diff --git a/.m2crypto.metadata b/.m2crypto.metadata new file mode 100644 index 0000000..163a864 --- /dev/null +++ b/.m2crypto.metadata @@ -0,0 +1 @@ +3c7135b952092e4f2eee7a94c5153319cccba94e SOURCES/M2Crypto-0.21.1.tar.gz diff --git a/README.md b/README.md deleted file mode 100644 index 0e7897f..0000000 --- a/README.md +++ /dev/null @@ -1,5 +0,0 @@ -The master branch has no content - -Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6 - -If you find this file in a distro specific branch, it means that no content has been checked in yet diff --git a/SOURCES/m2crypto-0.20.2-check.patch b/SOURCES/m2crypto-0.20.2-check.patch new file mode 100644 index 0000000..8af74bd --- /dev/null +++ b/SOURCES/m2crypto-0.20.2-check.patch @@ -0,0 +1,33 @@ +diff -up M2Crypto-0.20.2/M2Crypto/SSL/Connection.py.check M2Crypto-0.20.2/M2Crypto/SSL/Connection.py +--- M2Crypto-0.20.2/M2Crypto/SSL/Connection.py.check 2010-07-09 00:05:56.000000000 +0200 ++++ M2Crypto-0.20.2/M2Crypto/SSL/Connection.py 2010-07-09 00:08:20.677169899 +0200 +@@ -54,6 +54,10 @@ class Connection: + + self.ssl_close_flag = m2.bio_noclose + ++ if self.ctx.post_connection_check is not None: ++ self.set_post_connection_check_callback \ ++ (self.ctx.post_connection_check) ++ + + def __del__(self): + if getattr(self, 'sslbio', None): +diff -up M2Crypto-0.20.2/M2Crypto/SSL/Context.py.check M2Crypto-0.20.2/M2Crypto/SSL/Context.py +--- M2Crypto-0.20.2/M2Crypto/SSL/Context.py.check 2009-10-07 06:24:28.000000000 +0200 ++++ M2Crypto-0.20.2/M2Crypto/SSL/Context.py 2010-07-09 00:06:47.551169489 +0200 +@@ -36,12 +36,14 @@ class Context: + + m2_ssl_ctx_free = m2.ssl_ctx_free + +- def __init__(self, protocol='sslv23', weak_crypto=None): ++ def __init__(self, protocol='sslv23', weak_crypto=None, ++ post_connection_check=None): + proto = getattr(m2, protocol + '_method', None) + if proto is None: + raise ValueError, "no such protocol '%s'" % protocol + self.ctx = m2.ssl_ctx_new(proto()) + self.allow_unknown_ca = 0 ++ self.post_connection_check = post_connection_check + map()[long(self.ctx)] = self + m2.ssl_ctx_set_cache_size(self.ctx, 128L) + if weak_crypto is None: diff --git a/SOURCES/m2crypto-0.20.2-fips.patch b/SOURCES/m2crypto-0.20.2-fips.patch new file mode 100644 index 0000000..d6a5739 --- /dev/null +++ b/SOURCES/m2crypto-0.20.2-fips.patch @@ -0,0 +1,220 @@ +diff -up M2Crypto-0.20.2/SWIG/_evp.i.fips M2Crypto-0.20.2/SWIG/_evp.i +--- M2Crypto-0.20.2/SWIG/_evp.i.fips 2010-05-19 07:06:44.029090567 +0200 ++++ M2Crypto-0.20.2/SWIG/_evp.i 2010-05-19 07:06:44.049115516 +0200 +@@ -250,7 +250,10 @@ PyObject *hmac_init(HMAC_CTX *ctx, PyObj + if (m2_PyObject_AsReadBufferInt(key, &kbuf, &klen) == -1) + return NULL; + +- HMAC_Init(ctx, kbuf, klen, md); ++ if (!HMAC_Init(ctx, kbuf, klen, md)) { ++ PyErr_SetString(_evp_err, "HMAC_Init failed"); ++ return NULL; ++ } + Py_INCREF(Py_None); + return Py_None; + } +@@ -262,7 +265,10 @@ PyObject *hmac_update(HMAC_CTX *ctx, PyO + if (PyObject_AsReadBuffer(blob, &buf, &len) == -1) + return NULL; + +- HMAC_Update(ctx, buf, len); ++ if (!HMAC_Update(ctx, buf, len)) { ++ PyErr_SetString(_evp_err, "HMAC_Update failed"); ++ return NULL; ++ } + Py_INCREF(Py_None); + return Py_None; + } +@@ -276,7 +282,10 @@ PyObject *hmac_final(HMAC_CTX *ctx) { + PyErr_SetString(PyExc_MemoryError, "hmac_final"); + return NULL; + } +- HMAC_Final(ctx, blob, (unsigned int *)&blen); ++ if (!HMAC_Final(ctx, blob, (unsigned int *)&blen)) { ++ PyErr_SetString(_evp_err, "HMAC_Final failed"); ++ return NULL; ++ } + ret = PyString_FromStringAndSize(blob, blen); + PyMem_Free(blob); + return ret; +diff -up M2Crypto-0.20.2/SWIG/_rsa.i.fips M2Crypto-0.20.2/SWIG/_rsa.i +--- M2Crypto-0.20.2/SWIG/_rsa.i.fips 2010-05-19 07:06:44.030090773 +0200 ++++ M2Crypto-0.20.2/SWIG/_rsa.i 2010-05-19 07:06:44.038095292 +0200 +@@ -423,15 +423,17 @@ void genrsa_callback(int p, int n, void + Py_XDECREF(ret); + } + +-RSA *rsa_generate_key(int bits, unsigned long e, PyObject *pyfunc) { ++PyObject *rsa_generate_key(int bits, unsigned long e, PyObject *pyfunc) { + RSA *rsa; + + Py_INCREF(pyfunc); + rsa = RSA_generate_key(bits, e, genrsa_callback, (void *)pyfunc); + Py_DECREF(pyfunc); +- if (!rsa) ++ if (!rsa) { + PyErr_SetString(_rsa_err, ERR_reason_error_string(ERR_get_error())); +- return rsa; ++ return NULL; ++ } ++ return SWIG_NewPointerObj((void *)rsa, SWIGTYPE_p_RSA, 0); + } + + int rsa_type_check(RSA *rsa) { +diff -up M2Crypto-0.20.2/tests/test_evp.py.fips M2Crypto-0.20.2/tests/test_evp.py +--- M2Crypto-0.20.2/tests/test_evp.py.fips 2009-10-07 06:24:44.000000000 +0200 ++++ M2Crypto-0.20.2/tests/test_evp.py 2010-05-19 07:06:44.039121270 +0200 +@@ -97,7 +97,7 @@ class EVPTestCase(unittest.TestCase): + """ + Testing retrieving the RSA key from the PKey instance. + """ +- rsa = RSA.gen_key(512, 3, callback=self._gen_callback) ++ rsa = RSA.gen_key(1024, 3, callback=self._gen_callback) + assert isinstance(rsa, RSA.RSA) + pkey = EVP.PKey() + pkey.assign_rsa(rsa) +@@ -130,7 +130,7 @@ class EVPTestCase(unittest.TestCase): + pkey = EVP.PKey() + self.assertRaises(ValueError, pkey.get_modulus) + +- rsa = RSA.gen_key(512, 3, callback=self._gen_callback) ++ rsa = RSA.gen_key(1024, 3, callback=self._gen_callback) + pkey.assign_rsa(rsa) + mod = pkey.get_modulus() + assert len(mod) > 0, mod +@@ -373,21 +373,21 @@ class PBKDF2TestCase(unittest.TestCase): + + class HMACTestCase(unittest.TestCase): + data1=['', 'More text test vectors to stuff up EBCDIC machines :-)', \ +- h2b("e9139d1e6ee064ef8cf514fc7dc83e86")] ++ h2b("b760e92d6662d351eb3801057695ac0346295356")] + + data2=[h2b('0b'*16), "Hi There", \ +- h2b("9294727a3638bb1c13f48ef8158bfc9d")] ++ h2b("675b0b3a1b4ddf4e124872da6c2f632bfed957e9")] + + data3=['Jefe', "what do ya want for nothing?", \ +- h2b("750c783e6ab0b503eaa86e310a5db738")] ++ h2b("effcdf6ae5eb2fa2d27416d5f184df9c259a7c79")] + + data4=[h2b('aa'*16), h2b('dd'*50), \ +- h2b("0x56be34521d144c88dbb8c733f0e8b3f6")] ++ h2b("d730594d167e35d5956fd8003d0db3d3f46dc7bb")] + + data=[data1, data2, data3, data4] + + def test_simple(self): +- algo = 'md5' ++ algo = 'sha1' + for d in self.data: + h = EVP.HMAC(d[0], algo) + h.update(d[1]) +diff -up M2Crypto-0.20.2/tests/test_rc4.py.fips M2Crypto-0.20.2/tests/test_rc4.py +--- M2Crypto-0.20.2/tests/test_rc4.py.fips 2009-10-07 06:24:39.000000000 +0200 ++++ M2Crypto-0.20.2/tests/test_rc4.py 2010-05-19 07:08:10.754839354 +0200 +@@ -8,12 +8,16 @@ import unittest + from binascii import hexlify + from M2Crypto import RC4 + ++from fips import fips_mode ++ + class RC4TestCase(unittest.TestCase): + + def test_vectors(self): + """ + Test with test vectors from Wikipedia: http://en.wikipedia.org/wiki/Rc4 + """ ++ if fips_mode: ++ return + vectors = (('Key', 'Plaintext', 'BBF316E8D940AF0AD3'), + ('Wiki', 'pedia', '1021BF0420'), + ('Secret', 'Attack at dawn', '45A01F645FC35B383552544B9BF5')) +@@ -26,6 +30,8 @@ class RC4TestCase(unittest.TestCase): + self.assertEqual(rc4.final(), '') + + def test_bad(self): ++ if fips_mode: ++ return + rc4 = RC4.RC4('foo') + self.assertNotEqual(hexlify(rc4.update('bar')).upper(), '45678') + +diff -up M2Crypto-0.20.2/tests/test_rsa.py.fips M2Crypto-0.20.2/tests/test_rsa.py +--- M2Crypto-0.20.2/tests/test_rsa.py.fips 2009-10-07 06:26:42.000000000 +0200 ++++ M2Crypto-0.20.2/tests/test_rsa.py 2010-05-19 07:06:44.039121270 +0200 +@@ -8,6 +8,8 @@ import unittest + import sha, md5, os, sys + from M2Crypto import RSA, BIO, Rand, m2, EVP, X509 + ++from fips import fips_mode ++ + class RSATestCase(unittest.TestCase): + + errkey = 'tests/dsa.priv.pem' +@@ -187,9 +189,10 @@ class RSATestCase(unittest.TestCase): + + else: + import hashlib +- algos = {'sha1': 43, +- 'ripemd160': 43, +- 'md5': 47} ++ algos = {'sha1': 43} ++ if not fips_mode: ++ algos['md5'] = 47 ++ algos['ripemd160'] = 43 + + if m2.OPENSSL_VERSION_NUMBER >= 0x90800F: + algos['sha224'] = 35 +@@ -217,7 +220,7 @@ class RSATestCase(unittest.TestCase): + """ + rsa = RSA.load_key(self.privkey) + message = "This is the message string" +- digest = md5.md5(message).digest() ++ digest = 'a' * 16 + self.assertRaises(ValueError, rsa.sign, + digest, 'bad_digest_method') + +@@ -227,7 +230,7 @@ class RSATestCase(unittest.TestCase): + """ + rsa = RSA.load_key(self.privkey) + message = "This is the message string" +- digest = md5.md5(message).digest() ++ digest = 'a' * 16 + signature = rsa.sign(digest, 'sha1') + self.assertRaises(ValueError, rsa.verify, + digest, signature, 'bad_digest_method') +diff -up M2Crypto-0.20.2/tests/test_smime.py.fips M2Crypto-0.20.2/tests/test_smime.py +--- M2Crypto-0.20.2/tests/test_smime.py.fips 2010-05-19 07:06:44.035105357 +0200 ++++ M2Crypto-0.20.2/tests/test_smime.py 2010-05-19 07:06:44.040120779 +0200 +@@ -219,7 +219,7 @@ class WriteLoadTestCase(unittest.TestCas + buf = BIO.MemoryBuffer() + assert SMIME.load_pkcs7(self.filename).write_der(buf) == 1 + s = buf.read() +- assert len(s) in (1204, 1243), len(s) ++ assert len(s) in (1188, 1204, 1243), len(s) + + def test_load_pkcs7(self): + assert SMIME.load_pkcs7(self.filename).type() == SMIME.PKCS7_SIGNED +diff -up M2Crypto-0.20.2/tests/test_ssl.py.fips M2Crypto-0.20.2/tests/test_ssl.py +--- M2Crypto-0.20.2/tests/test_ssl.py.fips 2010-05-19 07:06:44.019113781 +0200 ++++ M2Crypto-0.20.2/tests/test_ssl.py 2010-05-19 07:06:44.040120779 +0200 +@@ -51,7 +51,7 @@ class VerifyCB: + def __call__(self, ok, store): + return verify_cb_new_function(ok, store) + +-sleepTime = float(os.getenv('M2CRYPTO_TEST_SSL_SLEEP', 0.5)) ++sleepTime = float(os.getenv('M2CRYPTO_TEST_SSL_SLEEP', 1.5)) + + def find_openssl(): + if os.name == 'nt' or sys.platform == 'cygwin': +diff -up M2Crypto-0.20.2/tests/test_x509.py.fips M2Crypto-0.20.2/tests/test_x509.py +--- M2Crypto-0.20.2/tests/test_x509.py.fips 2010-05-19 07:06:44.019113781 +0200 ++++ M2Crypto-0.20.2/tests/test_x509.py 2010-05-19 07:06:44.040120779 +0200 +@@ -394,7 +394,7 @@ class X509TestCase(unittest.TestCase): + return + + def test_load_request_bio(self): +- (req, _) = self.mkreq(512) ++ (req, _) = self.mkreq(1024) + + r1 = X509.load_request_der_string(req.as_der()) + r2 = X509.load_request_string(req.as_der(), X509.FORMAT_DER) diff --git a/SOURCES/m2crypto-0.21.1-AES_crypt.patch b/SOURCES/m2crypto-0.21.1-AES_crypt.patch new file mode 100644 index 0000000..e16382c --- /dev/null +++ b/SOURCES/m2crypto-0.21.1-AES_crypt.patch @@ -0,0 +1,23 @@ +Index: SWIG/_aes.i +=================================================================== +--- SWIG/_aes.i (revision 724) ++++ SWIG/_aes.i (working copy) +@@ -64,6 +64,7 @@ + const void *buf; + Py_ssize_t len; + unsigned char *out; ++ PyObject *res; + + if (PyObject_AsReadBuffer(in, &buf, &len) == -1) + return NULL; +@@ -76,7 +77,9 @@ + AES_encrypt((const unsigned char *)in, out, key); + else + AES_decrypt((const unsigned char *)in, out, key); +- return PyString_FromStringAndSize((char*)out, outlen); ++ res = PyString_FromStringAndSize((char*)out, outlen); ++ PyMem_Free(out); ++ return res; + } + + int AES_type_check(AES_KEY *key) { diff --git a/SOURCES/m2crypto-0.21.1-IPv6.patch b/SOURCES/m2crypto-0.21.1-IPv6.patch new file mode 100644 index 0000000..fe36f3e --- /dev/null +++ b/SOURCES/m2crypto-0.21.1-IPv6.patch @@ -0,0 +1,60 @@ +diff -urN M2Crypto/M2Crypto/httpslib.py M2Crypto-0.21.1/M2Crypto/httpslib.py +--- M2Crypto/M2Crypto/httpslib.py 2011-01-15 20:10:05.000000000 +0100 ++++ M2Crypto-0.21.1/M2Crypto/httpslib.py 2012-03-13 15:04:13.848836581 +0100 +@@ -44,10 +44,33 @@ + HTTPConnection.