From 9a9e7ddc773700c05d87e2863ebc645fae1820da Mon Sep 17 00:00:00 2001 From: basebuilder_pel7x64builder0 Date: Tue, 27 Nov 2018 16:53:35 +0100 Subject: [PATCH] m2crypto package creation Signed-off-by: basebuilder_pel7x64builder0 --- SOURCES/m2crypto-0.20.2-check.patch | 33 + SOURCES/m2crypto-0.20.2-fips.patch | 220 ++++++ SOURCES/m2crypto-0.21.1-AES_crypt.patch | 23 + SOURCES/m2crypto-0.21.1-IPv6.patch | 60 ++ SOURCES/m2crypto-0.21.1-SAN-ip.patch | 57 ++ SOURCES/m2crypto-0.21.1-SSL_CTX_new.patch | 22 + SOURCES/m2crypto-0.21.1-certs.patch | 669 ++++++++++++++++++ SOURCES/m2crypto-0.21.1-gcc_macros.patch | 11 + SOURCES/m2crypto-0.21.1-https-proxy.patch | 43 ++ SOURCES/m2crypto-0.21.1-memoryview.patch | 174 +++++ SOURCES/m2crypto-0.21.1-smime-doc.patch | 166 +++++ SOURCES/m2crypto-0.21.1-sni.patch | 43 ++ SOURCES/m2crypto-0.21.1-ssl23.patch | 31 + SOURCES/m2crypto-0.21.1-supported-ec.patch | 162 +++++ ...rypto-0.21.1-test_cookie_str_changed.patch | 30 + SOURCES/m2crypto-0.21.1-tests-no-SIGHUP.patch | 44 ++ ...rypto-0.21.1-tests-no-export-ciphers.patch | 14 + .../m2crypto-0.21.1-tests-random-ports.patch | 216 ++++++ SOURCES/m2crypto-0.21.1-timeouts.patch | 599 ++++++++++++++++ SPECS/m2crypto.spec | 489 +++++++++++++ 20 files changed, 3106 insertions(+) create mode 100644 SOURCES/m2crypto-0.20.2-check.patch create mode 100644 SOURCES/m2crypto-0.20.2-fips.patch create mode 100644 SOURCES/m2crypto-0.21.1-AES_crypt.patch create mode 100644 SOURCES/m2crypto-0.21.1-IPv6.patch create mode 100644 SOURCES/m2crypto-0.21.1-SAN-ip.patch create mode 100644 SOURCES/m2crypto-0.21.1-SSL_CTX_new.patch create mode 100644 SOURCES/m2crypto-0.21.1-certs.patch create mode 100644 SOURCES/m2crypto-0.21.1-gcc_macros.patch create mode 100644 SOURCES/m2crypto-0.21.1-https-proxy.patch create mode 100644 SOURCES/m2crypto-0.21.1-memoryview.patch create mode 100644 SOURCES/m2crypto-0.21.1-smime-doc.patch create mode 100644 SOURCES/m2crypto-0.21.1-sni.patch create mode 100644 SOURCES/m2crypto-0.21.1-ssl23.patch create mode 100644 SOURCES/m2crypto-0.21.1-supported-ec.patch create mode 100644 SOURCES/m2crypto-0.21.1-test_cookie_str_changed.patch create mode 100644 SOURCES/m2crypto-0.21.1-tests-no-SIGHUP.patch create mode 100644 SOURCES/m2crypto-0.21.1-tests-no-export-ciphers.patch create mode 100644 SOURCES/m2crypto-0.21.1-tests-random-ports.patch create mode 100644 SOURCES/m2crypto-0.21.1-timeouts.patch create mode 100644 SPECS/m2crypto.spec diff --git a/SOURCES/m2crypto-0.20.2-check.patch b/SOURCES/m2crypto-0.20.2-check.patch new file mode 100644 index 00000000..8af74bd3 --- /dev/null +++ b/SOURCES/m2crypto-0.20.2-check.patch @@ -0,0 +1,33 @@ +diff -up M2Crypto-0.20.2/M2Crypto/SSL/Connection.py.check M2Crypto-0.20.2/M2Crypto/SSL/Connection.py +--- M2Crypto-0.20.2/M2Crypto/SSL/Connection.py.check 2010-07-09 00:05:56.000000000 +0200 ++++ M2Crypto-0.20.2/M2Crypto/SSL/Connection.py 2010-07-09 00:08:20.677169899 +0200 +@@ -54,6 +54,10 @@ class Connection: + + self.ssl_close_flag = m2.bio_noclose + ++ if self.ctx.post_connection_check is not None: ++ self.set_post_connection_check_callback \ ++ (self.ctx.post_connection_check) ++ + + def __del__(self): + if getattr(self, 'sslbio', None): +diff -up M2Crypto-0.20.2/M2Crypto/SSL/Context.py.check M2Crypto-0.20.2/M2Crypto/SSL/Context.py +--- M2Crypto-0.20.2/M2Crypto/SSL/Context.py.check 2009-10-07 06:24:28.000000000 +0200 ++++ M2Crypto-0.20.2/M2Crypto/SSL/Context.py 2010-07-09 00:06:47.551169489 +0200 +@@ -36,12 +36,14 @@ class Context: + + m2_ssl_ctx_free = m2.ssl_ctx_free + +- def __init__(self, protocol='sslv23', weak_crypto=None): ++ def __init__(self, protocol='sslv23', weak_crypto=None, ++ post_connection_check=None): + proto = getattr(m2, protocol + '_method', None) + if proto is None: + raise ValueError, "no such protocol '%s'" % protocol + self.ctx = m2.ssl_ctx_new(proto()) + self.allow_unknown_ca = 0 ++ self.post_connection_check = post_connection_check + map()[long(self.ctx)] = self + m2.ssl_ctx_set_cache_size(self.ctx, 128L) + if weak_crypto is None: diff --git a/SOURCES/m2crypto-0.20.2-fips.patch b/SOURCES/m2crypto-0.20.2-fips.patch new file mode 100644 index 00000000..d6a57397 --- /dev/null +++ b/SOURCES/m2crypto-0.20.2-fips.patch @@ -0,0 +1,220 @@ +diff -up M2Crypto-0.20.2/SWIG/_evp.i.fips M2Crypto-0.20.2/SWIG/_evp.i +--- M2Crypto-0.20.2/SWIG/_evp.i.fips 2010-05-19 07:06:44.029090567 +0200 ++++ M2Crypto-0.20.2/SWIG/_evp.i 2010-05-19 07:06:44.049115516 +0200 +@@ -250,7 +250,10 @@ PyObject *hmac_init(HMAC_CTX *ctx, PyObj + if (m2_PyObject_AsReadBufferInt(key, &kbuf, &klen) == -1) + return NULL; + +- HMAC_Init(ctx, kbuf, klen, md); ++ if (!HMAC_Init(ctx, kbuf, klen, md)) { ++ PyErr_SetString(_evp_err, "HMAC_Init failed"); ++ return NULL; ++ } + Py_INCREF(Py_None); + return Py_None; + } +@@ -262,7 +265,10 @@ PyObject *hmac_update(HMAC_CTX *ctx, PyO + if (PyObject_AsReadBuffer(blob, &buf, &len) == -1) + return NULL; + +- HMAC_Update(ctx, buf, len); ++ if (!HMAC_Update(ctx, buf, len)) { ++ PyErr_SetString(_evp_err, "HMAC_Update failed"); ++ return NULL; ++ } + Py_INCREF(Py_None); + return Py_None; + } +@@ -276,7 +282,10 @@ PyObject *hmac_final(HMAC_CTX *ctx) { + PyErr_SetString(PyExc_MemoryError, "hmac_final"); + return NULL; + } +- HMAC_Final(ctx, blob, (unsigned int *)&blen); ++ if (!HMAC_Final(ctx, blob, (unsigned int *)&blen)) { ++ PyErr_SetString(_evp_err, "HMAC_Final failed"); ++ return NULL; ++ } + ret = PyString_FromStringAndSize(blob, blen); + PyMem_Free(blob); + return ret; +diff -up M2Crypto-0.20.2/SWIG/_rsa.i.fips M2Crypto-0.20.2/SWIG/_rsa.i +--- M2Crypto-0.20.2/SWIG/_rsa.i.fips 2010-05-19 07:06:44.030090773 +0200 ++++ M2Crypto-0.20.2/SWIG/_rsa.i 2010-05-19 07:06:44.038095292 +0200 +@@ -423,15 +423,17 @@ void genrsa_callback(int p, int n, void + Py_XDECREF(ret); + } + +-RSA *rsa_generate_key(int bits, unsigned long e, PyObject *pyfunc) { ++PyObject *rsa_generate_key(int bits, unsigned long e, PyObject *pyfunc) { + RSA *rsa; + + Py_INCREF(pyfunc); + rsa = RSA_generate_key(bits, e, genrsa_callback, (void *)pyfunc); + Py_DECREF(pyfunc); +- if (!rsa) ++ if (!rsa) { + PyErr_SetString(_rsa_err, ERR_reason_error_string(ERR_get_error())); +- return rsa; ++ return NULL; ++ } ++ return SWIG_NewPointerObj((void *)rsa, SWIGTYPE_p_RSA, 0); + } + + int rsa_type_check(RSA *rsa) { +diff -up M2Crypto-0.20.2/tests/test_evp.py.fips M2Crypto-0.20.2/tests/test_evp.py +--- M2Crypto-0.20.2/tests/test_evp.py.fips 2009-10-07 06:24:44.000000000 +0200 ++++ M2Crypto-0.20.2/tests/test_evp.py 2010-05-19 07:06:44.039121270 +0200 +@@ -97,7 +97,7 @@ class EVPTestCase(unittest.TestCase): + """ + Testing retrieving the RSA key from the PKey instance. + """ +- rsa = RSA.gen_key(512, 3, callback=self._gen_callback) ++ rsa = RSA.gen_key(1024, 3, callback=self._gen_callback) + assert isinstance(rsa, RSA.RSA) + pkey = EVP.PKey() + pkey.assign_rsa(rsa) +@@ -130,7 +130,7 @@ class EVPTestCase(unittest.TestCase): + pkey = EVP.PKey() + self.assertRaises(ValueError, pkey.get_modulus) + +- rsa = RSA.gen_key(512, 3, callback=self._gen_callback) ++ rsa = RSA.gen_key(1024, 3, callback=self._gen_callback) + pkey.assign_rsa(rsa) + mod = pkey.get_modulus() + assert len(mod) > 0, mod +@@ -373,21 +373,21 @@ class PBKDF2TestCase(unittest.TestCase): + + class HMACTestCase(unittest.TestCase): + data1=['', 'More text test vectors to stuff up EBCDIC machines :-)', \ +- h2b("e9139d1e6ee064ef8cf514fc7dc83e86")] ++ h2b("b760e92d6662d351eb3801057695ac0346295356")] + + data2=[h2b('0b'*16), "Hi There", \ +- h2b("9294727a3638bb1c13f48ef8158bfc9d")] ++ h2b("675b0b3a1b4ddf4e124872da6c2f632bfed957e9")] + + data3=['Jefe', "what do ya want for nothing?", \ +- h2b("750c783e6ab0b503eaa86e310a5db738")] ++ h2b("effcdf6ae5eb2fa2d27416d5f184df9c259a7c79")] + + data4=[h2b('aa'*16), h2b('dd'*50), \ +- h2b("0x56be34521d144c88dbb8c733f0e8b3f6")] ++ h2b("d730594d167e35d5956fd8003d0db3d3f46dc7bb")] + + data=[data1, data2, data3, data4] + + def test_simple(self): +- algo = 'md5' ++ algo = 'sha1' + for d in self.data: + h = EVP.HMAC(d[0], algo) + h.update(d[1]) +diff -up M2Crypto-0.20.2/tests/test_rc4.py.fips M2Crypto-0.20.2/tests/test_rc4.py +--- M2Crypto-0.20.2/tests/test_rc4.py.fips 2009-10-07 06:24:39.000000000 +0200 ++++ M2Crypto-0.20.2/tests/test_rc4.py 2010-05-19 07:08:10.754839354 +0200 +@@ -8,12 +8,16 @@ import unittest + from binascii import hexlify + from M2Crypto import RC4 + ++from fips import fips_mode ++ + class RC4TestCase(unittest.TestCase): + + def test_vectors(self): + """ + Test with test vectors from Wikipedia: http://en.wikipedia.org/wiki/Rc4 + """ ++ if fips_mode: ++ return + vectors = (('Key', 'Plaintext', 'BBF316E8D940AF0AD3'), + ('Wiki', 'pedia', '1021BF0420'), + ('Secret', 'Attack at dawn', '45A01F645FC35B383552544B9BF5')) +@@ -26,6 +30,8 @@ class RC4TestCase(unittest.TestCase): + self.assertEqual(rc4.final(), '') + + def test_bad(self): ++ if fips_mode: ++ return + rc4 = RC4.RC4('foo') + self.assertNotEqual(hexlify(rc4.update('bar')).upper(), '45678') + +diff -up M2Crypto-0.20.2/tests/test_rsa.py.fips M2Crypto-0.20.2/tests/test_rsa.py +--- M2Crypto-0.20.2/tests/test_rsa.py.fips 2009-10-07 06:26:42.000000000 +0200 ++++ M2Crypto-0.20.2/tests/test_rsa.py 2010-05-19 07:06:44.039121270 +0200 +@@ -8,6 +8,8 @@ import unittest + import sha, md5, os, sys + from M2Crypto import RSA, BIO, Rand, m2, EVP, X509 + ++from fips import fips_mode ++ + class RSATestCase(unittest.TestCase): + + errkey = 'tests/dsa.priv.pem' +@@ -187,9 +189,10 @@ class RSATestCase(unittest.TestCase): + + else: + import hashlib +- algos = {'sha1': 43, +- 'ripemd160': 43, +- 'md5': 47} ++ algos = {'sha1': 43} ++ if not fips_mode: ++ algos['md5'] = 47 ++ algos['ripemd160'] = 43 + + if m2.OPENSSL_VERSION_NUMBER >= 0x90800F: + algos['sha224'] = 35 +@@ -217,7 +220,7 @@ class RSATestCase(unittest.TestCase): + """ + rsa = RSA.load_key(self.privkey) + message = "This is the message string" +- digest = md5.md5(message).digest() ++ digest = 'a' * 16 + self.assertRaises(ValueError, rsa.sign, + digest, 'bad_digest_method') + +@@ -227,7 +230,7 @@ class RSATestCase(unittest.TestCase): + """ + rsa = RSA.load_key(self.privkey) + message = "This is the message string" +- digest = md5.md5(message).digest() ++ digest = 'a' * 16 + signature = rsa.sign(digest, 'sha1') + self.assertRaises(ValueError, rsa.verify, + digest, signature, 'bad_digest_method') +diff -up M2Crypto-0.20.2/tests/test_smime.py.fips M2Crypto-0.20.2/tests/test_smime.py +--- M2Crypto-0.20.2/tests/test_smime.py.fips 2010-05-19 07:06:44.035105357 +0200 ++++ M2Crypto-0.20.2/tests/test_smime.py 2010-05-19 07:06:44.040120779 +0200 +@@ -219,7 +219,7 @@ class WriteLoadTestCase(unittest.TestCas + buf = BIO.MemoryBuffer() + assert SMIME.load_pkcs7(self.filename).write_der(buf) == 1 + s = buf.read() +- assert len(s) in (1204, 1243), len(s) ++ assert len(s) in (1188, 1204, 1243), len(s) + + def test_load_pkcs7(self): + assert SMIME.load_pkcs7(self.filename).type() == SMIME.PKCS7_SIGNED +diff -up M2Crypto-0.20.2/tests/test_ssl.py.fips M2Crypto-0.20.2/tests/test_ssl.py +--- M2Crypto-0.20.2/tests/test_ssl.py.fips 2010-05-19 07:06:44.019113781 +0200 ++++ M2Crypto-0.20.2/tests/test_ssl.py 2010-05-19 07:06:44.040120779 +0200 +@@ -51,7 +51,7 @@ class VerifyCB: + def __call__(self, ok, store): + return verify_cb_new_function(ok, store) + +-sleepTime = float(os.getenv('M2CRYPTO_TEST_SSL_SLEEP', 0.5)) ++sleepTime = float(os.getenv('M2CRYPTO_TEST_SSL_SLEEP', 1.5)) + + def find_openssl(): + if os.name == 'nt' or sys.platform == 'cygwin': +diff -up M2Crypto-0.20.2/tests/test_x509.py.fips M2Crypto-0.20.2/tests/test_x509.py +--- M2Crypto-0.20.2/tests/test_x509.py.fips 2010-05-19 07:06:44.019113781 +0200 ++++ M2Crypto-0.20.2/tests/test_x509.py 2010-05-19 07:06:44.040120779 +0200 +@@ -394,7 +394,7 @@ class X509TestCase(unittest.TestCase): + return + + def test_load_request_bio(self): +- (req, _) = self.mkreq(512) ++ (req, _) = self.mkreq(1024) + + r1 = X509.load_request_der_string(req.as_der()) + r2 = X509.load_request_string(req.as_der(), X509.FORMAT_DER) diff --git a/SOURCES/m2crypto-0.21.1-AES_crypt.patch b/SOURCES/m2crypto-0.21.1-AES_crypt.patch new file mode 100644 index 00000000..e16382c6 --- /dev/null +++ b/SOURCES/m2crypto-0.21.1-AES_crypt.patch @@ -0,0 +1,23 @@ +Index: SWIG/_aes.i +=================================================================== +--- SWIG/_aes.i (revision 724) ++++ SWIG/_aes.i (working copy) +@@ -64,6 +64,7 @@ + const void *buf; + Py_ssize_t len; + unsigned char *out; ++ PyObject *res; + + if (PyObject_AsReadBuffer(in, &buf, &len) == -1) + return NULL; +@@ -76,7 +77,9 @@ + AES_encrypt((const unsigned char *)in, out, key); + else + AES_decrypt((const unsigned char *)in, out, key); +- return PyString_FromStringAndSize((char*)out, outlen); ++ res = PyString_FromStringAndSize((char*)out, outlen); ++ PyMem_Free(out); ++ return res; + } + + int AES_type_check(AES_KEY *key) { diff --git a/SOURCES/m2crypto-0.21.1-IPv6.patch b/SOURCES/m2crypto-0.21.1-IPv6.patch new file mode 100644 index 00000000..fe36f3e9 --- /dev/null +++ b/SOURCES/m2crypto-0.21.1-IPv6.patch @@ -0,0 +1,60 @@ +diff -urN M2Crypto/M2Crypto/httpslib.py M2Crypto-0.21.1/M2Crypto/httpslib.py +--- M2Crypto/M2Crypto/httpslib.py 2011-01-15 20:10:05.000000000 +0100 ++++ M2Crypto-0.21.1/M2Crypto/httpslib.py 2012-03-13 15:04:13.848836581 +0100 +@@ -44,10 +44,33 @@ + HTTPConnection.