pyopenssl
Python interface to the OpenSSL library
I am having a hard time running a M2Crypto SSLServer with EXPORT grade ciphers.
LOW/MEDIUM/HIGH grade ciphers work without any problems, but EXPORT just won't. Also, when OpenSSL is run in a server mode from a command line it accepts EXPORT grade ciphers without any problems.
So, either I am missing something or there is a problem in a M2Crypto module. Any help is appreciated.
Used python code (ssl-server.py) looks like this:
import M2Crypto
import socket
CERTFILE = "dummy_cert.pem"
KEYFILE = "dummy_key.pem"
PROTOCOL = "sslv3"
HOST = "0.0.0.0"
PORT = 4433
def main():
print "[i] Initializing context ..."
ctx = M2Crypto.SSL.Context(protocol=PROTOCOL, weak_crypto=True)
ctx.load_cert_chain(certchainfile=CERTFILE, keyfile=KEYFILE)
ctx.set_options(M2Crypto.m2.SSL_OP_ALL)
ctx.set_cipher_list("ALL")
print "[i] Initializing socket ..."
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.bind((HOST, PORT))
sock.listen(1)
conn, addr = sock.accept()
print "[i] SSL handshake ..."
ssl_conn = M2Crypto.SSL.Connection(ctx=ctx, sock=conn)
ssl_conn.setup_ssl()
try:
ssl_conn_res = ssl_conn.accept_ssl()
except Exception, ex:
print "[x] SSL connection failed: '%s'" % str(ex)
else:
if ssl_conn_res == 1:
print "[i] SSL connection accepted"
else:
print "[x] SSL handshake failed: '%s'" % ssl_conn.ssl_get_error(ssl_conn_res)
if __name__ == "__main__":
main()
Symptoms are:
$ uname -a
Linux XYZ 2.6.38-15-generic #59-Ubuntu SMP Fri Apr 27 16:03:32 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux
$ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=11.04
DISTRIB_CODENAME=natty
DISTRIB_DESCRIPTION="Ubuntu 11.04"
$ python -c "import M2Crypto;print M2Crypto.version_info"
(0, 20, 1)
$ openssl version
OpenSSL 0.9.8o 01 Jun 2010
1) NOT OK
SERVER (terminal 1): $ python ssl-server.py
CLIENT (terminal 2): $ openssl s_client -connect localhost:4433 -cipher EXPORT
CONNECTED(00000003)
28131:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:602:
2) OK
SERVER (terminal 1): $ openssl s_server -cert dummy_cert.pem -key dummy_key.pem -ssl3 -no_tls1 -no_ssl2 -cipher EXPORT
CLIENT (terminal 2): $ openssl s_client -connect localhost:4433 -cipher EXPORT
CONNECTED(00000003)
depth=0 C = BE, CN = www.example.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = BE, CN = www.example.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 C = BE, CN = www.example.com
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/C=BE/CN=www.example.com
i:/C=BE/CN=test-ca
---
Server certificate
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
subject=/C=BE/CN=www.example.com
issuer=/C=BE/CN=test-ca
---
No client certificate CA names sent
---
SSL handshake has read 1141 bytes and written 242 bytes
---
New, TLSv1/SSLv3, Cipher is EXP-EDH-RSA-DES-CBC-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: zlib compression
Expansion: zlib compression
SSL-Session:
Protocol : SSLv3
Cipher : EXP-EDH-RSA-DES-CBC-SHA
Session-ID: B052D5D5A436F9A0B9D3FB24F2E32A8A06A0B6828230621C4CFAEB82A0A9AE0C
Session-ID-ctx:
Master-Key: 47F6E3720D06518B961FE389F13BCDE42C37F703099ABBB9B3DA35383C420F519D4F4773D35E470CF6FF7BB243B29069
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Compression: 1 (zlib compression)
Start Time: 1340644713
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
---
Content of a dummy_cert.pem is as follows:
-----BEGIN CERTIFICATE-----
MIICkTCCAfqgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJCRTEQ
MA4GA1UEAxMHdGVzdC1jYTAeFw0xMjA1MDYwODQyNDlaFw0yMjA1MDMwODQyNDla
MCcxCzAJBgNVBAYTAkJFMRgwFgYDVQQDEw93d3cuZXhhbXBsZS5jb20wgZ8wDQYJ
KoZIhvcNAQEBBQADgY0AMIGJAoGBAL7OBv9wRwtNjN984XSy22/rw6tHM6Lq/Ccf
NoHKbqwC+PsxgmgJJiGBGewrzBR42toqHJi7EjHhuvrgqV9s2duPQBAANh7tzY1h
6VekrwhIIt4o1h0F2KB16VXA8s918d+8pRGt2T11GUh/QT3m9yY1VzqdIBeAfklC
ET6ncPK/AgMBAAGjgdQwgdEwCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBkAw
KwYJYIZIAYb4QgENBB4WHFRpbnlDQSBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYD
VR0OBBYEFNGQArEZPKprJTn7A64qEFfl0m4xME8GA1UdIwRIMEaAFFuITOUJlGrJ
9lKufs8cm1MpwXrroSOkITAfMQswCQYDVQQGEwJCRTEQMA4GA1UEAxMHdGVzdC1j
YYIJALimgW7YUgdrMAkGA1UdEgQCMAAwCQYDVR0RBAIwADANBgkqhkiG9w0BAQUF
AAOBgQDWh8A0eBxI9XHy68xdjFsk2oerJeV6qqlcmtPZgz3GlarRcWcKsRJOyLLL
dCOe7tY5isWQAoLt6XALzDWjbQkTJnxBaKHif1MIikuajaYKT7LA1MvFn50Qrm6n
f9hG7gvdTpm1rlPcs0qibp1vJVubkU51mT6JT4UnLfeVIjtL7Q==
-----END CERTIFICATE-----
Content of a dummy_key.pem is as follows:
-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQC+zgb/cEcLTYzffOF0sttv68OrRzOi6vwnHzaBym6sAvj7MYJo
CSYhgRnsK8wUeNraKhyYuxIx4br64KlfbNnbj0AQADYe7c2NYelXpK8ISCLeKNYd
BdigdelVwPLPdfHfvKURrdk9dRlIf0E95vcmNVc6nSAXgH5JQhE+p3DyvwIDAQAB
AoGBAIZldIRkP4Z0n2+j9OJQQUS6Wl7AjlyJDAc6cxhE0GOUzG+S1foVx6f92ZaC
2wLoha75zp691fkQuLWRnXu7nk9QwxQdOppKijIPHdL2cYtUc9UCedN5rExjpcOP
4Hjwf17YOxK2J0zzmG1djTBB47BKGUedSQ7E1QxGcrESS2XxAkEA+6ey2jy8etWi
QmCdJJIxXwKRVHCmt5LVwj+IOk/u3sr1AGfBm7spKGU3boCiFt4FmjGMax7B9r/e
zPaMb34guwJBAMIZX7Vv5gfjvWtgp6pyE/UkjRSOKBpuy9gyiqtLBJwehj/qsBqr
O6tFmjMFiudVusnVSrEFGAPLV52xf0U4580CQQDkEQ1UH2spX2dYBLslo6A+3NLc
1eMhx18WVgGd50cyfnkfzuh1vF8GjwR3jvhXBQvKvFDn284pU6YV1vNbL9F1AkEA
o2CwSwyRV3q+6i9Fchbr7aCCkBbIctdoBeclCeHvU2nuHsbwzMHtS9EeZmv365kh
zNoYMMDU4fy7FyVct2ua0QJASXtIwYKZ2CAP+lAQqfh+knRRqtqdLt4Lt0mpML5m
UtsECS8frKeF3mynXfsyRkvC8F2WFiJVJ3+D+y3zYNGlZg==
-----END RSA PRIVATE KEY-----
Update: at the low level handshake packets seem to be the same except that random[32] field making this even more strange.
SSL dump (ssldump -a -A -H -i lo) for both cases can be found here:
http://pastebin.com/YuC7d8zg (NOT OK case)
http://pastebin.com/U6YGQmv9 (OK case)
Source: (StackOverflow)
I have a valid certificate issued by the spanish authority (FNMT) and I want to play with it to learn more about it.
The file has extension .p12
I would like to read the information in it (first and last name) and check if the certificate is valid. Is it possible to do that with pyOpenSSL? I guess I have to use the crypto module in OpenSSL.
Any help or useful link? Trying reading here: http://packages.python.org/pyOpenSSL/openssl-crypto.html but not much information :-(
Source: (StackOverflow)
I'm using the first default AMI for amazon Linux on ec2 and can't seem to install pyOpenSSL.
I tried:
sudo wget http://launchpad.net/pyopenssl/main/0.11/+download/pyOpenSSL-0.11.tar.gz && easy_install pyOpenSSL-0.11.tar.gz.
Results were:
error: can't create or remove files in install directory
The following error occurred while trying to add or remove files in the
installation directory:
[Errno 13] Permission denied: '/usr/lib/python2.6/site-packages/test-easy-install-21047.write-test'
Also tried:
Results were: sudo python setup.py build
/usr/lib/python2.6/distutils/dist.py:266: UserWarning: Unknown distribution option: 'zip_safe'
warnings.warn(msg)
running build
running build_py
running build_ext
building 'OpenSSL.crypto' extension
gcc -pthread -fno-strict-aliasing -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i686 -mtune=pentium4 -fasynchronous-unwind-tables -D_GNU_SOURCE -fPIC -DNDEBUG -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i686 -mtune=pentium4 -fasynchronous-unwind-tables -D_GNU_SOURCE -fPIC -fPIC -I/usr/include/python2.6 -c OpenSSL/crypto/crypto.c -o build/temp.linux-i686-2.6/OpenSSL/crypto/crypto.o
OpenSSL/crypto/crypto.c:13:20: error: Python.h: No such file or directory
In file included from OpenSSL/crypto/crypto.h:17,
from OpenSSL/crypto/crypto.c:15:
OpenSSL/crypto/x509.h:17:25: error: openssl/ssl.h: No such file or directory
In file included from OpenSSL/crypto/crypto.h:17,
from OpenSSL/crypto/crypto.c:15:
OpenSSL/crypto/x509.h:19: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘crypto_X509_Type’
OpenSSL/crypto/x509.h:24: error: expected specifier-qualifier-list before ‘PyObject_HEAD’
OpenSSL/crypto/x509.h:29: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘*’ token
OpenSSL/crypto/x509.h:30: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘*’ token
OpenSSL/crypto/x509.h:31: error: expected ‘)’ before ‘*’ token
In file included from OpenSSL/crypto/crypto.h:18,
from OpenSSL/crypto/crypto.c:15:
OpenSSL/crypto/x509name.h:19: error: expected ‘)’ before ‘*’ token
OpenSSL/crypto/x509name.h:21: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘crypto_X509Name_Type’
OpenSSL/crypto/x509name.h:26: error: expected specifier-qualifier-list before ‘PyObject_HEAD’
In file included from OpenSSL/crypto/crypto.h:19,
from OpenSSL/crypto/crypto.c:15:
OpenSSL/crypto/netscape_spki.h:16: error: expected ‘)’ before ‘*’ token
OpenSSL/crypto/netscape_spki.h:18: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘crypto_NetscapeSPKI_Type’
OpenSSL/crypto/netscape_spki.h:23: error: expected specifier-qualifier-list before ‘PyObject_HEAD’
In file included from OpenSSL/crypto/crypto.h:20,
from OpenSSL/crypto/crypto.c:15:
OpenSSL/crypto/x509store.h:17: error: expected ‘)’ before ‘*’ token
OpenSSL/crypto/x509store.h:19: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘crypto_X509Store_Type’
OpenSSL/crypto/x509store.h:24: error: expected specifier-qualifier-list before ‘PyObject_HEAD’
In file included from OpenSSL/crypto/crypto.h:21,
from OpenSSL/crypto/crypto.c:15:
OpenSSL/crypto/x509req.h:17: error: expected ‘)’ before ‘*’ token
OpenSSL/crypto/x509req.h:19: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘crypto_X509Req_Type’
OpenSSL/crypto/x509req.h:24: error: expected specifier-qualifier-list before ‘PyObject_HEAD’
In file included from OpenSSL/crypto/crypto.h:22,
from OpenSSL/crypto/crypto.c:15:
OpenSSL/crypto/pkey.h:15: error: expected ‘)’ before ‘*’ token
OpenSSL/crypto/pkey.h:17: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘crypto_PKey_Type’
OpenSSL/crypto/pkey.h:22: error: expected specifier-qualifier-list before ‘PyObject_HEAD’
In file included from OpenSSL/crypto/crypto.h:23,
from OpenSSL/crypto/crypto.c:15:
OpenSSL/crypto/x509ext.h:16:28: error: openssl/x509v3.h: No such file or directory
In file included from OpenSSL/crypto/crypto.h:23,
from OpenSSL/crypto/crypto.c:15:
OpenSSL/crypto/x509ext.h:18: error: expected ‘)’ before ‘*’ token
OpenSSL/crypto/x509ext.h:20: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘crypto_X509Extension_Type’
OpenSSL/crypto/x509ext.h:27: error: expected specifier-qualifier-list before ‘PyObject_HEAD’
In file included from OpenSSL/crypto/crypto.h:24,
from OpenSSL/crypto/crypto.c:15:
OpenSSL/crypto/pkcs7.h:15:27: error: openssl/pkcs7.h: No such file or directory
In file included from OpenSSL/crypto/crypto.h:24,
from OpenSSL/crypto/crypto.c:15:
OpenSSL/crypto/pkcs7.h:17: error: expected ‘)’ before ‘*’ token
OpenSSL/crypto/pkcs7.h:19: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘crypto_PKCS7_Type’
OpenSSL/crypto/pkcs7.h:24: error: expected specifier-qualifier-list before ‘PyObject_HEAD’
In file included from OpenSSL/crypto/crypto.h:25,
from OpenSSL/crypto/crypto.c:15:
OpenSSL/crypto/pkcs12.h:14:28: error: openssl/pkcs12.h: No such file or directory
OpenSSL/crypto/pkcs12.h:15:26: error: openssl/asn1.h: No such file or directory
In file included from OpenSSL/crypto/crypto.h:25,
from OpenSSL/crypto/crypto.c:15:
OpenSSL/crypto/pkcs12.h:17: error: expected ‘)’ before ‘*’ token
OpenSSL/crypto/pkcs12.h:19: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘crypto_PKCS12_Type’
OpenSSL/crypto/pkcs12.h:24: error: expected specifier-qualifier-list before ‘PyObject_HEAD’
OpenSSL/crypto/pkcs12.h:37: error: expected ‘)’ before ‘*’ token
In file included from OpenSSL/crypto/crypto.h:26,
from OpenSSL/crypto/crypto.c:15:
OpenSSL/crypto/crl.h:6: error: expected ‘)’ before ‘*’ token
OpenSSL/crypto/crl.h:8: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘crypto_CRL_Type’
OpenSSL/crypto/crl.h:13: error: expected specifier-qualifier-list before ‘PyObject_HEAD’
OpenSSL/crypto/crl.h:17: error: expected ‘)’ before ‘*’ token
In file included from OpenSSL/crypto/crypto.h:27,
from OpenSSL/crypto/crypto.c:15:
OpenSSL/crypto/revoked.h:6: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘crypto_Revoked_Type’
OpenSSL/crypto/revoked.h:11: error: expected specifier-qualifier-list before ‘PyObject_HEAD’
OpenSSL/crypto/revoked.h:15: error: expected ‘)’ before ‘*’ token
OpenSSL/crypto/revoked.h:16: error: expected ‘)’ before ‘*’ token
In file included from OpenSSL/crypto/crypto.h:28,
from OpenSSL/crypto/crypto.c:15:
OpenSSL/crypto/../util.h:17:25: error: openssl/err.h: No such file or directory
In file included from OpenSSL/crypto/crypto.h:28,
from OpenSSL/crypto/crypto.c:15:
OpenSSL/crypto/../util.h:31: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘*’ token
OpenSSL/crypto/../util.h:32: error: expected ‘)’ before ‘*’ token
OpenSSL/crypto/../util.h:63: error: expected ‘)’ before ‘*’ token
OpenSSL/crypto/../util.h:78: error: expected ‘)’ before ‘*’ token
OpenSSL/crypto/../util.h:83: error: expected ‘)’ before ‘*’ token
OpenSSL/crypto/../util.h:135: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘*’ token
In file included from OpenSSL/crypto/crypto.c:15:
OpenSSL/crypto/crypto.h:30: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘*’ token
OpenSSL/crypto/crypto.h:74: error: expected ‘)’ before ‘*’ token
OpenSSL/crypto/crypto.h:75: error: expected ‘)’ before ‘*’ token
OpenSSL/crypto/crypto.h:76: error: expected ‘)’ before ‘*’ token
OpenSSL/crypto/crypto.h:77: error: expected ‘)’ before ‘*’ token
OpenSSL/crypto/crypto.h:78: error: expected ‘)’ before ‘*’ token
OpenSSL/crypto/crypto.h:80: error: expected ‘)’ before ‘*’ token
OpenSSL/crypto/crypto.h:81: error: expected ‘)’ before ‘*’ token
OpenSSL/crypto/crypto.h:83: error: expected ‘)’ before ‘*’ token
OpenSSL/crypto/crypto.c:25: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘*’ token
OpenSSL/crypto/crypto.c:27: error: expected ‘)’ before ‘*’ token
OpenSSL/crypto/crypto.c: In function ‘global_passphrase_callback’:
OpenSSL/crypto/crypto.c:42: error: ‘PyObject’ undeclared (first use in this function)
OpenSSL/crypto/crypto.c:42: error: (Each undeclared identifier is reported only once
OpenSSL/crypto/crypto.c:42: error: for each function it appears in.)