__init__(self, host, port, strict) + + def connect(self): +- self.sock = SSL.Connection(self.ssl_ctx) +- if self.session: +- self.sock.set_session(self.session) +- self.sock.connect((self.host, self.port)) ++ error = None ++ # We ignore the returned sockaddr because SSL.Connection.connect needs ++ # a host name. ++ for (family, _, _, _, _) in \ ++ socket.getaddrinfo(self.host, self.port, 0, socket.SOCK_STREAM): ++ sock = None ++ try: ++ try: ++ sock = SSL.Connection(self.ssl_ctx, family=family) ++ if self.session is not None: ++ sock.set_session(self.session) ++ sock.connect((self.host, self.port)) ++ ++ self.sock = sock ++ sock = None ++ return ++ except socket.error, e: ++ # Other exception are probably SSL-related, in that case we ++ # abort and the exception is forwarded to the caller. ++ error = e ++ finally: ++ if sock is not None: ++ sock.close() ++ ++ if error is None: ++ raise AssertionError("Empty list returned by getaddrinfo") ++ raise error + + def close(self): + # This kludges around line 545 of httplib.py, +diff -urN M2Crypto/M2Crypto/SSL/Connection.py M2Crypto-0.21.1/M2Crypto/SSL/Connection.py +--- M2Crypto/M2Crypto/SSL/Connection.py 2012-03-13 15:00:25.058411492 +0100 ++++ M2Crypto-0.21.1/M2Crypto/SSL/Connection.py 2012-03-13 15:04:13.849836578 +0100 +@@ -38,13 +38,13 @@ + m2_bio_free = m2.bio_free + m2_ssl_free = m2.ssl_free + +- def __init__(self, ctx, sock=None): ++ def __init__(self, ctx, sock=None, family=socket.AF_INET): + self.ctx = ctx + self.ssl = m2.ssl_new(self.ctx.ctx) + if sock is not None: + self.socket = sock + else: +- self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) ++ self.socket = socket.socket(family, socket.SOCK_STREAM) + self.socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) + self._fileno = self.socket.fileno() + diff --git a/SOURCES/m2crypto-0.21.1-certs.patch b/SOURCES/m2crypto-0.21.1-certs.patch new file mode 100644 index 0000000..be95177 --- /dev/null +++ b/SOURCES/m2crypto-0.21.1-certs.patch @@ -0,0 +1,669 @@ +Index: tests/ca.pem +=================================================================== +--- tests/ca.pem (revision 739) ++++ tests/ca.pem (working copy) +@@ -2,61 +2,56 @@ + Data: + Version: 3 (0x2) + Serial Number: +- d1:b6:bf:af:06:17:8c:bd ++ b4:7e:b2:de:87:00:03:0b + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=California, O=M2Crypto, CN=Heikki Toivonen + Validity +- Not Before: Jul 28 04:30:50 2009 GMT +- Not After : Jul 27 04:30:50 2012 GMT ++ Not Before: Nov 21 15:31:30 2012 GMT ++ Not After : Nov 21 15:31:30 2015 GMT + Subject: C=US, ST=California, O=M2Crypto, CN=Heikki Toivonen + Subject Public Key Info: + Public Key Algorithm: rsaEncryption +- RSA Public Key: (1024 bit) +- Modulus (1024 bit): +- 00:c8:9b:59:18:c2:bf:21:68:dc:d4:62:30:1f:43: +- 29:52:85:8d:36:fc:20:7f:11:1b:c6:f3:e6:c2:7a: +- d0:17:0e:6e:78:43:21:e9:e2:df:9f:31:87:e8:7a: +- 37:88:1f:a4:56:a1:e9:cb:13:7b:1b:c0:28:cf:5a: +- db:a3:e7:50:6c:c6:55:76:e3:61:e8:73:4b:c2:8c: +- ee:1c:29:c1:ee:2d:fd:e2:30:34:69:06:ea:d0:af: +- bd:c5:db:86:70:92:26:0a:33:1b:70:a9:e7:6e:a4: +- 2e:ee:4a:8a:f3:b2:6c:c9:97:28:39:28:28:3f:c5: +- 90:4d:4e:83:0a:0e:cd:98:93 ++ Public-Key: (1024 bit) ++ Modulus: ++ 00:d2:2f:57:58:be:05:6d:45:14:d0:70:90:56:10: ++ 80:f6:e3:e6:8a:ff:1e:0b:58:fa:a1:e6:95:a1:23: ++ 8d:01:c6:48:85:99:ab:f9:1b:e0:9a:15:6a:d1:50: ++ 73:fb:8f:7c:d2:73:4e:4a:c0:88:f9:54:f9:86:d9: ++ 01:86:4e:02:68:bc:d0:1c:8d:d2:2e:ce:7e:54:ac: ++ 45:a5:b7:39:c6:e9:f4:e0:70:2c:57:e6:21:24:f6: ++ 52:f8:fa:0b:b3:63:53:ea:eb:11:ca:ef:90:32:9f: ++ 15:08:6b:2d:0e:3d:61:69:22:f2:0f:dc:08:65:45: ++ 34:a2:29:8e:66:5e:45:95:91 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: +- AD:64:45:74:8F:83:C7:2C:D5:D7:A0:85:91:10:40:9A:9C:96:CF:EE ++ 80:D9:6A:1E:15:FE:8B:61:51:62:60:4D:B3:CC:95:44:78:2D:89:E6 + X509v3 Authority Key Identifier: +- keyid:AD:64:45:74:8F:83:C7:2C:D5:D7:A0:85:91:10:40:9A:9C:96:CF:EE +- DirName:/C=US/ST=California/O=M2Crypto/CN=Heikki Toivonen +- serial:D1:B6:BF:AF:06:17:8C:BD ++ keyid:80:D9:6A:1E:15:FE:8B:61:51:62:60:4D:B3:CC:95:44:78:2D:89:E6 + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha1WithRSAEncryption +- c8:11:af:7d:6d:fb:1c:82:0d:c0:e7:41:f4:b2:a5:b0:69:6d: +- 18:e3:04:aa:49:e6:4a:69:6d:c3:e3:8b:ab:d1:18:ac:72:ef: +- 48:9e:49:c7:57:75:2d:00:1e:08:9f:c3:dc:ca:5f:91:38:0d: +- ac:f8:1f:cc:fc:f7:c2:5b:ce:d7:0c:cf:b2:fe:c9:a9:ce:b8: +- 07:45:17:1c:cf:b3:07:f9:1f:69:6a:94:03:be:62:62:9c:af: +- a2:24:25:2d:1f:63:0a:91:6b:bb:e3:6c:ec:20:de:80:d3:04: +- b4:5e:42:1f:27:bc:1f:79:98:18:ba:fb:8a:34:24:a9:40:1e: +- b9:7b ++ b0:37:88:ab:56:c5:19:e7:1b:d2:d3:c0:00:98:ff:f0:0a:35: ++ 89:ff:a0:a8:14:bd:fc:84:b6:ee:6b:05:92:20:87:58:38:69: ++ b2:16:b8:89:f3:4f:3c:9d:0f:da:b6:ea:35:9f:cf:e9:4f:05: ++ 19:8b:6a:06:68:51:96:1c:0f:60:23:80:19:ff:cd:3e:2b:4b: ++ 0c:1a:ff:bd:f6:0d:6b:11:25:0f:ba:87:2c:46:47:c0:32:e8: ++ 8a:14:4c:30:26:35:2b:58:9c:6b:c6:0e:d1:e3:c8:6a:b0:c0: ++ e0:82:98:77:07:2e:67:ba:0c:e5:a5:04:0d:81:ca:54:92:b5: ++ 27:fa + -----BEGIN CERTIFICATE----- +-MIICzjCCAjegAwIBAgIJANG2v68GF4y9MA0GCSqGSIb3DQEBBQUAME8xCzAJBgNV +-BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQKEwhNMkNyeXB0bzEY +-MBYGA1UEAxMPSGVpa2tpIFRvaXZvbmVuMB4XDTA5MDcyODA0MzA1MFoXDTEyMDcy +-NzA0MzA1MFowTzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAP +-BgNVBAoTCE0yQ3J5cHRvMRgwFgYDVQQDEw9IZWlra2kgVG9pdm9uZW4wgZ8wDQYJ +-KoZIhvcNAQEBBQADgY0AMIGJAoGBAMibWRjCvyFo3NRiMB9DKVKFjTb8IH8RG8bz +-5sJ60BcObnhDIeni358xh+h6N4gfpFah6csTexvAKM9a26PnUGzGVXbjYehzS8KM +-7hwpwe4t/eIwNGkG6tCvvcXbhnCSJgozG3Cp526kLu5KivOybMmXKDkoKD/FkE1O +-gwoOzZiTAgMBAAGjgbEwga4wHQYDVR0OBBYEFK1kRXSPg8cs1deghZEQQJqcls/u +-MH8GA1UdIwR4MHaAFK1kRXSPg8cs1deghZEQQJqcls/uoVOkUTBPMQswCQYDVQQG +-EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEChMITTJDcnlwdG8xGDAW +-BgNVBAMTD0hlaWtraSBUb2l2b25lboIJANG2v68GF4y9MAwGA1UdEwQFMAMBAf8w +-DQYJKoZIhvcNAQEFBQADgYEAyBGvfW37HIINwOdB9LKlsGltGOMEqknmSmltw+OL +-q9EYrHLvSJ5Jx1d1LQAeCJ/D3MpfkTgNrPgfzPz3wlvO1wzPsv7Jqc64B0UXHM+z +-B/kfaWqUA75iYpyvoiQlLR9jCpFru+Ns7CDegNMEtF5CHye8H3mYGLr7ijQkqUAe +-uXs= ++MIICbDCCAdWgAwIBAgIJALR+st6HAAMLMA0GCSqGSIb3DQEBBQUAME8xCzAJBgNV ++BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMREwDwYDVQQKDAhNMkNyeXB0bzEY ++MBYGA1UEAwwPSGVpa2tpIFRvaXZvbmVuMB4XDTEyMTEyMTE1MzEzMFoXDTE1MTEy ++MTE1MzEzMFowTzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExETAP ++BgNVBAoMCE0yQ3J5cHRvMRgwFgYDVQQDDA9IZWlra2kgVG9pdm9uZW4wgZ8wDQYJ ++KoZIhvcNAQEBBQADgY0AMIGJAoGBANIvV1i+BW1FFNBwkFYQgPbj5or/HgtY+qHm ++laEjjQHGSIWZq/kb4JoVatFQc/uPfNJzTkrAiPlU+YbZAYZOAmi80ByN0i7OflSs ++RaW3Ocbp9OBwLFfmIST2Uvj6C7NjU+rrEcrvkDKfFQhrLQ49YWki8g/cCGVFNKIp ++jmZeRZWRAgMBAAGjUDBOMB0GA1UdDgQWBBSA2WoeFf6LYVFiYE2zzJVEeC2J5jAf ++BgNVHSMEGDAWgBSA2WoeFf6LYVFiYE2zzJVEeC2J5jAMBgNVHRMEBTADAQH/MA0G ++CSqGSIb3DQEBBQUAA4GBALA3iKtWxRnnG9LTwACY//AKNYn/oKgUvfyEtu5rBZIg ++h1g4abIWuInzTzydD9q26jWfz+lPBRmLagZoUZYcD2AjgBn/zT4rSwwa/732DWsR ++JQ+6hyxGR8Ay6IoUTDAmNStYnGvGDtHjyGqwwOCCmHcHLme6DOWlBA2BylSStSf6 + -----END CERTIFICATE----- +Index: tests/recipient.pem +=================================================================== +--- tests/recipient.pem (revision 739) ++++ tests/recipient.pem (working copy) +@@ -2,26 +2,26 @@ + Data: + Version: 3 (0x2) + Serial Number: +- d1:b6:bf:af:06:17:8c:c1 ++ b4:7e:b2:de:87:00:03:0f + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=California, O=M2Crypto, CN=Heikki Toivonen + Validity +- Not Before: Jul 28 04:39:19 2009 GMT +- Not After : Jul 26 04:39:19 2019 GMT ++ Not Before: Nov 21 15:39:34 2012 GMT ++ Not After : Jan 8 15:39:34 2023 GMT + Subject: C=US, ST=California, O=M2Crypto, CN=Recipient/emailAddress=recipient@example.