__init__(self, host, port, strict) + + def connect(self): +- self.sock = SSL.Connection(self.ssl_ctx) +- if self.session: +- self.sock.set_session(self.session) +- self.sock.connect((self.host, self.port)) ++ error = None ++ # We ignore the returned sockaddr because SSL.Connection.connect needs ++ # a host name. ++ for (family, _, _, _, _) in \ ++ socket.getaddrinfo(self.host, self.port, 0, socket.SOCK_STREAM): ++ sock = None ++ try: ++ try: ++ sock = SSL.Connection(self.ssl_ctx, family=family) ++ if self.session is not None: ++ sock.set_session(self.session) ++ sock.connect((self.host, self.port)) ++ ++ self.sock = sock ++ sock = None ++ return ++ except socket.error, e: ++ # Other exception are probably SSL-related, in that case we ++ # abort and the exception is forwarded to the caller. ++ error = e ++ finally: ++ if sock is not None: ++ sock.close() ++ ++ if error is None: ++ raise AssertionError("Empty list returned by getaddrinfo") ++ raise error + + def close(self): + # This kludges around line 545 of httplib.py, +diff -urN M2Crypto/M2Crypto/SSL/Connection.py M2Crypto-0.21.1/M2Crypto/SSL/Connection.py +--- M2Crypto/M2Crypto/SSL/Connection.py 2012-03-13 15:00:25.058411492 +0100 ++++ M2Crypto-0.21.1/M2Crypto/SSL/Connection.py 2012-03-13 15:04:13.849836578 +0100 +@@ -38,13 +38,13 @@ + m2_bio_free = m2.bio_free + m2_ssl_free = m2.ssl_free + +- def __init__(self, ctx, sock=None): ++ def __init__(self, ctx, sock=None, family=socket.AF_INET): + self.ctx = ctx + self.ssl = m2.ssl_new(self.ctx.ctx) + if sock is not None: + self.socket = sock + else: +- self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) ++ self.socket = socket.socket(family, socket.SOCK_STREAM) + self.socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) + self._fileno = self.socket.fileno() + diff --git a/SOURCES/m2crypto-0.21.1-SAN-ip.patch b/SOURCES/m2crypto-0.21.1-SAN-ip.patch new file mode 100644 index 00000000..ab593a88 --- /dev/null +++ b/SOURCES/m2crypto-0.21.1-SAN-ip.patch @@ -0,0 +1,57 @@ +diff -ur M2Crypto/M2Crypto/SSL/Checker.py M2Crypto-0.21.1/M2Crypto/SSL/Checker.py +--- M2Crypto/M2Crypto/SSL/Checker.py 2011-01-15 20:10:05.000000000 +0100 ++++ M2Crypto-0.21.1/M2Crypto/SSL/Checker.py 2015-07-07 16:41:53.887094222 +0200 +@@ -11,6 +11,7 @@ + 'WrongHost', 'Checker'] + + from M2Crypto import util, EVP, m2 ++import socket + import re + + class SSLVerificationError(Exception): +@@ -161,6 +162,10 @@ + self.useSubjectAltNameOnly = True + if self._match(host, certHost[4:]): + return True ++ elif certHost[:11] == 'ip address:': ++ self.useSubjectAltNameOnly = True ++ if self._matchIPAddress(host, certHost[11:]): ++ return True + return False + + +@@ -218,6 +223,34 @@ + + return False + ++ def _matchIPAddress(self, host, certHost): ++ """ ++ >>> check = Checker() ++ >>> check._matchIPAddress(host='my.example.com', certHost='my.example.com') ++ False ++ >>> check._matchIPAddress(host='1.2.3.4', certHost='1.2.3.4') ++ True ++ >>> check._matchIPAddress(host='1.2.3.4', certHost='*.2.3.4') ++ False ++ >>> check._matchIPAddress(host='1.2.3.4', certHost='1.2.3.40') ++ False ++ >>> check._matchIPAddress(host='::1', certHost='::1') ++ True ++ >>> check._matchIPAddress(host='::1', certHost='0:0:0:0:0:0:0:1') ++ True ++ >>> check._matchIPAddress(host='::1', certHost='::2') ++ False ++ """ ++ try: ++ canonical = socket.getaddrinfo(host, 0, 0, socket.SOCK_STREAM, 0, ++ socket.AI_NUMERICHOST) ++ certCanonical = socket.getaddrinfo(certHost, 0, 0, ++ socket.SOCK_STREAM, 0, ++ socket.AI_NUMERICHOST) ++ except: ++ return False ++ return canonical == certCanonical ++ + + if __name__ == '__main__': + import doctest diff --git a/SOURCES/m2crypto-0.21.1-SSL_CTX_new.patch b/SOURCES/m2crypto-0.21.1-SSL_CTX_new.patch new file mode 100644 index 00000000..4be91ac2 --- /dev/null +++ b/SOURCES/m2crypto-0.21.1-SSL_CTX_new.patch @@ -0,0 +1,22 @@ +diff -ur M2Crypto/SWIG/_ssl.i M2Crypto-0.21.1/SWIG/_ssl.i +--- M2Crypto/SWIG/_ssl.i 2013-12-07 05:11:09.638393899 +0100 ++++ M2Crypto-0.21.1/SWIG/_ssl.i 2013-12-07 05:54:06.791902199 +0100 +@@ -60,8 +60,18 @@ + %rename(tlsv1_method) TLSv1_method; + extern SSL_METHOD *TLSv1_method(void); + ++%typemap(out) SSL_CTX * { ++ if ($1 != NULL) ++ $result = SWIG_NewPointerObj($1, $1_descriptor, 0); ++ else { ++ PyErr_SetString(_ssl_err, ERR_reason_error_string(ERR_get_error())); ++ $result = NULL; ++ } ++} + %rename(ssl_ctx_new) SSL_CTX_new; + extern SSL_CTX *SSL_CTX_new(SSL_METHOD *); ++%typemap(out) SSL_CTX *; ++ + %rename(ssl_ctx_free) SSL_CTX_free; + extern void SSL_CTX_free(SSL_CTX *); + %rename(ssl_ctx_set_verify_depth) SSL_CTX_set_verify_depth; diff --git a/SOURCES/m2crypto-0.21.1-certs.patch b/SOURCES/m2crypto-0.21.1-certs.patch new file mode 100644 index 00000000..be95177d --- /dev/null +++ b/SOURCES/m2crypto-0.21.1-certs.patch @@ -0,0 +1,669 @@ +Index: tests/ca.pem +=================================================================== +--- tests/ca.pem (revision 739) ++++ tests/ca.pem (working copy) +@@ -2,61 +2,56 @@ + Data: + Version: 3 (0x2) + Serial Number: +- d1:b6:bf:af:06:17:8c:bd ++ b4:7e:b2:de:87:00:03:0b + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=California, O=M2Crypto, CN=Heikki Toivonen + Validity +- Not Before: Jul 28 04:30:50 2009 GMT +- Not After : Jul 27 04:30:50 2012 GMT ++ Not Before: Nov 21 15:31:30 2012 GMT ++ Not After : Nov 21 15:31:30 2015 GMT + Subject: C=US, ST=California, O=M2Crypto, CN=Heikki Toivonen + Subject Public Key Info: + Public Key Algorithm: rsaEncryption +- RSA Public Key: (1024 bit) +- Modulus (1024 bit): +- 00:c8:9b:59:18:c2:bf:21:68:dc:d4:62:30:1f:43: +- 29:52:85:8d:36:fc:20:7f:11:1b:c6:f3:e6:c2:7a: +- d0:17:0e:6e:78:43:21:e9:e2:df:9f:31:87:e8:7a: +- 37:88:1f:a4:56:a1:e9:cb:13:7b:1b:c0:28:cf:5a: +- db:a3:e7:50:6c:c6:55:76:e3:61:e8:73:4b:c2:8c: +- ee:1c:29:c1:ee:2d:fd:e2:30:34:69:06:ea:d0:af: +- bd:c5:db:86:70:92:26:0a:33:1b:70:a9:e7:6e:a4: +- 2e:ee:4a:8a:f3:b2:6c:c9:97:28:39:28:28:3f:c5: +- 90:4d:4e:83:0a:0e:cd:98:93 ++ Public-Key: (1024 bit) ++ Modulus: ++ 00:d2:2f:57:58:be:05:6d:45:14:d0:70:90:56:10: ++ 80:f6:e3:e6:8a:ff:1e:0b:58:fa:a1:e6:95:a1:23: ++ 8d:01:c6:48:85:99:ab:f9:1b:e0:9a:15:6a:d1:50: ++ 73:fb:8f:7c:d2:73:4e:4a:c0:88:f9:54:f9:86:d9: ++ 01:86:4e:02:68:bc:d0:1c:8d:d2:2e:ce:7e:54:ac: ++ 45:a5:b7:39:c6:e9:f4:e0:70:2c:57:e6:21:24:f6: ++ 52:f8:fa:0b:b3:63:53:ea:eb:11:ca:ef:90:32:9f: ++ 15:08:6b:2d:0e:3d:61:69:22:f2:0f:dc:08:65:45: ++ 34:a2:29:8e:66:5e:45:95:91 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: +- AD:64:45:74:8F:83:C7:2C:D5:D7:A0:85:91:10:40:9A:9C:96:CF:EE ++ 80:D9:6A:1E:15:FE:8B:61:51:62:60:4D:B3:CC:95:44:78:2D:89:E6 + X509v3 Authority Key Identifier: +- keyid:AD:64:45:74:8F:83:C7:2C:D5:D7:A0:85:91:10:40:9A:9C:96:CF:EE +- DirName:/C=US/ST=California/O=M2Crypto/CN=Heikki Toivonen +- serial:D1:B6:BF:AF:06:17:8C:BD ++ keyid:80:D9:6A:1E:15:FE:8B:61:51:62:60:4D:B3:CC:95:44:78:2D:89:E6 + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha1WithRSAEncryption +- c8:11:af:7d:6d:fb:1c:82:0d:c0:e7:41:f4:b2:a5:b0:69:6d: +- 18:e3:04:aa:49:e6:4a:69:6d:c3:e3:8b:ab:d1:18:ac:72:ef: +- 48:9e:49:c7:57:75:2d:00:1e:08:9f:c3:dc:ca:5f:91:38:0d: +- ac:f8:1f:cc:fc:f7:c2:5b:ce:d7:0c:cf:b2:fe:c9:a9:ce:b8: +- 07:45:17:1c:cf:b3:07:f9:1f:69:6a:94:03:be:62:62:9c:af: +- a2:24:25:2d:1f:63:0a:91:6b:bb:e3:6c:ec:20:de:80:d3:04: +- b4:5e:42:1f:27:bc:1f:79:98:18:ba:fb:8a:34:24:a9:40:1e: +- b9:7b ++ b0:37:88:ab:56:c5:19:e7:1b:d2:d3:c0:00:98:ff:f0:0a:35: ++ 89:ff:a0:a8:14:bd:fc:84:b6:ee:6b:05:92:20:87:58:38:69: ++ b2:16:b8:89:f3:4f:3c:9d:0f:da:b6:ea:35:9f:cf:e9:4f:05: ++ 19:8b:6a:06:68:51:96:1c:0f:60:23:80:19:ff:cd:3e:2b:4b: ++ 0c:1a:ff:bd:f6:0d:6b:11:25:0f:ba:87:2c:46:47:c0:32:e8: ++ 8a:14:4c:30:26:35:2b:58:9c:6b:c6:0e:d1:e3:c8:6a:b0:c0: ++ e0:82:98:77:07:2e:67:ba:0c:e5:a5:04:0d:81:ca:54:92:b5: ++ 27:fa + -----BEGIN CERTIFICATE----- +-MIICzjCCAjegAwIBAgIJANG2v68GF4y9MA0GCSqGSIb3DQEBBQUAME8xCzAJBgNV +-BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQKEwhNMkNyeXB0bzEY +-MBYGA1UEAxMPSGVpa2tpIFRvaXZvbmVuMB4XDTA5MDcyODA0MzA1MFoXDTEyMDcy +-NzA0MzA1MFowTzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAP +-BgNVBAoTCE0yQ3J5cHRvMRgwFgYDVQQDEw9IZWlra2kgVG9pdm9uZW4wgZ8wDQYJ +-KoZIhvcNAQEBBQADgY0AMIGJAoGBAMibWRjCvyFo3NRiMB9DKVKFjTb8IH8RG8bz +-5sJ60BcObnhDIeni358xh+h6N4gfpFah6csTexvAKM9a26PnUGzGVXbjYehzS8KM +-7hwpwe4t/eIwNGkG6tCvvcXbhnCSJgozG3Cp526kLu5KivOybMmXKDkoKD/FkE1O +-gwoOzZiTAgMBAAGjgbEwga4wHQYDVR0OBBYEFK1kRXSPg8cs1deghZEQQJqcls/u +-MH8GA1UdIwR4MHaAFK1kRXSPg8cs1deghZEQQJqcls/uoVOkUTBPMQswCQYDVQQG +-EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEChMITTJDcnlwdG8xGDAW +-BgNVBAMTD0hlaWtraSBUb2l2b25lboIJANG2v68GF4y9MAwGA1UdEwQFMAMBAf8w +-DQYJKoZIhvcNAQEFBQADgYEAyBGvfW37HIINwOdB9LKlsGltGOMEqknmSmltw+OL +-q9EYrHLvSJ5Jx1d1LQAeCJ/D3MpfkTgNrPgfzPz3wlvO1wzPsv7Jqc64B0UXHM+z +-B/kfaWqUA75iYpyvoiQlLR9jCpFru+Ns7CDegNMEtF5CHye8H3mYGLr7ijQkqUAe +-uXs= ++MIICbDCCAdWgAwIBAgIJALR+st6HAAMLMA0GCSqGSIb3DQEBBQUAME8xCzAJBgNV ++BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMREwDwYDVQQKDAhNMkNyeXB0bzEY ++MBYGA1UEAwwPSGVpa2tpIFRvaXZvbmVuMB4XDTEyMTEyMTE1MzEzMFoXDTE1MTEy ++MTE1MzEzMFowTzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExETAP ++BgNVBAoMCE0yQ3J5cHRvMRgwFgYDVQQDDA9IZWlra2kgVG9pdm9uZW4wgZ8wDQYJ ++KoZIhvcNAQEBBQADgY0AMIGJAoGBANIvV1i+BW1FFNBwkFYQgPbj5or/HgtY+qHm ++laEjjQHGSIWZq/kb4JoVatFQc/uPfNJzTkrAiPlU+YbZAYZOAmi80ByN0i7OflSs ++RaW3Ocbp9OBwLFfmIST2Uvj6C7NjU+rrEcrvkDKfFQhrLQ49YWki8g/cCGVFNKIp ++jmZeRZWRAgMBAAGjUDBOMB0GA1UdDgQWBBSA2WoeFf6LYVFiYE2zzJVEeC2J5jAf ++BgNVHSMEGDAWgBSA2WoeFf6LYVFiYE2zzJVEeC2J5jAMBgNVHRMEBTADAQH/MA0G ++CSqGSIb3DQEBBQUAA4GBALA3iKtWxRnnG9LTwACY//AKNYn/oKgUvfyEtu5rBZIg ++h1g4abIWuInzTzydD9q26jWfz+lPBRmLagZoUZYcD2AjgBn/zT4rSwwa/732DWsR ++JQ+6hyxGR8Ay6IoUTDAmNStYnGvGDtHjyGqwwOCCmHcHLme6DOWlBA2BylSStSf6 + -----END CERTIFICATE----- +Index: tests/recipient.pem +=================================================================== +--- tests/recipient.pem (revision 739) ++++ tests/recipient.pem (working copy) +@@ -2,26 +2,26 @@ + Data: + Version: 3 (0x2) + Serial Number: +- d1:b6:bf:af:06:17:8c:c1 ++ b4:7e:b2:de:87:00:03:0f + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=California, O=M2Crypto, CN=Heikki Toivonen + Validity +- Not Before: Jul 28 04:39:19 2009 GMT +- Not After : Jul 26 04:39:19 2019 GMT ++ Not Before: Nov 21 15:39:34 2012 GMT ++ Not After : Jan 8 15:39:34 2023 GMT + Subject: C=US, ST=California, O=M2Crypto, CN=Recipient/emailAddress=recipient@example.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption +- RSA Public Key: (1024 bit) +- Modulus (1024 bit): +- 00:c2:21:a3:4f:64:59:9c:21:39:21:d2:3c:e7:0a: +- 60:72:c8:39:b3:c3:27:4a:6d:56:8f:a0:5d:1b:c6: +- e4:3e:26:61:09:a9:ae:04:83:69:3f:9d:2b:12:7e: +- d4:f7:8e:d0:6e:a9:8c:9b:d1:bf:17:0c:bd:d0:73: +- 99:02:6e:7e:cb:7a:80:2d:cf:b1:29:c0:30:36:3f: +- 68:12:3e:4e:bf:f9:8b:3d:1d:56:af:24:94:ae:d5: +- 59:b4:00:50:0c:c0:2b:59:c3:99:b3:8a:19:f1:86: +- 14:bd:ee:e9:c4:f1:d7:6a:0c:e9:67:8a:94:9a:2d: +- 2d:60:25:22:c6:72:68:c2:0d ++ Public-Key: (1024 bit) ++ Modulus: ++ 00:ac:b6:2e:f0:34:34:7d:d4:e6:63:79:60:53:b9: ++ fe:91:a5:bf:49:ec:99:4c:33:2f:85:96:55:e8:09: ++ dc:18:47:1a:72:49:04:a2:e8:78:73:57:c7:bb:e9: ++ c7:aa:c5:07:84:14:b6:01:1c:e3:8a:fd:f3:19:01: ++ 11:9d:48:bc:24:8a:0f:c6:40:ed:d7:30:b1:92:ab: ++ c2:61:8c:5d:ea:08:c6:c4:d6:a5:22:00:d9:aa:da: ++ 57:5d:cc:2f:1a:35:1b:31:de:dc:c7:3b:83:91:38: ++ d9:07:e1:c7:a7:54:bd:94:95:10:c6:2d:dc:00:e1: ++ 28:99:b5:3b:28:95:aa:4e:d5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: +@@ -29,33 +29,33 @@ + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: +- 11:CB:60:AC:55:85:52:84:C5:C8:20:5A:50:13:D0:89:C7:7A:B7:81 ++ CD:26:EB:42:79:6D:04:7F:95:23:46:1E:03:C9:40:2D:D2:00:AE:71 + X509v3 Authority Key Identifier: +- keyid:AD:64:45:74:8F:83:C7:2C:D5:D7:A0:85:91:10:40:9A:9C:96:CF:EE ++ keyid:80:D9:6A:1E:15:FE:8B:61:51:62:60:4D:B3:CC:95:44:78:2D:89:E6 + + Signature Algorithm: sha1WithRSAEncryption +- 87:56:17:6d:ba:3b:a6:c4:22:af:20:f1:a0:e5:9d:27:c4:50: +- bd:79:eb:d2:84:e5:9a:00:5f:5d:5a:c3:34:58:77:f5:a9:00: +- f9:76:e9:2d:89:b4:3f:9d:e3:cf:15:0c:64:1b:0a:03:db:e4: +- 6f:2b:ff:1c:82:89:1a:0f:7e:83:58:0f:e6:da:af:26:97:49: +- 4a:59:d7:61:3f:4b:ed:1d:5b:51:00:3b:83:96:c7:1e:3d:84: +- f4:91:1f:70:69:12:b9:a7:2c:5b:1b:05:cd:74:90:2b:a0:ba: +- e7:70:cd:6b:7d:ac:be:d7:92:50:e9:f5:c0:42:29:04:ef:8f: +- a1:68 ++ a9:5e:b2:4c:24:15:dd:49:d1:4d:e3:dd:e3:da:6b:23:99:45: ++ 2d:a1:84:f2:9b:6e:48:3c:e9:ce:f8:7f:f3:1f:d3:85:99:94: ++ 7e:19:8c:ca:be:3a:ca:97:b9:de:c8:4f:08:28:fc:7f:24:37: ++ 95:e1:d5:60:97:07:2b:be:62:f4:02:1d:27:8f:9e:0d:36:1a: ++ d5:45:6f:27:c3:34:21:13:1b:28:93:9d:cb:a6:30:0d:8f:4a: ++ 5f:4c:4a:97:7b:fe:ed:ce:18:84:5a:ec:4f:f8:84:2e:cb:72: ++ 28:90:cb:e3:5a:f4:83:16:bd:a8:ef:f0:f5:12:6c:26:3e:af: ++ c7:a8 + -----BEGIN CERTIFICATE----- +-MIICtzCCAiCgAwIBAgIJANG2v68GF4zBMA0GCSqGSIb3DQEBBQUAME8xCzAJBgNV +-BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQKEwhNMkNyeXB0bzEY +-MBYGA1UEAxMPSGVpa2tpIFRvaXZvbmVuMB4XDTA5MDcyODA0MzkxOVoXDTE5MDcy +-NjA0MzkxOVowbzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAP +-BgNVBAoTCE0yQ3J5cHRvMRIwEAYDVQQDEwlSZWNpcGllbnQxJDAiBgkqhkiG9w0B ++MIICtzCCAiCgAwIBAgIJALR+st6HAAMPMA0GCSqGSIb3DQEBBQUAME8xCzAJBgNV ++BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMREwDwYDVQQKDAhNMkNyeXB0bzEY ++MBYGA1UEAwwPSGVpa2tpIFRvaXZvbmVuMB4XDTEyMTEyMTE1MzkzNFoXDTIzMDEw ++ODE1MzkzNFowbzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExETAP ++BgNVBAoMCE0yQ3J5cHRvMRIwEAYDVQQDDAlSZWNpcGllbnQxJDAiBgkqhkiG9w0B + CQEWFXJlY2lwaWVudEBleGFtcGxlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw +-gYkCgYEAwiGjT2RZnCE5IdI85wpgcsg5s8MnSm1Wj6BdG8bkPiZhCamuBINpP50r +-En7U947QbqmMm9G/Fwy90HOZAm5+y3qALc+xKcAwNj9oEj5Ov/mLPR1WrySUrtVZ +-tABQDMArWcOZs4oZ8YYUve7pxPHXagzpZ4qUmi0tYCUixnJowg0CAwEAAaN7MHkw ++gYkCgYEArLYu8DQ0fdTmY3lgU7n+kaW/SeyZTDMvhZZV6AncGEcackkEouh4c1fH ++u+nHqsUHhBS2ARzjiv3zGQERnUi8JIoPxkDt1zCxkqvCYYxd6gjGxNalIgDZqtpX ++XcwvGjUbMd7cxzuDkTjZB+HHp1S9lJUQxi3cAOEombU7KJWqTtUCAwEAAaN7MHkw + CQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2Vy +-dGlmaWNhdGUwHQYDVR0OBBYEFBHLYKxVhVKExcggWlAT0InHereBMB8GA1UdIwQY +-MBaAFK1kRXSPg8cs1deghZEQQJqcls/uMA0GCSqGSIb3DQEBBQUAA4GBAIdWF226 +-O6bEIq8g8aDlnSfEUL1569KE5ZoAX11awzRYd/WpAPl26S2JtD+d488VDGQbCgPb +-5G8r/xyCiRoPfoNYD+baryaXSUpZ12E/S+0dW1EAO4OWxx49hPSRH3BpErmnLFsb +-Bc10kCuguudwzWt9rL7XklDp9cBCKQTvj6Fo ++dGlmaWNhdGUwHQYDVR0OBBYEFM0m60J5bQR/lSNGHgPJQC3SAK5xMB8GA1UdIwQY ++MBaAFIDZah4V/othUWJgTbPMlUR4LYnmMA0GCSqGSIb3DQEBBQUAA4GBAKleskwk ++Fd1J0U3j3ePaayOZRS2hhPKbbkg86c74f/Mf04WZlH4ZjMq+OsqXud7ITwgo/H8k ++N5Xh1WCXByu+YvQCHSePng02GtVFbyfDNCETGyiTncumMA2PSl9MSpd7/u3OGIRa ++7E/4hC7LciiQy+Na9IMWvajv8PUSbCY+r8eo + -----END CERTIFICATE----- +Index: tests/recipient_key.pem +=================================================================== +--- tests/recipient_key.pem (revision 739) ++++ tests/recipient_key.pem (working copy) +@@ -1,15 +1,15 @@ + -----BEGIN RSA PRIVATE KEY----- +-MIICXAIBAAKBgQDCIaNPZFmcITkh0jznCmByyDmzwydKbVaPoF0bxuQ+JmEJqa4E +-g2k/nSsSftT3jtBuqYyb0b8XDL3Qc5kCbn7LeoAtz7EpwDA2P2gSPk6/+Ys9HVav +-JJSu1Vm0AFAMwCtZw5mzihnxhhS97unE8ddqDOlnipSaLS1gJSLGcmjCDQIDAQAB +-AoGAZlrJ+kAUpyc1Mkng5ogoFhzPn6ITg0Bm1U9eCBkzmjkuDKQ0JhkLUwkQ/q10 +-qBnad55ZjoZmVEbZhaCNWiTcIIy0nKAMWNKRcg3vTgrnbmbjco1HECDStfJKogZl +-7egoIImHnU1f/IeKQDUYUfs/INonmnnZ1d2jrU7QsdTz84ECQQDzhT0UwP8S1oma +-0IBgeUOt5ptZs7nFdZnbIKCd+ADra6NiQznokCHe5K0WZHqPKvN9asKx1u0h+97H +-Wmk6Fw7RAkEAzBR1+mTRSrlJT8/NTCsIDPtCK/+OhmGbNy1pfsOWq1lN58Za5HV7 +-fmtaH2No+MP+DlfNigsg557GzAYl2ZumfQJAHQj33W+dehuGUKUniVksDqH+R9W8 +-AqUg8RWU0QDu6yLsWhz13JrCzxao5JCaZFOUsJF4IUglAfZL+6z1+u0g4QJAH5aL +-LFaujoJfdpsTi9adSGUbuPO1e9dfzwqYaaaci6knBdkN+I62rrqvGGyqstajXFT6 +-24MddLx+yNWqxiPxgQJBAKF8YiR4eLqLSnq4ftqCqVCC1XbA2H9b7G5RBWi00WFq +-3Nx+B/wjLzbqsMamTCIDUCEW+MzFx6otCxduDZRMKH8= ++MIICWwIBAAKBgQCsti7wNDR91OZjeWBTuf6Rpb9J7JlMMy+FllXoCdwYRxpySQSi ++6HhzV8e76ceqxQeEFLYBHOOK/fMZARGdSLwkig/GQO3XMLGSq8JhjF3qCMbE1qUi ++ANmq2lddzC8aNRsx3tzHO4ORONkH4cenVL2UlRDGLdwA4SiZtTsolapO1QIDAQAB ++AoGAXMxCqiOStK2I4Jfdzv7XrlA9WK38rDmwZfmhzNxHWvARYKilChcYaPkYQ3pY ++IwRchnZOWIi6JftO+/dcDIOBOsqlIRPcy7T1rMrNoouNy5IglzL5nAUfkGiPzm7Q ++xW5/jl7t5OA2YO8ID4jDvFjZ8Lo+mwQRD0Pd8eXyZZ/E1Z0CQQDarp9wz2HBnBQJ ++FY8yASX6CcLN6brrateC/gy+E8Sy82t4TOwWpLC3d8LEgYD7AZtu41VB50mUCg5e ++EbrGkZrjAkEAyi9J1TOf/LzrFEYOnskYiTkKLgHG1uJuDdcF4NtGn+tEc85X7R9A ++jAQdZGFeN26fgDqmHJlm4W0473H8sXQE5wJAJpK2vQdXjvcg8ZlD8OYS9M/T9M5N ++kkj+SrTVOpHyGD6nrkijPDtAkJwnVtIhFiVqbVzcJQvPBrXfYuhtsajtUQJAHS50 ++FpyL49uUhmmSJKLbsrqT2I4TF+K4hbDaPVkIuX4odBp9IFFZbJwPbfSLt650wPo2 ++DXyql7C+/fhSw33+UwJAea5E2ZMIXMwPwVH/oOaeiUqwEcJ0hQ97Y3DkiI9USPBz ++U3W9Nu/6eTEuFmadfPpT6SlwAbOTjEICpuOP3oPShg== + -----END RSA PRIVATE KEY----- +Index: tests/server.pem +=================================================================== +--- tests/server.pem (revision 739) ++++ tests/server.pem (working copy) +@@ -2,26 +2,26 @@ + Data: + Version: 3 (0x2) + Serial Number: +- d1:b6:bf:af:06:17:8c:be ++ b4:7e:b2:de:87:00:03:0c + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=California, O=M2Crypto, CN=Heikki Toivonen + Validity +- Not Before: Jul 28 04:31:41 2009 GMT +- Not After : Jul 26 04:31:41 2019 GMT ++ Not Before: Nov 21 15:33:54 2012 GMT ++ Not After : Jan 8 15:33:54 2023 GMT + Subject: C=US, ST=California, O=M2Crypto, CN=localhost + Subject Public Key Info: + Public Key Algorithm: rsaEncryption +- RSA Public Key: (1024 bit) +- Modulus (1024 bit): +- 00:d4:99:6f:33:3f:e6:ac:0a:34:d8:0e:45:97:f3: +- 2b:6a:50:2a:84:30:0a:52:9c:15:30:9f:05:29:3a: +- 21:f4:c1:c3:01:9e:2f:55:56:4e:35:ac:f1:16:1e: +- 26:8d:b5:26:b7:99:78:92:ea:1c:74:46:ab:41:12: +- ef:cc:53:62:cc:59:5c:9e:c4:86:df:d9:25:35:55: +- 05:4b:16:ff:d9:90:e3:f4:51:b4:b4:fa:c5:98:4b: +- 60:f0:60:7f:14:4e:1e:dd:61:9b:22:a2:9c:21:17: +- 43:a3:cb:07:80:f5:75:59:9c:55:1c:fe:e0:66:d4: +- 70:77:5e:13:06:0c:05:c7:1f ++ Public-Key: (1024 bit) ++ Modulus: ++ 00:dd:9d:eb:7f:82:43:ed:f2:06:1c:1d:b3:fa:e1: ++ 41:8a:4b:bd:b4:1d:82:04:ee:63:b3:22:af:cf:94: ++ 88:36:52:18:3e:01:b6:37:15:59:93:7f:cc:88:5a: ++ 56:ea:02:c1:a2:bd:9f:c2:87:a4:f6:0e:cb:ca:e9: ++ b8:c6:50:3c:87:30:15:7e:e0:4b:1d:b9:5f:8e:4f: ++ 2b:af:64:9b:24:14:01:a7:6a:47:ab:72:f5:26:66: ++ a5:73:33:11:bf:81:28:4f:88:14:76:49:e1:7b:ce: ++ b8:11:fd:3c:ad:83:95:8f:be:30:ec:78:ab:d7:68: ++ b9:70:f5:87:7a:96:f7:35:dd + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: +@@ -29,47 +29,47 @@ + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: +- 04:05:3D:6A:A7:E8:D7:52:BD:2F:C4:52:30:7C:2C:BD:D3:81:46:C6 ++ 14:E4:DE:06:C8:F0:45:E8:3B:FD:48:7A:6C:9C:AC:14:1F:D5:DB:E0 + X509v3 Authority Key Identifier: +- keyid:AD:64:45:74:8F:83:C7:2C:D5:D7:A0:85:91:10:40:9A:9C:96:CF:EE ++ keyid:80:D9:6A:1E:15:FE:8B:61:51:62:60:4D:B3:CC:95:44:78:2D:89:E6 + + Signature Algorithm: sha1WithRSAEncryption +- ac:2b:ad:86:36:96:5c:fb:34:2c:02:ca:d9:5f:a7:8e:b6:58: +- 24:1d:27:b6:8e:81:aa:69:0e:60:26:64:2e:72:a1:ff:d8:ba: +- bb:7e:5d:46:c7:07:2d:a8:c8:4c:df:1e:ba:c8:bc:21:5b:f2: +- b3:01:4c:d6:3b:10:fd:49:70:e6:83:01:f3:24:e2:a9:97:d7: +- c3:9c:5b:2d:d7:64:2b:e5:e2:0e:3e:d9:8c:e6:93:86:39:32: +- 50:43:5f:36:4a:3b:b0:05:e7:65:a3:b3:ef:50:56:7f:7e:dc: +- f0:65:83:ac:42:7e:97:a0:c0:7e:63:c6:c8:c6:35:d3:60:d1: +- 4f:51 ++ 74:b4:9d:87:61:b0:e5:8e:7b:38:11:1b:26:18:ba:f6:03:38: ++ 1b:84:3f:be:95:70:eb:d6:1d:2c:d7:1e:d8:b7:26:62:84:db: ++ cb:f4:40:6b:af:97:0e:76:5f:fb:da:d7:2b:bb:c8:bd:38:a3: ++ 02:c1:f2:60:f4:ec:11:d8:81:54:b6:7a:a4:5b:66:72:40:cb: ++ 72:ff:12:a3:8f:e7:6a:76:73:b3:9f:72:4e:68:40:0c:11:bd: ++ bd:4d:93:2e:33:27:7d:8d:0a:93:c2:71:de:4f:a2:58:0c:8e: ++ f0:ad:d2:28:05:bc:04:72:30:6d:5b:d1:4e:73:48:f1:1d:83: ++ 65:a6 + -----BEGIN CERTIFICATE----- +-MIICkTCCAfqgAwIBAgIJANG2v68GF4y+MA0GCSqGSIb3DQEBBQUAME8xCzAJBgNV +-BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQKEwhNMkNyeXB0bzEY +-MBYGA1UEAxMPSGVpa2tpIFRvaXZvbmVuMB4XDTA5MDcyODA0MzE0MVoXDTE5MDcy +-NjA0MzE0MVowSTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAP +-BgNVBAoTCE0yQ3J5cHRvMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcN +-AQEBBQADgY0AMIGJAoGBANSZbzM/5qwKNNgORZfzK2pQKoQwClKcFTCfBSk6IfTB +-wwGeL1VWTjWs8RYeJo21JreZeJLqHHRGq0ES78xTYsxZXJ7Eht/ZJTVVBUsW/9mQ +-4/RRtLT6xZhLYPBgfxROHt1hmyKinCEXQ6PLB4D1dVmcVRz+4GbUcHdeEwYMBccf ++MIICkTCCAfqgAwIBAgIJALR+st6HAAMMMA0GCSqGSIb3DQEBBQUAME8xCzAJBgNV ++BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMREwDwYDVQQKDAhNMkNyeXB0bzEY ++MBYGA1UEAwwPSGVpa2tpIFRvaXZvbmVuMB4XDTEyMTEyMTE1MzM1NFoXDTIzMDEw ++ODE1MzM1NFowSTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExETAP ++BgNVBAoMCE0yQ3J5cHRvMRIwEAYDVQQDDAlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcN ++AQEBBQADgY0AMIGJAoGBAN2d63+CQ+3yBhwds/rhQYpLvbQdggTuY7Mir8+UiDZS ++GD4BtjcVWZN/zIhaVuoCwaK9n8KHpPYOy8rpuMZQPIcwFX7gSx25X45PK69kmyQU ++AadqR6ty9SZmpXMzEb+BKE+IFHZJ4XvOuBH9PK2DlY++MOx4q9douXD1h3qW9zXd + AgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2Vu +-ZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQEBT1qp+jXUr0vxFIwfCy904FG +-xjAfBgNVHSMEGDAWgBStZEV0j4PHLNXXoIWREECanJbP7jANBgkqhkiG9w0BAQUF +-AAOBgQCsK62GNpZc+zQsAsrZX6eOtlgkHSe2joGqaQ5gJmQucqH/2Lq7fl1Gxwct +-qMhM3x66yLwhW/KzAUzWOxD9SXDmgwHzJOKpl9fDnFst12Qr5eIOPtmM5pOGOTJQ +-Q182SjuwBedlo7PvUFZ/ftzwZYOsQn6XoMB+Y8bIxjXTYNFPUQ== ++ZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQU5N4GyPBF6Dv9SHpsnKwUH9Xb ++4DAfBgNVHSMEGDAWgBSA2WoeFf6LYVFiYE2zzJVEeC2J5jANBgkqhkiG9w0BAQUF ++AAOBgQB0tJ2HYbDljns4ERsmGLr2AzgbhD++lXDr1h0s1x7YtyZihNvL9EBrr5cO ++dl/72tcru8i9OKMCwfJg9OwR2IFUtnqkW2ZyQMty/xKjj+dqdnOzn3JOaEAMEb29 ++TZMuMyd9jQqTwnHeT6JYDI7wrdIoBbwEcjBtW9FOc0jxHYNlpg== + -----END CERTIFICATE----- + -----BEGIN RSA PRIVATE KEY----- +-MIICXgIBAAKBgQDUmW8zP+asCjTYDkWX8ytqUCqEMApSnBUwnwUpOiH0wcMBni9V +-Vk41rPEWHiaNtSa3mXiS6hx0RqtBEu/MU2LMWVyexIbf2SU1VQVLFv/ZkOP0UbS0 +-+sWYS2DwYH8UTh7dYZsiopwhF0OjyweA9XVZnFUc/uBm1HB3XhMGDAXHHwIDAQAB +-AoGBALBHrSm8kYMTT2/anZ/5tIUJhcdnohePbg6LvJbLqf4tb4l25V6IGn9tL9Yc +-F/GmRD02VwDSd9d+BWAG2Kj+d0rfdCLfKY9O8PVVm0DF6grLZ7ugItYqUHRDYOdV +-MOVOQrx+mCIzHtoEtQ6HLqmqt2rIX731L1TA7OLNm3XHyISJAkEA/mgNNNg0e23G +-64z83yxxwPEnBrnKd1+xjH9QJ0Z9SJJuF4sNXRIFA4YUNvv2MNe3gMS4Hg9w78HL +-PwcEzLnO9QJBANXuWAZGV58CdkM2w7H9+ukxMbQeLSnmgjpdddo31qqbfgFAYZMK +-LppRqyosj+a2qQ6vua0ndstTImSi7KPmCUMCQQDbwr5Fu836ISYIK830aswIw0fX +-A37mB3+zwfZXNwjaO8NmCvQMRZiXJqcnqBdOsckOLuBs9yGzuk/7rfBzeL5RAkA2 +-uBcly7o/vsZ3HLvjfB5ApUecVZehvwcSXLN3VI8A5nLNaSVMEe+nozoPuIQ6NAB7 +-9DCe/JgjG6mRaibzKTS3AkEAjTl5MTKkYR78+2u3NRU/ypa1iKCicSvI/Ryw7p/z +-Q8XmVA0CmNRvltf9gA1gJ04ZijBPtl+s09uppaCw9L3vuA== ++MIICXAIBAAKBgQDdnet/gkPt8gYcHbP64UGKS720HYIE7mOzIq/PlIg2Uhg+AbY3 ++FVmTf8yIWlbqAsGivZ/Ch6T2DsvK6bjGUDyHMBV+4EsduV+OTyuvZJskFAGnaker ++cvUmZqVzMxG/gShPiBR2SeF7zrgR/Tytg5WPvjDseKvXaLlw9Yd6lvc13QIDAQAB ++AoGAIZzWHxzO2MQgkRsgNSj9G9CpESx4j+7oSD82kzFgB30kGCOCU5B1aZ20k+m/ ++zPZmEBzaolKYfol392rDj7CTvVT5VQh5QzkVeU28iLOBVqUJ1fwh5gBvIy5iEXzo ++O58M8y2IDyJ2W84UUtIav8LD3xGKDxD7k14FW5TIwXfCE4ECQQD8gAI7RHfViv0M ++9qSsZ7MapR4wwJKolapfHJda8hM+uEaSanJ/2RwAe5mfn92VUubmAG+Xcoe9HR9x ++dJQ5hAllAkEA4LBSq3T8+5wNUBE7V9OUP4Eh8ytbEviurNizfM4sBTrsXBVyDoBU +++ji9BCcDtbaB+GewnpsrXeqSJ/eKxMnvGQJALInH2vxwxtIFYMwAsAh6pzCI6sCN ++Hf+IVc6NRBV/H4kRqbHtEHATaGJk7qscQsKkx9070dL57nm8mh6eJqcLoQJBALM0 ++LltNrVBIQF3xwHDl8UFNDvTRSYwyB68YDt+l2Ho7arRu7k8ej6gahLbBHzZY4ARt ++PvLhM49uPS/fQTB/FlECQHaIJA/MFMtpFpv2h0Vsq5Rq0kayzFy/1Cf7k+E9wVUg ++gqcUvnEaT990We8Ffri/HlBtIuiuC7lVtv7zKu//VHU= + -----END RSA PRIVATE KEY----- +Index: tests/signer.pem +=================================================================== +--- tests/signer.pem (revision 739) ++++ tests/signer.pem (working copy) +@@ -2,26 +2,26 @@ + Data: + Version: 3 (0x2) + Serial Number: +- d1:b6:bf:af:06:17:8c:c0 ++ b4:7e:b2:de:87:00:03:0e + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=California, O=M2Crypto, CN=Heikki Toivonen + Validity +- Not Before: Jul 28 04:37:25 2009 GMT +- Not After : Jul 26 04:37:25 2019 GMT ++ Not Before: Nov 21 15:37:55 2012 GMT ++ Not After : Jan 8 15:37:55 2023 GMT + Subject: C=US, ST=California, O=M2Crypto, CN=Signer/emailAddress=signer@example.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption +- RSA Public Key: (1024 bit) +- Modulus (1024 bit): +- 00:c3:9c:76:f3:21:aa:10:19:9f:77:e3:82:1d:9d: +- c3:4a:da:bc:c3:83:71:d1:89:78:8b:82:a4:b9:c5: +- 70:bb:e3:00:bf:49:b8:99:96:67:0b:bf:fe:72:cb: +- d9:b6:63:85:f4:fb:86:55:32:22:1e:6e:ce:fd:88: +- 5c:75:9d:77:3c:92:17:c5:b2:70:04:59:02:33:ef: +- be:33:26:f1:e4:72:41:45:72:f1:bf:c4:21:b1:fe: +- de:92:b9:f3:25:3e:1a:15:4b:26:47:29:cc:38:7f: +- 58:3b:ae:b7:c5:69:e7:48:81:b6:55:61:45:c3:3f: +- b6:9d:06:e5:17:41:f6:f2:e9 ++ Public-Key: (1024 bit) ++ Modulus: ++ 00:a1:f3:c0:4b:84:03:54:c4:db:dd:95:75:4b:d2: ++ e3:4b:63:5e:fb:e9:68:32:3a:79:3a:5b:3c:f1:ae: ++ 3c:65:11:a1:a2:86:d9:45:20:c1:a8:3c:e9:64:c6: ++ 5c:9a:58:ee:ae:d3:4e:af:07:95:80:5f:4c:fe:64: ++ bd:65:ae:2c:91:fc:fa:bf:dc:aa:5f:da:36:4c:0a: ++ 77:61:e6:a4:f6:a3:54:92:bf:39:12:84:44:d9:ab: ++ 12:da:78:43:20:b6:50:6c:9d:87:3a:27:86:95:14: ++ a7:9c:f2:d8:36:29:fb:1e:24:64:61:13:48:b5:de: ++ 17:61:49:6c:2a:61:da:03:b1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: +@@ -29,33 +29,33 @@ + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: +- 22:CA:29:B7:D7:39:B4:BF:35:F9:36:5E:EE:2B:E4:17:4E:F9:6E:EE ++ 07:7D:13:C0:AF:F5:E4:63:CD:7C:64:68:FF:D2:67:FC:27:46:DC:04 + X509v3 Authority Key Identifier: +- keyid:AD:64:45:74:8F:83:C7:2C:D5:D7:A0:85:91:10:40:9A:9C:96:CF:EE ++ keyid:80:D9:6A:1E:15:FE:8B:61:51:62:60:4D:B3:CC:95:44:78:2D:89:E6 + + Signature Algorithm: sha1WithRSAEncryption +- 5f:a0:da:6b:37:b4:bb:25:34:a7:ed:f3:f7:2e:f2:85:aa:91: +- 01:8f:c3:80:e5:44:87:df:9e:64:5e:5f:3e:5c:7f:c1:07:12: +- 2a:46:cc:bb:9f:a4:a5:c8:3f:84:9a:a4:9e:d5:26:33:af:b4: +- 5f:eb:8e:7d:81:65:f6:44:18:78:89:17:74:fb:07:dc:04:65: +- fa:15:0c:b2:f3:e7:e7:af:1f:d9:02:c4:c4:44:b7:95:91:47: +- fe:c0:2a:e1:7a:ae:dd:5f:f8:a9:fa:bb:dd:89:2d:0b:05:b6: +- ce:ba:12:37:7f:97:4c:48:a9:fb:d4:b7:a5:d1:61:f6:85:ea: +- 30:8c ++ 00:64:bc:be:4b:42:72:54:ca:7e:02:28:87:90:07:c8:cb:ad: ++ ac:18:fa:89:bb:1e:a8:20:c1:1a:39:d2:e3:ba:b6:d9:1c:b6: ++ bf:bb:c7:dc:46:3b:99:ac:81:13:99:f7:88:9f:b2:ae:19:ff: ++ d7:37:c2:83:aa:ca:c8:d2:03:1f:ce:00:b8:86:2a:b0:2d:80: ++ e8:83:c0:83:34:8a:dd:9f:75:c5:df:61:ff:cc:c1:8b:ab:e0: ++ e1:13:02:ff:63:4b:1d:58:0b:5d:3a:a4:e9:a3:b5:3a:19:2f: ++ dc:a4:c2:4a:b4:46:5e:0c:fa:59:4e:c5:31:5f:a2:18:aa:c8: ++ a4:92 + -----BEGIN CERTIFICATE----- +-MIICsTCCAhqgAwIBAgIJANG2v68GF4zAMA0GCSqGSIb3DQEBBQUAME8xCzAJBgNV +-BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQKEwhNMkNyeXB0bzEY +-MBYGA1UEAxMPSGVpa2tpIFRvaXZvbmVuMB4XDTA5MDcyODA0MzcyNVoXDTE5MDcy +-NjA0MzcyNVowaTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAP +-BgNVBAoTCE0yQ3J5cHRvMQ8wDQYDVQQDEwZTaWduZXIxITAfBgkqhkiG9w0BCQEW ++MIICsTCCAhqgAwIBAgIJALR+st6HAAMOMA0GCSqGSIb3DQEBBQUAME8xCzAJBgNV ++BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMREwDwYDVQQKDAhNMkNyeXB0bzEY ++MBYGA1UEAwwPSGVpa2tpIFRvaXZvbmVuMB4XDTEyMTEyMTE1Mzc1NVoXDTIzMDEw ++ODE1Mzc1NVowaTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExETAP ++BgNVBAoMCE0yQ3J5cHRvMQ8wDQYDVQQDDAZTaWduZXIxITAfBgkqhkiG9w0BCQEW + EnNpZ25lckBleGFtcGxlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA +-w5x28yGqEBmfd+OCHZ3DStq8w4Nx0Yl4i4KkucVwu+MAv0m4mZZnC7/+csvZtmOF +-9PuGVTIiHm7O/YhcdZ13PJIXxbJwBFkCM+++Mybx5HJBRXLxv8Qhsf7ekrnzJT4a +-FUsmRynMOH9YO663xWnnSIG2VWFFwz+2nQblF0H28ukCAwEAAaN7MHkwCQYDVR0T ++ofPAS4QDVMTb3ZV1S9LjS2Ne++loMjp5Ols88a48ZRGhoobZRSDBqDzpZMZcmlju ++rtNOrweVgF9M/mS9Za4skfz6v9yqX9o2TAp3Yeak9qNUkr85EoRE2asS2nhDILZQ ++bJ2HOieGlRSnnPLYNin7HiRkYRNItd4XYUlsKmHaA7ECAwEAAaN7MHkwCQYDVR0T + BAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNh +-dGUwHQYDVR0OBBYEFCLKKbfXObS/Nfk2Xu4r5BdO+W7uMB8GA1UdIwQYMBaAFK1k +-RXSPg8cs1deghZEQQJqcls/uMA0GCSqGSIb3DQEBBQUAA4GBAF+g2ms3tLslNKft +-8/cu8oWqkQGPw4DlRIffnmReXz5cf8EHEipGzLufpKXIP4SapJ7VJjOvtF/rjn2B +-ZfZEGHiJF3T7B9wEZfoVDLLz5+evH9kCxMREt5WRR/7AKuF6rt1f+Kn6u92JLQsF +-ts66Ejd/l0xIqfvUt6XRYfaF6jCM ++dGUwHQYDVR0OBBYEFAd9E8Cv9eRjzXxkaP/SZ/wnRtwEMB8GA1UdIwQYMBaAFIDZ ++ah4V/othUWJgTbPMlUR4LYnmMA0GCSqGSIb3DQEBBQUAA4GBAABkvL5LQnJUyn4C ++KIeQB8jLrawY+om7HqggwRo50uO6ttkctr+7x9xGO5msgROZ94ifsq4Z/9c3woOq ++ysjSAx/OALiGKrAtgOiDwIM0it2fdcXfYf/MwYur4OETAv9jSx1YC106pOmjtToZ ++L9ykwkq0Rl4M+llOxTFfohiqyKSS + -----END CERTIFICATE----- +Index: tests/signer_key.pem +=================================================================== +--- tests/signer_key.pem (revision 739) ++++ tests/signer_key.pem (working copy) +@@ -1,15 +1,15 @@ + -----BEGIN RSA PRIVATE KEY----- +-MIICXAIBAAKBgQDDnHbzIaoQGZ9344IdncNK2rzDg3HRiXiLgqS5xXC74wC/SbiZ +-lmcLv/5yy9m2Y4X0+4ZVMiIebs79iFx1nXc8khfFsnAEWQIz774zJvHkckFFcvG/ +-xCGx/t6SufMlPhoVSyZHKcw4f1g7rrfFaedIgbZVYUXDP7adBuUXQfby6QIDAQAB +-AoGAZL24JQ85XoFTt5Lb+BS/91Uf0jFn9Nov0um9nE8q+Bi40ctN3wuulkaS7Nw/ +-i8dFvh2r2USwfavjvn7z3z7xoMG8V2c1ZFJCI2CKjocuWVkGwNnIsbO7/BOG03nu +-vir/i7TXN0YbN8zMhfuFC9APmR8bdmMa2KgHXzQcLuAmI4ECQQDhDIkC97l6rMKG +-QWbYrbc7GoMZNwCsPb/fasUknGmtPmq+s818i335u1yyhAk5pwKV7HF+WyZ76S2A +-P1bZf9+FAkEA3oN98qoklVmWSK0qV+CKHjZHSqtt32q2eu6+eAO5fVZOWHwXhS/B +-MkTtfKJbIDTLyUnwhKyht/hXOniVqHE5FQJAf99VgoArvc6oAQzsWTXrpQOddhhQ +-o426lkHenrzZNvz+PjmACsJf5CRXuX9Ylo+U4ockvb0hEssddX+H47HK2QJBAIYr +-aV1SJH79pvWpnLeiSAYRmok2tyiZMvELVkQNkuI1kUYfhRslAWxrTXvyddoEm8CC +-2glWAqlokEhMf4kyxEUCQCIQbV+XFoEqkECchik34PPmcPi2ends32dv/sW+AKjQ +-pxKpWbxVB4sEOPZzpmujP0LLxvCY4HOUJDlhENGQ8MM= ++MIICXAIBAAKBgQCh88BLhANUxNvdlXVL0uNLY1776WgyOnk6WzzxrjxlEaGihtlF ++IMGoPOlkxlyaWO6u006vB5WAX0z+ZL1lriyR/Pq/3Kpf2jZMCndh5qT2o1SSvzkS ++hETZqxLaeEMgtlBsnYc6J4aVFKec8tg2KfseJGRhE0i13hdhSWwqYdoDsQIDAQAB ++AoGAOAsY1UkWugPxrellkNqmq1T07qnj09XmU6p1GZFY9wS18X9GuqROP8DsZ2I5 ++c3QpDLi09t7h/m18QGBuJjyy0Tk3iFsLZ1+F1nNCFOZTeRybWA2MS91P9bpYri63 ++tarTxHaDe/RsMsaXe2HBp2rjw/jxT3y5DYwwWPQWjEIgf/0CQQDT7yeEtdj5LN1O ++NW9Coj3MzAodjyz5Jz1bCRGvhXpnralaM8Oyl1Dix99wGM64VuHvE5Lg0gY1ySg2 ++YJeYfuo/AkEAw6AmUTUrG8+axMkKX+rXz7LvaOR6Ad39uXO3S2lhbACQAy1Tn4W+ ++gJ2x0zJY+lY8oRQpXqZi1wzdLI/JGL82DwJAQvZmcx0N8DUHu6VQgSpIAoRZkdti ++J1sJnNDxwJaZBVcukiyW4b/Ds9PZOk7sSfxRqLtzhgt2INptFTlRzMIU+wJBALYc ++1s7uoi0HvVrIlUHpy/Js73dEi1hForgMQ2yOs8TpWSe8AIcW6Nuu8iZcTnzt3w9N ++R533Yzgzn4qmaF0DVH0CQGHvjKMwb63YsnyjiUHtjG/zlN7FZWAIr3wEPNoMl2dd ++s33jU+euC2oKygr1tSUf1lSM+yLCvDTetzg+1uBNfmg= + -----END RSA PRIVATE KEY----- +Index: tests/test_ssl_offline.py +=================================================================== +--- tests/test_ssl_offline.py (revision 739) ++++ tests/test_ssl_offline.py (working copy) +@@ -16,7 +16,7 @@ + def test_checker(self): + + check = Checker.Checker(host=srv_host, +- peerCertHash='7B754EFA41A264AAD370D43460BC8229F9354ECE') ++ peerCertHash='6D5C51BF6C90686A87E015A07731B252B7638D93') + x509 = X509.load_cert('tests/server.pem') + assert check(x509, srv_host) + self.assertRaises(Checker.WrongHost, check, x509, 'example.com') +Index: tests/test_x509.py +=================================================================== +--- tests/test_x509.py (revision 739) ++++ tests/test_x509.py (working copy) +@@ -340,14 +340,14 @@ + def test_fingerprint(self): + x509 = X509.load_cert('tests/x509.pem') + fp = x509.get_fingerprint('sha1') +- expected = '8D2EB9E203B5FFDC7F4FA7DC4103E852A55B808D' ++ expected = 'B2522F9B4F6F2461475D0C6267911537E738494F' + assert fp == expected, '%s != %s' % (fp, expected) + + def test_load_der_string(self): + f = open('tests/x509.der', 'rb') + x509 = X509.load_cert_der_string(''.join(f.readlines())) + fp = x509.get_fingerprint('sha1') +- expected = '8D2EB9E203B5FFDC7F4FA7DC4103E852A55B808D' ++ expected = 'B2522F9B4F6F2461475D0C6267911537E738494F' + assert fp == expected, '%s != %s' % (fp, expected) + + def test_save_der_string(self): +Index: tests/x509.der +=================================================================== +Cannot display: file marked as a binary type. +svn:mime-type = application/octet-stream +Index: tests/x509.pem +=================================================================== +--- tests/x509.pem (revision 739) ++++ tests/x509.pem (working copy) +@@ -2,26 +2,26 @@ + Data: + Version: 3 (0x2) + Serial Number: +- d1:b6:bf:af:06:17:8c:bf ++ b4:7e:b2:de:87:00:03:0d + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=California, O=M2Crypto, CN=Heikki Toivonen + Validity +- Not Before: Jul 28 04:34:34 2009 GMT +- Not After : Jul 26 04:34:34 2019 GMT ++ Not Before: Nov 21 15:35:24 2012 GMT ++ Not After : Jan 8 15:35:24 2023 GMT + Subject: C=US, ST=California, O=M2Crypto, CN=X509 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption +- RSA Public Key: (1024 bit) +- Modulus (1024 bit): +- 00:d3:62:55:12:30:b8:dc:84:7c:63:bd:80:1d:19: +- 1a:72:f2:28:f8:59:0b:2a:6b:f2:2a:23:9d:bb:0f: +- 7f:92:5e:dd:27:74:bc:78:0a:27:ab:1c:2e:23:1c: +- 26:77:48:b6:8f:03:ef:57:1c:a0:54:ae:1a:e8:f5: +- 24:a1:46:a1:27:48:55:33:98:fc:db:6a:83:2e:89: +- 3f:e0:f3:91:9d:da:4f:db:74:90:9d:a6:8d:4a:46: +- cb:9f:ba:b8:60:df:ae:ee:22:4b:3f:80:55:f7:1d: +- 89:3c:2b:28:df:46:19:d5:18:ac:e9:07:4e:40:81: +- 75:bc:da:5b:d5:e1:c2:04:15 ++ Public-Key: (1024 bit) ++ Modulus: ++ 00:ba:3b:21:75:3a:4f:78:99:14:56:ae:68:36:6f: ++ 52:f3:01:a4:c4:0c:cc:27:eb:e2:c5:e1:78:19:ba: ++ d4:47:05:35:df:d4:1c:10:8b:70:33:a2:f3:27:31: ++ 9e:1d:b7:2d:f8:ff:01:4a:4b:90:a7:29:4e:79:09: ++ ad:df:3a:85:96:fc:fd:cb:ea:8c:37:b6:e4:b2:67: ++ ec:fd:20:e1:0c:45:98:42:31:80:74:0e:78:fa:58: ++ 09:0d:2e:e5:82:38:8d:30:23:80:12:0c:40:c7:3f: ++ 26:94:e9:5b:43:f1:64:e2:1e:5d:fc:77:92:93:b4: ++ 4f:5f:8d:88:a0:03:b7:5e:a1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: +@@ -29,47 +29,47 @@ + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: +- B1:C4:6F:98:6F:E8:3B:8C:A1:26:11:81:97:9A:12:50:4A:1A:6C:88 ++ E8:C1:6E:60:19:13:82:40:65:B9:67:26:B7:8E:D6:7C:EE:33:8D:72 + X509v3 Authority Key Identifier: +- keyid:AD:64:45:74:8F:83:C7:2C:D5:D7:A0:85:91:10:40:9A:9C:96:CF:EE ++ keyid:80:D9:6A:1E:15:FE:8B:61:51:62:60:4D:B3:CC:95:44:78:2D:89:E6 + + Signature Algorithm: sha1WithRSAEncryption +- 3f:0b:44:bc:d2:da:5f:a9:39:be:08:53:e6:fd:10:ff:d6:f0: +- a3:51:f6:be:03:20:cc:b3:52:cf:0f:7c:3f:56:42:6f:9d:72: +- 9b:09:a5:64:3f:43:29:24:2b:d6:79:94:54:2f:99:e8:ce:fe: +- fd:de:bb:ca:43:28:16:ff:32:ac:3d:c5:56:db:87:23:3c:d4: +- 69:f7:4e:1b:c4:be:c9:d8:27:99:2a:64:be:3a:6b:7e:51:85: +- db:75:35:40:a5:6c:ae:53:c3:09:e7:00:35:17:64:1a:17:71: +- c5:d5:59:e5:8f:fc:96:4a:f9:81:33:23:4c:c1:60:71:93:18: +- 0a:c4 ++ cf:57:f4:f6:7d:be:e0:32:d1:44:ba:15:f7:44:2c:69:df:54: ++ a1:09:28:7f:7f:66:37:db:71:6f:2f:4b:b0:61:f5:96:09:56: ++ 50:e4:14:87:81:70:93:bb:9d:1e:8a:65:06:e8:67:c5:fb:24: ++ b1:17:b5:36:83:cb:53:88:0e:55:5c:91:80:26:56:f2:0b:50: ++ 19:86:6c:3b:1b:37:64:e1:64:2b:18:c3:5b:aa:d3:78:84:75: ++ 4f:59:c4:46:6e:9a:fb:a2:3b:86:79:87:09:a7:a6:e3:c8:91: ++ 5d:ea:2c:76:d4:ff:a3:3e:ad:6c:bd:bb:e2:c1:1d:1e:d3:81: ++ 6c:4a + -----BEGIN CERTIFICATE----- +-MIICjDCCAfWgAwIBAgIJANG2v68GF4y/MA0GCSqGSIb3DQEBBQUAME8xCzAJBgNV +-BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQKEwhNMkNyeXB0bzEY +-MBYGA1UEAxMPSGVpa2tpIFRvaXZvbmVuMB4XDTA5MDcyODA0MzQzNFoXDTE5MDcy +-NjA0MzQzNFowRDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAP +-BgNVBAoTCE0yQ3J5cHRvMQ0wCwYDVQQDEwRYNTA5MIGfMA0GCSqGSIb3DQEBAQUA +-A4GNADCBiQKBgQDTYlUSMLjchHxjvYAdGRpy8ij4WQsqa/IqI527D3+SXt0ndLx4 +-CierHC4jHCZ3SLaPA+9XHKBUrhro9SShRqEnSFUzmPzbaoMuiT/g85Gd2k/bdJCd +-po1KRsufurhg367uIks/gFX3HYk8KyjfRhnVGKzpB05AgXW82lvV4cIEFQIDAQAB ++MIICjDCCAfWgAwIBAgIJALR+st6HAAMNMA0GCSqGSIb3DQEBBQUAME8xCzAJBgNV ++BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMREwDwYDVQQKDAhNMkNyeXB0bzEY ++MBYGA1UEAwwPSGVpa2tpIFRvaXZvbmVuMB4XDTEyMTEyMTE1MzUyNFoXDTIzMDEw ++ODE1MzUyNFowRDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExETAP ++BgNVBAoMCE0yQ3J5cHRvMQ0wCwYDVQQDDARYNTA5MIGfMA0GCSqGSIb3DQEBAQUA ++A4GNADCBiQKBgQC6OyF1Ok94mRRWrmg2b1LzAaTEDMwn6+LF4XgZutRHBTXf1BwQ ++i3AzovMnMZ4dty34/wFKS5CnKU55Ca3fOoWW/P3L6ow3tuSyZ+z9IOEMRZhCMYB0 ++Dnj6WAkNLuWCOI0wI4ASDEDHPyaU6VtD8WTiHl38d5KTtE9fjYigA7deoQIDAQAB + o3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRl +-ZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUscRvmG/oO4yhJhGBl5oSUEoabIgwHwYD +-VR0jBBgwFoAUrWRFdI+DxyzV16CFkRBAmpyWz+4wDQYJKoZIhvcNAQEFBQADgYEA +-PwtEvNLaX6k5vghT5v0Q/9bwo1H2vgMgzLNSzw98P1ZCb51ymwmlZD9DKSQr1nmU +-VC+Z6M7+/d67ykMoFv8yrD3FVtuHIzzUafdOG8S+ydgnmSpkvjprflGF23U1QKVs +-rlPDCecANRdkGhdxxdVZ5Y/8lkr5gTMjTMFgcZMYCsQ= ++ZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU6MFuYBkTgkBluWcmt47WfO4zjXIwHwYD ++VR0jBBgwFoAUgNlqHhX+i2FRYmBNs8yVRHgtieYwDQYJKoZIhvcNAQEFBQADgYEA ++z1f09n2+4DLRRLoV90Qsad9UoQkof39mN9txby9LsGH1lglWUOQUh4Fwk7udHopl ++BuhnxfsksRe1NoPLU4gOVVyRgCZW8gtQGYZsOxs3ZOFkKxjDW6rTeIR1T1nERm6a +++6I7hnmHCaem48iRXeosdtT/oz6tbL274sEdHtOBbEo= + -----END CERTIFICATE----- + -----BEGIN RSA PRIVATE KEY----- +-MIICXQIBAAKBgQDTYlUSMLjchHxjvYAdGRpy8ij4WQsqa/IqI527D3+SXt0ndLx4 +-CierHC4jHCZ3SLaPA+9XHKBUrhro9SShRqEnSFUzmPzbaoMuiT/g85Gd2k/bdJCd +-po1KRsufurhg367uIks/gFX3HYk8KyjfRhnVGKzpB05AgXW82lvV4cIEFQIDAQAB +-AoGATPipcY48QlAb21XNqMrTTrfPI1+JKVFVRPLjJJJoKaxRa2SenDdWaoBAbJh7 +-iUP49erA5D+QQkWDlwBs7i0B0NqSkZAUVTfzRjGackTNJUQ+smfeqRLMH+Oru6DS +-VFbb818nJOJKqMMhMz8SrPrrbg+qiHlJ3JUQnNzTYohOMAECQQDvTJBSSit34ZBO +-ABj4vWYucCnOygcpICQnIsG97sZmF8tuF55tA5e+0v9R7BPuyAjrQnKJqDj3r/AY +-AxhgngGVAkEA4iMGoHzoSQvh+gT0A2rPCtVo+URNswIEZhQmMuA0VjrFCphWkZE+ +-3jgDsJTNQUJs4mczQMcBzL34Nh1cJThYgQJARMMrdXn6o6gdX0yH4HIMOqvgV5uW +-Eys5OEW0hm9mc0/DFQ+UZp7xq9PVqiS8VZEFfxTI9OVx+TqFM2EwUBMXQQJBAIge +-n0mRhl0Z6v+NZbh83X3e8h5BUCf1ieJMNKYhMT/KhnsXMdzTui0XOJldKKQksNgj +-WMWgROQSYctpJuM8pIECQQCNN27XVHs4YAQ6GvBkrHsK5w6LZkm6UaJgbCqDqyeS +-eqfPp9VRurZ/FhK1mPbgNN67U4Ik1nwjR0o8wD4mreIj ++MIICXgIBAAKBgQC6OyF1Ok94mRRWrmg2b1LzAaTEDMwn6+LF4XgZutRHBTXf1BwQ ++i3AzovMnMZ4dty34/wFKS5CnKU55Ca3fOoWW/P3L6ow3tuSyZ+z9IOEMRZhCMYB0 ++Dnj6WAkNLuWCOI0wI4ASDEDHPyaU6VtD8WTiHl38d5KTtE9fjYigA7deoQIDAQAB ++AoGBALdK8ZBGtuc0i28RM2K4SQUCDiAjlGCKa2Vll+aDGuFXwIGva3vhMaqw6+8c ++h8ope6cBnUx5eUL9hc3dd/Moz0dxM34p2zu/fZbiFD2yrKlkVSXHv6YobYhUagod ++htPwb+tQOrQqYpHZ/zPeVkAa/EfmM88RD603nlFHbCz5PpFBAkEA5HWMYUaXD+1M ++kX3YjXy3ESmKr3zPdbQkw6tDiQ6ijl1jUX+b4BKGSgINFYsmXlaFYM/GeJWJ0z64 ++BiPkSnhueQJBANCuYg0ykia6miTUWzXv3i8r8voVt593KmrAf23JwUM+jZnAd4yl ++xwSHkJSX5Ualp1cYDfKD9wzKj8vjq4mCx2kCQQCYlJFvHnAhqQDsYrpQtKynf7Eq ++RxdfqzKqpCV00htrLZ/5fFqkqnqZzwjiDI9RjkOCRwJs4qKsPUU2hJ4hxpExAkEA ++llzwfb3wnUNbiioRRr39hFPQke5QDvEYeS8XIo57WO6brSuHeKqCynq77LW+GLeH ++6jOE6Te5LVhPYIQ9t6mp8QJAKPE2g1wc0kmlzaOkNrlj67PPcRKqRVqL1RWIaSz9 ++Dh3KWyvOnOQAKbShI9EbXqdINKM7JxJAhSL4LPBd3ejxSA== + -----END RSA PRIVATE KEY----- diff --git a/SOURCES/m2crypto-0.21.1-gcc_macros.patch b/SOURCES/m2crypto-0.21.1-gcc_macros.patch new file mode 100644 index 00000000..61dbbe6c --- /dev/null +++ b/SOURCES/m2crypto-0.21.1-gcc_macros.patch @@ -0,0 +1,11 @@ +diff -urN M2Crypto/SWIG/_m2crypto.i M2Crypto-0.21.1/SWIG/_m2crypto.i +--- M2Crypto/SWIG/_m2crypto.i 2011-01-15 20:10:06.000000000 +0100 ++++ M2Crypto-0.21.1/SWIG/_m2crypto.i 2011-01-18 15:37:33.948994579 +0100 +@@ -7,6 +7,7 @@ + * Copyright (c) 2009-2010 Heikki Toivonen. All rights reserved. + * + */ ++%import "gcc_macros.h" + + %module(threads=1) _m2crypto + /* We really don't need threadblock (PyGILState_Ensure() etc.) anywhere. diff --git a/SOURCES/m2crypto-0.21.1-https-proxy.patch b/SOURCES/m2crypto-0.21.1-https-proxy.patch new file mode 100644 index 00000000..21b7b94d --- /dev/null +++ b/SOURCES/m2crypto-0.21.1-https-proxy.patch @@ -0,0 +1,43 @@ +diff -urN M2Crypto/M2Crypto/httpslib.py M2Crypto-0.21.1/M2Crypto/httpslib.py +--- M2Crypto/M2Crypto/httpslib.py 2012-03-15 03:27:22.181524406 +0100 ++++ M2Crypto-0.21.1/M2Crypto/httpslib.py 2012-03-15 03:27:40.467485033 +0100 +@@ -182,14 +182,14 @@ + else: + HTTPSConnection.putheader(self, header, value) + +- def endheaders(self): ++ def endheaders(self, *args, **kwargs): + # We've recieved all of hte headers. Use the supplied username + # and password for authorization, possibly overriding the authstring + # supplied in the headers. + if not self._proxy_auth: + self._proxy_auth = self._encode_auth() + +- HTTPSConnection.endheaders(self) ++ HTTPSConnection.endheaders(self, *args, **kwargs) + + def connect(self): + HTTPConnection.connect(self) +diff -urN M2Crypto/M2Crypto/m2urllib2.py M2Crypto-0.21.1/M2Crypto/m2urllib2.py +--- M2Crypto/M2Crypto/m2urllib2.py 2011-01-15 20:10:05.000000000 +0100 ++++ M2Crypto-0.21.1/M2Crypto/m2urllib2.py 2012-03-15 03:27:40.467485033 +0100 +@@ -64,8 +64,10 @@ + target_host = urlparse.urlparse(full_url)[1] + + if (target_host != host): ++ request_uri = urlparse.urldefrag(full_url)[0] + h = httpslib.ProxyHTTPSConnection(host = host, ssl_context = self.ctx) + else: ++ request_uri = req.get_selector() + h = httpslib.HTTPSConnection(host = host, ssl_context = self.ctx) + # End our change + h.set_debuglevel(self._debuglevel) +@@ -80,7 +82,7 @@ + # request. + headers["Connection"] = "close" + try: +- h.request(req.get_method(), req.get_selector(), req.data, headers) ++ h.request(req.get_method(), request_uri, req.data, headers) + r = h.getresponse() + except socket.error, err: # XXX what error? + raise URLError(err) diff --git a/SOURCES/m2crypto-0.21.1-memoryview.patch b/SOURCES/m2crypto-0.21.1-memoryview.patch new file mode 100644 index 00000000..8fcba7da --- /dev/null +++ b/SOURCES/m2crypto-0.21.1-memoryview.patch @@ -0,0 +1,174 @@ +diff -u M2Crypto/SWIG/_lib.h M2Crypto-0.21.1/SWIG/_lib.h +--- M2Crypto/SWIG/_lib.h 2011-01-19 19:56:37.622364336 +0100 ++++ M2Crypto-0.21.1/SWIG/_lib.h 2011-05-10 20:14:38.593211256 +0200 +@@ -7,6 +7,16 @@ + #define PY_SSIZE_T_MIN INT_MIN + #endif + ++#if PY_VERSION_HEX < 0x02060000 ++struct Py_buffer /* Only a subset */ ++{ ++ void *buf; ++ Py_ssize_t len; ++}; ++ ++#define PyBUF_CONTIG_RO 0 ++#endif /* PY_VERSION_HEX < 0x02060000 */ ++ + typedef struct _blob { + unsigned char *data; + int len; +@@ -20,6 +30,10 @@ + int *buffer_len); + static int m2_PyString_AsStringAndSizeInt(PyObject *obj, char **s, int *len); + ++/* Always use these two together, to correctly handle non-memoryview objects. */ ++static int m2_PyObject_GetBufferInt(PyObject *obj, Py_buffer *view, int flags); ++static void m2_PyBuffer_Release(PyObject *obj, Py_buffer *view); ++ + void gen_callback(int p, int n, void *arg); + int passphrase_callback(char *buf, int num, int v, void *userdata); + +diff -u M2Crypto/SWIG/_lib.i M2Crypto-0.21.1/SWIG/_lib.i +--- M2Crypto/SWIG/_lib.i 2011-01-19 19:49:21.537145465 +0100 ++++ M2Crypto-0.21.1/SWIG/_lib.i 2011-05-10 20:19:10.924328007 +0200 +@@ -47,9 +47,36 @@ + /* Python helpers. */ + + %} ++%ignore PyObject_CheckBuffer; ++%ignore PyObject_GetBuffer; ++%ignore PyBuffer_Release; + %ignore m2_PyObject_AsReadBufferInt; ++%ignore m2_PyObject_GetBufferInt; ++%ignore m2_PyBuffer_Release; + %ignore m2_PyString_AsStringAndSizeInt; + %{ ++ ++#if PY_VERSION_HEX < 0x02060000 ++static int PyObject_CheckBuffer(PyObject *obj) ++{ ++ (void)obj; ++ return 0; ++} ++ ++static int PyObject_GetBuffer(PyObject *obj, Py_buffer *view, int flags) ++{ ++ (void)obj; ++ (void)view; ++ (void)flags; ++ return -1; ++} ++ ++static void PyBuffer_Release(Py_buffer *view) ++{ ++ (void)view; ++} ++#endif /* PY_VERSION_HEX < 0x02060000 */ ++ + static int + m2_PyObject_AsReadBufferInt(PyObject *obj, const void **buffer, + int *buffer_len) +@@ -68,6 +95,37 @@ + return 0; + } + ++static int m2_PyObject_GetBufferInt(PyObject *obj, Py_buffer *view, int flags) ++{ ++ int ret; ++ ++ if (PyObject_CheckBuffer(obj)) ++ ret = PyObject_GetBuffer(obj, view, flags); ++ else { ++ const void *buf; ++ ++ ret = PyObject_AsReadBuffer(obj, &buf, &view->len); ++ if (ret == 0) ++ view->buf = (void *)buf; ++ } ++ if (ret) ++ return ret; ++ if (view->len > INT_MAX) { ++ PyErr_SetString(PyExc_ValueError, "object too large"); ++ m2_PyBuffer_Release(obj, view); ++ return -1; ++ } ++ ++ return 0; ++} ++ ++static void m2_PyBuffer_Release(PyObject *obj, Py_buffer *view) ++{ ++ if (PyObject_CheckBuffer(obj)) ++ PyBuffer_Release(view); ++ /* else do nothing, view->buf comes from PyObject_AsReadBuffer */ ++} ++ + static int + m2_PyString_AsStringAndSizeInt(PyObject *obj, char **s, int *len) + { +diff -u M2Crypto/SWIG/_ssl.i M2Crypto-0.21.1/SWIG/_ssl.i +--- M2Crypto/SWIG/_ssl.i 2011-01-19 19:56:51.957338576 +0100 ++++ M2Crypto-0.21.1/SWIG/_ssl.i 2011-05-10 19:58:26.779904541 +0200 +@@ -700,12 +700,12 @@ + } + + int ssl_write(SSL *ssl, PyObject *blob, double timeout) { +- const void *buf; +- int len, r, ssl_err, ret; ++ Py_buffer buf; ++ int r, ssl_err, ret; + struct timeval tv; + + +- if (m2_PyObject_AsReadBufferInt(blob, &buf, &len) == -1) { ++ if (m2_PyObject_GetBufferInt(blob, &buf, PyBUF_CONTIG_RO) == -1) { + return -1; + } + +@@ -713,7 +713,7 @@ + gettimeofday(&tv, NULL); + again: + Py_BEGIN_ALLOW_THREADS +- r = SSL_write(ssl, buf, len); ++ r = SSL_write(ssl, buf.buf, buf.len); + ssl_err = SSL_get_error(ssl, r); + Py_END_ALLOW_THREADS + +@@ -741,22 +741,22 @@ + ret = -1; + } + +- ++ m2_PyBuffer_Release(blob, &buf); + return ret; + } + + int ssl_write_nbio(SSL *ssl, PyObject *blob) { +- const void *buf; +- int len, r, err, ret; ++ Py_buffer buf; ++ int r, err, ret; + + +- if (m2_PyObject_AsReadBufferInt(blob, &buf, &len) == -1) { ++ if (m2_PyObject_GetBufferInt(blob, &buf, PyBUF_CONTIG_RO) == -1) { + return -1; + } + + + Py_BEGIN_ALLOW_THREADS +- r = SSL_write(ssl, buf, len); ++ r = SSL_write(ssl, buf.buf, buf.len); + Py_END_ALLOW_THREADS + + +@@ -785,7 +785,7 @@ + ret = -1; + } + +- ++ m2_PyBuffer_Release(blob, &buf); + return ret; + } + diff --git a/SOURCES/m2crypto-0.21.1-smime-doc.patch b/SOURCES/m2crypto-0.21.1-smime-doc.patch new file mode 100644 index 00000000..15f31b62 --- /dev/null +++ b/SOURCES/m2crypto-0.21.1-smime-doc.patch @@ -0,0 +1,166 @@ +Index: demo/smime.howto/sign.py +=================================================================== +--- demo/smime.howto/sign.py (revision 739) ++++ demo/smime.howto/sign.py (working copy) +@@ -18,7 +18,7 @@ + # Instantiate an SMIME object; set it up; sign the buffer. + s = SMIME.SMIME() + s.load_key('signer_key.pem', 'signer.pem') +-p7 = s.sign(buf) ++p7 = s.sign(buf, SMIME.PKCS7_DETACHED) + + # Recreate buf. + buf = makebuf('a sign of our times') +Index: demo/smime.howto/verify.py +=================================================================== +--- demo/smime.howto/verify.py (revision 739) ++++ demo/smime.howto/verify.py (working copy) +@@ -23,7 +23,7 @@ + + # Load the data, verify it. + p7, data = SMIME.smime_load_pkcs7('sign.p7') +-v = s.verify(p7) ++v = s.verify(p7, data) + print v + print data + print data.read() +Index: demo/smime.howto/sendsmime.py +=================================================================== +--- demo/smime.howto/sendsmime.py (revision 739) ++++ demo/smime.howto/sendsmime.py (working copy) +@@ -16,7 +16,10 @@ + s = SMIME.SMIME() + if sign: + s.load_key(from_key, from_cert) +- p7 = s.sign(msg_bio, flags=SMIME.PKCS7_TEXT) ++ if encrypt: ++ p7 = s.sign(msg_bio, flags=SMIME.PKCS7_TEXT) ++ else: ++ p7 = s.sign(msg_bio, flags=SMIME.PKCS7_TEXT|SMIME.PKCS7_DETACHED) + msg_bio = BIO.MemoryBuffer(msg) # Recreate coz sign() has consumed it. + + if encrypt: +Index: demo/smime/test.py +=================================================================== +--- demo/smime/test.py (revision 739) ++++ demo/smime/test.py (working copy) +@@ -28,7 +28,7 @@ + buf = makebuf() + s = SMIME.SMIME() + s.load_key('client.pem') +- p7 = s.sign(buf) ++ p7 = s.sign(buf, SMIME.PKCS7_DETACHED) + out = BIO.openfile('clear.p7', 'w') + out.write('To: ngps@post1.com\n') + out.write('From: ngps@post1.com\n') +@@ -58,7 +58,7 @@ + st.load_info('ca.pem') + s.set_x509_store(st) + p7, data = SMIME.smime_load_pkcs7('clear.p7') +- v = s.verify(p7) ++ v = s.verify(p7, data) + if v: + print 'ok' + else: +@@ -105,9 +105,10 @@ + s.load_key('client.pem') + + # Sign. +- p7 = s.sign(buf) ++ p7 = s.sign(buf, SMIME.PKCS7_DETACHED) + + # Output the stuff. ++ buf = makebuf() # Recreate buf, because sign() has consumed it. + bio = BIO.MemoryBuffer() + s.write(bio, p7, buf) + +@@ -124,7 +125,7 @@ + + # Verify. + p7, buf = SMIME.smime_load_pkcs7_bio(bio) +- v = s.verify(p7, flags=SMIME.PKCS7_DETACHED) ++ v = s.verify(p7, buf, flags=SMIME.PKCS7_DETACHED) + + if v: + print 'ok' +Index: demo/smime/sendsmime.py +=================================================================== +--- demo/smime/sendsmime.py (revision 739) ++++ demo/smime/sendsmime.py (working copy) +@@ -16,7 +16,10 @@ + s = SMIME.SMIME() + if sign: + s.load_key(from_key, from_cert) +- p7 = s.sign(msg_bio, flags=SMIME.PKCS7_TEXT) ++ if encrypt: ++ p7 = s.sign(msg_bio, flags=SMIME.PKCS7_TEXT) ++ else: ++ p7 = s.sign(msg_bio, flags=SMIME.PKCS7_TEXT|SMIME.PKCS7_DETACHED) + msg_bio = BIO.MemoryBuffer(msg) # Recreate coz sign() has consumed it. + + if encrypt: +Index: contrib/smimeplus.py +=================================================================== +--- contrib/smimeplus.py (revision 739) ++++ contrib/smimeplus.py (working copy) +@@ -64,7 +64,7 @@ + _sender.load_key_bio(self.__pack(self.key), self.__pack(self.cert), + callback=self.__passcallback) + +- _signed = _sender.sign(self.__pack(msg)) ++ _signed = _sender.sign(self.__pack(msg), M2Crypto.SMIME.PKCS7_DETACHED) + + _out = self.__pack(None) + _sender.write(_out, _signed, self.__pack(msg)) +@@ -93,7 +93,7 @@ + # Load signed message, verify it, and return result + _p7, _data = M2Crypto.SMIME.smime_load_pkcs7_bio(self.__pack(smsg)) + try: +- return _sender.verify(_p7, flags=M2Crypto.SMIME.PKCS7_SIGNED) ++ return _sender.verify(_p7, _data, flags=M2Crypto.SMIME.PKCS7_SIGNED) + except M2Crypto.SMIME.SMIME_Error, _msg: + return None + +Index: doc/howto.smime.html +=================================================================== +--- doc/howto.smime.html (revision 739) ++++ doc/howto.smime.html (working copy) +@@ -646,7 +646,7 @@ + # Instantiate an SMIME object; set it up; sign the buffer. + s = SMIME.SMIME() + s.load_key('signer_key.pem', 'signer.pem') +- p7 = s.sign(buf) ++ p7 = s.sign(buf, SMIME.PKCS7_DETACHED) +

. + +diff -ur M2Crypto/M2Crypto/SSL/Connection.py M2Crypto-0.21.1/M2Crypto/SSL/Connection.py +--- M2Crypto/M2Crypto/SSL/Connection.py 2013-12-17 02:01:49.843287273 +0100 ++++ M2Crypto-0.21.1/M2Crypto/SSL/Connection.py 2013-12-17 02:28:28.357633159 +0100 +@@ -368,3 +368,7 @@ + + def set_post_connection_check_callback(self, postConnectionCheck): + self.postConnectionCheck = postConnectionCheck ++ ++ def set_tlsext_host_name(self, name): ++ "Set the requested hostname for the SNI (Server Name Indication) extension" ++ m2.ssl_set_tlsext_host_name(self.ssl, name) +diff -ur M2Crypto/SWIG/_ssl.i M2Crypto-0.21.1/SWIG/_ssl.i +--- M2Crypto/SWIG/_ssl.i 2013-12-17 02:01:49.863287264 +0100 ++++ M2Crypto-0.21.1/SWIG/_ssl.i 2013-12-17 02:39:28.138364398 +0100 +@@ -15,6 +15,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -398,6 +399,17 @@ + return SSL_get_mode(ssl); + } + ++int ssl_set_tlsext_host_name(SSL *ssl, const char *name) { ++ long l; ++ ++ if (!(l = SSL_set_tlsext_host_name(ssl, name))) { ++ PyErr_SetString(_ssl_err, ERR_reason_error_string(ERR_get_error())); ++ return -1; ++ } ++ /* Return an "int" to match the 'typemap(out) int' in _lib.i */ ++ return 1; ++} ++ + void ssl_set_client_CA_list_from_file(SSL *ssl, const char *ca_file) { + SSL_set_client_CA_list(ssl, SSL_load_client_CA_file(ca_file)); + } diff --git a/SOURCES/m2crypto-0.21.1-ssl23.patch b/SOURCES/m2crypto-0.21.1-ssl23.patch new file mode 100644 index 00000000..5d6699f3 --- /dev/null +++ b/SOURCES/m2crypto-0.21.1-ssl23.patch @@ -0,0 +1,31 @@ +Index: tests/test_ssl.py +=================================================================== +--- tests/test_ssl.py (revision 739) ++++ tests/test_ssl.py (working copy) +@@ -376,7 +376,7 @@ + def test_sslv23_no_v2(self): + if fips_mode: # TLS is required in FIPS mode + return +- self.args.append('-no_tls1') ++ self.args.append('-ssl3') + pid = self.start_server(self.args) + try: + ctx = SSL.Context('sslv23') +@@ -390,7 +390,7 @@ + def test_sslv23_no_v2_no_service(self): + if fips_mode: # TLS is required in FIPS mode + return +- self.args = self.args + ['-no_tls1', '-no_ssl3'] ++ self.args = self.args + ['-ssl2'] + pid = self.start_server(self.args) + try: + ctx = SSL.Context('sslv23') +@@ -403,7 +403,7 @@ + def test_sslv23_weak_crypto(self): + if fips_mode: # TLS is required in FIPS mode + return +- self.args = self.args + ['-no_tls1', '-no_ssl3'] ++ self.args = self.args + ['-ssl2'] + pid = self.start_server(self.args) + try: + ctx = SSL.Context('sslv23', weak_crypto=1) diff --git a/SOURCES/m2crypto-0.21.1-supported-ec.patch b/SOURCES/m2crypto-0.21.1-supported-ec.patch new file mode 100644 index 00000000..8bff224f --- /dev/null +++ b/SOURCES/m2crypto-0.21.1-supported-ec.patch @@ -0,0 +1,162 @@ +Modify the test suite to only use the EC curves supported by Fedora's +OpenSSL (and when having a choice, use the p256 curve). + +diff -ur M2Crypto/tests/ec.priv.pem M2Crypto-0.21.1/tests/ec.priv.pem +--- M2Crypto/tests/ec.priv.pem 2011-01-15 20:10:05.000000000 +0100 ++++ M2Crypto-0.21.1/tests/ec.priv.pem 2013-12-17 04:02:00.602961297 +0100 +@@ -1,5 +1,5 @@ + -----BEGIN EC PRIVATE KEY----- +-MG0CAQEEHXXhxMbflWHSfCjfxsqHTsIR+BVbREI6JFYGaUs0oAcGBSuBBAAaoUAD +-PgAEAdJXSN/xnRiDqc4wSiYbWB7LGabs71Y9zzIE1ZbzAcvb7uxtoyUxrmRQC8xD +-EO2qZX16mtpmgoNz3EeT ++MHcCAQEEIAdDwKEoKa3qnuvofjRFJgNul5Ldzy1EmoArNuY3jmKUoAoGCCqGSM49 ++AwEHoUQDQgAEA2q6LZM77EldCKF9mBszDIVJVxepXJt6QpjEDtsmetYsNB2e4D1z ++QOjQGGwz+8NeOSkDqhE+1rNAaCjx93CeRg== + -----END EC PRIVATE KEY----- +diff -ur M2Crypto/tests/ec.pub.pem M2Crypto-0.21.1/tests/ec.pub.pem +--- M2Crypto/tests/ec.pub.pem 2011-01-15 20:10:05.000000000 +0100 ++++ M2Crypto-0.21.1/tests/ec.pub.pem 2013-12-17 04:01:53.627964282 +0100 +@@ -1,4 +1,4 @@ + -----BEGIN PUBLIC KEY----- +-MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAdJXSN/xnRiDqc4wSiYbWB7LGabs71Y9 +-zzIE1ZbzAcvb7uxtoyUxrmRQC8xDEO2qZX16mtpmgoNz3EeT ++MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEA2q6LZM77EldCKF9mBszDIVJVxep ++XJt6QpjEDtsmetYsNB2e4D1zQOjQGGwz+8NeOSkDqhE+1rNAaCjx93CeRg== + -----END PUBLIC KEY----- +diff -ur M2Crypto/tests/test_ec_curves.py M2Crypto-0.21.1/tests/test_ec_curves.py +--- M2Crypto/tests/test_ec_curves.py 2011-01-15 20:10:05.000000000 +0100 ++++ M2Crypto-0.21.1/tests/test_ec_curves.py 2013-12-17 03:54:58.321142332 +0100 +@@ -25,75 +25,8 @@ + + + curves = [ +- ('secp112r1', 112), +- ('secp112r2', 112), +- ('secp128r1', 128), +- ('secp128r2', 128), +- ('secp160k1', 160), +- ('secp160r1', 160), +- ('secp160r2', 160), +- ('secp192k1', 192), +- ('secp224k1', 224), +- ('secp224r1', 224), +- ('secp256k1', 256), +- ('secp384r1', 384), +- ('secp521r1', 521), +- +- ('sect113r1', 113), +- ('sect113r2', 113), +- ('sect131r1', 131), +- ('sect131r2', 131), +- ('sect163k1', 163), +- ('sect163r1', 163), +- ('sect163r2', 163), +- ('sect193r1', 193), +- ('sect193r2', 193), +- ('sect233k1', 233), +- ('sect233r1', 233), +- ('sect239k1', 239), +- ('sect283k1', 283), +- ('sect283r1', 283), +- ('sect409k1', 409), +- ('sect409r1', 409), +- ('sect571k1', 571), +- ('sect571r1', 571), +- +- ('X9_62_prime192v1', 192), +- ('X9_62_prime192v2', 192), +- ('X9_62_prime192v3', 192), +- ('X9_62_prime239v1', 239), +- ('X9_62_prime239v2', 239), +- ('X9_62_prime239v3', 239), + ('X9_62_prime256v1', 256), +- +- ('X9_62_c2pnb163v1', 163), +- ('X9_62_c2pnb163v2', 163), +- ('X9_62_c2pnb163v3', 163), +- ('X9_62_c2pnb176v1', 176), +- ('X9_62_c2tnb191v1', 191), +- ('X9_62_c2tnb191v2', 191), +- ('X9_62_c2tnb191v3', 191), +- ('X9_62_c2pnb208w1', 208), +- ('X9_62_c2tnb239v1', 239), +- ('X9_62_c2tnb239v2', 239), +- ('X9_62_c2tnb239v3', 239), +- ('X9_62_c2pnb272w1', 272), +- ('X9_62_c2pnb304w1', 304), +- ('X9_62_c2tnb359v1', 359), +- ('X9_62_c2pnb368w1', 368), +- ('X9_62_c2tnb431r1', 431), +- +- ('wap_wsg_idm_ecid_wtls1', 113), +- ('wap_wsg_idm_ecid_wtls3', 163), +- ('wap_wsg_idm_ecid_wtls4', 113), +- ('wap_wsg_idm_ecid_wtls5', 163), +- ('wap_wsg_idm_ecid_wtls6', 112), +- ('wap_wsg_idm_ecid_wtls7', 160), +- ('wap_wsg_idm_ecid_wtls8', 112), +- ('wap_wsg_idm_ecid_wtls9', 160), +- ('wap_wsg_idm_ecid_wtls10', 233), +- ('wap_wsg_idm_ecid_wtls11', 233), +- ('wap_wsg_idm_ecid_wtls12', 224), ++ ('secp384r1', 384), + ] + + # The following two curves, according to OpenSSL, have a +diff -ur M2Crypto/tests/test_ecdh.py M2Crypto-0.21.1/tests/test_ecdh.py +--- M2Crypto/tests/test_ecdh.py 2011-01-15 20:10:05.000000000 +0100 ++++ M2Crypto-0.21.1/tests/test_ecdh.py 2013-12-17 04:02:25.980950434 +0100 +@@ -20,16 +20,16 @@ + + def test_compute_key(self): + a = EC.load_key(self.privkey) +- b = EC.gen_params(EC.NID_sect233k1) ++ b = EC.gen_params(EC.NID_X9_62_prime256v1) + b.gen_key() + ak = a.compute_dh_key(b.pub()) + bk = b.compute_dh_key(a.pub()) + assert ak == bk + + def test_pubkey_from_der(self): +- a = EC.gen_params(EC.NID_sect233k1) ++ a = EC.gen_params(EC.NID_X9_62_prime256v1) + a.gen_key() +- b = EC.gen_params(EC.NID_sect233k1) ++ b = EC.gen_params(EC.NID_X9_62_prime256v1) + b.gen_key() + a_pub_der = a.pub().get_der() + a_pub = EC.pub_key_from_der(a_pub_der) +diff -ur M2Crypto/tests/test_ecdsa.py M2Crypto-0.21.1/tests/test_ecdsa.py +--- M2Crypto/tests/test_ecdsa.py 2011-01-15 20:10:05.000000000 +0100 ++++ M2Crypto-0.21.1/tests/test_ecdsa.py 2013-12-17 04:02:46.709941569 +0100 +@@ -29,16 +29,16 @@ + + def test_loadkey(self): + ec = EC.load_key(self.privkey) +- assert len(ec) == 233 ++ assert len(ec) == 256 + + def test_loadpubkey(self): + # XXX more work needed + ec = EC.load_pub_key(self.pubkey) +- assert len(ec) == 233 ++ assert len(ec) == 256 + self.assertRaises(EC.ECError, EC.load_pub_key, self.errkey) + + def _test_sign_dsa(self): +- ec = EC.gen_params(EC.NID_sect233k1) ++ ec = EC.gen_params(EC.NID_X9_62_prime256v1) + # ec.gen_key() + self.assertRaises(EC.ECError, ec.sign_dsa, self.data) + ec = EC.load_key(self.privkey) +@@ -60,8 +60,8 @@ + assert not ec2.verify_dsa(self.data, s, r) + + def test_genparam(self): +- ec = EC.gen_params(EC.NID_sect233k1) +- assert len(ec) == 233 ++ ec = EC.gen_params(EC.NID_X9_62_prime256v1) ++ assert len(ec) == 256 + + + def suite(): diff --git a/SOURCES/m2crypto-0.21.1-test_cookie_str_changed.patch