OpenSSL/crypto/crypto.c:42: error: ‘func’ undeclared (first use in this function)
OpenSSL/crypto/crypto.c:42: error: ‘argv’ undeclared (first use in this function)
OpenSSL/crypto/crypto.c:42: warning: left-hand operand of comma expression has no effect
OpenSSL/crypto/crypto.c:42: error: ‘ret’ undeclared (first use in this function)
OpenSSL/crypto/crypto.c:42: warning: left-hand operand of comma expression has no effect
OpenSSL/crypto/crypto.c:45: error: expected expression before ‘)’ token
OpenSSL/crypto/crypto.c:46: warning: implicit declaration of function ‘Py_BuildValue’
OpenSSL/crypto/crypto.c:47: warning: implicit declaration of function ‘PyEval_CallObject’
OpenSSL/crypto/crypto.c:48: warning: implicit declaration of function ‘Py_DECREF’
OpenSSL/crypto/crypto.c:49: error: ‘NULL’ undeclared (first use in this function)
OpenSSL/crypto/crypto.c:51: warning: implicit declaration of function ‘PyString_Check’
OpenSSL/crypto/crypto.c:53: warning: implicit declaration of function ‘PyErr_SetString’
OpenSSL/crypto/crypto.c:53: error: ‘PyExc_ValueError’ undeclared (first use in this function)
OpenSSL/crypto/crypto.c:56: warning: implicit declaration of function ‘PyString_Size’
OpenSSL/crypto/crypto.c:59: warning: implicit declaration of function ‘strncpy’
OpenSSL/crypto/crypto.c:59: warning: incompatible implicit declaration of built-in function ‘strncpy’
OpenSSL/crypto/crypto.c:59: warning: implicit declaration of function ‘PyString_AsString’
OpenSSL/crypto/crypto.c:59: warning: passing argument 2 of ‘strncpy’ makes pointer from integer without a cast
OpenSSL/crypto/crypto.c: At top level:
OpenSSL/crypto/crypto.c:75: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘*’ token
OpenSSL/crypto/crypto.c:150: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘*’ token
OpenSSL/crypto/crypto.c:249: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘*’ token
OpenSSL/crypto/crypto.c:296: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘*’ token
OpenSSL/crypto/crypto.c:352: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘*’ token
OpenSSL/crypto/crypto.c:399: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘*’ token
OpenSSL/crypto/crypto.c:456: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘*’ token
OpenSSL/crypto/crypto.c:500: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘*’ token
OpenSSL/crypto/crypto.c:552: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘*’ token
OpenSSL/crypto/crypto.c:583: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘*’ token
OpenSSL/crypto/crypto.c:600: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘*’ token
OpenSSL/crypto/crypto.c:615: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘*’ token
OpenSSL/crypto/crypto.c:662: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘*’ token
OpenSSL/crypto/crypto.c:707: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘crypto_methods’
OpenSSL/crypto/crypto.c: In function ‘initcrypto’:
OpenSSL/crypto/crypto.c:810: error: ‘PyObject’ undeclared (first use in this function)
OpenSSL/crypto/crypto.c:810: error: ‘c_api_object’ undeclared (first use in this function)
OpenSSL/crypto/crypto.c:812: error: ‘module’ undeclared (first use in this function)
OpenSSL/crypto/crypto.c:814: warning: implicit declaration of function ‘ERR_load_crypto_strings’
OpenSSL/crypto/crypto.c:815: warning: implicit declaration of function ‘OpenSSL_add_all_algorithms’
OpenSSL/crypto/crypto.c:820: warning: implicit declaration of function ‘Py_InitModule3’
OpenSSL/crypto/crypto.c:820: error: ‘crypto_methods’ undeclared (first use in this function)
OpenSSL/crypto/crypto.c:823: error: ‘NULL’ undeclared (first use in this function)
OpenSSL/crypto/crypto.c:829: error: ‘crypto_X509_New’ undeclared (first use in this function)
OpenSSL/crypto/crypto.c:830: error: ‘crypto_X509Name_New’ undeclared (first use in this function)
OpenSSL/crypto/crypto.c:831: error: ‘crypto_X509Req_New’ undeclared (first use in this function)
OpenSSL/crypto/crypto.c:832: error: ‘crypto_X509Store_New’ undeclared (first use in this function)
OpenSSL/crypto/crypto.c:833: error: ‘crypto_PKey_New’ undeclared (first use in this function)
OpenSSL/crypto/crypto.c:835: error: ‘crypto_PKCS7_New’ undeclared (first use in this function)
OpenSSL/crypto/crypto.c:836: error: ‘crypto_NetscapeSPKI_New’ undeclared (first use in this function)
OpenSSL/crypto/crypto.c:837: warning: implicit declaration of function ‘PyCObject_FromVoidPtr’
OpenSSL/crypto/crypto.c:839: warning: implicit declaration of function ‘PyModule_AddObject’
OpenSSL/crypto/crypto.c:842: error: ‘crypto_Error’ undeclared (first use in this function)
OpenSSL/crypto/crypto.c:842: warning: implicit declaration of function ‘PyErr_NewException’
OpenSSL/crypto/crypto.c:848: warning: implicit declaration of function ‘PyModule_AddIntConstant’
OpenSSL/crypto/crypto.c:848: error: ‘X509_FILETYPE_PEM’ undeclared (first use in this function)
OpenSSL/crypto/crypto.c:849: error: ‘X509_FILETYPE_ASN1’ undeclared (first use in this function)
OpenSSL/crypto/crypto.c:852: error: ‘EVP_PKEY_RSA’ undeclared (first use in this function)
OpenSSL/crypto/crypto.c:853: error: ‘EVP_PKEY_DSA’ undeclared (first use in this function)
OpenSSL/crypto/crypto.c:859: warning: implicit declaration of function ‘init_crypto_x509’
OpenSSL/crypto/crypto.c:861: warning: implicit declaration of function ‘init_crypto_x509name’
OpenSSL/crypto/crypto.c:863: warning: implicit declaration of function ‘init_crypto_x509store’
OpenSSL/crypto/crypto.c:865: warning: implicit declaration of function ‘init_crypto_x509req’
OpenSSL/crypto/crypto.c:867: warning: implicit declaration of function ‘init_crypto_pkey’
OpenSSL/crypto/crypto.c:869: warning: implicit declaration of function ‘init_crypto_x509extension’
OpenSSL/crypto/crypto.c:871: warning: implicit declaration of function ‘init_crypto_pkcs7’
OpenSSL/crypto/crypto.c:873: warning: implicit declaration of function ‘init_crypto_pkcs12’
OpenSSL/crypto/crypto.c:875: warning: implicit declaration of function ‘init_crypto_netscape_spki’
OpenSSL/crypto/crypto.c:877: warning: implicit declaration of function ‘init_crypto_crl’
OpenSSL/crypto/crypto.c:879: warning: implicit declaration of function ‘init_crypto_revoked’
error: command 'gcc' failed with exit status 1
I thought that I needed to make sure python devel was installed to have the headers, checked what yum had installed.
yum list | grep python yielded:
audit-libs-python.i386 1.7.17-3.10.amzn1 installed
dbus-python.i386 0.83.0-6.1.5.amzn1 installed
gamin-python.i386 0.1.10-9.6.amzn1 installed
libselinux-python.i386 2.0.94-1.6.amzn1 installed
libsemanage-python.i386 2.0.43-4.2.amzn1 installed
libxml2-python.i386 2.7.6-1.6.amzn1 installed
policycoreutils-python.i386 2.0.82-28.1.5.amzn1 installed
python.noarch 1:2.6-1.19.amzn1 installed
python-cheetah.i386 2.4.1-1.6.amzn1 installed
python-configobj.noarch 4.6.0-2.1.5.amzn1 installed
python-iniparse.noarch 0.3.1-2.1.5.amzn1 installed
python-markdown.noarch 2.0.1-3.1.3.amzn1 installed
python-pycurl.i386 7.19.0-5.3.amzn1 installed
python-pygments.noarch 1.1.1-1.3.amzn1 installed
python-setuptools.noarch 0.6.10-1.7.amzn1 installed
python-sqlite.i386 2.6.0-1.8.amzn1 installed
python-urlgrabber.noarch 3.9.1-6.4.amzn1 installed
python-yaml.noarch 3.05-1.rf.6.amzn1 installed
python26.i686 2.6.6-1.15.amzn1 installed
python26-libs.i686 2.6.6-1.15.amzn1 installed
rpm-python.i386 4.8.0-9.27.amzn1 installed
setools-libs-python.i386 3.3.6-4.1.9.amzn1 installed
MySQL-python.i386 1.2.3-0.3.c1.1.4.amzn1 amzn
beecrypt-python.i686 4.1.2-10.1.1.6.amzn1 amzn
boost-mpich2-python.i386 1.41.0-11.3.amzn1 amzn
boost-openmpi-python.i386 1.41.0-11.3.amzn1 amzn
boost-python.i386 1.41.0-11.3.amzn1 amzn
cracklib-python.i386 2.8.16-2.8.amzn1 amzn
dbus-python-devel.i386 0.83.0-6.1.5.amzn1 amzn
ecryptfs-utils-python.i386 82-6.6.amzn1 amzn
freeradius-python.i386 2.1.9-1.3.amzn1 amzn
graphviz-python.i386 2.26.0-4.8.amzn1 amzn
libbdevid-python.i686 5.1.19.6-61.21.amzn1 amzn
libcap-ng-python.i386 0.6.4-2.6.amzn1 amzn
libieee1284-python.i386 0.2.9-4.6.amzn1 amzn
libxcb-python.i386 1.6-1.14.amzn1 amzn
libxslt-python.i386 1.1.26-1.4.amzn1 amzn
net-snmp-python.i386 1:5.5-21.5.amzn1 amzn
newt-python.i386 0.52.11-1.4.amzn1 amzn
postgresql-plpython.i686 8.4.5-1.6.amzn1 amzn
python-babel.noarch 0.9.4-5.1.2.amzn1 amzn
python-boto.noarch 1.9b-2.1.amzn1 amzn
python-crypto.i386 2.0.1-20.2.amzn1 amzn
python-dateutil.noarch 1.4.1-4.1.5.amzn1 amzn
python-decoratortools.noarch 1.7-4.1.3.amzn1 amzn
python-devel.noarch 1:2.6-1.19.amzn1 amzn
python-dmidecode.i386 3.10.12-1.2.amzn1 amzn
python-docutils.noarch 0.6-1.2.amzn1 amzn
python-epdb.noarch 0.11-4.0.amzn1 amzn
python-imaging.i386 1.1.6-18.3.amzn1 amzn
python-imaging-devel.i386 1.1.6-18.3.amzn1 amzn
python-jinja2.i386 2.2.1-1.2.amzn1 amzn
python-krbV.i386 1.0.13-10.4.amzn1 amzn
python-lcms.i386 1.18-0.1.beta1.4.amzn1 amzn
python-ldap.i386 2.2.0-2.2.10.amzn1 amzn
python-magic.i386 5.04-4.5.amzn1 amzn
python-paramiko.noarch 1.7.5-2.1.2.amzn1 amzn
python-sphinx.noarch 0.6.3-1.2.amzn1 amzn
python-sphinx-doc.noarch 0.6.3-1.2.amzn1 amzn
python24.i386 2.4.6-27.21.amzn1 amzn
python24-devel.i386 2.4.6-27.21.amzn1 amzn
python24-docs.noarch 2.4.4-1.11.amzn1 amzn
python24-tools.i386 2.4.6-27.21.amzn1 amzn
python26-devel.i686 2.6.6-1.15.amzn1 amzn
python26-docs.noarch 2.6.5-1.7.amzn1 amzn
python26-test.i686 2.6.6-1.15.amzn1 amzn
python26-tools.i686 2.6.6-1.15.amzn1 amzn
rrdtool-python.i686 1.3.8-6.3.amzn1 amzn
I installed python-devel and openssl-devel and was able to build and install the module. However, I could not import it.
>>> import OpenSSL
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python2.6/site-packages/OpenSSL/__init__.py", line 40, in <module>
from OpenSSL import crypto
ImportError: /usr/lib/python2.6/site-packages/OpenSSL/crypto.so: undefined symbol: crypto_X509Extension_Type
Source: (StackOverflow)
Any idea about what cause the error below ?
I use Linux centos with openssl-devel.i386 0.9.8e-12.el5_5.7
$ easy_install PyOpenSSL
Searching for PyOpenSSL
Reading http://pypi.python.org/simple/PyOpenSSL/
Reading http://launchpad.net/pyopenssl
Reading http://pyopenssl.sourceforge.net/
Best match: pyOpenSSL 0.13
Downloading http://pypi.python.org/packages/source/p/pyOpenSSL/pyOpenSSL-0.13.tar.gz#md5=767bca18a71178ca353dff9e10941929
Processing pyOpenSSL-0.13.tar.gz
Running pyOpenSSL-0.13/setup.py -q bdist_egg --dist-dir /tmp/easy_install-0Dunib/pyOpenSSL-0.13/egg-dist-tmp-aV6OCC
warning: no previously-included files matching '*.pyc' found anywhere in distribution
OpenSSL/ssl/connection.c: In function ‘ssl_Connection_set_context’:
OpenSSL/ssl/connection.c:289: warning: implicit declaration of function ‘SSL_set_SSL_CTX’
OpenSSL/ssl/connection.c: In function ‘ssl_Connection_get_servername’:
OpenSSL/ssl/connection.c:313: error: ‘TLSEXT_NAMETYPE_host_name’ undeclared (first use in this function)
OpenSSL/ssl/connection.c:313: error: (Each undeclared identifier is reported only once
OpenSSL/ssl/connection.c:313: error: for each function it appears in.)