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption +- RSA Public Key: (1024 bit) +- Modulus (1024 bit): +- 00:c2:21:a3:4f:64:59:9c:21:39:21:d2:3c:e7:0a: +- 60:72:c8:39:b3:c3:27:4a:6d:56:8f:a0:5d:1b:c6: +- e4:3e:26:61:09:a9:ae:04:83:69:3f:9d:2b:12:7e: +- d4:f7:8e:d0:6e:a9:8c:9b:d1:bf:17:0c:bd:d0:73: +- 99:02:6e:7e:cb:7a:80:2d:cf:b1:29:c0:30:36:3f: +- 68:12:3e:4e:bf:f9:8b:3d:1d:56:af:24:94:ae:d5: +- 59:b4:00:50:0c:c0:2b:59:c3:99:b3:8a:19:f1:86: +- 14:bd:ee:e9:c4:f1:d7:6a:0c:e9:67:8a:94:9a:2d: +- 2d:60:25:22:c6:72:68:c2:0d ++ Public-Key: (1024 bit) ++ Modulus: ++ 00:ac:b6:2e:f0:34:34:7d:d4:e6:63:79:60:53:b9: ++ fe:91:a5:bf:49:ec:99:4c:33:2f:85:96:55:e8:09: ++ dc:18:47:1a:72:49:04:a2:e8:78:73:57:c7:bb:e9: ++ c7:aa:c5:07:84:14:b6:01:1c:e3:8a:fd:f3:19:01: ++ 11:9d:48:bc:24:8a:0f:c6:40:ed:d7:30:b1:92:ab: ++ c2:61:8c:5d:ea:08:c6:c4:d6:a5:22:00:d9:aa:da: ++ 57:5d:cc:2f:1a:35:1b:31:de:dc:c7:3b:83:91:38: ++ d9:07:e1:c7:a7:54:bd:94:95:10:c6:2d:dc:00:e1: ++ 28:99:b5:3b:28:95:aa:4e:d5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: +@@ -29,33 +29,33 @@ + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: +- 11:CB:60:AC:55:85:52:84:C5:C8:20:5A:50:13:D0:89:C7:7A:B7:81 ++ CD:26:EB:42:79:6D:04:7F:95:23:46:1E:03:C9:40:2D:D2:00:AE:71 + X509v3 Authority Key Identifier: +- keyid:AD:64:45:74:8F:83:C7:2C:D5:D7:A0:85:91:10:40:9A:9C:96:CF:EE ++ keyid:80:D9:6A:1E:15:FE:8B:61:51:62:60:4D:B3:CC:95:44:78:2D:89:E6 + + Signature Algorithm: sha1WithRSAEncryption +- 87:56:17:6d:ba:3b:a6:c4:22:af:20:f1:a0:e5:9d:27:c4:50: +- bd:79:eb:d2:84:e5:9a:00:5f:5d:5a:c3:34:58:77:f5:a9:00: +- f9:76:e9:2d:89:b4:3f:9d:e3:cf:15:0c:64:1b:0a:03:db:e4: +- 6f:2b:ff:1c:82:89:1a:0f:7e:83:58:0f:e6:da:af:26:97:49: +- 4a:59:d7:61:3f:4b:ed:1d:5b:51:00:3b:83:96:c7:1e:3d:84: +- f4:91:1f:70:69:12:b9:a7:2c:5b:1b:05:cd:74:90:2b:a0:ba: +- e7:70:cd:6b:7d:ac:be:d7:92:50:e9:f5:c0:42:29:04:ef:8f: +- a1:68 ++ a9:5e:b2:4c:24:15:dd:49:d1:4d:e3:dd:e3:da:6b:23:99:45: ++ 2d:a1:84:f2:9b:6e:48:3c:e9:ce:f8:7f:f3:1f:d3:85:99:94: ++ 7e:19:8c:ca:be:3a:ca:97:b9:de:c8:4f:08:28:fc:7f:24:37: ++ 95:e1:d5:60:97:07:2b:be:62:f4:02:1d:27:8f:9e:0d:36:1a: ++ d5:45:6f:27:c3:34:21:13:1b:28:93:9d:cb:a6:30:0d:8f:4a: ++ 5f:4c:4a:97:7b:fe:ed:ce:18:84:5a:ec:4f:f8:84:2e:cb:72: ++ 28:90:cb:e3:5a:f4:83:16:bd:a8:ef:f0:f5:12:6c:26:3e:af: ++ c7:a8 + -----BEGIN CERTIFICATE----- +-MIICtzCCAiCgAwIBAgIJANG2v68GF4zBMA0GCSqGSIb3DQEBBQUAME8xCzAJBgNV +-BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQKEwhNMkNyeXB0bzEY +-MBYGA1UEAxMPSGVpa2tpIFRvaXZvbmVuMB4XDTA5MDcyODA0MzkxOVoXDTE5MDcy +-NjA0MzkxOVowbzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAP +-BgNVBAoTCE0yQ3J5cHRvMRIwEAYDVQQDEwlSZWNpcGllbnQxJDAiBgkqhkiG9w0B ++MIICtzCCAiCgAwIBAgIJALR+st6HAAMPMA0GCSqGSIb3DQEBBQUAME8xCzAJBgNV ++BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMREwDwYDVQQKDAhNMkNyeXB0bzEY ++MBYGA1UEAwwPSGVpa2tpIFRvaXZvbmVuMB4XDTEyMTEyMTE1MzkzNFoXDTIzMDEw ++ODE1MzkzNFowbzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExETAP ++BgNVBAoMCE0yQ3J5cHRvMRIwEAYDVQQDDAlSZWNpcGllbnQxJDAiBgkqhkiG9w0B + CQEWFXJlY2lwaWVudEBleGFtcGxlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw +-gYkCgYEAwiGjT2RZnCE5IdI85wpgcsg5s8MnSm1Wj6BdG8bkPiZhCamuBINpP50r +-En7U947QbqmMm9G/Fwy90HOZAm5+y3qALc+xKcAwNj9oEj5Ov/mLPR1WrySUrtVZ +-tABQDMArWcOZs4oZ8YYUve7pxPHXagzpZ4qUmi0tYCUixnJowg0CAwEAAaN7MHkw ++gYkCgYEArLYu8DQ0fdTmY3lgU7n+kaW/SeyZTDMvhZZV6AncGEcackkEouh4c1fH ++u+nHqsUHhBS2ARzjiv3zGQERnUi8JIoPxkDt1zCxkqvCYYxd6gjGxNalIgDZqtpX ++XcwvGjUbMd7cxzuDkTjZB+HHp1S9lJUQxi3cAOEombU7KJWqTtUCAwEAAaN7MHkw + CQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2Vy +-dGlmaWNhdGUwHQYDVR0OBBYEFBHLYKxVhVKExcggWlAT0InHereBMB8GA1UdIwQY +-MBaAFK1kRXSPg8cs1deghZEQQJqcls/uMA0GCSqGSIb3DQEBBQUAA4GBAIdWF226 +-O6bEIq8g8aDlnSfEUL1569KE5ZoAX11awzRYd/WpAPl26S2JtD+d488VDGQbCgPb +-5G8r/xyCiRoPfoNYD+baryaXSUpZ12E/S+0dW1EAO4OWxx49hPSRH3BpErmnLFsb +-Bc10kCuguudwzWt9rL7XklDp9cBCKQTvj6Fo ++dGlmaWNhdGUwHQYDVR0OBBYEFM0m60J5bQR/lSNGHgPJQC3SAK5xMB8GA1UdIwQY ++MBaAFIDZah4V/othUWJgTbPMlUR4LYnmMA0GCSqGSIb3DQEBBQUAA4GBAKleskwk ++Fd1J0U3j3ePaayOZRS2hhPKbbkg86c74f/Mf04WZlH4ZjMq+OsqXud7ITwgo/H8k ++N5Xh1WCXByu+YvQCHSePng02GtVFbyfDNCETGyiTncumMA2PSl9MSpd7/u3OGIRa ++7E/4hC7LciiQy+Na9IMWvajv8PUSbCY+r8eo + -----END CERTIFICATE----- +Index: tests/recipient_key.pem +=================================================================== +--- tests/recipient_key.pem (revision 739) ++++ tests/recipient_key.pem (working copy) +@@ -1,15 +1,15 @@ + -----BEGIN RSA PRIVATE KEY----- +-MIICXAIBAAKBgQDCIaNPZFmcITkh0jznCmByyDmzwydKbVaPoF0bxuQ+JmEJqa4E +-g2k/nSsSftT3jtBuqYyb0b8XDL3Qc5kCbn7LeoAtz7EpwDA2P2gSPk6/+Ys9HVav +-JJSu1Vm0AFAMwCtZw5mzihnxhhS97unE8ddqDOlnipSaLS1gJSLGcmjCDQIDAQAB +-AoGAZlrJ+kAUpyc1Mkng5ogoFhzPn6ITg0Bm1U9eCBkzmjkuDKQ0JhkLUwkQ/q10 +-qBnad55ZjoZmVEbZhaCNWiTcIIy0nKAMWNKRcg3vTgrnbmbjco1HECDStfJKogZl +-7egoIImHnU1f/IeKQDUYUfs/INonmnnZ1d2jrU7QsdTz84ECQQDzhT0UwP8S1oma +-0IBgeUOt5ptZs7nFdZnbIKCd+ADra6NiQznokCHe5K0WZHqPKvN9asKx1u0h+97H +-Wmk6Fw7RAkEAzBR1+mTRSrlJT8/NTCsIDPtCK/+OhmGbNy1pfsOWq1lN58Za5HV7 +-fmtaH2No+MP+DlfNigsg557GzAYl2ZumfQJAHQj33W+dehuGUKUniVksDqH+R9W8 +-AqUg8RWU0QDu6yLsWhz13JrCzxao5JCaZFOUsJF4IUglAfZL+6z1+u0g4QJAH5aL +-LFaujoJfdpsTi9adSGUbuPO1e9dfzwqYaaaci6knBdkN+I62rrqvGGyqstajXFT6 +-24MddLx+yNWqxiPxgQJBAKF8YiR4eLqLSnq4ftqCqVCC1XbA2H9b7G5RBWi00WFq +-3Nx+B/wjLzbqsMamTCIDUCEW+MzFx6otCxduDZRMKH8= ++MIICWwIBAAKBgQCsti7wNDR91OZjeWBTuf6Rpb9J7JlMMy+FllXoCdwYRxpySQSi ++6HhzV8e76ceqxQeEFLYBHOOK/fMZARGdSLwkig/GQO3XMLGSq8JhjF3qCMbE1qUi ++ANmq2lddzC8aNRsx3tzHO4ORONkH4cenVL2UlRDGLdwA4SiZtTsolapO1QIDAQAB ++AoGAXMxCqiOStK2I4Jfdzv7XrlA9WK38rDmwZfmhzNxHWvARYKilChcYaPkYQ3pY ++IwRchnZOWIi6JftO+/dcDIOBOsqlIRPcy7T1rMrNoouNy5IglzL5nAUfkGiPzm7Q ++xW5/jl7t5OA2YO8ID4jDvFjZ8Lo+mwQRD0Pd8eXyZZ/E1Z0CQQDarp9wz2HBnBQJ ++FY8yASX6CcLN6brrateC/gy+E8Sy82t4TOwWpLC3d8LEgYD7AZtu41VB50mUCg5e ++EbrGkZrjAkEAyi9J1TOf/LzrFEYOnskYiTkKLgHG1uJuDdcF4NtGn+tEc85X7R9A ++jAQdZGFeN26fgDqmHJlm4W0473H8sXQE5wJAJpK2vQdXjvcg8ZlD8OYS9M/T9M5N ++kkj+SrTVOpHyGD6nrkijPDtAkJwnVtIhFiVqbVzcJQvPBrXfYuhtsajtUQJAHS50 ++FpyL49uUhmmSJKLbsrqT2I4TF+K4hbDaPVkIuX4odBp9IFFZbJwPbfSLt650wPo2 ++DXyql7C+/fhSw33+UwJAea5E2ZMIXMwPwVH/oOaeiUqwEcJ0hQ97Y3DkiI9USPBz ++U3W9Nu/6eTEuFmadfPpT6SlwAbOTjEICpuOP3oPShg== + -----END RSA PRIVATE KEY----- +Index: tests/server.pem +=================================================================== +--- tests/server.pem (revision 739) ++++ tests/server.pem (working copy) +@@ -2,26 +2,26 @@ + Data: + Version: 3 (0x2) + Serial Number: +- d1:b6:bf:af:06:17:8c:be ++ b4:7e:b2:de:87:00:03:0c + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=California, O=M2Crypto, CN=Heikki Toivonen + Validity +- Not Before: Jul 28 04:31:41 2009 GMT +- Not After : Jul 26 04:31:41 2019 GMT ++ Not Before: Nov 21 15:33:54 2012 GMT ++ Not After : Jan 8 15:33:54 2023 GMT + Subject: C=US, ST=California, O=M2Crypto, CN=localhost + Subject Public Key Info: + Public Key Algorithm: rsaEncryption +- RSA Public Key: (1024 bit) +- Modulus (1024 bit): +- 00:d4:99:6f:33:3f:e6:ac:0a:34:d8:0e:45:97:f3: +- 2b:6a:50:2a:84:30:0a:52:9c:15:30:9f:05:29:3a: +- 21:f4:c1:c3:01:9e:2f:55:56:4e:35:ac:f1:16:1e: +- 26:8d:b5:26:b7:99:78:92:ea:1c:74:46:ab:41:12: +- ef:cc:53:62:cc:59:5c:9e:c4:86:df:d9:25:35:55: +- 05:4b:16:ff:d9:90:e3:f4:51:b4:b4:fa:c5:98:4b: +- 60:f0:60:7f:14:4e:1e:dd:61:9b:22:a2:9c:21:17: +- 43:a3:cb:07:80:f5:75:59:9c:55:1c:fe:e0:66:d4: +- 70:77:5e:13:06:0c:05:c7:1f ++ Public-Key: (1024 bit) ++ Modulus: ++ 00:dd:9d:eb:7f:82:43:ed:f2:06:1c:1d:b3:fa:e1: ++ 41:8a:4b:bd:b4:1d:82:04:ee:63:b3:22:af:cf:94: ++ 88:36:52:18:3e:01:b6:37:15:59:93:7f:cc:88:5a: ++ 56:ea:02:c1:a2:bd:9f:c2:87:a4:f6:0e:cb:ca:e9: ++ b8:c6:50:3c:87:30:15:7e:e0:4b:1d:b9:5f:8e:4f: ++ 2b:af:64:9b:24:14:01:a7:6a:47:ab:72:f5:26:66: ++ a5:73:33:11:bf:81:28:4f:88:14:76:49:e1:7b:ce: ++ b8:11:fd:3c:ad:83:95:8f:be:30:ec:78:ab:d7:68: ++ b9:70:f5:87:7a:96:f7:35:dd + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: +@@ -29,47 +29,47 @@ + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: +- 04:05:3D:6A:A7:E8:D7:52:BD:2F:C4:52:30:7C:2C:BD:D3:81:46:C6 ++ 14:E4:DE:06:C8:F0:45:E8:3B:FD:48:7A:6C:9C:AC:14:1F:D5:DB:E0 + X509v3 Authority Key Identifier: +- keyid:AD:64:45:74:8F:83:C7:2C:D5:D7:A0:85:91:10:40:9A:9C:96:CF:EE ++ keyid:80:D9:6A:1E:15:FE:8B:61:51:62:60:4D:B3:CC:95:44:78:2D:89:E6 + + Signature Algorithm: sha1WithRSAEncryption +- ac:2b:ad:86:36:96:5c:fb:34:2c:02:ca:d9:5f:a7:8e:b6:58: +- 24:1d:27:b6:8e:81:aa:69:0e:60:26:64:2e:72:a1:ff:d8:ba: +- bb:7e:5d:46:c7:07:2d:a8:c8:4c:df:1e:ba:c8:bc:21:5b:f2: +- b3:01:4c:d6:3b:10:fd:49:70:e6:83:01:f3:24:e2:a9:97:d7: +- c3:9c:5b:2d:d7:64:2b:e5:e2:0e:3e:d9:8c:e6:93:86:39:32: +- 50:43:5f:36:4a:3b:b0:05:e7:65:a3:b3:ef:50:56:7f:7e:dc: +- f0:65:83:ac:42:7e:97:a0:c0:7e:63:c6:c8:c6:35:d3:60:d1: +- 4f:51 ++ 74:b4:9d:87:61:b0:e5:8e:7b:38:11:1b:26:18:ba:f6:03:38: ++ 1b:84:3f:be:95:70:eb:d6:1d:2c:d7:1e:d8:b7:26:62:84:db: ++ cb:f4:40:6b:af:97:0e:76:5f:fb:da:d7:2b:bb:c8:bd:38:a3: ++ 02:c1:f2:60:f4:ec:11:d8:81:54:b6:7a:a4:5b:66:72:40:cb: ++ 72:ff:12:a3:8f:e7:6a:76:73:b3:9f:72:4e:68:40:0c:11:bd: ++ bd:4d:93:2e:33:27:7d:8d:0a:93:c2:71:de:4f:a2:58:0c:8e: ++ f0:ad:d2:28:05:bc:04:72:30:6d:5b:d1:4e:73:48:f1:1d:83: ++ 65:a6 + -----BEGIN CERTIFICATE----- +-MIICkTCCAfqgAwIBAgIJANG2v68GF4y+MA0GCSqGSIb3DQEBBQUAME8xCzAJBgNV +-BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQKEwhNMkNyeXB0bzEY +-MBYGA1UEAxMPSGVpa2tpIFRvaXZvbmVuMB4XDTA5MDcyODA0MzE0MVoXDTE5MDcy +-NjA0MzE0MVowSTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAP +-BgNVBAoTCE0yQ3J5cHRvMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcN +-AQEBBQADgY0AMIGJAoGBANSZbzM/5qwKNNgORZfzK2pQKoQwClKcFTCfBSk6IfTB +-wwGeL1VWTjWs8RYeJo21JreZeJLqHHRGq0ES78xTYsxZXJ7Eht/ZJTVVBUsW/9mQ +-4/RRtLT6xZhLYPBgfxROHt1hmyKinCEXQ6PLB4D1dVmcVRz+4GbUcHdeEwYMBccf ++MIICkTCCAfqgAwIBAgIJALR+st6HAAMMMA0GCSqGSIb3DQEBBQUAME8xCzAJBgNV ++BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMREwDwYDVQQKDAhNMkNyeXB0bzEY ++MBYGA1UEAwwPSGVpa2tpIFRvaXZvbmVuMB4XDTEyMTEyMTE1MzM1NFoXDTIzMDEw ++ODE1MzM1NFowSTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExETAP ++BgNVBAoMCE0yQ3J5cHRvMRIwEAYDVQQDDAlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcN ++AQEBBQADgY0AMIGJAoGBAN2d63+CQ+3yBhwds/rhQYpLvbQdggTuY7Mir8+UiDZS ++GD4BtjcVWZN/zIhaVuoCwaK9n8KHpPYOy8rpuMZQPIcwFX7gSx25X45PK69kmyQU ++AadqR6ty9SZmpXMzEb+BKE+IFHZJ4XvOuBH9PK2DlY++MOx4q9douXD1h3qW9zXd + AgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2Vu +-ZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQEBT1qp+jXUr0vxFIwfCy904FG +-xjAfBgNVHSMEGDAWgBStZEV0j4PHLNXXoIWREECanJbP7jANBgkqhkiG9w0BAQUF +-AAOBgQCsK62GNpZc+zQsAsrZX6eOtlgkHSe2joGqaQ5gJmQucqH/2Lq7fl1Gxwct +-qMhM3x66yLwhW/KzAUzWOxD9SXDmgwHzJOKpl9fDnFst12Qr5eIOPtmM5pOGOTJQ +-Q182SjuwBedlo7PvUFZ/ftzwZYOsQn6XoMB+Y8bIxjXTYNFPUQ== ++ZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQU5N4GyPBF6Dv9SHpsnKwUH9Xb ++4DAfBgNVHSMEGDAWgBSA2WoeFf6LYVFiYE2zzJVEeC2J5jANBgkqhkiG9w0BAQUF ++AAOBgQB0tJ2HYbDljns4ERsmGLr2AzgbhD++lXDr1h0s1x7YtyZihNvL9EBrr5cO ++dl/72tcru8i9OKMCwfJg9OwR2IFUtnqkW2ZyQMty/xKjj+dqdnOzn3JOaEAMEb29 ++TZMuMyd9jQqTwnHeT6JYDI7wrdIoBbwEcjBtW9FOc0jxHYNlpg== + -----END CERTIFICATE----- + -----BEGIN RSA PRIVATE KEY----- +-MIICXgIBAAKBgQDUmW8zP+asCjTYDkWX8ytqUCqEMApSnBUwnwUpOiH0wcMBni9V +-Vk41rPEWHiaNtSa3mXiS6hx0RqtBEu/MU2LMWVyexIbf2SU1VQVLFv/ZkOP0UbS0 +-+sWYS2DwYH8UTh7dYZsiopwhF0OjyweA9XVZnFUc/uBm1HB3XhMGDAXHHwIDAQAB +-AoGBALBHrSm8kYMTT2/anZ/5tIUJhcdnohePbg6LvJbLqf4tb4l25V6IGn9tL9Yc +-F/GmRD02VwDSd9d+BWAG2Kj+d0rfdCLfKY9O8PVVm0DF6grLZ7ugItYqUHRDYOdV +-MOVOQrx+mCIzHtoEtQ6HLqmqt2rIX731L1TA7OLNm3XHyISJAkEA/mgNNNg0e23G +-64z83yxxwPEnBrnKd1+xjH9QJ0Z9SJJuF4sNXRIFA4YUNvv2MNe3gMS4Hg9w78HL +-PwcEzLnO9QJBANXuWAZGV58CdkM2w7H9+ukxMbQeLSnmgjpdddo31qqbfgFAYZMK +-LppRqyosj+a2qQ6vua0ndstTImSi7KPmCUMCQQDbwr5Fu836ISYIK830aswIw0fX +-A37mB3+zwfZXNwjaO8NmCvQMRZiXJqcnqBdOsckOLuBs9yGzuk/7rfBzeL5RAkA2 +-uBcly7o/vsZ3HLvjfB5ApUecVZehvwcSXLN3VI8A5nLNaSVMEe+nozoPuIQ6NAB7 +-9DCe/JgjG6mRaibzKTS3AkEAjTl5MTKkYR78+2u3NRU/ypa1iKCicSvI/Ryw7p/z +-Q8XmVA0CmNRvltf9gA1gJ04ZijBPtl+s09uppaCw9L3vuA== ++MIICXAIBAAKBgQDdnet/gkPt8gYcHbP64UGKS720HYIE7mOzIq/PlIg2Uhg+AbY3 ++FVmTf8yIWlbqAsGivZ/Ch6T2DsvK6bjGUDyHMBV+4EsduV+OTyuvZJskFAGnaker ++cvUmZqVzMxG/gShPiBR2SeF7zrgR/Tytg5WPvjDseKvXaLlw9Yd6lvc13QIDAQAB ++AoGAIZzWHxzO2MQgkRsgNSj9G9CpESx4j+7oSD82kzFgB30kGCOCU5B1aZ20k+m/ ++zPZmEBzaolKYfol392rDj7CTvVT5VQh5QzkVeU28iLOBVqUJ1fwh5gBvIy5iEXzo ++O58M8y2IDyJ2W84UUtIav8LD3xGKDxD7k14FW5TIwXfCE4ECQQD8gAI7RHfViv0M ++9qSsZ7MapR4wwJKolapfHJda8hM+uEaSanJ/2RwAe5mfn92VUubmAG+Xcoe9HR9x ++dJQ5hAllAkEA4LBSq3T8+5wNUBE7V9OUP4Eh8ytbEviurNizfM4sBTrsXBVyDoBU +++ji9BCcDtbaB+GewnpsrXeqSJ/eKxMnvGQJALInH2vxwxtIFYMwAsAh6pzCI6sCN ++Hf+IVc6NRBV/H4kRqbHtEHATaGJk7qscQsKkx9070dL57nm8mh6eJqcLoQJBALM0 ++LltNrVBIQF3xwHDl8UFNDvTRSYwyB68YDt+l2Ho7arRu7k8ej6gahLbBHzZY4ARt ++PvLhM49uPS/fQTB/FlECQHaIJA/MFMtpFpv2h0Vsq5Rq0kayzFy/1Cf7k+E9wVUg ++gqcUvnEaT990We8Ffri/HlBtIuiuC7lVtv7zKu//VHU= + -----END RSA PRIVATE KEY----- +Index: tests/signer.pem +=================================================================== +--- tests/signer.pem (revision 739) ++++ tests/signer.pem (working copy) +@@ -2,26 +2,26 @@ + Data: + Version: 3 (0x2) + Serial Number: +- d1:b6:bf:af:06:17:8c:c0 ++ b4:7e:b2:de:87:00:03:0e + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=California, O=M2Crypto, CN=Heikki Toivonen + Validity +- Not Before: Jul 28 04:37:25 2009 GMT +- Not After : Jul 26 04:37:25 2019 GMT ++ Not Before: Nov 21 15:37:55 2012 GMT ++ Not After : Jan 8 15:37:55 2023 GMT + Subject: C=US, ST=California, O=M2Crypto, CN=Signer/emailAddress=signer@example.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption +- RSA Public Key: (1024 bit) +- Modulus (1024 bit): +- 00:c3:9c:76:f3:21:aa:10:19:9f:77:e3:82:1d:9d: +- c3:4a:da:bc:c3:83:71:d1:89:78:8b:82:a4:b9:c5: +- 70:bb:e3:00:bf:49:b8:99:96:67:0b:bf:fe:72:cb: +- d9:b6:63:85:f4:fb:86:55:32:22:1e:6e:ce:fd:88: +- 5c:75:9d:77:3c:92:17:c5:b2:70:04:59:02:33:ef: +- be:33:26:f1:e4:72:41:45:72:f1:bf:c4:21:b1:fe: +- de:92:b9:f3:25:3e:1a:15:4b:26:47:29:cc:38:7f: +- 58:3b:ae:b7:c5:69:e7:48:81:b6:55:61:45:c3:3f: +- b6:9d:06:e5:17:41:f6:f2:e9 ++ Public-Key: (1024 bit) ++ Modulus: ++ 00:a1:f3:c0:4b:84:03:54:c4:db:dd:95:75:4b:d2: ++ e3:4b:63:5e:fb:e9:68:32:3a:79:3a:5b:3c:f1:ae: ++ 3c:65:11:a1:a2:86:d9:45:20:c1:a8:3c:e9:64:c6: ++ 5c:9a:58:ee:ae:d3:4e:af:07:95:80:5f:4c:fe:64: ++ bd:65:ae:2c:91:fc:fa:bf:dc:aa:5f:da:36:4c:0a: ++ 77:61:e6:a4:f6:a3:54:92:bf:39:12:84:44:d9:ab: ++ 12:da:78:43:20:b6:50:6c:9d:87:3a:27:86:95:14: ++ a7:9c:f2:d8:36:29:fb:1e:24:64:61:13:48:b5:de: ++ 17:61:49:6c:2a:61:da:03:b1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: +@@ -29,33 +29,33 @@ + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: +- 22:CA:29:B7:D7:39:B4:BF:35:F9:36:5E:EE:2B:E4:17:4E:F9:6E:EE ++ 07:7D:13:C0:AF:F5:E4:63:CD:7C:64:68:FF:D2:67:FC:27:46:DC:04 + X509v3 Authority Key Identifier: +- keyid:AD:64:45:74:8F:83:C7:2C:D5:D7:A0:85:91:10:40:9A:9C:96:CF:EE ++ keyid:80:D9:6A:1E:15:FE:8B:61:51:62:60:4D:B3:CC:95:44:78:2D:89:E6 + + Signature Algorithm: sha1WithRSAEncryption +- 5f:a0:da:6b:37:b4:bb:25:34:a7:ed:f3:f7:2e:f2:85:aa:91: +- 01:8f:c3:80:e5:44:87:df:9e:64:5e:5f:3e:5c:7f:c1:07:12: +- 2a:46:cc:bb:9f:a4:a5:c8:3f:84:9a:a4:9e:d5:26:33:af:b4: +- 5f:eb:8e:7d:81:65:f6:44:18:78:89:17:74:fb:07:dc:04:65: +- fa:15:0c:b2:f3:e7:e7:af:1f:d9:02:c4:c4:44:b7:95:91:47: +- fe:c0:2a:e1:7a:ae:dd:5f:f8:a9:fa:bb:dd:89:2d:0b:05:b6: +- ce:ba:12:37:7f:97:4c:48:a9:fb:d4:b7:a5:d1:61:f6:85:ea: +- 30:8c ++ 00:64:bc:be:4b:42:72:54:ca:7e:02:28:87:90:07:c8:cb:ad: ++ ac:18:fa:89:bb:1e:a8:20:c1:1a:39:d2:e3:ba:b6:d9:1c:b6: ++ bf:bb:c7:dc:46:3b:99:ac:81:13:99:f7:88:9f:b2:ae:19:ff: ++ d7:37:c2:83:aa:ca:c8:d2:03:1f:ce:00:b8:86:2a:b0:2d:80: ++ e8:83:c0:83:34:8a:dd:9f:75:c5:df:61:ff:cc:c1:8b:ab:e0: ++ e1:13:02:ff:63:4b:1d:58:0b:5d:3a:a4:e9:a3:b5:3a:19:2f: ++ dc:a4:c2:4a:b4:46:5e:0c:fa:59:4e:c5:31:5f:a2:18:aa:c8: ++ a4:92 + -----BEGIN CERTIFICATE----- +-MIICsTCCAhqgAwIBAgIJANG2v68GF4zAMA0GCSqGSIb3DQEBBQUAME8xCzAJBgNV +-BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQKEwhNMkNyeXB0bzEY +-MBYGA1UEAxMPSGVpa2tpIFRvaXZvbmVuMB4XDTA5MDcyODA0MzcyNVoXDTE5MDcy +-NjA0MzcyNVowaTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAP +-BgNVBAoTCE0yQ3J5cHRvMQ8wDQYDVQQDEwZTaWduZXIxITAfBgkqhkiG9w0BCQEW ++MIICsTCCAhqgAwIBAgIJALR+st6HAAMOMA0GCSqGSIb3DQEBBQUAME8xCzAJBgNV ++BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMREwDwYDVQQKDAhNMkNyeXB0bzEY ++MBYGA1UEAwwPSGVpa2tpIFRvaXZvbmVuMB4XDTEyMTEyMTE1Mzc1NVoXDTIzMDEw ++ODE1Mzc1NVowaTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExETAP ++BgNVBAoMCE0yQ3J5cHRvMQ8wDQYDVQQDDAZTaWduZXIxITAfBgkqhkiG9w0BCQEW + EnNpZ25lckBleGFtcGxlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA +-w5x28yGqEBmfd+OCHZ3DStq8w4Nx0Yl4i4KkucVwu+MAv0m4mZZnC7/+csvZtmOF +-9PuGVTIiHm7O/YhcdZ13PJIXxbJwBFkCM+++Mybx5HJBRXLxv8Qhsf7ekrnzJT4a +-FUsmRynMOH9YO663xWnnSIG2VWFFwz+2nQblF0H28ukCAwEAAaN7MHkwCQYDVR0T ++ofPAS4QDVMTb3ZV1S9LjS2Ne++loMjp5Ols88a48ZRGhoobZRSDBqDzpZMZcmlju ++rtNOrweVgF9M/mS9Za4skfz6v9yqX9o2TAp3Yeak9qNUkr85EoRE2asS2nhDILZQ ++bJ2HOieGlRSnnPLYNin7HiRkYRNItd4XYUlsKmHaA7ECAwEAAaN7MHkwCQYDVR0T + BAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNh +-dGUwHQYDVR0OBBYEFCLKKbfXObS/Nfk2Xu4r5BdO+W7uMB8GA1UdIwQYMBaAFK1k +-RXSPg8cs1deghZEQQJqcls/uMA0GCSqGSIb3DQEBBQUAA4GBAF+g2ms3tLslNKft +-8/cu8oWqkQGPw4DlRIffnmReXz5cf8EHEipGzLufpKXIP4SapJ7VJjOvtF/rjn2B +-ZfZEGHiJF3T7B9wEZfoVDLLz5+evH9kCxMREt5WRR/7AKuF6rt1f+Kn6u92JLQsF +-ts66Ejd/l0xIqfvUt6XRYfaF6jCM ++dGUwHQYDVR0OBBYEFAd9E8Cv9eRjzXxkaP/SZ/wnRtwEMB8GA1UdIwQYMBaAFIDZ ++ah4V/othUWJgTbPMlUR4LYnmMA0GCSqGSIb3DQEBBQUAA4GBAABkvL5LQnJUyn4C ++KIeQB8jLrawY+om7HqggwRo50uO6ttkctr+7x9xGO5msgROZ94ifsq4Z/9c3woOq ++ysjSAx/OALiGKrAtgOiDwIM0it2fdcXfYf/MwYur4OETAv9jSx1YC106pOmjtToZ ++L9ykwkq0Rl4M+llOxTFfohiqyKSS + -----END CERTIFICATE----- +Index: tests/signer_key.pem +=================================================================== +--- tests/signer_key.pem (revision 739) ++++ tests/signer_key.pem (working copy) +@@ -1,15 +1,15 @@ + -----BEGIN RSA PRIVATE KEY----- +-MIICXAIBAAKBgQDDnHbzIaoQGZ9344IdncNK2rzDg3HRiXiLgqS5xXC74wC/SbiZ +-lmcLv/5yy9m2Y4X0+4ZVMiIebs79iFx1nXc8khfFsnAEWQIz774zJvHkckFFcvG/ +-xCGx/t6SufMlPhoVSyZHKcw4f1g7rrfFaedIgbZVYUXDP7adBuUXQfby6QIDAQAB +-AoGAZL24JQ85XoFTt5Lb+BS/91Uf0jFn9Nov0um9nE8q+Bi40ctN3wuulkaS7Nw/ +-i8dFvh2r2USwfavjvn7z3z7xoMG8V2c1ZFJCI2CKjocuWVkGwNnIsbO7/BOG03nu +-vir/i7TXN0YbN8zMhfuFC9APmR8bdmMa2KgHXzQcLuAmI4ECQQDhDIkC97l6rMKG +-QWbYrbc7GoMZNwCsPb/fasUknGmtPmq+s818i335u1yyhAk5pwKV7HF+WyZ76S2A +-P1bZf9+FAkEA3oN98qoklVmWSK0qV+CKHjZHSqtt32q2eu6+eAO5fVZOWHwXhS/B +-MkTtfKJbIDTLyUnwhKyht/hXOniVqHE5FQJAf99VgoArvc6oAQzsWTXrpQOddhhQ +-o426lkHenrzZNvz+PjmACsJf5CRXuX9Ylo+U4ockvb0hEssddX+H47HK2QJBAIYr +-aV1SJH79pvWpnLeiSAYRmok2tyiZMvELVkQNkuI1kUYfhRslAWxrTXvyddoEm8CC +-2glWAqlokEhMf4kyxEUCQCIQbV+XFoEqkECchik34PPmcPi2ends32dv/sW+AKjQ +-pxKpWbxVB4sEOPZzpmujP0LLxvCY4HOUJDlhENGQ8MM= ++MIICXAIBAAKBgQCh88BLhANUxNvdlXVL0uNLY1776WgyOnk6WzzxrjxlEaGihtlF ++IMGoPOlkxlyaWO6u006vB5WAX0z+ZL1lriyR/Pq/3Kpf2jZMCndh5qT2o1SSvzkS ++hETZqxLaeEMgtlBsnYc6J4aVFKec8tg2KfseJGRhE0i13hdhSWwqYdoDsQIDAQAB ++AoGAOAsY1UkWugPxrellkNqmq1T07qnj09XmU6p1GZFY9wS18X9GuqROP8DsZ2I5 ++c3QpDLi09t7h/m18QGBuJjyy0Tk3iFsLZ1+F1nNCFOZTeRybWA2MS91P9bpYri63 ++tarTxHaDe/RsMsaXe2HBp2rjw/jxT3y5DYwwWPQWjEIgf/0CQQDT7yeEtdj5LN1O ++NW9Coj3MzAodjyz5Jz1bCRGvhXpnralaM8Oyl1Dix99wGM64VuHvE5Lg0gY1ySg2 ++YJeYfuo/AkEAw6AmUTUrG8+axMkKX+rXz7LvaOR6Ad39uXO3S2lhbACQAy1Tn4W+ ++gJ2x0zJY+lY8oRQpXqZi1wzdLI/JGL82DwJAQvZmcx0N8DUHu6VQgSpIAoRZkdti ++J1sJnNDxwJaZBVcukiyW4b/Ds9PZOk7sSfxRqLtzhgt2INptFTlRzMIU+wJBALYc ++1s7uoi0HvVrIlUHpy/Js73dEi1hForgMQ2yOs8TpWSe8AIcW6Nuu8iZcTnzt3w9N ++R533Yzgzn4qmaF0DVH0CQGHvjKMwb63YsnyjiUHtjG/zlN7FZWAIr3wEPNoMl2dd ++s33jU+euC2oKygr1tSUf1lSM+yLCvDTetzg+1uBNfmg= + -----END RSA PRIVATE KEY----- +Index: tests/test_ssl_offline.py +=================================================================== +--- tests/test_ssl_offline.py (revision 739) ++++ tests/test_ssl_offline.py (working copy) +@@ -16,7 +16,7 @@ + def test_checker(self): + + check = Checker.Checker(host=srv_host, +- peerCertHash='7B754EFA41A264AAD370D43460BC8229F9354ECE') ++ peerCertHash='6D5C51BF6C90686A87E015A07731B252B7638D93') + x509 = X509.load_cert('tests/server.pem') + assert check(x509, srv_host) + self.assertRaises(Checker.WrongHost, check, x509, 'example.com') +Index: tests/test_x509.py +=================================================================== +--- tests/test_x509.py (revision 739) ++++ tests/test_x509.py (working copy) +@@ -340,14 +340,14 @@ + def test_fingerprint(self): + x509 = X509.load_cert('tests/x509.pem') + fp = x509.get_fingerprint('sha1') +- expected = '8D2EB9E203B5FFDC7F4FA7DC4103E852A55B808D' ++ expected = 'B2522F9B4F6F2461475D0C6267911537E738494F' + assert fp == expected, '%s != %s' % (fp, expected) + + def test_load_der_string(self): + f = open('tests/x509.der', 'rb') + x509 = X509.load_cert_der_string(''.join(f.readlines())) + fp = x509.get_fingerprint('sha1') +- expected = '8D2EB9E203B5FFDC7F4FA7DC4103E852A55B808D' ++ expected = 'B2522F9B4F6F2461475D0C6267911537E738494F' + assert fp == expected, '%s != %s' % (fp, expected) + + def test_save_der_string(self): +Index: tests/x509.der +=================================================================== +Cannot display: file marked as a binary type. +svn:mime-type = application/octet-stream +Index: tests/x509.pem +=================================================================== +--- tests/x509.pem (revision 739) ++++ tests/x509.pem (working copy) +@@ -2,26 +2,26 @@ + Data: + Version: 3 (0x2) + Serial Number: +- d1:b6:bf:af:06:17:8c:bf ++ b4:7e:b2:de:87:00:03:0d + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=California, O=M2Crypto, CN=Heikki Toivonen + Validity +- Not Before: Jul 28 04:34:34 2009 GMT +- Not After : Jul 26 04:34:34 2019 GMT ++ Not Before: Nov 21 15:35:24 2012 GMT ++ Not After : Jan 8 15:35:24 2023 GMT + Subject: C=US, ST=California, O=M2Crypto, CN=X509 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption +- RSA Public Key: (1024 bit) +- Modulus (1024 