pyOpenSSL

Merge lp:~ohe/pyopenssl/crl-comp into lp:~exarkun/pyopenssl/trunk

  1. crl-comp
  2. Merge into trunk
Proposed by Olivier Hervieu
Status: Work in progress
Proposed branch: lp:~ohe/pyopenssl/crl-comp
Merge into: lp:~exarkun/pyopenssl/trunk
Diff against target: 86 lines (+36/-3)
2 files modified
OpenSSL/crypto/crl.c (+34/-3)
OpenSSL/test/test_crypto.py (+2/-0)
To merge this branch: bzr merge lp:~ohe/pyopenssl/crl-comp
Reviewer Review Type Date Requested Status
Jean-Paul Calderone Needs Fixing
Review via email: mp+40384@code.launchpad.net

Description of the change

Add new method to get the issuer of a CRL (very usefull to for OCSP request handling).
Test included.

To post a comment you must log in.
Revision history for this message
Jean-Paul Calderone (exarkun) wrote :

Hi, thanks for your contribution. Looking at the man page for X509_NAME_oneline I see this warning:

  The functions X509_NAME_oneline() and X509_NAME_print() are legacy functions which produce a non standard output
  form, they don't handle multi character fields and have various quirks and inconsistencies. Their use is strongly
  discouraged in new applications.

It sounds like instead X509_NAME_print_ex or X509_NAME_print should be used instead. You can find an example of how to use these BIO-based functions to get a char* in crypto_CRL_export.

Also, all new APIs should be documented in doc/api/.

Thanks again.

review: Needs Fixing
Reply

Unmerged revisions

140. By Olivier Hervieu

Add a new get_issuer method on CRL object. Returns the CRL's issuer as string.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'OpenSSL/crypto/crl.c'
--- OpenSSL/crypto/crl.c 2010-10-02 22:34:52 +0000
+++ OpenSSL/crypto/crl.c 2010-11-08 21:56:43 +0000
@@ -2,7 +2,6 @@
2#define crypto_MODULE2#define crypto_MODULE
3#include "crypto.h"3#include "crypto.h"
44
5
6static X509_REVOKED * X509_REVOKED_dup(X509_REVOKED *orig) {5static X509_REVOKED * X509_REVOKED_dup(X509_REVOKED *orig) {
7 X509_REVOKED *dupe = NULL;6 X509_REVOKED *dupe = NULL;
87
@@ -192,6 +191,38 @@
192 return self;191 return self;
193}192}
194193
194static char crypto_CRL_get_issuer_doc[] = "\n\
195Return the issuer of a CRL structure\n\
196\n\
197@return: The issuer as a string\n\
198";
199static PyObject *
200crypto_CRL_get_issuer(crypto_CRLObj *self, PyObject *args) {
201
202 /*
203 * Is this long enough? Tthere's a old X500 limitation for dn size
204 * at 256 chars. Perhaps we have to modify this.
205 * One more thing, openssl has the same buffer len, see
206 * X509_CRL_print method from t_crl.c
207 */
208 char issuer_buff[256];
209 PyObject *issuer_str = NULL;
210
211 if (!PyArg_ParseTuple(args, ":get_issuer")) {
212 return NULL;
213 }
214 if (self->crl == NULL) {
215 Py_INCREF(Py_None);
216 return Py_None;
217 } else {
218 X509_NAME_oneline(X509_CRL_get_issuer(self->crl), issuer_buff, 256);
219 }
220
221 issuer_str = PyBytes_FromStringAndSize(issuer_buff, strlen(issuer_buff));
222 return issuer_str;
223}
224
225
195/*226/*
196 * ADD_METHOD(name) expands to a correct PyMethodDef declaration227 * ADD_METHOD(name) expands to a correct PyMethodDef declaration
197 * { 'name', (PyCFunction)crypto_CRL_name, METH_VARARGS, crypto_CRL_name_doc }228 * { 'name', (PyCFunction)crypto_CRL_name, METH_VARARGS, crypto_CRL_name_doc }
@@ -204,12 +235,12 @@
204static PyMethodDef crypto_CRL_methods[] = {235static PyMethodDef crypto_CRL_methods[] = {
205 ADD_KW_METHOD(add_revoked),236 ADD_KW_METHOD(add_revoked),
206 ADD_METHOD(get_revoked),237 ADD_METHOD(get_revoked),
238 ADD_METHOD(get_issuer),
207 ADD_KW_METHOD(export),239 ADD_KW_METHOD(export),
208 { NULL, NULL }240 { NULL, NULL }
209};241};
210#undef ADD_METHOD242#undef ADD_METHOD
211243
212
213static void244static void
214crypto_CRL_dealloc(crypto_CRLObj *self) {245crypto_CRL_dealloc(crypto_CRLObj *self) {
215 X509_CRL_free(self->crl);246 X509_CRL_free(self->crl);
@@ -230,7 +261,7 @@
230 if (!PyArg_ParseTuple(args, ":CRL")) {261 if (!PyArg_ParseTuple(args, ":CRL")) {
231 return NULL;262 return NULL;
232 }263 }
233 264
234 return (PyObject *)crypto_CRL_New(X509_CRL_new());265 return (PyObject *)crypto_CRL_New(X509_CRL_new());
235}266}
236267
237268
=== modified file 'OpenSSL/test/test_crypto.py'
--- OpenSSL/test/test_crypto.py 2010-10-14 02:23:30 +0000
+++ OpenSSL/test/test_crypto.py 2010-11-08 21:56:43 +0000
@@ -2382,6 +2382,8 @@
2382 self.assertEqual(revs[0].get_reason(), None)2382 self.assertEqual(revs[0].get_reason(), None)
2383 self.assertEqual(revs[1].get_serial(), b('0100'))2383 self.assertEqual(revs[1].get_serial(), b('0100'))
2384 self.assertEqual(revs[1].get_reason(), b('Superseded'))2384 self.assertEqual(revs[1].get_reason(), b('Superseded'))
2385 self.assertEqual(crl.get_issuer(),
2386 b('/C=US/ST=IL/L=Chicago/O=Testing/CN=Testing Root CA'))
23852387
2386 der = _runopenssl(crlData, "crl", "-outform", "DER")2388 der = _runopenssl(crlData, "crl", "-outform", "DER")
2387 crl = load_crl(FILETYPE_ASN1, der)2389 crl = load_crl(FILETYPE_ASN1, der)

Subscribers

People subscribed via source and target branches

to status/vote changes: