[issue8813] SSLContext doesn't support loading a CRL

2014-03-18 Thread STINNER Victor
STINNER Victor added the comment: > It was *really* trivial. I just had to expose two simple OpenSSL APIs to > enable / disable CRL. It was trivial thanks to all the work done before around SSLContext. For example, Python 2.7 doesn't have SSLContext, so adding support for CRL in Python 2.7 is

[issue8813] SSLContext doesn't support loading a CRL

2014-03-18 Thread Christian Heimes
Christian Heimes added the comment: It was *really* trivial. I just had to expose two simple OpenSSL APIs to enable / disable CRL. All versions of Python could already load the CRLs but CRL checks could not be enabled. -- ___ Python tracker

[issue8813] SSLContext doesn't support loading a CRL

2014-03-18 Thread STINNER Victor
STINNER Victor added the comment: > Yes, Python 3.4 can load and use CRLs. Great work Christian, I was expecting this feature since many years :-) -- ___ Python tracker ___ _

[issue8813] SSLContext doesn't support loading a CRL

2014-03-18 Thread Christian Heimes
Christian Heimes added the comment: Yes, Python 3.4 can load and use CRLs. -- status: open -> closed ___ Python tracker ___ ___ Python-

[issue8813] SSLContext doesn't support loading a CRL

2014-03-17 Thread STINNER Victor
STINNER Victor added the comment: What is the status of this issue? Is it fixed or not? The What's New in Python 3.4 document says that Python 3.4 can load CRL. -- ___ Python tracker ___

[issue8813] SSLContext doesn't support loading a CRL

2014-03-09 Thread Roundup Robot
Roundup Robot added the comment: New changeset 1508c4c9e747 by R David Murray in branch 'default': whatsnew: SSLContext.verify_flags and constants. (#8813) http://hg.python.org/cpython/rev/1508c4c9e747 -- status: pending -> open ___ Python tracker

[issue8813] SSLContext doesn't support loading a CRL

2013-11-23 Thread Christian Heimes
Christian Heimes added the comment: The _ssl module compiles again with OpenSSL 0.9.7. -- priority: release blocker -> normal resolution: -> fixed status: open -> pending ___ Python tracker

[issue8813] SSLContext doesn't support loading a CRL

2013-11-23 Thread Roundup Robot
Roundup Robot added the comment: New changeset 40d4be2b7258 by Christian Heimes in branch 'default': Issue #8813: X509_VERIFY_PARAM is only available on OpenSSL 0.9.8+ http://hg.python.org/cpython/rev/40d4be2b7258 -- ___ Python tracker

[issue8813] SSLContext doesn't support loading a CRL

2013-11-22 Thread Ned Deily
Ned Deily added the comment: This problem also breaks the 32-bit OS X installer build. -- nosy: +larry priority: normal -> release blocker ___ Python tracker ___ _

[issue8813] SSLContext doesn't support loading a CRL

2013-11-22 Thread Ned Deily
Ned Deily added the comment: 10.4 is *very* old: $ /usr/bin/openssl version OpenSSL 0.9.7l 28 Sep 2006 If you kept around that version of the headers and libs, you'd probably catch most of the problems. -- ___ Python tracker

[issue8813] SSLContext doesn't support loading a CRL

2013-11-22 Thread Christian Heimes
Christian Heimes added the comment: :( I seriously need access to a Darwin or OSX box. This is the second time I broke the build on OSX. Ned Deily schrieb: > >Ned Deily added the comment: > >This change seems to have broken the OS X 10.4 Tiger buildbot: > >_ssl.c:2240: error: 'struct x509_sto

[issue8813] SSLContext doesn't support loading a CRL

2013-11-22 Thread Ned Deily
Ned Deily added the comment: This change seems to have broken the OS X 10.4 Tiger buildbot: _ssl.c:2240: error: 'struct x509_store_st' has no member named 'param' _ssl.c:2253: error: 'struct x509_store_st' has no member named 'param' _ssl.c:2257: error: 'struct x509_store_st' has no member named

[issue8813] SSLContext doesn't support loading a CRL

2013-11-21 Thread Christian Heimes
Christian Heimes added the comment: memo to me: add whatsnew entry -- assignee: -> christian.heimes resolution: -> fixed stage: patch review -> committed/rejected status: open -> pending ___ Python tracker ___

[issue8813] SSLContext doesn't support loading a CRL

2013-11-21 Thread Roundup Robot
Roundup Robot added the comment: New changeset 83805c9d1f05 by Christian Heimes in branch 'default': Issue #8813: Add SSLContext.verify_flags to change the verification flags http://hg.python.org/cpython/rev/83805c9d1f05 -- nosy: +python-dev ___ Pytho

[issue8813] SSLContext doesn't support loading a CRL

2013-11-21 Thread Antoine Pitrou
Antoine Pitrou added the comment: > But it's not about CRL alone. How about VERIFY_DEFAULT = 0 ? Sounds good. -- ___ Python tracker ___ __