bit): +- 00:d3:62:55:12:30:b8:dc:84:7c:63:bd:80:1d:19: +- 1a:72:f2:28:f8:59:0b:2a:6b:f2:2a:23:9d:bb:0f: +- 7f:92:5e:dd:27:74:bc:78:0a:27:ab:1c:2e:23:1c: +- 26:77:48:b6:8f:03:ef:57:1c:a0:54:ae:1a:e8:f5: +- 24:a1:46:a1:27:48:55:33:98:fc:db:6a:83:2e:89: +- 3f:e0:f3:91:9d:da:4f:db:74:90:9d:a6:8d:4a:46: +- cb:9f:ba:b8:60:df:ae:ee:22:4b:3f:80:55:f7:1d: +- 89:3c:2b:28:df:46:19:d5:18:ac:e9:07:4e:40:81: +- 75:bc:da:5b:d5:e1:c2:04:15 ++ Public-Key: (1024 bit) ++ Modulus: ++ 00:ba:3b:21:75:3a:4f:78:99:14:56:ae:68:36:6f: ++ 52:f3:01:a4:c4:0c:cc:27:eb:e2:c5:e1:78:19:ba: ++ d4:47:05:35:df:d4:1c:10:8b:70:33:a2:f3:27:31: ++ 9e:1d:b7:2d:f8:ff:01:4a:4b:90:a7:29:4e:79:09: ++ ad:df:3a:85:96:fc:fd:cb:ea:8c:37:b6:e4:b2:67: ++ ec:fd:20:e1:0c:45:98:42:31:80:74:0e:78:fa:58: ++ 09:0d:2e:e5:82:38:8d:30:23:80:12:0c:40:c7:3f: ++ 26:94:e9:5b:43:f1:64:e2:1e:5d:fc:77:92:93:b4: ++ 4f:5f:8d:88:a0:03:b7:5e:a1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: +@@ -29,47 +29,47 @@ + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: +- B1:C4:6F:98:6F:E8:3B:8C:A1:26:11:81:97:9A:12:50:4A:1A:6C:88 ++ E8:C1:6E:60:19:13:82:40:65:B9:67:26:B7:8E:D6:7C:EE:33:8D:72 + X509v3 Authority Key Identifier: +- keyid:AD:64:45:74:8F:83:C7:2C:D5:D7:A0:85:91:10:40:9A:9C:96:CF:EE ++ keyid:80:D9:6A:1E:15:FE:8B:61:51:62:60:4D:B3:CC:95:44:78:2D:89:E6 + + Signature Algorithm: sha1WithRSAEncryption +- 3f:0b:44:bc:d2:da:5f:a9:39:be:08:53:e6:fd:10:ff:d6:f0: +- a3:51:f6:be:03:20:cc:b3:52:cf:0f:7c:3f:56:42:6f:9d:72: +- 9b:09:a5:64:3f:43:29:24:2b:d6:79:94:54:2f:99:e8:ce:fe: +- fd:de:bb:ca:43:28:16:ff:32:ac:3d:c5:56:db:87:23:3c:d4: +- 69:f7:4e:1b:c4:be:c9:d8:27:99:2a:64:be:3a:6b:7e:51:85: +- db:75:35:40:a5:6c:ae:53:c3:09:e7:00:35:17:64:1a:17:71: +- c5:d5:59:e5:8f:fc:96:4a:f9:81:33:23:4c:c1:60:71:93:18: +- 0a:c4 ++ cf:57:f4:f6:7d:be:e0:32:d1:44:ba:15:f7:44:2c:69:df:54: ++ a1:09:28:7f:7f:66:37:db:71:6f:2f:4b:b0:61:f5:96:09:56: ++ 50:e4:14:87:81:70:93:bb:9d:1e:8a:65:06:e8:67:c5:fb:24: ++ b1:17:b5:36:83:cb:53:88:0e:55:5c:91:80:26:56:f2:0b:50: ++ 19:86:6c:3b:1b:37:64:e1:64:2b:18:c3:5b:aa:d3:78:84:75: ++ 4f:59:c4:46:6e:9a:fb:a2:3b:86:79:87:09:a7:a6:e3:c8:91: ++ 5d:ea:2c:76:d4:ff:a3:3e:ad:6c:bd:bb:e2:c1:1d:1e:d3:81: ++ 6c:4a + -----BEGIN CERTIFICATE----- +-MIICjDCCAfWgAwIBAgIJANG2v68GF4y/MA0GCSqGSIb3DQEBBQUAME8xCzAJBgNV +-BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQKEwhNMkNyeXB0bzEY +-MBYGA1UEAxMPSGVpa2tpIFRvaXZvbmVuMB4XDTA5MDcyODA0MzQzNFoXDTE5MDcy +-NjA0MzQzNFowRDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAP +-BgNVBAoTCE0yQ3J5cHRvMQ0wCwYDVQQDEwRYNTA5MIGfMA0GCSqGSIb3DQEBAQUA +-A4GNADCBiQKBgQDTYlUSMLjchHxjvYAdGRpy8ij4WQsqa/IqI527D3+SXt0ndLx4 +-CierHC4jHCZ3SLaPA+9XHKBUrhro9SShRqEnSFUzmPzbaoMuiT/g85Gd2k/bdJCd +-po1KRsufurhg367uIks/gFX3HYk8KyjfRhnVGKzpB05AgXW82lvV4cIEFQIDAQAB ++MIICjDCCAfWgAwIBAgIJALR+st6HAAMNMA0GCSqGSIb3DQEBBQUAME8xCzAJBgNV ++BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMREwDwYDVQQKDAhNMkNyeXB0bzEY ++MBYGA1UEAwwPSGVpa2tpIFRvaXZvbmVuMB4XDTEyMTEyMTE1MzUyNFoXDTIzMDEw ++ODE1MzUyNFowRDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExETAP ++BgNVBAoMCE0yQ3J5cHRvMQ0wCwYDVQQDDARYNTA5MIGfMA0GCSqGSIb3DQEBAQUA ++A4GNADCBiQKBgQC6OyF1Ok94mRRWrmg2b1LzAaTEDMwn6+LF4XgZutRHBTXf1BwQ ++i3AzovMnMZ4dty34/wFKS5CnKU55Ca3fOoWW/P3L6ow3tuSyZ+z9IOEMRZhCMYB0 ++Dnj6WAkNLuWCOI0wI4ASDEDHPyaU6VtD8WTiHl38d5KTtE9fjYigA7deoQIDAQAB + o3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRl +-ZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUscRvmG/oO4yhJhGBl5oSUEoabIgwHwYD +-VR0jBBgwFoAUrWRFdI+DxyzV16CFkRBAmpyWz+4wDQYJKoZIhvcNAQEFBQADgYEA +-PwtEvNLaX6k5vghT5v0Q/9bwo1H2vgMgzLNSzw98P1ZCb51ymwmlZD9DKSQr1nmU +-VC+Z6M7+/d67ykMoFv8yrD3FVtuHIzzUafdOG8S+ydgnmSpkvjprflGF23U1QKVs +-rlPDCecANRdkGhdxxdVZ5Y/8lkr5gTMjTMFgcZMYCsQ= ++ZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU6MFuYBkTgkBluWcmt47WfO4zjXIwHwYD ++VR0jBBgwFoAUgNlqHhX+i2FRYmBNs8yVRHgtieYwDQYJKoZIhvcNAQEFBQADgYEA ++z1f09n2+4DLRRLoV90Qsad9UoQkof39mN9txby9LsGH1lglWUOQUh4Fwk7udHopl ++BuhnxfsksRe1NoPLU4gOVVyRgCZW8gtQGYZsOxs3ZOFkKxjDW6rTeIR1T1nERm6a +++6I7hnmHCaem48iRXeosdtT/oz6tbL274sEdHtOBbEo= + -----END CERTIFICATE----- + -----BEGIN RSA PRIVATE KEY----- +-MIICXQIBAAKBgQDTYlUSMLjchHxjvYAdGRpy8ij4WQsqa/IqI527D3+SXt0ndLx4 +-CierHC4jHCZ3SLaPA+9XHKBUrhro9SShRqEnSFUzmPzbaoMuiT/g85Gd2k/bdJCd +-po1KRsufurhg367uIks/gFX3HYk8KyjfRhnVGKzpB05AgXW82lvV4cIEFQIDAQAB +-AoGATPipcY48QlAb21XNqMrTTrfPI1+JKVFVRPLjJJJoKaxRa2SenDdWaoBAbJh7 +-iUP49erA5D+QQkWDlwBs7i0B0NqSkZAUVTfzRjGackTNJUQ+smfeqRLMH+Oru6DS +-VFbb818nJOJKqMMhMz8SrPrrbg+qiHlJ3JUQnNzTYohOMAECQQDvTJBSSit34ZBO +-ABj4vWYucCnOygcpICQnIsG97sZmF8tuF55tA5e+0v9R7BPuyAjrQnKJqDj3r/AY +-AxhgngGVAkEA4iMGoHzoSQvh+gT0A2rPCtVo+URNswIEZhQmMuA0VjrFCphWkZE+ +-3jgDsJTNQUJs4mczQMcBzL34Nh1cJThYgQJARMMrdXn6o6gdX0yH4HIMOqvgV5uW +-Eys5OEW0hm9mc0/DFQ+UZp7xq9PVqiS8VZEFfxTI9OVx+TqFM2EwUBMXQQJBAIge +-n0mRhl0Z6v+NZbh83X3e8h5BUCf1ieJMNKYhMT/KhnsXMdzTui0XOJldKKQksNgj +-WMWgROQSYctpJuM8pIECQQCNN27XVHs4YAQ6GvBkrHsK5w6LZkm6UaJgbCqDqyeS +-eqfPp9VRurZ/FhK1mPbgNN67U4Ik1nwjR0o8wD4mreIj ++MIICXgIBAAKBgQC6OyF1Ok94mRRWrmg2b1LzAaTEDMwn6+LF4XgZutRHBTXf1BwQ ++i3AzovMnMZ4dty34/wFKS5CnKU55Ca3fOoWW/P3L6ow3tuSyZ+z9IOEMRZhCMYB0 ++Dnj6WAkNLuWCOI0wI4ASDEDHPyaU6VtD8WTiHl38d5KTtE9fjYigA7deoQIDAQAB ++AoGBALdK8ZBGtuc0i28RM2K4SQUCDiAjlGCKa2Vll+aDGuFXwIGva3vhMaqw6+8c ++h8ope6cBnUx5eUL9hc3dd/Moz0dxM34p2zu/fZbiFD2yrKlkVSXHv6YobYhUagod ++htPwb+tQOrQqYpHZ/zPeVkAa/EfmM88RD603nlFHbCz5PpFBAkEA5HWMYUaXD+1M ++kX3YjXy3ESmKr3zPdbQkw6tDiQ6ijl1jUX+b4BKGSgINFYsmXlaFYM/GeJWJ0z64 ++BiPkSnhueQJBANCuYg0ykia6miTUWzXv3i8r8voVt593KmrAf23JwUM+jZnAd4yl ++xwSHkJSX5Ualp1cYDfKD9wzKj8vjq4mCx2kCQQCYlJFvHnAhqQDsYrpQtKynf7Eq ++RxdfqzKqpCV00htrLZ/5fFqkqnqZzwjiDI9RjkOCRwJs4qKsPUU2hJ4hxpExAkEA ++llzwfb3wnUNbiioRRr39hFPQke5QDvEYeS8XIo57WO6brSuHeKqCynq77LW+GLeH ++6jOE6Te5LVhPYIQ9t6mp8QJAKPE2g1wc0kmlzaOkNrlj67PPcRKqRVqL1RWIaSz9 ++Dh3KWyvOnOQAKbShI9EbXqdINKM7JxJAhSL4LPBd3ejxSA== + -----END RSA PRIVATE KEY----- diff --git a/SOURCES/m2crypto-0.21.1-gcc_macros.patch b/SOURCES/m2crypto-0.21.1-gcc_macros.patch new file mode 100644 index 0000000..61dbbe6 --- /dev/null +++ b/SOURCES/m2crypto-0.21.1-gcc_macros.patch @@ -0,0 +1,11 @@ +diff -urN M2Crypto/SWIG/_m2crypto.i M2Crypto-0.21.1/SWIG/_m2crypto.i +--- M2Crypto/SWIG/_m2crypto.i 2011-01-15 20:10:06.000000000 +0100 ++++ M2Crypto-0.21.1/SWIG/_m2crypto.i 2011-01-18 15:37:33.948994579 +0100 +@@ -7,6 +7,7 @@ + * Copyright (c) 2009-2010 Heikki Toivonen. All rights reserved. + * + */ ++%import "gcc_macros.h" + + %module(threads=1) _m2crypto + /* We really don't need threadblock (PyGILState_Ensure() etc.) anywhere. diff --git a/SOURCES/m2crypto-0.21.1-https-proxy.patch b/SOURCES/m2crypto-0.21.1-https-proxy.patch new file mode 100644 index 0000000..21b7b94 --- /dev/null +++ b/SOURCES/m2crypto-0.21.1-https-proxy.patch @@ -0,0 +1,43 @@ +diff -urN M2Crypto/M2Crypto/httpslib.py M2Crypto-0.21.1/M2Crypto/httpslib.py +--- M2Crypto/M2Crypto/httpslib.py 2012-03-15 03:27:22.181524406 +0100 ++++ M2Crypto-0.21.1/M2Crypto/httpslib.py 2012-03-15 03:27:40.467485033 +0100 +@@ -182,14 +182,14 @@ + else: + HTTPSConnection.putheader(self, header, value) + +- def endheaders(self): ++ def endheaders(self, *args, **kwargs): + # We've recieved all of hte headers. Use the supplied username + # and password for authorization, possibly overriding the authstring + # supplied in the headers. + if not self._proxy_auth: + self._proxy_auth = self._encode_auth() + +- HTTPSConnection.endheaders(self) ++ HTTPSConnection.endheaders(self, *args, **kwargs) + + def connect(self): + HTTPConnection.connect(self) +diff -urN M2Crypto/M2Crypto/m2urllib2.py M2Crypto-0.21.1/M2Crypto/m2urllib2.py +--- M2Crypto/M2Crypto/m2urllib2.py 2011-01-15 20:10:05.000000000 +0100 ++++ M2Crypto-0.21.1/M2Crypto/m2urllib2.py 2012-03-15 03:27:40.467485033 +0100 +@@ -64,8 +64,10 @@ + target_host = urlparse.urlparse(full_url)[1] + + if (target_host != host): ++ request_uri = urlparse.urldefrag(full_url)[0] + h = httpslib.ProxyHTTPSConnection(host = host, ssl_context = self.ctx) + else: ++ request_uri = req.get_selector() + h = httpslib.HTTPSConnection(host = host, ssl_context = self.ctx) + # End our change + h.set_debuglevel(self._debuglevel) +@@ -80,7 +82,7 @@ + # request. + headers["Connection"] = "close" + try: +- h.request(req.get_method(), req.get_selector(), req.data, headers) ++ h.request(req.get_method(), request_uri, req.data, headers) + r = h.getresponse() + except socket.error, err: # XXX what error? + raise URLError(err) diff --git a/SOURCES/m2crypto-0.21.1-memoryview.patch b/SOURCES/m2crypto-0.21.1-memoryview.patch new file mode 100644 index 0000000..8fcba7d --- /dev/null +++ b/SOURCES/m2crypto-0.21.1-memoryview.patch @@ -0,0 +1,174 @@ +diff -u M2Crypto/SWIG/_lib.h M2Crypto-0.21.1/SWIG/_lib.h +--- M2Crypto/SWIG/_lib.h 2011-01-19 19:56:37.622364336 +0100 ++++ M2Crypto-0.21.1/SWIG/_lib.h 2011-05-10 20:14:38.593211256 +0200 +@@ -7,6 +7,16 @@ + #define PY_SSIZE_T_MIN INT_MIN + #endif + ++#if PY_VERSION_HEX < 0x02060000 ++struct Py_buffer /* Only a subset */ ++{ ++ void *buf; ++ Py_ssize_t len; ++}; ++ ++#define PyBUF_CONTIG_RO 0 ++#endif /* PY_VERSION_HEX < 0x02060000 */ ++ + typedef struct _blob { + unsigned char *data; + int len; +@@ -20,6 +30,10 @@ + int *buffer_len); + static int m2_PyString_AsStringAndSizeInt(PyObject *obj, char **s, int *len); + ++/* Always use these two together, to correctly handle non-memoryview objects. */ ++static int m2_PyObject_GetBufferInt(PyObject *obj, Py_buffer *view, int flags); ++static void m2_PyBuffer_Release(PyObject *obj, Py_buffer *view); ++ + void gen_callback(int p, int n, void *arg); + int passphrase_callback(char *buf, int num, int v, void *userdata); + +diff -u M2Crypto/SWIG/_lib.i M2Crypto-0.21.1/SWIG/_lib.i +--- M2Crypto/SWIG/_lib.i 2011-01-19 19:49:21.537145465 +0100 ++++ M2Crypto-0.21.1/SWIG/_lib.i 2011-05-10 20:19:10.924328007 +0200 +@@ -47,9 +47,36 @@ + /* Python helpers. */ + + %} ++%ignore PyObject_CheckBuffer; ++%ignore PyObject_GetBuffer; ++%ignore PyBuffer_Release; + %ignore m2_PyObject_AsReadBufferInt; ++%ignore m2_PyObject_GetBufferInt; ++%ignore m2_PyBuffer_Release; + %ignore m2_PyString_AsStringAndSizeInt; + %{ ++ ++#if PY_VERSION_HEX < 0x02060000 ++static int PyObject_CheckBuffer(PyObject *obj) ++{ ++ (void)obj; ++ return 0; ++} ++ ++static int