pyOpenSSL

Merge lp:~ohe/pyopenssl/crl-comp into lp:~exarkun/pyopenssl/trunk

  1. crl-comp
  2. Merge into trunk
Proposed by Olivier Hervieu
Status: Work in progress
Proposed branch: lp:~ohe/pyopenssl/crl-comp
Merge into: lp:~exarkun/pyopenssl/trunk
Diff against target: 86 lines (+36/-3)
2 files modified
OpenSSL/crypto/crl.c (+34/-3)
OpenSSL/test/test_crypto.py (+2/-0)
To merge this branch: bzr merge lp:~ohe/pyopenssl/crl-comp
Reviewer Review Type Date Requested Status
Jean-Paul Calderone Needs Fixing
Review via email: mp+40384@code.launchpad.net

Description of the change

Add new method to get the issuer of a CRL (very usefull to for OCSP request handling).
Test included.

To post a comment you must log in.
Revision history for this message
Jean-Paul Calderone (exarkun) wrote :

Hi, thanks for your contribution. Looking at the man page for X509_NAME_oneline I see this warning:

  The functions X509_NAME_oneline() and X509_NAME_print() are legacy functions which produce a non standard output
  form, they don't handle multi character fields and have various quirks and inconsistencies. Their use is strongly
  discouraged in new applications.

It sounds like instead X509_NAME_print_ex or X509_NAME_print should be used instead. You can find an example of how to use these BIO-based functions to get a char* in crypto_CRL_export.

Also, all new APIs should be documented in doc/api/.

Thanks again.

review: Needs Fixing
Reply

Unmerged revisions

140. By Olivier Hervieu

Add a new get_issuer method on CRL object. Returns the CRL's issuer as string.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'OpenSSL/crypto/crl.c'
2--- OpenSSL/crypto/crl.c 2010-10-02 22:34:52 +0000
3+++ OpenSSL/crypto/crl.c 2010-11-08 21:56:43 +0000
4@@ -2,7 +2,6 @@
5 #define crypto_MODULE
6 #include "crypto.h"
7
8-
9 static X509_REVOKED * X509_REVOKED_dup(X509_REVOKED *orig) {
10 X509_REVOKED *dupe = NULL;
11
12@@ -192,6 +191,38 @@
13 return self;
14 }
15
16+static char crypto_CRL_get_issuer_doc[] = "\n\
17+Return the issuer of a CRL structure\n\
18+\n\
19+@return: The issuer as a string\n\
20+";
21+static PyObject *
22+crypto_CRL_get_issuer(crypto_CRLObj *self, PyObject *args) {
23+
24+ /*
25+ * Is this long enough? Tthere's a old X500 limitation for dn size
26+ * at 256 chars. Perhaps we have to modify this.
27+ * One more thing, openssl has the same buffer len, see
28+ * X509_CRL_print method from t_crl.c
29+ */
30+ char issuer_buff[256];
31+ PyObject *issuer_str = NULL;
32+
33+ if (!PyArg_ParseTuple(args, ":get_issuer")) {
34+ return NULL;
35+ }
36+ if (self->crl == NULL) {
37+ Py_INCREF(Py_None);
38+ return Py_None;
39+ } else {
40+ X509_NAME_oneline(X509_CRL_get_issuer(self->crl), issuer_buff, 256);
41+ }
42+
43+ issuer_str = PyBytes_FromStringAndSize(issuer_buff, strlen(issuer_buff));
44+ return issuer_str;
45+}
46+
47+
48 /*
49 * ADD_METHOD(name) expands to a correct PyMethodDef declaration
50 * { 'name', (PyCFunction)crypto_CRL_name, METH_VARARGS, crypto_CRL_name_doc }
51@@ -204,12 +235,12 @@
52 static PyMethodDef crypto_CRL_methods[] = {
53 ADD_KW_METHOD(add_revoked),
54 ADD_METHOD(get_revoked),
55+ ADD_METHOD(get_issuer),
56 ADD_KW_METHOD(export),
57 { NULL, NULL }
58 };
59 #undef ADD_METHOD
60
61-
62 static void
63 crypto_CRL_dealloc(crypto_CRLObj *self) {
64 X509_CRL_free(self->crl);
65@@ -230,7 +261,7 @@
66 if (!PyArg_ParseTuple(args, ":CRL")) {
67 return NULL;
68 }
69-
70+
71 return (PyObject *)crypto_CRL_New(X509_CRL_new());
72 }
73
74
75=== modified file 'OpenSSL/test/test_crypto.py'
76--- OpenSSL/test/test_crypto.py 2010-10-14 02:23:30 +0000
77+++ OpenSSL/test/test_crypto.py 2010-11-08 21:56:43 +0000
78@@ -2382,6 +2382,8 @@
79 self.assertEqual(revs[0].get_reason(), None)
80 self.assertEqual(revs[1].get_serial(), b('0100'))
81 self.assertEqual(revs[1].get_reason(), b('Superseded'))
82+ self.assertEqual(crl.get_issuer(),
83+ b('/C=US/ST=IL/L=Chicago/O=Testing/CN=Testing Root CA'))
84
85 der = _runopenssl(crlData, "crl", "-outform", "DER")
86 crl = load_crl(FILETYPE_ASN1, der)

Subscribers

People subscribed via source and target branches

to status/vote changes: