diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..42d326f
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+SOURCES/M2Crypto-0.21.1.tar.gz
diff --git a/.m2crypto.metadata b/.m2crypto.metadata
new file mode 100644
index 0000000..163a864
--- /dev/null
+++ b/.m2crypto.metadata
@@ -0,0 +1 @@
+3c7135b952092e4f2eee7a94c5153319cccba94e SOURCES/M2Crypto-0.21.1.tar.gz
diff --git a/README.md b/README.md
deleted file mode 100644
index 0e7897f..0000000
--- a/README.md
+++ /dev/null
@@ -1,5 +0,0 @@
-The master branch has no content
-
-Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6
-
-If you find this file in a distro specific branch, it means that no content has been checked in yet
diff --git a/SOURCES/m2crypto-0.20.2-check.patch b/SOURCES/m2crypto-0.20.2-check.patch
new file mode 100644
index 0000000..8af74bd
--- /dev/null
+++ b/SOURCES/m2crypto-0.20.2-check.patch
@@ -0,0 +1,33 @@
+diff -up M2Crypto-0.20.2/M2Crypto/SSL/Connection.py.check M2Crypto-0.20.2/M2Crypto/SSL/Connection.py
+--- M2Crypto-0.20.2/M2Crypto/SSL/Connection.py.check 2010-07-09 00:05:56.000000000 +0200
++++ M2Crypto-0.20.2/M2Crypto/SSL/Connection.py 2010-07-09 00:08:20.677169899 +0200
+@@ -54,6 +54,10 @@ class Connection:
+
+ self.ssl_close_flag = m2.bio_noclose
+
++ if self.ctx.post_connection_check is not None:
++ self.set_post_connection_check_callback \
++ (self.ctx.post_connection_check)
++
+
+ def __del__(self):
+ if getattr(self, 'sslbio', None):
+diff -up M2Crypto-0.20.2/M2Crypto/SSL/Context.py.check M2Crypto-0.20.2/M2Crypto/SSL/Context.py
+--- M2Crypto-0.20.2/M2Crypto/SSL/Context.py.check 2009-10-07 06:24:28.000000000 +0200
++++ M2Crypto-0.20.2/M2Crypto/SSL/Context.py 2010-07-09 00:06:47.551169489 +0200
+@@ -36,12 +36,14 @@ class Context:
+
+ m2_ssl_ctx_free = m2.ssl_ctx_free
+
+- def __init__(self, protocol='sslv23', weak_crypto=None):
++ def __init__(self, protocol='sslv23', weak_crypto=None,
++ post_connection_check=None):
+ proto = getattr(m2, protocol + '_method', None)
+ if proto is None:
+ raise ValueError, "no such protocol '%s'" % protocol
+ self.ctx = m2.ssl_ctx_new(proto())
+ self.allow_unknown_ca = 0
++ self.post_connection_check = post_connection_check
+ map()[long(self.ctx)] = self
+ m2.ssl_ctx_set_cache_size(self.ctx, 128L)
+ if weak_crypto is None:
diff --git a/SOURCES/m2crypto-0.20.2-fips.patch b/SOURCES/m2crypto-0.20.2-fips.patch
new file mode 100644
index 0000000..d6a5739
--- /dev/null
+++ b/SOURCES/m2crypto-0.20.2-fips.patch
@@ -0,0 +1,220 @@
+diff -up M2Crypto-0.20.2/SWIG/_evp.i.fips M2Crypto-0.20.2/SWIG/_evp.i
+--- M2Crypto-0.20.2/SWIG/_evp.i.fips 2010-05-19 07:06:44.029090567 +0200
++++ M2Crypto-0.20.2/SWIG/_evp.i 2010-05-19 07:06:44.049115516 +0200
+@@ -250,7 +250,10 @@ PyObject *hmac_init(HMAC_CTX *ctx, PyObj
+ if (m2_PyObject_AsReadBufferInt(key, &kbuf, &klen) == -1)
+ return NULL;
+
+- HMAC_Init(ctx, kbuf, klen, md);
++ if (!HMAC_Init(ctx, kbuf, klen, md)) {
++ PyErr_SetString(_evp_err, "HMAC_Init failed");
++ return NULL;
++ }
+ Py_INCREF(Py_None);
+ return Py_None;
+ }
+@@ -262,7 +265,10 @@ PyObject *hmac_update(HMAC_CTX *ctx, PyO
+ if (PyObject_AsReadBuffer(blob, &buf, &len) == -1)
+ return NULL;
+
+- HMAC_Update(ctx, buf, len);
++ if (!HMAC_Update(ctx, buf, len)) {
++ PyErr_SetString(_evp_err, "HMAC_Update failed");
++ return NULL;
++ }
+ Py_INCREF(Py_None);
+ return Py_None;
+ }
+@@ -276,7 +282,10 @@ PyObject *hmac_final(HMAC_CTX *ctx) {
+ PyErr_SetString(PyExc_MemoryError, "hmac_final");
+ return NULL;
+ }
+- HMAC_Final(ctx, blob, (unsigned int *)&blen);
++ if (!HMAC_Final(ctx, blob, (unsigned int *)&blen)) {
++ PyErr_SetString(_evp_err, "HMAC_Final failed");
++ return NULL;
++ }
+ ret = PyString_FromStringAndSize(blob, blen);
+ PyMem_Free(blob);
+ return ret;
+diff -up M2Crypto-0.20.2/SWIG/_rsa.i.fips M2Crypto-0.20.2/SWIG/_rsa.i
+--- M2Crypto-0.20.2/SWIG/_rsa.i.fips 2010-05-19 07:06:44.030090773 +0200
++++ M2Crypto-0.20.2/SWIG/_rsa.i 2010-05-19 07:06:44.038095292 +0200
+@@ -423,15 +423,17 @@ void genrsa_callback(int p, int n, void
+ Py_XDECREF(ret);
+ }
+
+-RSA *rsa_generate_key(int bits, unsigned long e, PyObject *pyfunc) {
++PyObject *rsa_generate_key(int bits, unsigned long e, PyObject *pyfunc) {
+ RSA *rsa;
+
+ Py_INCREF(pyfunc);
+ rsa = RSA_generate_key(bits, e, genrsa_callback, (void *)pyfunc);
+ Py_DECREF(pyfunc);
+- if (!rsa)
++ if (!rsa) {
+ PyErr_SetString(_rsa_err, ERR_reason_error_string(ERR_get_error()));
+- return rsa;
++ return NULL;
++ }
++ return SWIG_NewPointerObj((void *)rsa, SWIGTYPE_p_RSA, 0);
+ }
+
+ int rsa_type_check(RSA *rsa) {
+diff -up M2Crypto-0.20.2/tests/test_evp.py.fips M2Crypto-0.20.2/tests/test_evp.py
+--- M2Crypto-0.20.2/tests/test_evp.py.fips 2009-10-07 06:24:44.000000000 +0200
++++ M2Crypto-0.20.2/tests/test_evp.py 2010-05-19 07:06:44.039121270 +0200
+@@ -97,7 +97,7 @@ class EVPTestCase(unittest.TestCase):
+ """
+ Testing retrieving the RSA key from the PKey instance.
+ """
+- rsa = RSA.gen_key(512, 3, callback=self._gen_callback)
++ rsa = RSA.gen_key(1024, 3, callback=self._gen_callback)
+ assert isinstance(rsa, RSA.RSA)
+ pkey = EVP.PKey()
+ pkey.assign_rsa(rsa)
+@@ -130,7 +130,7 @@ class EVPTestCase(unittest.TestCase):
+ pkey = EVP.PKey()
+ self.assertRaises(ValueError, pkey.get_modulus)
+
+- rsa = RSA.gen_key(512, 3, callback=self._gen_callback)
++ rsa = RSA.gen_key(1024, 3, callback=self._gen_callback)
+ pkey.assign_rsa(rsa)
+ mod = pkey.get_modulus()
+ assert len(mod) > 0, mod
+@@ -373,21 +373,21 @@ class PBKDF2TestCase(unittest.TestCase):
+
+ class HMACTestCase(unittest.TestCase):
+ data1=['', 'More text test vectors to stuff up EBCDIC machines :-)', \
+- h2b("e9139d1e6ee064ef8cf514fc7dc83e86")]
++ h2b("b760e92d6662d351eb3801057695ac0346295356")]
+
+ data2=[h2b('0b'*16), "Hi There", \