PyObject_GetBuffer(PyObject *obj, Py_buffer *view, int flags) ++{ ++ (void)obj; ++ (void)view; ++ (void)flags; ++ return -1; ++} ++ ++static void PyBuffer_Release(Py_buffer *view) ++{ ++ (void)view; ++} ++#endif /* PY_VERSION_HEX < 0x02060000 */ ++ + static int + m2_PyObject_AsReadBufferInt(PyObject *obj, const void **buffer, + int *buffer_len) +@@ -68,6 +95,37 @@ + return 0; + } + ++static int m2_PyObject_GetBufferInt(PyObject *obj, Py_buffer *view, int flags) ++{ ++ int ret; ++ ++ if (PyObject_CheckBuffer(obj)) ++ ret = PyObject_GetBuffer(obj, view, flags); ++ else { ++ const void *buf; ++ ++ ret = PyObject_AsReadBuffer(obj, &buf, &view->len); ++ if (ret == 0) ++ view->buf = (void *)buf; ++ } ++ if (ret) ++ return ret; ++ if (view->len > INT_MAX) { ++ PyErr_SetString(PyExc_ValueError, "object too large"); ++ m2_PyBuffer_Release(obj, view); ++ return -1; ++ } ++ ++ return 0; ++} ++ ++static void m2_PyBuffer_Release(PyObject *obj, Py_buffer *view) ++{ ++ if (PyObject_CheckBuffer(obj)) ++ PyBuffer_Release(view); ++ /* else do nothing, view->buf comes from PyObject_AsReadBuffer */ ++} ++ + static int + m2_PyString_AsStringAndSizeInt(PyObject *obj, char **s, int *len) + { +diff -u M2Crypto/SWIG/_ssl.i M2Crypto-0.21.1/SWIG/_ssl.i +--- M2Crypto/SWIG/_ssl.i 2011-01-19 19:56:51.957338576 +0100 ++++ M2Crypto-0.21.1/SWIG/_ssl.i 2011-05-10 19:58:26.779904541 +0200 +@@ -700,12 +700,12 @@ + } + + int ssl_write(SSL *ssl, PyObject *blob, double timeout) { +- const void *buf; +- int len, r, ssl_err, ret; ++ Py_buffer buf; ++ int r, ssl_err, ret; + struct timeval tv; + + +- if (m2_PyObject_AsReadBufferInt(blob, &buf, &len) == -1) { ++ if (m2_PyObject_GetBufferInt(blob, &buf, PyBUF_CONTIG_RO) == -1) { + return -1; + } + +@@ -713,7 +713,7 @@ + gettimeofday(&tv, NULL); + again: + Py_BEGIN_ALLOW_THREADS +- r = SSL_write(ssl, buf, len); ++ r = SSL_write(ssl, buf.buf, buf.len); + ssl_err = SSL_get_error(ssl, r); + Py_END_ALLOW_THREADS + +@@ -741,22 +741,22 @@ + ret = -1; + } + +- ++ m2_PyBuffer_Release(blob, &buf); + return ret; + } + + int ssl_write_nbio(SSL *ssl, PyObject *blob) { +- const void *buf; +- int len, r, err, ret; ++ Py_buffer buf; ++ int r, err, ret; + + +- if (m2_PyObject_AsReadBufferInt(blob, &buf, &len) == -1) { ++ if (m2_PyObject_GetBufferInt(blob, &buf, PyBUF_CONTIG_RO) == -1) { + return -1; + } + + + Py_BEGIN_ALLOW_THREADS +- r = SSL_write(ssl, buf, len); ++ r = SSL_write(ssl, buf.buf, buf.len); + Py_END_ALLOW_THREADS + + +@@ -785,7 +785,7 @@ + ret = -1; + } + +- ++ m2_PyBuffer_Release(blob, &buf); + return ret; + } + diff --git a/SOURCES/m2crypto-0.21.1-smime-doc.patch b/SOURCES/m2crypto-0.21.1-smime-doc.patch new file mode 100644 index 0000000..15f31b6 --- /dev/null +++ b/SOURCES/m2crypto-0.21.1-smime-doc.patch @@ -0,0 +1,166 @@ +Index: demo/smime.howto/sign.py +=================================================================== +--- demo/smime.howto/sign.py (revision 739) ++++ demo/smime.howto/sign.py (working copy) +@@ -18,7 +18,7 @@ + # Instantiate an SMIME object; set it up; sign the buffer. + s = SMIME.SMIME() + s.load_key('signer_key.pem', 'signer.pem') +-p7 = s.sign(buf) ++p7 = s.sign(buf, SMIME.PKCS7_DETACHED) + + # Recreate buf. + buf = makebuf('a sign of our times') +Index: demo/smime.howto/verify.py +=================================================================== +--- demo/smime.howto/verify.py (revision 739) ++++ demo/smime.howto/verify.py (working copy) +@@ -23,7 +23,7 @@ + + # Load the data, verify it. + p7, data = SMIME.smime_load_pkcs7('sign.p7') +-v = s.verify(p7) ++v = s.verify(p7, data) + print v + print data + print data.read() +Index: demo/smime.howto/sendsmime.py +=================================================================== +--- demo/smime.howto/sendsmime.py (revision 739) ++++ demo/smime.howto/sendsmime.py (working copy) +@@ -16,7 +16,10 @@ + s = SMIME.SMIME() + if sign: + s.load_key(from_key, from_cert) +- p7 = s.sign(msg_bio, flags=SMIME.PKCS7_TEXT) ++ if encrypt: ++ p7 = s.sign(msg_bio, flags=SMIME.PKCS7_TEXT) ++ else: ++ p7 = s.sign(msg_bio, flags=SMIME.PKCS7_TEXT|SMIME.PKCS7_DETACHED) + msg_bio = BIO.MemoryBuffer(msg) # Recreate coz sign() has consumed it. + + if encrypt: +Index: demo/smime/test.py +=================================================================== +--- demo/smime/test.py (revision 739) ++++ demo/smime/test.py (working copy) +@@ -28,7 +28,7 @@ + buf = makebuf() + s = SMIME.SMIME() + s.load_key('client.pem') +- p7 = s.sign(buf) ++ p7 = s.sign(buf, SMIME.PKCS7_DETACHED) + out = BIO.openfile('clear.p7', 'w') + out.write('To: ngps@post1.com\n') + out.write('From: ngps@post1.com\n') +@@ -58,7 +58,7 @@ + st.load_info('ca.pem') + s.set_x509_store(st) + p7, data = SMIME.smime_load_pkcs7('clear.p7') +- v = s.verify(p7) ++ v = s.verify(p7, data) + if v: + print 'ok' + else: +@@ -105,9 +105,10 @@ + s.load_key('client.pem') + + # Sign. +- p7 = s.sign(buf) ++ p7 = s.sign(buf, SMIME.PKCS7_DETACHED) + + # Output the stuff. ++ buf = makebuf() # Recreate buf, because sign() has consumed it. + bio = BIO.MemoryBuffer() + s.write(bio, p7, buf) + +@@ -124,7 +125,7 @@ + + # Verify. + p7, buf = SMIME.smime_load_pkcs7_bio(bio) +- v = s.verify(p7, flags=SMIME.PKCS7_DETACHED) ++ v = s.verify(p7, buf, flags=SMIME.PKCS7_DETACHED) + + if v: + print 'ok' +Index: demo/smime/sendsmime.py +=================================================================== +--- demo/smime/sendsmime.py (revision 739) ++++ demo/smime/sendsmime.py (working copy) +@@ -16,7 +16,10 @@ + s = SMIME.SMIME() + if sign: + s.load_key(from_key, from_cert) +- p7 = s.sign(msg_bio, flags=SMIME.PKCS7_TEXT) ++ if encrypt: ++ p7 = s.sign(msg_bio, flags=SMIME.PKCS7_TEXT) ++ else: ++ p7 = s.sign(msg_bio, flags=SMIME.PKCS7_TEXT|SMIME.PKCS7_DETACHED) + msg_bio = BIO.MemoryBuffer(msg) # Recreate coz sign() has consumed it. + + if encrypt: +Index: contrib/smimeplus.py +=================================================================== +--- contrib/smimeplus.py (revision 739) ++++ contrib/smimeplus.py (working copy) +@@ -64,7 +64,7 @@ + _sender.load_key_bio(self.__pack(self.key), self.__pack(self.cert), + callback=self.__passcallback) + +- _signed = _sender.sign(self.__pack(msg)) ++ _signed = _sender.sign(self.__pack(msg), M2Crypto.SMIME.PKCS7_DETACHED) + + _out = self.__pack(None) + _sender.write(_out, _signed, self.__pack(msg)) +@@ -93,7 +93,7 @@ + # Load signed message, verify it, and return result + _p7, _data = M2Crypto.SMIME.smime_load_pkcs7_bio(self.__pack(smsg)) + try: +- return _sender.verify(_p7, flags=M2Crypto.SMIME.PKCS7_SIGNED) ++ return _sender.verify(_p7, _data, flags=M2Crypto.SMIME.PKCS7_SIGNED) + except M2Crypto.SMIME.SMIME_Error, _msg: + return None + +Index: doc/howto.smime.html +=================================================================== +--- doc/howto.smime.html (revision 739) ++++ doc/howto.smime.html (working copy) +@@ -646,7 +646,7 @@ + # Instantiate an SMIME object; set it up; sign the buffer. + s = SMIME.SMIME() + s.load_key('signer_key.pem', 'signer.pem') +- p7 = s.sign(buf) ++ p7 = s.sign(buf, SMIME.PKCS7_DETACHED) +

++#include + #include + #include + #include + #include ++#include ++#include + %} + + %apply Pointer NONNULL { SSL_CTX * }; +@@ -142,6 +145,11 @@ + %rename(ssl_session_get_timeout) SSL_SESSION_get_timeout; + extern long SSL_SESSION_get_timeout(CONST SSL_SESSION *); + ++extern PyObject *ssl_accept(SSL *ssl, double timeout = -1); ++extern PyObject *ssl_connect(SSL *ssl, double timeout = -1); ++extern PyObject *ssl_read(SSL *ssl, int num, double timeout = -1); ++extern int ssl_write(SSL *ssl, PyObject *blob, double timeout = -1); ++ + %constant int ssl_error_none = SSL_ERROR_NONE; + %constant int ssl_error_ssl = SSL_ERROR_SSL; + %constant int ssl_error_want_read = SSL_ERROR_WANT_READ; +@@ -197,14 +205,19 @@ + %constant int SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER = SSL_MODE_ENABLE_PARTIAL_WRITE; + %constant int SSL_MODE_AUTO_RETRY = SSL_MODE_AUTO_RETRY; + ++%ignore ssl_handle_error; ++%ignore ssl_sleep_with_timeout; + %inline %{ + static PyObject *_ssl_err; ++static PyObject *_ssl_timeout_err; + +-void ssl_init(PyObject *ssl_err) { ++void ssl_init(PyObject *ssl_err, PyObject *ssl_timeout_err) { + SSL_library_init(); + SSL_load_error_strings(); + Py_INCREF(ssl_err); ++ Py_INCREF(ssl_timeout_err); + _ssl_err = ssl_err; ++ _ssl_timeout_err = ssl_timeout_err; + } + + void ssl_ctx_passphrase_callback(SSL_CTX *ctx, PyObject *pyfunc) { +@@ -358,36 +371,130 @@ + return ret; + } + +-PyObject *ssl_accept(SSL *ssl) { ++static void ssl_handle_error(int ssl_err, int ret) { ++ int err; ++ ++ switch (ssl_err) { ++ case SSL_ERROR_SSL: ++ PyErr_SetString(_ssl_err, ++ ERR_reason_error_string(ERR_get_error())); ++ break; ++ case SSL_ERROR_SYSCALL: ++ err = ERR_get_error(); ++ if (err) ++ PyErr_SetString(_ssl_err, ERR_reason_error_string(err)); ++ else if (ret == 0) ++ PyErr_SetString(_ssl_err, "unexpected eof"); ++ else if (ret == -1) ++ PyErr_SetFromErrno(_ssl_err); ++ else ++ assert(0); ++ break; ++ default: ++ PyErr_SetString(_ssl_err, "unexpected SSL error"); ++ } ++} ++ ++static int ssl_sleep_with_timeout(SSL *ssl, const struct timeval *start, ++ double timeout, int ssl_err) { ++ struct pollfd fd; ++ struct timeval tv; ++ int ms, tmp; ++ ++ assert(timeout > 0); ++ again: ++ gettimeofday(&tv, NULL); ++ /* tv >= start */ ++ if ((timeout + start->tv_sec - tv.tv_sec) > INT_MAX / 1000) ++ ms = -1; ++ else { ++ int fract; ++ ++ ms = ((start->tv_sec + (int)timeout) - tv.tv_sec) * 1000; ++ fract = (start->tv_usec + (timeout - (int)timeout) * 1000000 ++ - tv.tv_usec + 999) / 1000; ++ if (ms > 0 && fract > INT_MAX - ms) ++ ms = -1; ++ else { ++ ms += fract; ++ if (ms <= 0) ++ goto timeout; ++ } ++ } ++ switch (ssl_err) { ++ case SSL_ERROR_WANT_READ: ++ fd.fd = SSL_get_rfd(ssl); ++ fd.events = POLLIN; ++ break; ++ ++ case SSL_ERROR_WANT_WRITE: ++ fd.fd = SSL_get_wfd(ssl); ++ fd.events = POLLOUT; ++ break; ++ ++ case SSL_ERROR_WANT_X509_LOOKUP: ++ return 0; /* FIXME: is this correct? */ ++ ++ default: ++ assert(0); ++ } ++ if (fd.fd == -1) { ++ PyErr_SetString(_ssl_err, "timeout on a non-FD SSL"); ++ return -1; ++ } ++ Py_BEGIN_ALLOW_THREADS ++ tmp = poll(&fd, 1, ms); ++ Py_END_ALLOW_THREADS ++ switch (tmp) { ++ case 1: ++ return 0; ++ case 0: ++ goto timeout; ++ case -1: ++ if (errno == EINTR) ++ goto again; ++ PyErr_SetFromErrno(_ssl_err); ++ return -1; ++ } ++ return 0; ++ ++ timeout: ++ PyErr_SetString(_ssl_timeout_err, "timed out"); ++ return -1; ++} ++ ++PyObject *ssl_accept(SSL *ssl, double timeout) { + PyObject *obj = NULL; +- int r, err; ++ int r, ssl_err; ++ struct timeval tv; + ++ if (timeout > 0) ++ gettimeofday(&tv, NULL); ++ again: + Py_BEGIN_ALLOW_THREADS + r = SSL_accept(ssl); ++ ssl_err = SSL_get_error(ssl, r); + Py_END_ALLOW_THREADS + + +- switch (SSL_get_error(ssl, r)) { ++ switch (ssl_err) { + case SSL_ERROR_NONE: + case SSL_ERROR_ZERO_RETURN: + obj = PyInt_FromLong((long)1); + break; + case SSL_ERROR_WANT_WRITE: + case SSL_ERROR_WANT_READ: +- obj = PyInt_FromLong((long)0); +- break; +- case SSL_ERROR_SSL: +- PyErr_SetString(_ssl_err, ERR_reason_error_string(ERR_get_error())); ++ if (timeout <= 0) { ++ obj = PyInt_FromLong((long)0); ++ break; ++ } ++ if (ssl_sleep_with_timeout(ssl, &tv, timeout, ssl_err) == 0) ++ goto again; + obj = NULL; + break; ++ case SSL_ERROR_SSL: + case SSL_ERROR_SYSCALL: +- err = ERR_get_error(); +- if (err) +- PyErr_SetString(_ssl_err, ERR_reason_error_string(err)); +- else if (r == 0) +- PyErr_SetString(_ssl_err, "unexpected eof"); +- else if (r == -1) +- PyErr_SetFromErrno(_ssl_err); ++ ssl_handle_error(ssl_err, r); + obj = NULL; + break; + } +@@ -396,36 +503,38 @@ + return obj; + } + +-PyObject *ssl_connect(SSL *ssl) { ++PyObject *ssl_connect(SSL *ssl, double timeout) { + PyObject *obj = NULL; +- int r, err; ++ int r, ssl_err; ++ struct timeval tv; + ++ if (timeout > 0) ++ gettimeofday(&tv, NULL); ++ again: + Py_BEGIN_ALLOW_THREADS + r = SSL_connect(ssl); ++ ssl_err = SSL_get_error(ssl, r); + Py_END_ALLOW_THREADS + + +- switch (SSL_get_error(ssl, r)) { ++ switch (ssl_err) { + case SSL_ERROR_NONE: + case SSL_ERROR_ZERO_RETURN: + obj = PyInt_FromLong((long)1); + break; + case SSL_ERROR_WANT_WRITE: + case SSL_ERROR_WANT_READ: +- obj = PyInt_FromLong((long)0); +- break; +- case SSL_ERROR_SSL: +- PyErr_SetString(_ssl_err, ERR_reason_error_string(ERR_get_error())); ++ if (timeout <= 0) { ++ obj = PyInt_FromLong((long)0); ++ break; ++ } ++ if (ssl_sleep_with_timeout(ssl, &tv, timeout, ssl_err) == 0) ++ goto again; + obj = NULL; + break; ++ case SSL_ERROR_SSL: + case SSL_ERROR_SYSCALL: +- err = ERR_get_error(); +- if (err) +- PyErr_SetString(_ssl_err, ERR_reason_error_string(err)); +- else if (r == 0) +- PyErr_SetString(_ssl_err, "unexpected eof"); +- else if (r == -1) +- PyErr_SetFromErrno(_ssl_err); ++ ssl_handle_error(ssl_err, r); + obj = NULL; + break; + } +@@ -438,10 +547,11 @@ + SSL_set_shutdown(ssl, mode); + } + +-PyObject *ssl_read(SSL *ssl, int num) { ++PyObject *ssl_read(SSL *ssl, int num, double timeout) { + PyObject *obj = NULL; + void *buf; +- int r, err; ++ int r; ++ struct timeval tv; + + if (!(buf = PyMem_Malloc(num))) { + PyErr_SetString(PyExc_MemoryError, "ssl_read"); +@@ -449,37 +559,44 @@ + } + + ++ if (timeout > 0) ++ gettimeofday(&tv, NULL); ++ again: + Py_BEGIN_ALLOW_THREADS + r = SSL_read(ssl, buf, num); + Py_END_ALLOW_THREADS + + +- switch (SSL_get_error(ssl, r)) { +- case SSL_ERROR_NONE: +- case SSL_ERROR_ZERO_RETURN: +- buf = PyMem_Realloc(buf, r); +- obj = PyString_FromStringAndSize(buf, r); +- break; +- case SSL_ERROR_WANT_WRITE: +- case SSL_ERROR_WANT_READ: +- case SSL_ERROR_WANT_X509_LOOKUP: +- Py_INCREF(Py_None); +- obj = Py_None; +- break; +- case SSL_ERROR_SSL: +- PyErr_SetString(_ssl_err, ERR_reason_error_string(ERR_get_error())); +- obj = NULL; +- break; +- case SSL_ERROR_SYSCALL: +- err = ERR_get_error(); +- if (err) +- PyErr_SetString(_ssl_err, ERR_reason_error_string(err)); +- else if (r == 0) +- PyErr_SetString(_ssl_err, "unexpected eof"); +- else if (r == -1) +- PyErr_SetFromErrno(_ssl_err); +- obj = NULL; +- break; ++ if (r >= 0) { ++ buf = PyMem_Realloc(buf, r); ++ obj = PyString_FromStringAndSize(buf, r); ++ } else { ++ int ssl_err; ++ ++ ssl_err = SSL_get_error(ssl, r); ++ switch (ssl_err) { ++ case SSL_ERROR_NONE: ++ case SSL_ERROR_ZERO_RETURN: ++ assert(0); ++ ++ case SSL_ERROR_WANT_WRITE: ++ case SSL_ERROR_WANT_READ: ++ case SSL_ERROR_WANT_X509_LOOKUP: ++ if (timeout <= 0) { ++ Py_INCREF(Py_None); ++ obj = Py_None; ++ break; ++ } ++ if (ssl_sleep_with_timeout(ssl, &tv, timeout, ssl_err) == 0) ++ goto again; ++ obj = NULL; ++ break; ++ case SSL_ERROR_SSL: ++ case SSL_ERROR_SYSCALL: ++ ssl_handle_error(ssl_err, r); ++ obj = NULL; ++ break; ++ } + } + PyMem_Free(buf); + +@@ -537,22 +654,26 @@ + return obj; + } + +-int ssl_write(SSL *ssl, PyObject *blob) { ++int ssl_write(SSL *ssl, PyObject *blob, double timeout) { + const void *buf; +- int len, r, err, ret; ++ int len, r, ssl_err, ret; ++ struct timeval tv; + + + if (m2_PyObject_AsReadBufferInt(blob, &buf, &len) == -1) { + return -1; + } + +- ++ if (timeout > 0) ++ gettimeofday(&tv, NULL); ++ again: + Py_BEGIN_ALLOW_THREADS + r = SSL_write(ssl, buf, len); ++ ssl_err = SSL_get_error(ssl, r); + Py_END_ALLOW_THREADS + + +- switch (SSL_get_error(ssl, r)) { ++ switch (ssl_err) { + case SSL_ERROR_NONE: + case SSL_ERROR_ZERO_RETURN: + ret = r; +@@ -560,20 +681,17 @@ + case SSL_ERROR_WANT_WRITE: + case SSL_ERROR_WANT_READ: + case SSL_ERROR_WANT_X509_LOOKUP: ++ if (timeout <= 0) { ++ ret = -1; ++ break; ++ } ++ if (ssl_sleep_with_timeout(ssl, &tv, timeout, ssl_err) == 0) ++ goto again; + ret = -1; + break; + case SSL_ERROR_SSL: +- PyErr_SetString(_ssl_err, ERR_reason_error_string(ERR_get_error())); +- ret = -1; +- break; + case SSL_ERROR_SYSCALL: +- err = ERR_get_error(); +- if (err) +- PyErr_SetString(_ssl_err, ERR_reason_error_string(ERR_get_error())); +- else if (r == 0) +- PyErr_SetString(_ssl_err, "unexpected eof"); +- else if (r == -1) +- PyErr_SetFromErrno(_ssl_err); ++ ssl_handle_error(ssl_err, r); + default: + ret = -1; + } +diff -ur m2crypto-0.18/tests/test_ssl.py m2crypto/tests/test_ssl.py +--- m2crypto-0.18/tests/test_ssl.py 2007-07-02 22:25:45.000000000 +0200 ++++ m2crypto/tests/test_ssl.py 2007-07-31 23:29:21.000000000 +0200 +@@ -887,6 +887,53 @@ + + class TwistedSSLClientTestCase(BaseSSLClientTestCase): + ++ def test_timeout(self): ++ pid = self.start_server(self.args) ++ try: ++ ctx = SSL.Context() ++ s = SSL.Connection(ctx) ++ # Just a really small number so we can timeout ++ s.settimeout(0.000000000000000000000000000001) ++ self.assertRaises(SSL.SSLTimeoutError, s.connect, self.srv_addr) ++ s.close() ++ finally: ++ self.stop_server(pid) ++ ++ def test_makefile_timeout(self): ++ # httpslib uses makefile to read the response ++ pid = self.start_server(self.args) ++ try: ++ from M2Crypto import httpslib ++ c = httpslib.HTTPS(srv_host, srv_port) ++ c.putrequest('GET', '/') ++ c.putheader('Accept', 'text/html') ++ c.putheader('Accept', 'text/plain') ++ c.endheaders() ++ c._conn.sock.settimeout(100) ++ err, msg, headers = c.getreply() ++ assert err == 200, err ++ f = c.getfile() ++ data = f.read() ++ c.close() ++ finally: ++ self.stop_server(pid) ++ self.failIf(string.find(data, 's_server -quiet -www') == -1) ++ ++ def test_makefile_timeout_fires(self): ++ pid = self.start_server(self.args) ++ try: ++ from M2Crypto import httpslib ++ c = httpslib.HTTPS(srv_host, srv_port) ++ c.putrequest('GET', '/') ++ c.putheader('Accept', 'text/html') ++ c.putheader('Accept', 'text/plain') ++ c.endheaders() ++ c._conn.sock.settimeout(0.0000000001) ++ self.assertRaises(socket.timeout, c.getreply) ++ c.close() ++ finally: ++ self.stop_server(pid) ++ + def test_twisted_wrapper(self): + # Test only when twisted and ZopeInterfaces are present + try: diff --git a/SPECS/m2crypto.spec b/SPECS/m2crypto.spec new file mode 100644 index 0000000..86cbaa9 --- /dev/null +++ b/SPECS/m2crypto.spec @@ -0,0 +1,424 @@ +%{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")} + +# Keep this value in sync with the definition in openssl.spec. +%global multilib_arches %{ix86} ia64 ppc ppc64 s390 s390x x86_64 sparc sparcv9 sparc64 + +Summary: Support for using OpenSSL in python scripts +Name: m2crypto +Version: 0.21.1 +Release: 11%{?dist} +Source0: http://pypi.python.org/packages/source/M/M2Crypto/M2Crypto-%{version}.tar.gz +# https://bugzilla.osafoundation.org/show_bug.cgi?id=2341 +Patch0: m2crypto-0.21.1-timeouts.patch +# This is only precautionary, it does fix anything - not sent upstream +Patch1: m2crypto-0.21.1-gcc_macros.patch +# https://bugzilla.osafoundation.org/show_bug.cgi?id=12972 +Patch2: m2crypto-0.20.2-fips.patch +# https://bugzilla.osafoundation.org/show_bug.cgi?id=12973 +Patch3: m2crypto-0.20.2-check.patch +# https://bugzilla.osafoundation.org/show_bug.cgi?id=13005 +Patch4: m2crypto-0.21.1-memoryview.patch +# https://bugzilla.osafoundation.org/show_bug.cgi?id=13020 +Patch5: m2crypto-0.21.1-smime-doc.patch +# https://bugzilla.osafoundation.org/show_bug.cgi?id=12999 +Patch6: m2crypto-0.21.1-AES_crypt.patch +# https://bugzilla.osafoundation.org/show_bug.cgi?id=13044 +Patch7: m2crypto-0.21.1-IPv6.patch +# https://bugzilla.osafoundation.org/show_bug.cgi?id=13049 +Patch8: m2crypto-0.21.1-https-proxy.patch +# https://bugzilla.osafoundation.org/show_bug.cgi?id=13066 +Patch9: m2crypto-0.21.1-certs.patch +# https://bugzilla.osafoundation.org/show_bug.cgi?id=13072 +Patch10: m2crypto-0.21.1-ssl23.patch +License: MIT +Group: System Environment/Libraries +URL: http://wiki.osafoundation.org/bin/view/Projects/MeTooCrypto +BuildRequires: openssl, openssl-devel, python2-devel +BuildRequires: perl, pkgconfig, swig, which + +%filter_provides_in %{python_sitearch}/M2Crypto/__m2crypto.so +%filter_setup + +%description +This package allows you to call OpenSSL functions from python scripts. + +%prep +%setup -q -n M2Crypto-%{version} +%patch0 -p1 -b .timeouts +%patch1 -p1 -b .gcc_macros +%patch2 -p1 -b .fips +%patch3 -p1 -b .check +%patch4 -p1 -b .memoryview +%patch5 -p0 +%patch6 -p0 -b .AES_crypt +%patch7 -p1 -b .IPv6 +%patch8 -p1 -b .https-proxy +%patch9 -p0 -b .certs +openssl x509 -in tests/x509.pem -out tests/x509.der -outform DER +%patch10 -p0 -b .ssl23 + +# Red Hat opensslconf.h #includes an architecture-specific file, but SWIG +# doesn't follow the #include. + +# Determine which arch opensslconf.h is going to try to #include. +basearch=%{_arch} +%ifarch %{ix86} +basearch=i386 +%endif +%ifarch sparcv9 +basearch=sparc +%endif +%ifarch %{multilib_arches} +for i in SWIG/_ec.i SWIG/_evp.i; do + sed -i -e "s/opensslconf/opensslconf-${basearch}/" "$i" +done +%endif + +gcc -E -dM - < /dev/null | grep -v __STDC__ \ + | sed 's/^\(#define \([^ ]*\) .