by Chris Collis - Added support for disabling padding when using RSA encryption, by Chris Collis - ASN1_INTEGERs can now be larger than fits in an int, for example to support X509 certificates with large serial numbers, patch by Mikhail Vorozhtsov and testcase by Barry G. - Reverted a change done in 0.17 to m2urllib2 which changed urls to include host when it should stay as it was - httpslib no longer uses urllib; instead it uses urlparse for url parsing - SMIME.text_crlf and text_crlf_bio were always raising TypeError; fixed - EVP.load_key and load_key_bio fixed to raise EVP.EVPError and BIO.BIOError instead of str (str exceptions not allowed in Python 2.6 and later) - SSL.Session.load_session fixed to raise SSL.SSLError instead of str - SMIME.load_pkcs7, load_pkcs7_bio, smime_load_pkcs7, smime_load_pkcs7_bio, text_crlf, text_crlf_bio fixed to raise BIO.BIOError, SMIME.PKCS7_Error and SMIME.SMIME_Error as appropriate instead of str - Added FIPS mode to unit tests, and used FIPS-compliant key sizes in other tests, by Miloslav Trmac. Note that tests run much slower because of this! - Unit tests cover 80% of the code -- Heikki Toivonen - http://heikkitoivonen.net -- http://mail.python.org/mailman/listinfo/python-list
ANN: M2Crypto 0.20.1
M2Crypto is the most complete Python wrapper for OpenSSL featuring RSA, DSA, DH, HMACs, message digests, symmetric ciphers (including AES); SSL functionality to implement clients and servers; HTTPS extensions to Python's httplib, urllib, and xmlrpclib; unforgeable HMAC'ing AuthCookies for web session management; FTP/TLS client and server; S/MIME; ZServerSSL: A HTTPS server for Zope and ZSmime: An S/MIME messenger for Zope. Smartcards supported with the Engine interface. This is the 0.20.1 release. Download links and bug filing instructions on the homepage at http://chandlerproject.org/Projects/MeTooCrypto. Changelog: - Fix regression in httpslib.ProxyHTTPSConnection, by Miloslav Trmac -- Heikki Toivonen - http://heikkitoivonen.net -- http://mail.python.org/mailman/listinfo/python-list