OpenSSL/ssl/connection.c:320: warning: implicit declaration of function ‘SSL_get_servername’
OpenSSL/ssl/connection.c:320: warning: assignment makes pointer from integer without a cast
OpenSSL/ssl/connection.c: In function ‘ssl_Connection_set_tlsext_host_name’:
OpenSSL/ssl/connection.c:346: warning: implicit declaration of function ‘SSL_set_tlsext_host_name’
error: Setup script exited with error: command 'gcc' failed with exit status 1
Source: (StackOverflow)
I am trying to verify the that target exposes a https web service. I have code to connect via HTTP but I am not sure how to connect via HTTPS. I have read you use SSL but I have also read that it did not support certificate errors. The code I have got is from the python docs:
import httplib
conn = httplib.HTTPConnection("www.python.org")
conn.request("GET", "/index.html")
r1 = conn.getresponse()
print r1.status, r1.reason
Does anyone know how to connect to HTTPS?
I already tried the HTTPSConenction but it responds with an error code claiming httplib does not have attribute HTTPSConnection. I also don't have socket.ssl available.
I have installed Python 2.6.4 and I don't think it has SSL support compiled into it. Is there a way to integrate this suppot into the newer python without having to install it again.
I have installed OpenSSL and pyOpenSsl and I have tried the below code from one of the answers:
import urllib2
from OpenSSL import SSL
try:
response = urllib2.urlopen('https://example.com')
print 'response headers: "%s"' % response.info()
except IOError, e:
if hasattr(e, 'code'): # HTTPError
print 'http error code: ', e.code
elif hasattr(e, 'reason'): # URLError
print "can't connect, reason: ", e.reason
else:
raise
I have got an error:
Traceback (most recent call last):
File "<stdin>", line 2, in <module>
File "/home/build/workspace/downloads/Python-2.6.4/Lib/urllib.py", line 87, in urlopen
return opener.open(url)
File "/home/build/workspace/downloads/Python-2.6.4/Lib/urllib.py", line 203, in open
return self.open_unknown(fullurl, data)
File "/home/build/workspace/downloads/Python-2.6.4/Lib/urllib.py", line 215, in open_unknown
raise IOError, ('url error', 'unknown url type', type)
IOError: [Errno url error] unknown url type: 'https'
Does anyone know how to get this working?
--
I have found out what the problem was, the Python version I was using did not have support for SSL. I have found this solution currently at: http://www.webtop.com.au/compiling-python-with-ssl-support.
The code will now work after this solution which is very good. When I import ssl and HTTPSConnection I know don't get an error.
Thanks for the help all.
Source: (StackOverflow)
I'm writing an app that requires a cert to be installed in the client browser. I've found this in the PyOpenSSL docs for the "Context" object but I can't see anything about how the callback is supposed to validate the cert, only that it should, somehow.
set_verify(mode, callback)
Set the verification flags for this Context object to mode and
specify that callback should be used for verification callbacks.
mode should be one of VERIFY_NONE and VERIFY_PEER. If
VERIFY_PEER is used, mode can be OR:ed with
VERIFY_FAIL_IF_NO_PEER_CERT and VERIFY_CLIENT_ONCE to further
control the behaviour. callback should take five arguments: A
Connection object, an X509 object, and three integer variables,
which are in turn potential error number, error depth and return
code. callback should return true if verification passes and
false otherwise.
I'm telling the Context object where my (self signed) keys are (see below) so I guess I don't understand why that's not enough for the library to check if the cert presented by the client is a valid one. What should one do in this callback function?
class SecureAJAXServer(PlainAJAXServer):
def __init__(self, server_address, HandlerClass):
BaseServer.__init__(self, server_address, HandlerClass)
ctx = SSL.Context(SSL.SSLv23_METHOD)
ctx.use_privatekey_file ('keys/server.key')
ctx.use_certificate_file('keys/server.crt')
ctx.set_session_id("My_experimental_AJAX_Server")
ctx.set_verify( SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT | SSL.VERIFY_CLIENT_ONCE, callback_func )
self.socket = SSL.Connection(ctx, socket.socket(self.address_family, self.socket_type))
self.server_bind()
self.server_activate()
Caveat: Coding for fun here, def not a pro so if my Q reveals my total lameness, naivety and/or fundamental lack of understanding when it comes to SSL please don't be too rough!
Thanks :)
Roger
Source: (StackOverflow)
Using PyCrypto I was able to generate the public and private PEM serialization for a RSA key, but in PyCrypto the DSA class has no exportKey() method.
Trying PyOpenSSL I was able to generate the private PEM serialization for RSA and DSA keys, bu there is no crypto.dump_publickey method in PyOpenSSL.
I am looking for suggestion of how to generate the PEM serialization for RSA and DSA keys.
Many thanks!
PS: meanwhile I have changed the PyOpenSSL code to also export an dump_privatekey method for crypto API. PyOpenSSL bug and patch can be found at: https://bugs.launchpad.net/pyopenssl/+bug/780089
I was already using Twisted.conch so I solved this problem by manually generating a DSA/RSA key using PyCrypto and then initializing a twisted.conch.ssh.key.Key using this key. The Key class from Conch provides a toString method for string serialization.
Source: (StackOverflow)
I am new to python and still learning it so my question can be little naive. Please bear with it ;)
The problem is client will be sending CSR and I want to sign it with my CA root certificate and return the signed certificate back to client.
I have been using this command to do it using command line
openssl x509 -req -in device.csr -CA root.pem -CAkey root.key -CAcreateserial -out device.crt -days 500
same thing I want achieve using python. I have come across python library for openssl pyopenssl
is it possible using this library ? How ? or shoudl I go for M2Crypto ?
Source: (StackOverflow)
I'm trying to get the dates for a CRL using PyOpenSSL. The CRL class doesn't contain them as accessible members. I'm going through all of the underscore members, but I'd rather not use one of those, as they're not supposed to be 'public'.
Any suggestions on getting the dates out?
Source: (StackOverflow)
I'm currently trying to write a python server script which should authenticate the current client based on its public key. Since I'm using twisted, the example in the twisted documenteation got me started.
While I can generate keys, connect and communicate using the example code, I have not yet found a way to get the public key of the client in a usable format. In this stackexchange question somebody extracts the public key from an OpenSSL.crypto.PKey object but cannot transform it to a readable format. Since in I have access to the PKey object of the x509 certificate in the verifyCallback method or via self.transport.getPeerCertificate() from any method of my Protocol, this would be a good way to go. The (not accepted) answer suggests to try crypto.dump_privatekey(PKey). Unfortunately, this does not really yield the expected result:
While the BEGIN PRIVATE KEY and BEGIN PRIVATE KEY in the answer could be fixed by an easy text replacement function, the base64 string seems not match the public key. I've extracted the public key with openssl rsa -in client.key -pubout > client.pub as mentioned here. It does not match the result of the dump_privatekey function.