b/SOURCES/m2crypto-0.21.1-test_cookie_str_changed.patch new file mode 100644 index 00000000..3b08256b --- /dev/null +++ b/SOURCES/m2crypto-0.21.1-test_cookie_str_changed.patch @@ -0,0 +1,30 @@ +diff -ur M2Crypto/tests/test_authcookie.py M2Crypto-0.21.1/tests/test_authcookie.py +--- M2Crypto/tests/test_authcookie.py 2011-01-15 20:10:05.000000000 +0100 ++++ M2Crypto-0.21.1/tests/test_authcookie.py 2015-07-07 14:42:20.713482088 +0200 +@@ -114,7 +114,7 @@ + def test_cookie_str_changed_exp(self): + c = self.jar.makeCookie(self.exp, self.data) + cout = c.output() +- str = cout[:26] + '2' + cout[27:] ++ str = cout[:26] + chr(ord(cout[26])^1) + cout[27:] + s = Cookie.SmartCookie() + s.load(str) + self.failIf(self.jar.isGoodCookieString(s.output())) +@@ -122,7 +122,7 @@ + def test_cookie_str_changed_data(self): + c = self.jar.makeCookie(self.exp, self.data) + cout = c.output() +- str = cout[:36] + 'X' + cout[37:] ++ str = cout[:36] + chr(ord(cout[36])^1) + cout[37:] + s = Cookie.SmartCookie() + s.load(str) + self.failIf(self.jar.isGoodCookieString(s.output())) +@@ -130,7 +130,7 @@ + def test_cookie_str_changed_mac(self): + c = self.jar.makeCookie(self.exp, self.data) + cout = c.output() +- str = cout[:76] + 'X' + cout[77:] ++ str = cout[:76] + chr(ord(cout[76])^1) + cout[77:] + s = Cookie.SmartCookie() + s.load(str) + self.failIf(self.jar.isGoodCookieString(s.output())) diff --git a/SOURCES/m2crypto-0.21.1-tests-no-SIGHUP.patch b/SOURCES/m2crypto-0.21.1-tests-no-SIGHUP.patch new file mode 100644 index 00000000..89c76ca5 --- /dev/null +++ b/SOURCES/m2crypto-0.21.1-tests-no-SIGHUP.patch @@ -0,0 +1,44 @@ +Koji, the Fedora build system, is apparently setting up the build +processes to ignore SIGHUP by default, leading the helper processes +used by test_ssl to never terminate. We could override the SIGHUP +handling, but sending SIGTERM is more correct anyway. + +diff -ur M2Crypto/tests/test_ssl.py M2Crypto-0.21.1/tests/test_ssl.py +--- M2Crypto/tests/test_ssl.py 2013-12-18 02:08:42.411669114 +0100 ++++ M2Crypto-0.21.1/tests/test_ssl.py 2013-12-18 02:10:57.877589271 +0100 +@@ -20,7 +20,7 @@ + - ThreadingSSLServer + """ + +-import os, socket, string, sys, tempfile, thread, time, unittest ++import os, signal, socket, string, sys, tempfile, thread, time, unittest + from M2Crypto import Rand, SSL, m2, Err + + from fips import fips_mode +@@ -95,7 +95,7 @@ + return pid + + def stop_server(self, pid): +- os.kill(pid, 1) ++ os.kill(pid, signal.SIGTERM) + os.waitpid(pid, 0) + + def http_get(self, s): +@@ -1039,7 +1039,7 @@ + finally: + self.stop_server(pid) + finally: +- os.kill(pipe_pid, 1) ++ os.kill(pipe_pid, signal.SIGTERM) + os.waitpid(pipe_pid, 0) + os.unlink('tests/' + FIFO_NAME) + +@@ -1154,7 +1154,7 @@ + chunk = string.split(ps) + pid, cmd = chunk[0], chunk[4] + if cmd == s: +- os.kill(int(pid), 1) ++ os.kill(int(pid), signal.SIGTERM) + f.close() + os.unlink(fn) + diff --git a/SOURCES/m2crypto-0.21.1-tests-no-export-ciphers.patch b/SOURCES/m2crypto-0.21.1-tests-no-export-ciphers.patch new file mode 100644 index 00000000..d123e723 --- /dev/null +++ b/SOURCES/m2crypto-0.21.1-tests-no-export-ciphers.patch @@ -0,0 +1,14 @@ +Recent Fedora releases have disabled export ciphers by default, so +don't test that they work. + +diff -ur M2Crypto/tests/test_ssl.py M2Crypto-0.21.1/tests/test_ssl.py +--- M2Crypto/tests/test_ssl.py 2014-01-06 22:35:45.777935677 +0100 ++++ M2Crypto-0.21.1/tests/test_ssl.py 2014-01-06 22:43:34.025594902 +0100 +@@ -463,6 +463,7 @@ + finally: + self.stop_server(pid) + ++ @unittest.skip("Export ciphers are prohibited in recent Fedora releases") + def test_use_weak_cipher(self): + if fips_mode: # Weak ciphers are prohibited + return diff --git a/SOURCES/m2crypto-0.21.1-tests-random-ports.patch b/SOURCES/m2crypto-0.21.1-tests-random-ports.patch new file mode 100644 index 00000000..ecca9fa8 --- /dev/null +++ b/SOURCES/m2crypto-0.21.1-tests-random-ports.patch @@ -0,0 +1,216 @@ +Pouze v M2Crypto-0.21.1: randpool.dat +diff -ur M2Crypto/tests/test_bio_ssl.py M2Crypto-0.21.1/tests/test_bio_ssl.py +--- M2Crypto/tests/test_bio_ssl.py 2011-01-15 20:10:05.000000000 +0100 ++++ M2Crypto-0.21.1/tests/test_bio_ssl.py 2014-01-06 23:31:47.709383892 +0100 +@@ -11,7 +11,7 @@ + from M2Crypto import Rand + from M2Crypto import threading as m2threading + +-from test_ssl import srv_host, srv_port ++from test_ssl import srv_host, allocate_srv_port + + class HandshakeClient(threading.Thread): + +@@ -113,6 +113,7 @@ + conn.set_bio(readbio, writebio) + conn.set_accept_state() + handshake_complete = False ++ srv_port = allocate_srv_port() + sock = socket.socket() + sock.bind((srv_host, srv_port)) + sock.listen(5) +diff -ur M2Crypto/tests/test_ssl.py M2Crypto-0.21.1/tests/test_ssl.py +--- M2Crypto/tests/test_ssl.py 2014-01-06 22:49:57.961307007 +0100 ++++ M2Crypto-0.21.1/tests/test_ssl.py 2014-01-06 23:30:13.856457390 +0100 +@@ -26,7 +26,16 @@ + from fips import fips_mode + + srv_host = 'localhost' +-srv_port = 64000 ++ ++def allocate_srv_port(): ++ s = socket.socket() ++ try: ++ s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) ++ s.bind((srv_host, 0)) ++ (host, port) = s.getsockname() ++ finally: ++ s.close() ++ return port + + def verify_cb_new_function(ok, store): + try: +@@ -113,17 +122,13 @@ + + def setUp(self): + self.srv_host = srv_host +- self.srv_port = srv_port +- self.srv_addr = (srv_host, srv_port) +- self.srv_url = 'https://%s:%s/' % (srv_host, srv_port) ++ self.srv_port = allocate_srv_port() ++ self.srv_addr = (srv_host, self.srv_port) ++ self.srv_url = 'https://%s:%s/' % (srv_host, self.srv_port) + self.args = ['s_server', '-quiet', '-www', + #'-cert', 'server.pem', Implicitly using this + '-accept', str(self.srv_port)] + +- def tearDown(self): +- global srv_port +- srv_port = srv_port - 1 +- + + class PassSSLClientTestCase(BaseSSLClientTestCase): + +@@ -136,7 +141,7 @@ + pid = self.start_server(self.args) + try: + from M2Crypto import httpslib +- c = httpslib.HTTPSConnection(srv_host, srv_port) ++ c = httpslib.HTTPSConnection(srv_host, self.srv_port) + c.request('GET', '/') + data = c.getresponse().read() + c.close() +@@ -153,7 +158,7 @@ + ctx.load_cert('tests/x509.pem') + ctx.set_verify(SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, 1) + ctx.set_session_cache_mode(m2.SSL_SESS_CACHE_CLIENT) +- c = httpslib.HTTPSConnection(srv_host, srv_port, ssl_context=ctx) ++ c = httpslib.HTTPSConnection(srv_host, self.srv_port, ssl_context=ctx) + c.request('GET', '/') + ses = c.get_session() + t = ses.as_text() +@@ -166,7 +171,7 @@ + ctx2.load_cert('tests/x509.pem') + ctx2.set_verify(SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, 1) + ctx2.set_session_cache_mode(m2.SSL_SESS_CACHE_CLIENT) +- c2 = httpslib.HTTPSConnection(srv_host, srv_port, ssl_context=ctx2) ++ c2 = httpslib.HTTPSConnection(srv_host, self.srv_port, ssl_context=ctx2) + c2.set_session(ses) + c2.request('GET', '/') + ses2 = c2.get_session() +@@ -186,7 +191,7 @@ + ctx = SSL.Context() + ctx.set_verify(SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, 9) + ctx.load_verify_locations('tests/ca.pem') +- c = httpslib.HTTPSConnection(srv_host, srv_port, ssl_context=ctx) ++ c = httpslib.HTTPSConnection(srv_host, self.srv_port, ssl_context=ctx) + c.request('GET', '/') + data = c.getresponse().read() + c.close() +@@ -201,7 +206,7 @@ + ctx = SSL.Context() + ctx.set_verify(SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, 9) + ctx.load_verify_locations('tests/server.pem') +- c = httpslib.HTTPSConnection(srv_host, srv_port, ssl_context=ctx) ++ c = httpslib.HTTPSConnection(srv_host, self.srv_port, ssl_context=ctx) + self.assertRaises(SSL.SSLError, c.request, 'GET', '/') + c.close() + finally: +@@ -211,7 +216,7 @@ + pid = self.start_server(self.args) + try: + from M2Crypto import httpslib +- c = httpslib.HTTPS(srv_host, srv_port) ++ c = httpslib.HTTPS(srv_host, self.srv_port) + c.putrequest('GET', '/') + c.putheader('Accept', 'text/html') + c.putheader('Accept', 'text/plain') +@@ -232,7 +237,7 @@ + ctx = SSL.Context() + ctx.set_verify(SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, 9) + ctx.load_verify_locations('tests/ca.pem') +- c = httpslib.HTTPS(srv_host, srv_port, ssl_context=ctx) ++ c = httpslib.HTTPS(srv_host, self.srv_port, ssl_context=ctx) + c.putrequest('GET', '/') + c.putheader('Accept', 'text/html') + c.putheader('Accept', 'text/plain') +@@ -253,7 +258,7 @@ + ctx = SSL.Context() + ctx.set_verify(SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, 9) + ctx.load_verify_locations('tests/server.pem') +- c = httpslib.HTTPS(srv_host, srv_port, ssl_context=ctx) ++ c = httpslib.HTTPS(srv_host, self.srv_port, ssl_context=ctx) + c.putrequest('GET', '/') + c.putheader('Accept', 'text/html') + c.putheader('Accept', 'text/plain') +@@ -871,7 +876,7 @@ + from M2Crypto import m2urllib + url = m2urllib.FancyURLopener() + url.addheader('Connection', 'close') +- u = url.open('https://%s:%s/' % (srv_host, srv_port)) ++ u = url.open('https://%s:%s/' % (srv_host, self.srv_port)) + data = u.read() + u.close() + finally: +@@ -896,7 +901,7 @@ + from M2Crypto import m2urllib2 + opener = m2urllib2.build_opener() + opener.addheaders = [('Connection', 'close')] +- u = opener.open('https://%s:%s/' % (srv_host, srv_port)) ++ u = opener.open('https://%s:%s/' % (srv_host, self.srv_port)) + data = u.read() + u.close() + finally: +@@ -913,7 +918,7 @@ + from M2Crypto import m2urllib2 + opener = m2urllib2.build_opener(ctx) + opener.addheaders = [('Connection', 'close')] +- u = opener.open('https://%s:%s/' % (srv_host, srv_port)) ++ u = opener.open('https://%s:%s/' % (srv_host, self.srv_port)) + data = u.read() + u.close() + finally: +@@ -930,7 +935,7 @@ + from M2Crypto import m2urllib2 + opener = m2urllib2.build_opener(ctx) + opener.addheaders = [('Connection', 'close')] +- self.assertRaises(SSL.SSLError, opener.open, 'https://%s:%s/' % (srv_host, srv_port)) ++ self.assertRaises(SSL.SSLError, opener.open, 'https://%s:%s/' % (srv_host, self.srv_port)) + finally: + self.stop_server(pid) + +@@ -942,7 +947,7 @@ + from M2Crypto import m2urllib2 + opener = m2urllib2.build_opener(ctx, m2urllib2.HTTPBasicAuthHandler()) + m2urllib2.install_opener(opener) +- req = m2urllib2.Request('https://%s:%s/' % (srv_host, srv_port)) ++ req = m2urllib2.Request('https://%s:%s/' % (srv_host, self.srv_port)) + u = m2urllib2.urlopen(req) + data = u.read() + u.close() +@@ -963,7 +968,7 @@ + import gc + from M2Crypto import m2urllib2 + o = m2urllib2.build_opener() +- r = o.open('https://%s:%s/' % (srv_host, srv_port)) ++ r = o.open('https://%s:%s/' % (srv_host, self.srv_port)) + s = [r.fp._sock.fp] + r.close() + self.assertEqual(len(gc.get_referrers(s[0])), 1) +@@ -990,7 +995,7 @@ + pid = self.start_server(self.args) + try: + from M2Crypto import httpslib +- c = httpslib.HTTPS(srv_host, srv_port) ++ c = httpslib.HTTPS(srv_host, self.srv_port) + c.putrequest('GET', '/') + c.putheader('Accept', 'text/html') + c.putheader('Accept', 'text/plain') +@@ -1029,7 +1034,7 @@ + pid = self.start_server(self.args) + try: + from M2Crypto import httpslib +- c = httpslib.HTTPS(srv_host, srv_port) ++ c = httpslib.HTTPS(srv_host, self.srv_port) + c.putrequest('GET', '/' + FIFO_NAME) + c.putheader('Accept', 'text/html') + c.putheader('Accept', 'text/plain') +@@ -1086,7 +1091,7 @@ + + contextFactory = ContextFactory() + factory = EchoClientFactory() +- wrapper.connectSSL(srv_host, srv_port, factory, contextFactory) ++ wrapper.connectSSL(srv_host, self.srv_port, factory, contextFactory) + reactor.run() # This will block until reactor.stop() is called + finally: + self.stop_server(pid) diff --git a/SOURCES/m2crypto-0.21.1-timeouts.patch b/SOURCES/m2crypto-0.21.1-timeouts.patch new file mode 100644 index 00000000..0f3e8b91 --- /dev/null +++ b/SOURCES/m2crypto-0.21.1-timeouts.patch @@ -0,0 +1,599 @@ +diff -urN M2Crypto/M2Crypto/SSL/Connection.py M2Crypto-0.21.1/M2Crypto/SSL/Connection.py +--- M2Crypto/M2Crypto/SSL/Connection.py 2013-11-26 20:01:02.591964970 +0100 ++++ M2Crypto-0.21.1/M2Crypto/SSL/Connection.py 2013-11-26 20:01:19.204950349 +0100 +@@ -47,9 +47,11 @@ + self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + self.socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) + self._fileno = self.socket.fileno() +- +- self.blocking = self.socket.gettimeout() +- ++ ++ self._timeout = self.socket.gettimeout() ++ if self._timeout is None: ++ self._timeout = -1.0 ++ + self.ssl_close_flag = m2.bio_noclose + + +@@ -147,7 +149,7 @@ + m2.ssl_set_accept_state(self.ssl) + + def accept_ssl(self): +- return m2.ssl_accept(self.ssl) ++ return m2.ssl_accept(self.ssl, self._timeout) + + def accept(self): + """Accept an SSL connection. The return value is a pair (ssl, addr) where +@@ -169,7 +171,7 @@ + m2.ssl_set_connect_state(self.ssl) + + def connect_ssl(self): +- return m2.ssl_connect(self.ssl) ++ return m2.ssl_connect(self.ssl, self._timeout) + + def connect(self, addr): + self.socket.connect(addr) +@@ -196,7 +198,7 @@ + return m2.ssl_pending(self.ssl) + + def _write_bio(self, data): +- return m2.ssl_write(self.ssl, data) ++ return m2.ssl_write(self.ssl, data, self._timeout) + + def _write_nbio(self, data): + return m2.ssl_write_nbio(self.ssl, data) +@@ -204,7 +206,7 @@ + def _read_bio(self, size=1024): + if size <= 0: + raise ValueError, 'size <= 0' +- return m2.ssl_read(self.ssl, size) ++ return m2.ssl_read(self.ssl, size, self._timeout) + + def _read_nbio(self, size=1024): + if size <= 0: +@@ -212,13 +214,13 @@ + return m2.ssl_read_nbio(self.ssl, size) + + def write(self, data): +- if self.blocking: ++ if self._timeout != 0.0: + return self._write_bio(data) + return self._write_nbio(data) + sendall = send = write + + def read(self, size=1024): +- if self.blocking: ++ if self._timeout != 0.0: + return self._read_bio(size) + return self._read_nbio(size) + recv = read +@@ -226,7 +228,17 @@ + def setblocking(self, mode): + """Set this connection's underlying socket to _mode_.""" + self.socket.setblocking(mode) +- self.blocking = mode ++ if mode: ++ self._timeout = -1.0 ++ else: ++ self._timeout = 0.0 ++ ++ def settimeout(self, timeout): ++ """Set this connection's underlying socket's timeout to _timeout_.""" ++ self.socket.settimeout(timeout) ++ self._timeout = timeout ++ if