*\)$/#undef \2\n\1/' > SWIG/gcc_macros.h + +%build +CFLAGS="$RPM_OPT_FLAGS" ; export CFLAGS +if pkg-config openssl ; then + CFLAGS="$CFLAGS `pkg-config --cflags openssl`" ; export CFLAGS + LDFLAGS="$LDFLAGS`pkg-config --libs-only-L openssl`" ; export LDFLAGS +fi + +# -cpperraswarn is necessary for including opensslconf-${basearch} directly +SWIG_FEATURES=-cpperraswarn %{__python} setup.py build + +%install +CFLAGS="$RPM_OPT_FLAGS" ; export CFLAGS +if pkg-config openssl ; then + CFLAGS="$CFLAGS `pkg-config --cflags openssl`" ; export CFLAGS + LDFLAGS="$LDFLAGS`pkg-config --libs-only-L openssl`" ; export LDFLAGS +fi + +%{__python} setup.py install --root=$RPM_BUILD_ROOT + +for i in medusa medusa054; do + sed -i -e '1s,#! /usr/local/bin/python,#! %{__python},' \ + demo/$i/http_server.py +done + +# Windows-only +rm demo/Zope/starts.bat +# Fix up documentation permissions +find demo tests -type f -perm -111 -print0 | xargs -0 chmod a-x + +grep -rl '/usr/bin/env python' demo tests \ + | xargs sed -i "s,/usr/bin/env python,%{__python}," + +rm tests/*.{pem,py}.* # Patch backup files + +%files +%doc CHANGES LICENCE README demo tests +%{python_sitearch}/M2Crypto +%{python_sitearch}/M2Crypto-*.egg-info + +%changelog +* Thu Feb 14 2013 Fedora Release Engineering - 0.21.1-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Wed Nov 21 2012 Miloslav Trmač - 0.21.1-10 +- Replace expired certificates in the test suite +- Fix running the test suite against recent OpenSSL versions + +* Tue Aug 21 2012 Miloslav Trmač - 0.21.1-10 +- Drop no longer necessary %%clean and %%defattr commands. + +* Thu Jul 19 2012 Fedora Release Engineering - 0.21.1-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Thu Mar 15 2012 Miloslav Trmač - 0.21.1-8 +- Fix HTTPS proxy support + Resolves: #803554 + +* Tue Mar 13 2012 Miloslav Trmač - 0.21.1-7 +- Support IPv6 in M2Crypto.httpslib + Resolves: #742914 + +* Fri Jan 13 2012 Fedora Release Engineering - 0.21.1-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Thu May 12 2011 Miloslav Trmač - 0.21.1-5 +- Fix a memory leak in AES_crypt + Resolves: #659881 + +* Tue May 10 2011 Miloslav Trmač - 0.21.1-4 +- Fix handling of buffer() objects as input data to SSL + Resolves: #702766 + +* Mon Mar 28 2011 Miloslav Trmač - 0.21.1-3 +- Fix S/MIME documentation and examples + Resolves: #618500 + +* Wed Feb 23 2011 Garrett Holmstrom - 0.21.1-3 +- Use the %%__python macro for Python calls and locations + Patch by Garrett Holmstrom + +* Tue Feb 08 2011 Fedora Release Engineering - 0.21.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Tue Jan 18 2011 Miloslav Trmač - 0.21.1-1 +- Update to m2crypto-0.21.1 +- Make the test suite pass with Python 2.7 + +* Wed Jul 21 2010 David Malcolm - 0.20.2-9 +- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild + +* Fri Jul 9 2010 Miloslav Trmač - 0.20.2-8 +- Allow overriding SSL.Connection.postConnectionCheck from m2urllib2 + Resolves: #610906 + +* Wed May 19 2010 Miloslav Trmač - 0.20.2-7 +- Make test suite pass in FIPS mode + Resolves: #565662 + +* Thu Mar 4 2010 Miloslav Trmač - 0.20.2-6 +- Filter out bogus Provides: __m2crypto.so +- Drop explicit Requires: python + +* Mon Feb 15 2010 Miloslav Trmač - 0.20.2-5 +- Make test suite pass with OpenSSL 1.0.0 +- Don't ship patch backup files in %%doc + +* Tue Jan 5 2010 Miloslav Trmač - 0.20.2-4 +- s/%%define/%%global/ + +* Mon Dec 7 2009 Miloslav Trmač - 0.20.2-3 +- Don't use '!# /usr/bin/env python' + Resolves: #521887 + +* Thu Oct 15 2009 Miloslav Trmač - 0.20.2-2 +- Add a dist tag. + +* Wed Oct 7 2009 Miloslav Trmač - 0.20.2-1 +- Update to m2crypto-0.20.2 +- Drop BuildRoot: and cleaning it at start of %%install + +* Sun Aug 30 2009 Miloslav Trmač - 0.20.1-1 +- Update to m2crypto-0.20.1 +- Add upstream patch to build with OpenSSL 1.0.0 + +* Fri Aug 21 2009 Tomas Mraz - 0.20-2 +- rebuilt with new openssl + +* Tue Aug 11 2009 Miloslav Trmač - 0.20-1 +- Update to m2crypto-0.20 +- Fix incorrect merge in HTTPS CONNNECT proxy support + +* Sat Jul 25 2009 Fedora Release Engineering - 0.19.1-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Wed Jun 24 2009 Miloslav Trmač - 0.19.1-9 +- Fix OpenSSL locking callback + Resolves: #507903 + +* Wed Jun 10 2009 Miloslav Trmač - 0.19.1-8 +- Don't reject certificates with subjectAltName that does not contain a dNSName + Resolves: #504060 + +* Wed Jun 3 2009 Miloslav Trmač - 0.19.1-7 +- Only send the selector in SSL HTTP requests. Patch by James Bowes + . + Resolves: #491674 + +* Wed Feb 25 2009 Fedora Release Engineering - 0.19.1-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Wed Feb 4 2009 Miloslav Trmač - 0.19.1-5 +- Close the connection when an m2urllib2 response is closed + Resolves: #460692 +- Work around conflicts between macros defined by gcc and swig + +* Sat Jan 17 2009 Tomas Mraz - 0.19.1-4 +- rebuild with new openssl + +* Sat Nov 29 2008 Ignacio Vazquez-Abrams - 0.19.1-3 +- Rebuild for Python 2.6 + +* Mon Nov 10 2008 Miloslav Trmač - 0.19.1-2 +- Import all gcc-defined macros into SWIG (recommended by Adam Tkac) + +* Mon Oct 13 2008 Miloslav Trmač - 0.19.1-1 +- Update to m2crypto-0.19.1 + +* Mon Oct 6 2008 Miloslav Trmač - 0.19-1 +- Update to m2crypto-0.19 +- Fix some rpmlint warnings + +* Thu Sep 18 2008 Dennis Gilmore - 0.18.2-8 +- enable sparc arches + +* Wed Jun 11 2008 Miloslav Trmač - 0.18.2-7 +- Update m2urllib2 to match the Python 2.5 code instead + +* Sun Jun 8 2008 Miloslav Trmač - 0.18.2-6 +- Don't remove the User-Agent header from proxied requests + Related: #448858 +- Update m2urllib2.py to work with Python 2.5 + +* Sat Jun 7 2008 Miloslav Trmač - 0.18.2-5 +- Use User-Agent in HTTP proxy CONNECT requests + Related: #448858 + +* Tue Feb 19 2008 Fedora Release Engineering - 0.18.2-4 +- Autorebuild for GCC 4.3 + +* Fri Jan 11 2008 Miloslav Trmač - 0.18.2-3 +- Ship Python egg information + +* Tue Dec 4 2007 Miloslav Trmač - 0.18.2-2 +- Rebuild with openssl-0.9.8g + +* Fri Oct 26 2007 Miloslav Trmač - 0.18.2-1 +- Update to m2crypto-0.18.2 +- Remove BuildRequires: unzip + +* Sun Sep 23 2007 Miloslav Trmač - 0.18-2 +- Add missing Host: header to CONNECT requests (patch by Karl Grindley) + Resolves: #239034 +- Fix License: + +* Wed Aug 1 2007 Miloslav Trmač - 0.18-1 +- Update to m2crypto-0.18 + +* Wed Jul 11 2007 Miloslav Trmač - 0.17-3 +- Try to fix build on Alpha + Resolves: #246828 + +* Fri Apr 27 2007 Miloslav Trmac - 0.17-2 +- Make m2xmlrpclib work with Python 2.5 + Resolves: #237902 + +* Wed Jan 17 2007 Miloslav Trmac - 0.17-1 +- Update to m2crypto-0.17 +- Update for Python 2.5 + +* Thu Dec 7 2006 Miloslav Trmac - 0.16-8 +- Rebuild with updated build tools to avoid DT_TEXTREL on s390x + Resolves: #218578 + +* Thu Dec 7 2006 Jeremy Katz - 0.16-7 +- rebuild against python 2.5 + +* Mon Oct 23 2006 Miloslav Trmac - 0.16-6 +- Add support for SSL socket timeouts (based on a patch by James Bowes + ) + Resolves: #219966 + +* Fri Oct 20 2006 Miloslav Trmac - 0.16-5 +- Backport the urllib2 wrapper (code by James Bowes ) + Resolves: #210956 +- Add proxy support for https using CONNECT (original patch by James Bowes + ) + Resolves: #210963 + +* Tue Sep 26 2006 Miloslav Trmac - 0.16-4 +- Drop Obsoletes: openssl-python, openssl-python was last shipped in RHL 7.1 +- Fix interpreter paths in demos + +* Sat Sep 23 2006 Miloslav Trmac - 0.16-3 +- Make more compliant with Fedora guidelines +- Update URL: + +* Wed Jul 12 2006 Jesse Keating - 0.16-2.1 +- rebuild + +* Thu Jul 6 2006 Miloslav Trmac - 0.16-2 +- Fix build with rawhide swig + +* Thu Jul 6 2006 Miloslav Trmac - 0.16-1 +- Update to m2crypto-0.16 + +* Wed Apr 19 2006 Miloslav Trmac - 0.15-4 +- Fix SSL.Connection.accept (#188742) + +* Fri Feb 10 2006 Jesse Keating - 0.15-3.2 +- bump again for double-long bug on ppc(64) + +* Tue Feb 07 2006 Jesse Keating - 0.15-3.1 +- rebuilt for new gcc4.1 snapshot and glibc changes + +* Tue Jan 3 2006 Miloslav Trmac - 0.15-3 +- Add BuildRequires: swig + +* Fri Dec 09 2005 Jesse Keating +- rebuilt + +* Wed Nov 9 2005 Miloslav Trmac - 0.15-2 +- Rebuild with newer openssl + +* Mon Aug 29 2005 Miloslav Trmac - 0.15-1 +- Update to m2crypto-0.15 +- Drop bundled swig + +* Tue Jun 14 2005 Miloslav Trmac - 0.13-5 +- Better fix for #159898, by Dan Williams + +* Thu Jun 9 2005 Miloslav Trmac - 0.13-4 +- Fix invalid handle_error override in SSL.SSLServer (#159898, patch by Dan + Williams) + +* Tue May 31 2005 Miloslav Trmac - 0.13-3 +- Fix invalid Python version comparisons in M2Crypto.httpslib (#156979) +- Don't ship obsolete xmlrpclib.py.patch +- Clean up the build process a bit + +* Wed Mar 16 2005 Nalin Dahyabhai 0.13-2 +- rebuild + +* Tue Nov 23 2004 Karsten Hopp 0.13-1 +- update, remove now obsolete patches + +* Mon Nov 22 2004 Karsten Hopp 0.09-7 +- changed pythonver from 2.3 to 2.4 + +* Tue Jun 15 2004 Elliot Lee +- rebuilt + +* Tue Mar 02 2004 Elliot Lee +- rebuilt + +* Tue Feb 24 2004 Harald Hoyer - 0.09-5 +- changed pythonver from 2.2 to 2.3 +- patched setup.py to cope with include path + +* Fri Feb 13 2004 Elliot Lee +- rebuilt + +* Wed Jun 04 2003 Elliot Lee +- rebuilt + +* Wed Jan 22 2003 Tim Powers +- rebuilt + +* Tue Jan 14 2003 Nalin Dahyabhai 0.09-1 +- Update to version 0.09 +- Build using bundled copy of SWIG +- Pick up additional CFLAGS and LDFLAGS from OpenSSL's pkgconfig data, if + there is any +- Handle const changes in new OpenSSL +- Remove unnecessary ldconfig calls in post/postun + +* Thu Dec 12 2002 Elliot Lee 0.07_snap3-2 +- Update to version 0.07_snap3 + +* Fri Jun 21 2002 Tim Powers +- automated rebuild + +* Sun May 26 2002 Tim Powers +- automated rebuild + +* Mon May 20 2002 Nalin Dahyabhai 0.05_snap4-4 +- rebuild with Python 2.2 + +* Wed Apr 24 2002 Nalin Dahyabhai 0.05_snap4-3 +- remove a stray -L at link-time which prevented linking with libssl (#59985) + +* Thu Aug 23 2001 Nalin Dahyabhai 0.05_snap4-2 +- drop patch which isn't needed because we know swig is installed + +* Mon Apr 9 2001 Nalin Dahyabhai 0.05_snap4-1 +- break off from openssl-python