While there still is an open bug towards OpenSSL on launchpad, it is not yet fixed. It was reported 19 Month ago, and there is some recent (October 2012) activity on it, I do not have any hope of a fast fix in the repos.
Do you have any other ideas how I could get the public key in a format comparable to the client.pub file I have mentioned above? Perhaps there is a twisted or OpenSSL connection specific object which holds this information. Please note that I have to store the public key in the protocol object such that I can access it later.
Why is no Answer accepted?
M2Crypto by J.F. Sebastian
Sorry, that I had not thought of a possibility where I cannot correlate the certificate to the connection. I've added the requirement that I have to store the public key inside the protocol instance. Thus, using peerX509.as_pem() inside the postConnectionCheck function as suggested by J.F. Sebastian does not work. Furthermore, at least in version 0.21.1-2ubuntu3 of python-m2crypto I have to call peerX509.get_rsa().as_pem() to get the right public key. Using peerX509.as_pem(None) (since peerX509.as_pem() still wants a passphrase) yields excactly the same output as crypto.dump_privatekey(PKey) in PyOpenSSL. Maybe there is a bug.
Besides this, the answer showed me a possible way to write another workaround by using the following Echo protocol class:
class Echo(Protocol):
def dataReceived(self, data):
"""As soon as any data is received, write it back."""
if self.transport.checked and not self.pubkeyStored:
self.pubkeyStored = True
x509 = m2.ssl_get_peer_cert(self.transport.ssl._ptr())
if x509 is not None:
x509 = X509.X509(x509, 1)
pk = x509.get_pubkey()
self.pubkey = pk.get_rsa().as_pem()
print pk.as_pem(None)
print self.pubkey
self.transport.write(data)
As you can see this uses some internal classes which I'd like to prevent. I'm hesitating submitting a small patch which would add a getCert method to the TLSProtocolWrapper class in M2Crypto.SSL.TwistedProtocolWrapper. Even if it was accepted upstream, it would break compatibility of my script with any but the most cut-of-the-edge versions of m2crypto. What would you do?
External OpenSSL call by me
Well, its an ugly workaround based on external system commands just which seems to me even worse than accessing non-public attributes.
Source: (StackOverflow)
I am a little new to pyOpenSSL. I am trying to figure out how to associate the generated socket to an ssl cert. verify_cb gets called which give me access to the cert and a conn but how do I associate those things when this happens:
cli,addr = self.server.accept()
Source: (StackOverflow)
Well, I generate a private key with pyOpenSSL as follows:
from OpenSSL import crypto
k = crypto.PKey()
k.generate_key(crypto.TYPE_RSA, 2048)
print crypto.dump_privatekey(crypto.FILETYPE_PEM, k)
How do I get the public key string from it? I've still not found what method of this library does it. Thanks
Source: (StackOverflow)
Any thoughts on how to fix this problem? I am using pip to install Scrapy on a Win XP Pro SP 3 machine. I have Python 2.7 installed on the machine. There seems to be a problem with pyOpenSSL. I am getting a "Could not find 'openssl.exe'" error.
Here is my log file. I had to hack it up a little because of the URLs in it.
Requirement already satisfied (use --upgrade to upgrade): Scrapy in c:\python27\lib\site-packages\scrapy-0.14.4-py2.7.egg
Requirement already satisfied (use --upgrade to upgrade): Twisted>=2.5 in c:\python27\lib\site-packages (from Scrapy)
Downloading from URL pypi.python.org/packages/source/w/w3lib/w3lib-1.2.tar.gz#md5=f929d5973a9fda59587b09a72f185a9e (from pypi.python.org/simple/w3lib/)
Running setup.py egg_info for package w3lib
running egg_info
creating pip-egg-info\w3lib.egg-info
writing pip-egg-info\w3lib.egg-info\PKG-INFO
writing top-level names to pip-egg-info\w3lib.egg-info\top_level.txt
writing dependency_links to pip-egg-info\w3lib.egg-info\dependency_links.txt
writing manifest file 'pip-egg-info\w3lib.egg-info\SOURCES.txt'
warning: manifest_maker: standard file '-c' not found
reading manifest file 'pip-egg-info\w3lib.egg-info\SOURCES.txt'
writing manifest file 'pip-egg-info\w3lib.egg-info\SOURCES.txt'
Source in c:\ray\dist\pip-1.1\build\w3lib has version 1.2, which satisfies requirement w3lib (from Scrapy)
Downloading/unpacking pyOpenSSL (from Scrapy)
Downloading from URL pypi.python.org/packages/source/p/pyOpenSSL/pyOpenSSL-0.13.tar.gz#md5=767bca18a71178ca353dff9e10941929 (from pypi.python.org/simple/pyOpenSSL/)
Running setup.py egg_info for package pyOpenSSL
running egg_info
creating pip-egg-info\pyOpenSSL.egg-info
writing pip-egg-info\pyOpenSSL.egg-info\PKG-INFO
writing top-level names to pip-egg-info\pyOpenSSL.egg-info\top_level.txt
writing dependency_links to pip-egg-info\pyOpenSSL.egg-info\dependency_links.txt
writing manifest file 'pip-egg-info\pyOpenSSL.egg-info\SOURCES.txt'
warning: manifest_maker: standard file '-c' not found
error: Could not find 'openssl.exe'
Complete output from command python setup.py egg_info:
running egg_info
creating pip-egg-info\pyOpenSSL.egg-info
writing pip-egg-info\pyOpenSSL.egg-info\PKG-INFO
writing top-level names to pip-egg-info\pyOpenSSL.egg-info\top_level.txt
writing dependency_links to pip-egg-info\pyOpenSSL.egg-info\dependency_links.txt
writing manifest file 'pip-egg-info\pyOpenSSL.egg-info\SOURCES.txt'
warning: manifest_maker: standard file '-c' not found
error: Could not find 'openssl.exe'
Command python setup.py egg_info failed with error code 1 in C:\Ray\dist\pip-1.1\build\pyOpenSSL
Exception information:
Traceback (most recent call last):
File "C:\Python27\lib\site-packages\pip-1.1-py2.7.egg\pip\basecommand.py", line 104, in main
status = self.run(options, args)
File "C:\Python27\lib\site-packages\pip-1.1-py2.7.egg\pip\commands\install.py", line 245, in run
requirement_set.prepare_files(finder, force_root_egg_info=self.bundle, bundle=self.bundle)
File "C:\Python27\lib\site-packages\pip-1.1-py2.7.egg\pip\req.py", line 1009, in prepare_files
req_to_install.run_egg_info()
File "C:\Python27\lib\site-packages\pip-1.1-py2.7.egg\pip\req.py", line 225, in run_egg_info
command_desc='python setup.py egg_info')
File "C:\Python27\lib\site-packages\pip-1.1-py2.7.egg\pip\__init__.py", line 256, in call_subprocess
% (command_desc, proc.returncode, cwd))
InstallationError: Command python setup.py egg_info failed with error code 1 in C:\Ray\dist\pip-1.1\build\pyOpenSSL
Source: (StackOverflow)
A vulnerability was recently found in SSL 3, and Apple decided to turn it off for push notifications (APNS). Here is the announcement published on Oct 22, 2014.