[issue8813] SSLContext doesn't support loading a CRL

2013-11-21 Thread Christian Heimes
Christian Heimes added the comment: But it's not about CRL alone. How about VERIFY_DEFAULT = 0 ? -- ___ Python tracker ___ ___ Python-b

[issue8813] SSLContext doesn't support loading a CRL

2013-11-21 Thread Antoine Pitrou
Antoine Pitrou added the comment: > s/FLAGS_/VERIFY_/g ? OK, I don't have hard feelings. :) And VERIFY_NONE should be VERIFY_CRL_NONE IMO. -- ___ Python tracker ___ _

[issue8813] SSLContext doesn't support loading a CRL

2013-11-21 Thread Christian Heimes
Christian Heimes added the comment: s/FLAGS_/VERIFY_/g ? OK, I don't have hard feelings. :) -- ___ Python tracker ___ ___ Python-bugs-l

[issue8813] SSLContext doesn't support loading a CRL

2013-11-21 Thread Antoine Pitrou
Antoine Pitrou added the comment: > It *is* generic. The flags are not about CRL alone, That's why I proposed VERIFY_xxx, e.g. VERIFY_CRL_NONE. Calling some flags "FLAGS" is senseless, it's like calling an integer "INTEGER". -- ___ Python tracker <

[issue8813] SSLContext doesn't support loading a CRL

2013-11-21 Thread Christian Heimes
Christian Heimes added the comment: My patch is inspired by mod_ssl: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_init.c?view=markup#l697 CRLs can already be loaded with SSLContext.load_verify_locations(). The patch exposes the verification flags of SSLContext's X509_S

[issue8813] SSLContext doesn't support loading a CRL

2013-11-21 Thread Christian Heimes
Christian Heimes added the comment: It *is* generic. The flags are not about CRL alone, http://www.openssl.org/docs/crypto/X509_VERIFY_PARAM_set_flags.html#VERIFICATION_FLAGS -- ___ Python tracker _

[issue8813] SSLContext doesn't support loading a CRL

2013-11-21 Thread Antoine Pitrou
Antoine Pitrou added the comment: That sounds too generic. How about VERIFY_CRL_NONE, etc. -- ___ Python tracker ___ ___ Python-bugs-li

[issue8813] SSLContext doesn't support loading a CRL

2013-11-21 Thread Christian Heimes
Christian Heimes added the comment: The new patch addresses your review. I have altered the new to FLAGS_NONE, FLAGS_CLR_CHECK_LEAF etc. -- Added file: http://bugs.python.org/file32760/verify_flags_crl2.patch ___ Python tracker

[issue8813] SSLContext doesn't support loading a CRL

2013-11-20 Thread Christian Heimes
Christian Heimes added the comment: The patch implements SSLContext.verify_flags in order to enable CRL checks. It comes with documentation, a unit test and a new CRL file. -- keywords: +patch stage: needs patch -> patch review Added file: http://bugs.python.org/file32744/verify_flags_c

[issue8813] SSLContext doesn't support loading a CRL

2013-11-17 Thread Christian Heimes
Christian Heimes added the comment: Yes, you are right. OpenSSL uses the same API to load certs and CRLs. CRL checks must be enabled, though. -- ___ Python tracker ___ __

[issue8813] SSLContext doesn't support loading a CRL

2013-08-24 Thread Donald Stufft
Changes by Donald Stufft : -- nosy: +dstufft ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.

[issue8813] SSLContext doesn't support loading a CRL

2013-07-08 Thread Christian Heimes
Changes by Christian Heimes : -- components: +Extension Modules nosy: +christian.heimes versions: +Python 3.4 -Python 3.3 ___ Python tracker ___ __

[issue8813] SSLContext doesn't support loading a CRL

2011-10-05 Thread David Andrzejewski
Changes by David Andrzejewski : -- nosy: +dandrzejewski ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://m

[issue8813] SSLContext doesn't support loading a CRL

2011-09-01 Thread Antoine Pitrou
Antoine Pitrou added the comment: Is it enough to just load a CRL file, or is other functionality usually needed? The following APIs should help us do it: - X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx); - int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x); - X509_CRL *d2i_X509_CRL_f

[issue8813] SSLContext doesn't support loading a CRL

2010-05-24 Thread Giampaolo Rodola'
Changes by Giampaolo Rodola' : -- nosy: +giampaolo.rodola ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http:/

[issue8813] SSLContext doesn't support loading a CRL

2010-05-24 Thread Antoine Pitrou
Changes by Antoine Pitrou : -- type: -> feature request ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://

[issue8813] SSLContext doesn't support loading a CRL

2010-05-24 Thread STINNER Victor
Changes by STINNER Victor : -- nosy: +pitrou ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.

[issue8813] SSLContext doesn't support loading a CRL

2010-05-24 Thread STINNER Victor
New submission from STINNER Victor : SSL Context should support loading a CRL. See M2Crypto patches: https://bugzilla.osafoundation.org/show_bug.cgi?id=12954 https://bugzilla.osafoundation.org/show_bug.cgi?id=11694 Or PyOpenSSL branch supporting CRL: https://launchpad.net/~rick-fdd/pyopenssl/crl