self._timeout is None: ++ self._timeout = -1.0 + + def fileno(self): + return self.socket.fileno() +@@ -308,15 +320,8 @@ + """Set the cipher suites for this connection.""" + return m2.ssl_set_cipher_list(self.ssl, cipher_list) + +- def makefile(self, mode='rb', bufsize='ignored'): +- r = 'r' in mode or '+' in mode +- w = 'w' in mode or 'a' in mode or '+' in mode +- b = 'b' in mode +- m2mode = ['', 'r'][r] + ['', 'w'][w] + ['', 'b'][b] +- # XXX Need to dup(). +- bio = BIO.BIO(self.sslbio, _close_cb=self.close) +- m2.bio_do_handshake(bio._ptr()) +- return BIO.IOBuffer(bio, m2mode, _pyfree=0) ++ def makefile(self, mode='rb', bufsize=-1): ++ return socket._fileobject(self, mode, bufsize) + + def getsockname(self): + return self.socket.getsockname() +diff -urN M2Crypto/M2Crypto/SSL/__init__.py M2Crypto-0.21.1/M2Crypto/SSL/__init__.py +--- M2Crypto/M2Crypto/SSL/__init__.py 2013-11-26 20:01:02.590964971 +0100 ++++ M2Crypto-0.21.1/M2Crypto/SSL/__init__.py 2013-11-26 20:01:19.204950349 +0100 +@@ -2,11 +2,14 @@ + + Copyright (c) 1999-2004 Ng Pheng Siong. All rights reserved.""" + ++import socket ++ + # M2Crypto + from M2Crypto import m2 + + class SSLError(Exception): pass +-m2.ssl_init(SSLError) ++class SSLTimeoutError(SSLError, socket.timeout): pass ++m2.ssl_init(SSLError, SSLTimeoutError) + + # M2Crypto.SSL + from Cipher import Cipher, Cipher_Stack +diff -urN M2Crypto/SWIG/_ssl.i M2Crypto-0.21.1/SWIG/_ssl.i +--- M2Crypto/SWIG/_ssl.i 2013-11-26 20:01:02.612964952 +0100 ++++ M2Crypto-0.21.1/SWIG/_ssl.i 2013-11-26 20:01:19.205950348 +0100 +@@ -11,10 +11,13 @@ + + %{ + #include ++#include + #include + #include + #include + #include ++#include ++#include + %} + + %apply Pointer NONNULL { SSL_CTX * }; +@@ -155,6 +158,11 @@ + %rename(ssl_session_get_timeout) SSL_SESSION_get_timeout; + extern long SSL_SESSION_get_timeout(CONST SSL_SESSION *); + ++extern PyObject *ssl_accept(SSL *ssl, double timeout = -1); ++extern PyObject *ssl_connect(SSL *ssl, double timeout = -1); ++extern PyObject *ssl_read(SSL *ssl, int num, double timeout = -1); ++extern int ssl_write(SSL *ssl, PyObject *blob, double timeout = -1); ++ + %constant int ssl_error_none = SSL_ERROR_NONE; + %constant int ssl_error_ssl = SSL_ERROR_SSL; + %constant int ssl_error_want_read = SSL_ERROR_WANT_READ; +@@ -210,14 +218,19 @@ + %constant int SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER = SSL_MODE_ENABLE_PARTIAL_WRITE; + %constant int SSL_MODE_AUTO_RETRY = SSL_MODE_AUTO_RETRY; + ++%ignore ssl_handle_error; ++%ignore ssl_sleep_with_timeout; + %inline %{ + static PyObject *_ssl_err; ++static PyObject *_ssl_timeout_err; + +-void ssl_init(PyObject *ssl_err) { ++void ssl_init(PyObject *ssl_err, PyObject *ssl_timeout_err) { + SSL_library_init(); + SSL_load_error_strings(); + Py_INCREF(ssl_err); ++ Py_INCREF(ssl_timeout_err); + _ssl_err = ssl_err; ++ _ssl_timeout_err = ssl_timeout_err; + } + + void ssl_ctx_passphrase_callback(SSL_CTX *ctx, PyObject *pyfunc) { +@@ -403,36 +416,130 @@ + return ret; + } + +-PyObject *ssl_accept(SSL *ssl) { ++static void ssl_handle_error(int ssl_err, int ret) { ++ int err; ++ ++ switch (ssl_err) { ++ case SSL_ERROR_SSL: ++ PyErr_SetString(_ssl_err, ++ ERR_reason_error_string(ERR_get_error())); ++ break; ++ case SSL_ERROR_SYSCALL: ++ err = ERR_get_error(); ++ if (err) ++ PyErr_SetString(_ssl_err, ERR_reason_error_string(err)); ++ else if (ret == 0) ++ PyErr_SetString(_ssl_err, "unexpected eof"); ++ else if (ret == -1) ++ PyErr_SetFromErrno(_ssl_err); ++ else ++ assert(0); ++ break; ++ default: ++ PyErr_SetString(_ssl_err, "unexpected SSL error"); ++ } ++} ++ ++static int ssl_sleep_with_timeout(SSL *ssl, const struct timeval *start, ++ double timeout, int ssl_err) { ++ struct pollfd fd; ++ struct timeval tv; ++ int ms, tmp; ++ ++ assert(timeout > 0); ++ again: ++ gettimeofday(&tv, NULL); ++ /* tv >= start */ ++ if ((timeout + start->tv_sec - tv.tv_sec) > INT_MAX / 1000) ++ ms = -1; ++ else { ++ int fract; ++ ++ ms = ((start->tv_sec + (int)timeout) - tv.tv_sec) * 1000; ++ fract = (start->tv_usec + (timeout - (int)timeout) * 1000000 ++ - tv.tv_usec + 999) / 1000; ++ if (ms > 0 && fract > INT_MAX - ms) ++ ms = -1; ++ else { ++ ms += fract; ++ if (ms <= 0) ++ goto timeout; ++ } ++ } ++ switch (ssl_err) { ++ case SSL_ERROR_WANT_READ: ++ fd.fd = SSL_get_rfd(ssl); ++ fd.events = POLLIN; ++ break; ++ ++ case SSL_ERROR_WANT_WRITE: ++ fd.fd = SSL_get_wfd(ssl); ++ fd.events = POLLOUT; ++ break; ++ ++ case SSL_ERROR_WANT_X509_LOOKUP: ++ return 0; /* FIXME: is this correct? */ ++ ++ default: ++ assert(0); ++ } ++ if (fd.fd == -1) { ++ PyErr_SetString(_ssl_err, "timeout on a non-FD SSL"); ++ return -1; ++ } ++ Py_BEGIN_ALLOW_THREADS ++ tmp = poll(&fd, 1, ms); ++ Py_END_ALLOW_THREADS ++ switch (tmp) { ++ case 1: ++ return 0; ++ case 0: ++ goto timeout; ++ case -1: ++ if (errno == EINTR) ++ goto again; ++ PyErr_SetFromErrno(_ssl_err); ++ return -1; ++ } ++ return 0; ++ ++ timeout: ++ PyErr_SetString(_ssl_timeout_err, "timed out"); ++ return -1; ++} ++ ++PyObject *ssl_accept(SSL *ssl, double timeout) { + PyObject *obj = NULL; +- int r, err; ++ int r, ssl_err; ++ struct timeval tv; + ++ if (timeout > 0) ++ gettimeofday(&tv, NULL); ++ again: + Py_BEGIN_ALLOW_THREADS + r = SSL_accept(ssl); ++ ssl_err = SSL_get_error(ssl, r); + Py_END_ALLOW_THREADS + + +- switch (SSL_get_error(ssl, r)) { ++ switch (ssl_err) { + case SSL_ERROR_NONE: + case SSL_ERROR_ZERO_RETURN: + obj = PyInt_FromLong((long)1); + break; + case SSL_ERROR_WANT_WRITE: + case SSL_ERROR_WANT_READ: +- obj = PyInt_FromLong((long)0); +- break; +- case SSL_ERROR_SSL: +- PyErr_SetString(_ssl_err, ERR_reason_error_string(ERR_get_error())); ++ if (timeout <= 0) { ++ obj = PyInt_FromLong((long)0); ++ break; ++ } ++ if (ssl_sleep_with_timeout(ssl, &tv, timeout, ssl_err) == 0) ++ goto again; + obj = NULL; + break; ++ case SSL_ERROR_SSL: + case SSL_ERROR_SYSCALL: +- err = ERR_get_error(); +- if (err) +- PyErr_SetString(_ssl_err, ERR_reason_error_string(err)); +- else if (r == 0) +- PyErr_SetString(_ssl_err, "unexpected eof"); +- else if (r == -1) +- PyErr_SetFromErrno(_ssl_err); ++ ssl_handle_error(ssl_err, r); + obj = NULL; + break; + } +@@ -441,36 +548,38 @@ + return obj; + } + +-PyObject *ssl_connect(SSL *ssl) { ++PyObject *ssl_connect(SSL *ssl, double timeout) { + PyObject *obj = NULL; +- int r, err; ++ int r, ssl_err; ++ struct timeval tv; + ++ if (timeout > 0) ++ gettimeofday(&tv, NULL); ++ again: + Py_BEGIN_ALLOW_THREADS + r = SSL_connect(ssl); ++ ssl_err = SSL_get_error(ssl, r); + Py_END_ALLOW_THREADS + + +- switch (SSL_get_error(ssl, r)) { ++ switch (ssl_err) { + case SSL_ERROR_NONE: + case SSL_ERROR_ZERO_RETURN: + obj = PyInt_FromLong((long)1); + break; + case SSL_ERROR_WANT_WRITE: + case SSL_ERROR_WANT_READ: +- obj = PyInt_FromLong((long)0); +- break; +- case SSL_ERROR_SSL: +- PyErr_SetString(_ssl_err, ERR_reason_error_string(ERR_get_error())); ++ if (timeout <= 0) { ++ obj = PyInt_FromLong((long)0); ++ break; ++ } ++ if (ssl_sleep_with_timeout(ssl, &tv, timeout, ssl_err) == 0) ++ goto again; + obj = NULL; + break; ++ case SSL_ERROR_SSL: + case SSL_ERROR_SYSCALL: +- err = ERR_get_error(); +- if (err) +- PyErr_SetString(_ssl_err, ERR_reason_error_string(err)); +- else if (r == 0) +- PyErr_SetString(_ssl_err, "unexpected eof"); +- else if (r == -1) +- PyErr_SetFromErrno(_ssl_err); ++ ssl_handle_error(ssl_err, r); + obj = NULL; + break; + } +@@ -483,10 +592,11 @@ + SSL_set_shutdown(ssl, mode); + } + +-PyObject *ssl_read(SSL *ssl, int num) { ++PyObject *ssl_read(SSL *ssl, int num, double timeout) { + PyObject *obj = NULL; + void *buf; +- int r, err; ++ int r; ++ struct timeval tv; + + if (!(buf = PyMem_Malloc(num))) { + PyErr_SetString(PyExc_MemoryError, "ssl_read"); +@@ -494,37 +604,44 @@ + } + + ++ if (timeout > 0) ++ gettimeofday(&tv, NULL); ++ again: + Py_BEGIN_ALLOW_THREADS + r = SSL_read(ssl, buf, num); + Py_END_ALLOW_THREADS + + +- switch (SSL_get_error(ssl, r)) { +- case SSL_ERROR_NONE: +- case SSL_ERROR_ZERO_RETURN: +- buf = PyMem_Realloc(buf, r); +- obj = PyString_FromStringAndSize(buf, r); +- break; +- case SSL_ERROR_WANT_WRITE: +- case SSL_ERROR_WANT_READ: +- case SSL_ERROR_WANT_X509_LOOKUP: +- Py_INCREF(Py_None); +- obj = Py_None; +- break; +- case SSL_ERROR_SSL: +- PyErr_SetString(_ssl_err, ERR_reason_error_string(ERR_get_error())); +- obj = NULL; +- break; +- case SSL_ERROR_SYSCALL: +- err = ERR_get_error(); +- if (err) +- PyErr_SetString(_ssl_err, ERR_reason_error_string(err)); +- else if (r == 0) +- PyErr_SetString(_ssl_err, "unexpected eof"); +- else if (r == -1) +- PyErr_SetFromErrno(_ssl_err); +- obj = NULL; +- break; ++ if (r >= 0) { ++ buf = PyMem_Realloc(buf, r); ++ obj = PyString_FromStringAndSize(buf, r); ++ } else { ++ int ssl_err; ++ ++ ssl_err = SSL_get_error(ssl, r); ++ switch (ssl_err) { ++ case SSL_ERROR_NONE: ++ case SSL_ERROR_ZERO_RETURN: ++ assert(0); ++ ++ case SSL_ERROR_WANT_WRITE: ++ case SSL_ERROR_WANT_READ: ++ case SSL_ERROR_WANT_X509_LOOKUP: ++ if (timeout <= 0) { ++ Py_INCREF(Py_None); ++ obj = Py_None; ++ break; ++ } ++ if (ssl_sleep_with_timeout(ssl, &tv, timeout, ssl_err) == 0) ++ goto again; ++ obj = NULL; ++ break; ++ case SSL_ERROR_SSL: ++ case SSL_ERROR_SYSCALL: ++ ssl_handle_error(ssl_err, r); ++ obj = NULL; ++ break; ++ } + } + PyMem_Free(buf); + +@@ -582,22 +699,26 @@ + return obj; + } + +-int ssl_write(SSL *ssl, PyObject *blob) { ++int ssl_write(SSL *ssl, PyObject *blob, double timeout) { + const void *buf; +- int len, r, err, ret; ++ int len, r, ssl_err, ret; ++ struct timeval tv; + + + if (m2_PyObject_AsReadBufferInt(blob, &buf, &len) == -1) { + return -1; + } + +- ++ if (timeout > 0) ++ gettimeofday(&tv, NULL); ++ again: + Py_BEGIN_ALLOW_THREADS + r = SSL_write(ssl, buf, len); ++ ssl_err = SSL_get_error(ssl, r); + Py_END_ALLOW_THREADS + + +- switch (SSL_get_error(ssl, r)) { ++ switch (ssl_err) { + case SSL_ERROR_NONE: + case SSL_ERROR_ZERO_RETURN: + ret = r; +@@ -605,20 +726,17 @@ + case SSL_ERROR_WANT_WRITE: + case SSL_ERROR_WANT_READ: + case SSL_ERROR_WANT_X509_LOOKUP: ++ if (timeout <= 0) { ++ ret = -1; ++ break; ++ } ++ if (ssl_sleep_with_timeout(ssl, &tv, timeout, ssl_err) == 0) ++ goto again; + ret = -1; + break; + case SSL_ERROR_SSL: +- PyErr_SetString(_ssl_err, ERR_reason_error_string(ERR_get_error())); +- ret = -1; +- break; + case SSL_ERROR_SYSCALL: +- err = ERR_get_error(); +- if (err) +- PyErr_SetString(_ssl_err, ERR_reason_error_string(ERR_get_error())); +- else if (r == 0) +- PyErr_SetString(_ssl_err, "unexpected eof"); +- else if (r == -1) +- PyErr_SetFromErrno(_ssl_err); ++ ssl_handle_error(ssl_err, r); + default: + ret = -1; + } +diff -urN M2Crypto/tests/test_ssl.py M2Crypto-0.21.1/tests/test_ssl.py +--- M2Crypto/tests/test_ssl.py 2013-11-26 20:01:02.582964980 +0100 ++++ M2Crypto-0.21.1/tests/test_ssl.py 2013-11-26 20:01:33.268937969 +0100 +@@ -972,6 +972,77 @@ + + class TwistedSSLClientTestCase(BaseSSLClientTestCase): + ++ def test_timeout(self): ++ pid = self.start_server(self.args) ++ try: ++ ctx = SSL.Context() ++ s = SSL.Connection(ctx) ++ # Just a really small number so we can timeout ++ s.settimeout(0.000000000000000000000000000001) ++ self.assertRaises(SSL.SSLTimeoutError, s.connect, self.srv_addr) ++ s.close() ++ finally: ++ self.stop_server(pid) ++ ++ def test_makefile_timeout(self): ++ # httpslib uses makefile to read the response ++ pid = self.start_server(self.args) ++ try: ++ from M2Crypto import httpslib ++ c = httpslib.HTTPS(srv_host, srv_port) ++ c.putrequest('GET', '/') ++ c.putheader('Accept', 'text/html') ++ c.putheader('Accept', 'text/plain') ++ c.endheaders() ++ c._conn.sock.settimeout(100) ++ err, msg, headers = c.getreply() ++ assert err == 200, err ++ f = c.getfile() ++ data = f.read() ++ c.close() ++ finally: ++ self.stop_server(pid) ++ self.failIf(string.find(data, 's_server -quiet -www') == -1) ++ ++ def test_makefile_timeout_fires(self): ++ # This is convoluted because (openssl s_server -www) starts writing the ++ # response as soon as it receives the first line of the request, so it's ++ # possible for it to send the response before the request is sent and ++ # there would be no timeout. So, let the server spend time reading from ++ # an empty pipe ++ FIFO_NAME = 'test_makefile_timeout_fires_fifo' ++ os.mkfifo('tests/' + FIFO_NAME) ++ pipe_pid = os.fork() ++ try: ++ if pipe_pid == 0: ++ try: ++ f = open('tests/' + FIFO_NAME, 'w') ++ try: ++ time.sleep(sleepTime + 1) ++ f.write('Content\n') ++ finally: ++ f.close() ++ finally: ++ os._exit(0) ++ self.args[self.args.index('-www')] = '-WWW' ++ pid = self.start_server(self.args) ++ try: ++ from M2Crypto import httpslib ++ c = httpslib.HTTPS(srv_host, srv_port) ++ c.putrequest('GET', '/' + FIFO_NAME) ++ c.putheader('Accept', 'text/html') ++ c.putheader('Accept', 'text/plain') ++ c.endheaders() ++ c._conn.sock.settimeout(0.0000000001) ++ self.assertRaises(socket.timeout, c.getreply) ++ c.close() ++ finally: ++ self.stop_server(pid) ++ finally: ++ os.kill(pipe_pid, 1) ++ os.waitpid(pipe_pid, 0) ++ os.unlink('tests/' + FIFO_NAME) ++ + def test_twisted_wrapper(self): + # Test only when twisted and ZopeInterfaces are present + try: diff --git a/SPECS/m2crypto.spec b/SPECS/m2crypto.spec new file mode 100644 index 00000000..98f90883 --- /dev/null +++ b/SPECS/m2crypto.spec @@ -0,0 +1,489 @@ +%{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")} + +# Keep this value in sync with the definition in openssl.spec. +%global multilib_arches %{ix86} ia64 ppc %{power64} s390 s390x sparcv9 sparc64 x86_64 + +Summary: Support for using OpenSSL in python scripts +Name: m2crypto +Version: 0.21.1 +Release: 17%{?dist} +Source0: http://pypi.python.org/packages/source/M/M2Crypto/M2Crypto-%{version}.tar.gz +# https://bugzilla.osafoundation.org/show_bug.cgi?id=2341 +Patch0: m2crypto-0.21.1-timeouts.patch +# This is only precautionary, it does fix anything - not sent upstream +Patch1: m2crypto-0.21.1-gcc_macros.patch +# https://bugzilla.osafoundation.org/show_bug.cgi?id=12972 +Patch2: m2crypto-0.20.2-fips.patch +# https://bugzilla.osafoundation.org/show_bug.cgi?id=12973 +Patch3: m2crypto-0.20.2-check.patch +# https://bugzilla.osafoundation.org/show_bug.cgi?id=13005 +Patch4: m2crypto-0.21.1-memoryview.patch +# https://bugzilla.osafoundation.org/show_bug.cgi?id=13020 +Patch5: m2crypto-0.21.1-smime-doc.patch +# https://bugzilla.osafoundation.org/show_bug.cgi?id=12999 +Patch6: m2crypto-0.21.1-AES_crypt.patch +# https://bugzilla.osafoundation.org/show_bug.cgi?id=13044 +Patch7: m2crypto-0.21.1-IPv6.patch +# https://bugzilla.osafoundation.org/show_bug.cgi?id=13049 +Patch8: m2crypto-0.21.1-https-proxy.patch +# https://bugzilla.osafoundation.org/show_bug.cgi?id=13066 +Patch9: m2crypto-0.21.1-certs.patch +# https://bugzilla.osafoundation.org/show_bug.cgi?id=13072 +Patch10: m2crypto-0.21.1-ssl23.patch +# https://bugzilla.osafoundation.org/show_bug.cgi?id=13098 +Patch11: m2crypto-0.21.1-SSL_CTX_new.patch +# https://bugzilla.osafoundation.org/show_bug.cgi?id=13073 +Patch12: m2crypto-0.21.1-sni.patch +# https://bugzilla.osafoundation.org/show_bug.cgi?id=13100 +Patch13: m2crypto-0.21.1-supported-ec.patch +# https://bugzilla.osafoundation.org/show_bug.cgi?id=13101 +Patch14: m2crypto-0.21.1-tests-no-SIGHUP.patch +# https://bugzilla.osafoundation.org/show_bug.cgi?id=13103 +Patch15: m2crypto-0.21.1-tests-no-export-ciphers.patch +# https://bugzilla.osafoundation.org/show_bug.cgi?id=13104 +Patch16: m2crypto-0.21.1-tests-random-ports.patch +# https://github.com/martinpaljak/M2Crypto/issues/70 +Patch17: m2crypto-0.21.1-test_cookie_str_changed.patch +# https://github.com/martinpaljak/M2Crypto/issues/19 +Patch18: m2crypto-0.21.1-SAN-ip.patch +License: MIT +Group: System Environment/Libraries +URL: http://wiki.osafoundation.org/bin/view/Projects/MeTooCrypto +BuildRequires: openssl, openssl-devel, python2-devel, python-setuptools +BuildRequires: perl, pkgconfig, swig, which + +%filter_provides_in %{python_sitearch}/M2Crypto/__m2crypto.so +%filter_setup + +%description +This package allows you to call OpenSSL functions from python scripts. + +%prep +%setup -q -n M2Crypto-%{version} +%patch0 -p1 -b .timeouts +%patch1 -p1 -b .gcc_macros +%patch2 -p1 -b .fips +%patch3 -p1 -b .check +%patch4 -p1 -b .memoryview +%patch5 -p0 +%patch6 -p0 -b .AES_crypt +%patch7 -p1 -b .IPv6 +%patch8 -p1 -b .https-proxy +%patch9 -p0 -b .certs +openssl x509 -in tests/x509.pem -out tests/x509.der -outform DER +%patch10 -p0 -b .ssl23 +%patch11 -p1 -b .SSL_CTX_new +%patch12 -p1 -b .sni +%patch13 -p1 -b .supported-ec +%patch14 -p1 -b .tests-no-SIGHUP +%patch15 -p1 -b .tests-no-export-ciphers +%patch16 -p1 -b .tests-random-ports +%patch17 -p1 -b .test_cookie_str_changed +%patch18 -p1 -b .SAN-ip + +# Red Hat opensslconf.h #includes an architecture-specific file, but SWIG +# doesn't follow the #include. + +# Determine which arch opensslconf.h is going to try to #include. +basearch=%{_arch} +%ifarch %{ix86} +basearch=i386 +%endif +%ifarch sparcv9 +basearch=sparc +%endif +%ifarch %{multilib_arches} +for i in SWIG/_ec.i SWIG/_evp.i; do + sed -i -e "s/opensslconf/opensslconf-${basearch}/" "$i" +done +%endif + +gcc -E -dM - < /dev/null | grep -v __STDC__ \ + | sed 's/^\(#define \([^ ]*\) .*\)$/#undef \2\n\1/' > SWIG/gcc_macros.h + +%build +CFLAGS="$RPM_OPT_FLAGS" ; export CFLAGS +if pkg-config openssl ; then + CFLAGS="$CFLAGS `pkg-config --cflags openssl`" ; export CFLAGS + LDFLAGS="$LDFLAGS`pkg-config --libs-only-L openssl`" ; export LDFLAGS +fi + +# -cpperraswarn is necessary for including opensslconf-${basearch} directly +SWIG_FEATURES=-cpperraswarn %{__python} setup.py build + +%install +CFLAGS="$RPM_OPT_FLAGS" ; export CFLAGS +if pkg-config openssl ; then + CFLAGS="$CFLAGS `pkg-config --cflags openssl`" ; export CFLAGS + LDFLAGS="$LDFLAGS`pkg-config --libs-only-L openssl`" ; export LDFLAGS +fi + +%{__python} setup.py install --root=$RPM_BUILD_ROOT + +for i in medusa medusa054; do + sed -i -e '1s,#! /usr/local/bin/python,#! %{__python},' \ + demo/$i/http_server.py +done + +# Windows-only +rm demo/Zope/starts.bat +# Fix up documentation permissions +find demo tests -type f -perm -111 -print0 | xargs -0 chmod a-x + +grep -rl '/usr/bin/env python' demo tests \ + | xargs sed -i "s,/usr/bin/env python,%{__python}," + +rm tests/*.{pem,py}.* # Patch backup files + +%check +%{__python} setup.py test + +%files +%doc CHANGES LICENCE README demo +%{python_sitearch}/M2Crypto +%{python_sitearch}/M2Crypto-*.egg-info + +%changelog +* Tue Jul 7 2015 Miloslav Trmač - 0.21.1-17 +- Fix spurious failures of test_cookie_str_changed_mac + Resolves: #1073950 +- Add support for IP addresses in subjectAltName + Resolves: #1080142 + +* Wed Aug 20 2014 Miloslav Trmač - 0.21.1-16 +- Sync %%multilib_arches with openssl. + Resolves: #1125603 + +* Fri Jan 24 2014 Daniel Mach - 0.21.1-15 +- Mass rebuild 2014-01-24 + +* Mon Jan 6 2014 Miloslav Trmač - 0.21.1-14 +- Don't assume that export ciphers are enabled in the test suite + Resolves: #1048887 +- Let the kernel allocate free ports for use by the test suite + Resolves: #1048887 + +* Fri Dec 27 2013 Daniel Mach - 0.21.1-13 +- Mass rebuild 2013-12-27 + +* Thu Dec 19 2013 Miloslav Trmač - 0.21.1-12 +- Fix occasional spurious failures in test_makefile_timeout_fires + Resolves: #969077 +- Fix incorrect exception handling of SSL_CTX_new (manifesting in FIPS mode) + Resolves: #879043 +- Add minimal SNI support, based on a patch by Sander Steffann + + Resolves: #1038795 +- Use only ECC curves available in Fedora in the test suite + Related: #1038813 +- Fix terminating test suite helper processes when running in Koji + Related: #1038813 +- Run test suite in %%check, don't ship it in the package. Based on a patch by + Matěj Cepl . + Resolves: #1038813 + +* Thu Feb 14 2013 Fedora Release Engineering - 0.21.1-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Wed Nov 21 2012 Miloslav Trmač - 0.21.1-10 +- Replace expired certificates in the test suite +- Fix running the test suite against recent OpenSSL versions + +* Tue Aug 21 2012 Miloslav Trmač - 0.21.1-10 +- Drop no longer necessary %%clean and %%defattr commands. + +* Thu Jul 19 2012 Fedora Release Engineering - 0.21.1-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Thu Mar 15 2012 Miloslav Trmač - 0.21.1-8 +- Fix HTTPS proxy support + Resolves: #803554 + +* Tue Mar 13 2012 Miloslav Trmač - 0.21.1-7 +- Support IPv6 in M2Crypto.httpslib + Resolves: #742914 + +* Fri Jan 13 2012 Fedora Release Engineering - 0.21.1-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Thu May 12 2011 Miloslav Trmač - 0.21.1-5 +- Fix a memory leak in AES_crypt + Resolves: #659881 + +* Tue May 10 2011 Miloslav Trmač - 0.21.1-4 +- Fix handling of buffer() objects as input data to SSL + Resolves: #702766 + +* Mon Mar 28 2011 Miloslav Trmač - 0.21.1-3 +- Fix S/MIME documentation and examples + Resolves: #618500 + +* Wed Feb 23 2011 Garrett Holmstrom - 0.21.1-3 +- Use the %%__python macro for Python calls and locations + Patch by Garrett Holmstrom + +* Tue Feb 08 2011 Fedora Release Engineering - 0.21.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Tue Jan 18 2011 Miloslav Trmač - 0.21.1-1 +- Update to m2crypto-0.21.1 +- Make the test suite pass with Python 2.7 + +* Wed Jul 21 2010 David Malcolm - 0.20.2-9 +- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild + +* Fri Jul 9 2010 Miloslav Trmač - 0.20.2-8 +- Allow overriding SSL.Connection.postConnectionCheck from m2urllib2 + Resolves: #610906 + +* Wed May 19 2010 Miloslav Trmač - 0.20.2-7 +- Make test suite pass in FIPS mode + Resolves: #565662 + +* Thu Mar 4 2010 Miloslav Trmač - 0.20.2-6 +- Filter out bogus Provides: __m2crypto.so +- Drop explicit Requires: python + +* Mon Feb 15 2010 Miloslav Trmač - 0.20.2-5 +- Make test suite pass with OpenSSL 1.0.0 +- Don't ship patch backup files in %%doc + +* Tue Jan 5 2010 Miloslav Trmač - 0.20.2-4 +- s/%%define/%%global/ + +* Mon Dec 7 2009 Miloslav Trmač - 0.20.2-3 +- Don't use '!# /usr/bin/env python' + Resolves: #521887 + +* Thu Oct 15 2009 Miloslav Trmač - 0.20.2-2 +- Add a dist tag. + +* Wed Oct 7 2009 Miloslav Trmač - 0.20.2-1 +- Update to m2crypto-0.20.2 +- Drop BuildRoot: and cleaning it at start of %%install + +* Sun Aug 30 2009 Miloslav Trmač - 0.20.1-1 +- Update to m2crypto-0.20.1 +- Add upstream patch to build with OpenSSL 1.0.0 + +* Fri Aug 21 2009 Tomas Mraz - 0.20-2 +- rebuilt with new openssl + +* Tue Aug 11 2009 Miloslav Trmač - 0.20-1 +- Update to m2crypto-0.20 +- Fix incorrect merge in HTTPS CONNNECT proxy support + +* Sat Jul 25 2009 Fedora Release Engineering - 0.19.1-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Wed Jun 24 2009 Miloslav Trmač - 0.19.1-9 +- Fix OpenSSL locking callback + Resolves: #507903 + +* Wed Jun 10 2009 Miloslav Trmač - 0.19.1-8 +- Don't reject certificates with subjectAltName that does not contain a dNSName + Resolves: #504060 + +* Wed Jun 3 2009 Miloslav Trmač - 0.19.1-7 +- Only send the selector in SSL HTTP requests. Patch by James Bowes + . + Resolves: #491674 + +* Wed Feb 25 2009 Fedora Release Engineering - 0.19.1-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Wed Feb 4 2009 Miloslav Trmač - 0.19.1-5 +- Close the connection when an m2urllib2 response is closed + Resolves: #460692 +- Work around conflicts between macros defined by gcc and swig + +* Sat Jan 17 2009 Tomas Mraz - 0.19.1-4 +- rebuild with new openssl + +* Sat Nov 29 2008 Ignacio Vazquez-Abrams - 0.19.1-3 +- Rebuild for Python 2.6 + +* Mon Nov 10 2008 Miloslav Trmač - 0.19.1-2 +- Import all gcc-defined macros into SWIG (recommended by Adam Tkac) + +* Mon Oct 13 2008 Miloslav Trmač - 0.19.1-1 +- Update to m2crypto-0.19.1 + +* Mon Oct 6 2008 Miloslav Trmač - 0.19-1 +- Update to m2crypto-0.19 +- Fix some rpmlint warnings + +* Thu Sep 18 2008 Dennis Gilmore - 0.18.2-8 +- enable sparc arches + +* Wed Jun 11 2008 Miloslav Trmač - 0.18.2-7 +- Update m2urllib2 to match the Python 2.5 code instead + +* Sun Jun 8 2008 Miloslav Trmač - 0.18.2-6 +- Don't remove the User-Agent header from proxied requests + Related: #448858 +- Update m2urllib2.py to work with Python 2.5 + +* Sat Jun 7 2008 Miloslav Trmač - 0.18.2-5 +- Use User-Agent in HTTP proxy CONNECT requests + Related: #448858 + +* Tue Feb 19 2008 Fedora Release Engineering - 0.18.2-4 +- Autorebuild for GCC 4.3 + +* Fri Jan 11 2008 Miloslav Trmač - 0.18.2-3 +- Ship Python egg information + +* Tue Dec 4 2007 Miloslav Trmač - 0.18.2-2 +- Rebuild with openssl-0.9.8g + +* Fri Oct 26 2007 Miloslav Trmač - 0.18.2-1 +- Update to m2crypto-0.18.2 +- Remove BuildRequires: unzip + +* Sun Sep 23 2007 Miloslav Trmač - 0.18-2 +- Add missing Host: header to CONNECT requests (patch by Karl Grindley) + Resolves: #239034 +- Fix License: + +* Wed Aug 1 2007 Miloslav Trmač - 0.18-1 +- Update to m2crypto-0.18 + +* Wed Jul 11 2007 Miloslav Trmač - 0.17-3 +- Try to fix build on Alpha + Resolves: #246828 + +* Fri Apr 27 2007 Miloslav Trmac - 0.17-2 +- Make m2xmlrpclib work with Python 2.5 + Resolves: #237902 + +* Wed Jan 17 2007 Miloslav Trmac - 0.17-1 +- Update to m2crypto-0.17 +- Update for Python 2.5 + +* Thu Dec 7 2006 Miloslav Trmac - 0.16-8 +- Rebuild with updated build tools to avoid DT_TEXTREL on s390x + Resolves: #218578 + +* Thu Dec 7 2006 Jeremy Katz - 0.16-7 +- rebuild against python 2.5 + +* Mon Oct 23 2006 Miloslav Trmac - 0.16-6 +- Add support for SSL socket timeouts (based on a patch by James Bowes + ) + Resolves: #219966 + +* Fri Oct 20 2006 Miloslav Trmac - 0.16-5 +- Backport the urllib2 wrapper (code by James Bowes ) + Resolves: #210956 +- Add proxy support for https using CONNECT (original patch by James Bowes + ) + Resolves: #210963 + +* Tue Sep 26 2006 Miloslav Trmac - 0.16-4 +- Drop Obsoletes: openssl-python, openssl-python was last shipped in RHL 7.1 +- Fix interpreter paths in demos + +* Sat Sep 23 2006 Miloslav Trmac - 0.16-3 +- Make more compliant with Fedora guidelines +- Update URL: + +* Wed Jul 12 2006 Jesse Keating - 0.16-2.1 +- rebuild + +* Thu Jul 6 2006 Miloslav Trmac - 0.16-2 +- Fix build with rawhide swig + +* Thu Jul 6 2006 Miloslav Trmac - 0.16-1 +- Update to m2crypto-0.16 + +* Wed Apr 19 2006 Miloslav Trmac - 0.15-4 +- Fix SSL.Connection.accept (#188742) + +* Fri Feb 10 2006 Jesse Keating - 0.15-3.2 +- bump again for double-long bug on ppc(64) + +* Tue Feb 07 2006 Jesse Keating - 0.15-3.1 +- rebuilt for new gcc4.1 snapshot and glibc changes + +* Tue Jan 3 2006 Miloslav Trmac - 0.15-3 +- Add BuildRequires: swig + +* Fri Dec 09 2005 Jesse Keating +- rebuilt + +* Wed Nov 9 2005 Miloslav Trmac - 0.15-2 +- Rebuild with newer openssl + +* Mon Aug 29 2005 Miloslav Trmac - 0.15-1 +- Update to m2crypto-0.15 +- Drop bundled swig + +* Tue Jun 14 2005 Miloslav Trmac - 0.13-5 +- Better fix for #159898, by Dan Williams + +* Thu Jun 9 2005 Miloslav Trmac - 0.13-4 +- Fix invalid handle_error override in SSL.SSLServer (#159898, patch by Dan + Williams) + +* Tue May 31 2005 Miloslav Trmac - 0.13-3 +- Fix invalid Python version comparisons in M2Crypto.httpslib (#156979) +- Don't ship obsolete xmlrpclib.py.patch +- Clean up the build process a bit + +* Wed Mar 16 2005 Nalin Dahyabhai 0.13-2 +- rebuild + +* Tue Nov 23 2004 Karsten Hopp 0.13-1 +- update, remove now obsolete patches + +* Mon Nov 22 2004 Karsten Hopp 0.09-7 +- changed pythonver from 2.3 to 2.4 + +* Tue Jun 15 2004 Elliot Lee +- rebuilt + +* Tue Mar 02 2004 Elliot Lee +- rebuilt + +* Tue Feb 24 2004 Harald Hoyer - 0.09-5 +- changed pythonver from 2.2 to 2.3 +- patched setup.py to cope with include path + +* Fri Feb 13 2004 Elliot Lee +- rebuilt + +* Wed Jun 04 2003 Elliot Lee +- rebuilt + +* Wed Jan 22 2003 Tim Powers +- rebuilt + +* Tue Jan 14 2003 Nalin Dahyabhai 0.09-1 +- Update to version 0.09 +- Build using bundled copy of SWIG +- Pick up additional CFLAGS and LDFLAGS from OpenSSL's pkgconfig data, if + there is any +- Handle const changes in new OpenSSL +- Remove unnecessary ldconfig calls in post/postun + +* Thu Dec 12 2002 Elliot Lee 0.07_snap3-2 +- Update to version 0.07_snap3 + +* Fri Jun 21 2002 Tim Powers +- automated rebuild + +* Sun May 26 2002 Tim Powers +- automated rebuild + +* Mon May 20 2002 Nalin Dahyabhai 0.05_snap4-4 +- rebuild with Python 2.2 + +* Wed Apr 24 2002 Nalin Dahyabhai 0.05_snap4-3 +- remove a stray -L at link-time which prevented linking with libssl (#59985) + +* Thu Aug 23 2001 Nalin Dahyabhai 0.05_snap4-2 +- drop patch which isn't needed because we know swig is installed + +* Mon Apr 9 2001 Nalin Dahyabhai 0.05_snap4-1 +- break off from openssl-python