For the last few days, my development push server has been crashing with this exception:
Traceback (most recent call last):
File "/var/django/current/manage.py", line 12, in <module>
execute_from_command_line(sys.argv)
File "/var/django/shared/env/local/lib/python2.7/site-packages/django/core/management/__init__.py", line 399, in execute_from_command_line
utility.execute()
File "/var/django/shared/env/local/lib/python2.7/site-packages/django/core/management/__init__.py", line 392, in execute
self.fetch_command(subcommand).run_from_argv(self.argv)
File "/var/django/shared/env/local/lib/python2.7/site-packages/django/core/management/base.py", line 242, in run_from_argv
self.execute(*args, **options.__dict__)
File "/var/django/shared/env/local/lib/python2.7/site-packages/django/core/management/base.py", line 285, in execute
output = self.handle(*args, **options)
File "/var/django/releases/7f093a6773161ea21d18c502eaf1a38c76749314/my_app/management/commands/load_apns_feedback.py", line 35, in handle
for ios_push_notification_hex_token, unavailability_detected_at in feedback_service.feedback():
File "/var/django/shared/env/local/lib/python2.7/site-packages/apnsclient/apns.py", line 696, in feedback
self._connection.refresh()
File "/var/django/shared/env/local/lib/python2.7/site-packages/apnsclient/apns.py", line 269, in refresh
self._ensure_socket_open()
File "/var/django/shared/env/local/lib/python2.7/site-packages/apnsclient/apns.py", line 262, in _ensure_socket_open
self._connect_and_handshake()
File "/var/django/shared/env/local/lib/python2.7/site-packages/apnsclient/apns.py", line 252, in _connect_and_handshake
self._connection.do_handshake()
File "/var/django/shared/env/local/lib/python2.7/site-packages/OpenSSL/SSL.py", line 1076, in do_handshake
self._raise_ssl_error(self._ssl, result)
File "/var/django/shared/env/local/lib/python2.7/site-packages/OpenSSL/SSL.py", line 871, in _raise_ssl_error
_raise_current_error()
File "/var/django/shared/env/local/lib/python2.7/site-packages/OpenSSL/_util.py", line 22, in exception_from_error_queue
raise exceptionType(errors)
OpenSSL.SSL.Error: [('SSL routines', 'SSL3_READ_BYTES', 'sslv3 alert handshake failure')]
How can I fix this? Is there a way to tell apns-client to avoid SSL 3 and use TLS instead?
Source: (StackOverflow)
i am trying to generate ac self signed X509v3 CA certificate using pyopenssl.
I would want to add the extension authority key identifier(AKID) with keyid containing subject key identifier(SKID).
But my following code block does not copy the SKID to AKID rather throws an exception.
Kindly help me solve this issue :)
The code is as follows
import OpenSSL
key = OpenSSL.crypto.PKey()
key.generate_key(OpenSSL.crypto.TYPE_RSA, 2048)
ca = OpenSSL.crypto.X509()
ca.set_version(2)
ca.set_serial_number(1)
ca.get_subject().CN = "ca.example.com"
ca.gmtime_adj_notBefore(0)
ca.gmtime_adj_notAfter(24 * 60 * 60)
ca.set_issuer(ca.get_subject())
ca.set_pubkey(key)
ca.add_extensions([
OpenSSL.crypto.X509Extension("basicConstraints", True,
"CA:TRUE, pathlen:0"),
OpenSSL.crypto.X509Extension("keyUsage", True,
"keyCertSign, cRLSign"),
OpenSSL.crypto.X509Extension("subjectKeyIdentifier", False, "hash",
subject=ca),
OpenSSL.crypto.X509Extension("authorityKeyIdentifier", False, "keyid:always",issuer=ca)
])
ca.sign(key, "sha1")
open("MyCertificate.crt.bin", "wb").write(
OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_ASN1, ca))
the Exception thrown is as follows
Traceback (most recent call last):
File "C:\Documents and Settings\Administrator\Desktop\Certificate\certi.py", line 21, in <module>
OpenSSL.crypto.X509Extension("authorityKeyIdentifier", False, "keyid:always",issuer=ca)
Error: [('X509 V3 routines', 'V2I_AUTHORITY_KEYID', 'unable to get issuer keyid'), ('X509 V3 routines', 'X509V3_EXT_nconf', 'error in extension')]
Now if i remove "always" from the line keyid parameter in the below line of the code
OpenSSL.crypto.X509Extension("authorityKeyIdentifier", False,
"keyid",issuer=ca)
i get the AKID keyid field to be empty and it does not contain the SKID as shown below
00:84:13:70:73:fe:29:61:5f:33:7d:b3:74:97:3b:
3a:f3:11:01:7c:b8:37:a8:8c:72:81:ee:92:fd:91:
8a:11:b3:b3:02:b4:97:d5:f8:1b:91:54:7e:15:49:
26:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:TRUE, pathlen:0
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Subject Key Identifier:
CE:D1:31:DE:CF:E3:E2:BC:6C:73:3D:55:F0:88:53:0A:F1:DC:31:14
X509v3 Authority Key Identifier:
0.
Signature Algorithm: sha1WithRSAEncryption
0b:7b:28:f6:b9:1e:6e:ec:53:6a:c5:77:db:c5:3f:5e:1d:ab:
e5:43:73:eb:52:24:af:39:2b:aa:a3:f6:34:e1:92:4b:3b:5e:
b6:1
Thank u in advance.
Source: (StackOverflow)