+- h2b("9294727a3638bb1c13f48ef8158bfc9d")]
++ h2b("675b0b3a1b4ddf4e124872da6c2f632bfed957e9")]
+
+ data3=['Jefe', "what do ya want for nothing?", \
+- h2b("750c783e6ab0b503eaa86e310a5db738")]
++ h2b("effcdf6ae5eb2fa2d27416d5f184df9c259a7c79")]
+
+ data4=[h2b('aa'*16), h2b('dd'*50), \
+- h2b("0x56be34521d144c88dbb8c733f0e8b3f6")]
++ h2b("d730594d167e35d5956fd8003d0db3d3f46dc7bb")]
+
+ data=[data1, data2, data3, data4]
+
+ def test_simple(self):
+- algo = 'md5'
++ algo = 'sha1'
+ for d in self.data:
+ h = EVP.HMAC(d[0], algo)
+ h.update(d[1])
+diff -up M2Crypto-0.20.2/tests/test_rc4.py.fips M2Crypto-0.20.2/tests/test_rc4.py
+--- M2Crypto-0.20.2/tests/test_rc4.py.fips 2009-10-07 06:24:39.000000000 +0200
++++ M2Crypto-0.20.2/tests/test_rc4.py 2010-05-19 07:08:10.754839354 +0200
+@@ -8,12 +8,16 @@ import unittest
+ from binascii import hexlify
+ from M2Crypto import RC4
+
++from fips import fips_mode
++
+ class RC4TestCase(unittest.TestCase):
+
+ def test_vectors(self):
+ """
+ Test with test vectors from Wikipedia: http://en.wikipedia.org/wiki/Rc4
+ """
++ if fips_mode:
++ return
+ vectors = (('Key', 'Plaintext', 'BBF316E8D940AF0AD3'),
+ ('Wiki', 'pedia', '1021BF0420'),
+ ('Secret', 'Attack at dawn', '45A01F645FC35B383552544B9BF5'))
+@@ -26,6 +30,8 @@ class RC4TestCase(unittest.TestCase):
+ self.assertEqual(rc4.final(), '')
+
+ def test_bad(self):
++ if fips_mode:
++ return
+ rc4 = RC4.RC4('foo')
+ self.assertNotEqual(hexlify(rc4.update('bar')).upper(), '45678')
+
+diff -up M2Crypto-0.20.2/tests/test_rsa.py.fips M2Crypto-0.20.2/tests/test_rsa.py
+--- M2Crypto-0.20.2/tests/test_rsa.py.fips 2009-10-07 06:26:42.000000000 +0200
++++ M2Crypto-0.20.2/tests/test_rsa.py 2010-05-19 07:06:44.039121270 +0200
+@@ -8,6 +8,8 @@ import unittest
+ import sha, md5, os, sys
+ from M2Crypto import RSA, BIO, Rand, m2, EVP, X509
+
++from fips import fips_mode
++
+ class RSATestCase(unittest.TestCase):
+
+ errkey = 'tests/dsa.priv.pem'
+@@ -187,9 +189,10 @@ class RSATestCase(unittest.TestCase):
+
+ else:
+ import hashlib
+- algos = {'sha1': 43,
+- 'ripemd160': 43,
+- 'md5': 47}
++ algos = {'sha1': 43}
++ if not fips_mode:
++ algos['md5'] = 47
++ algos['ripemd160'] = 43
+
+ if m2.OPENSSL_VERSION_NUMBER >= 0x90800F:
+ algos['sha224'] = 35
+@@ -217,7 +220,7 @@ class RSATestCase(unittest.TestCase):
+ """
+ rsa = RSA.load_key(self.privkey)
+ message = "This is the message string"
+- digest = md5.md5(message).digest()
++ digest = 'a' * 16
+ self.assertRaises(ValueError, rsa.sign,
+ digest, 'bad_digest_method')
+
+@@ -227,7 +230,7 @@ class RSATestCase(unittest.TestCase):
+ """
+ rsa = RSA.load_key(self.privkey)
+ message = "This is the message string"
+- digest = md5.md5(message).digest()
++ digest = 'a' * 16
+ signature = rsa.sign(digest, 'sha1')
+ self.assertRaises(ValueError, rsa.verify,
+ digest, signature, 'bad_digest_method')
+diff -up M2Crypto-0.20.2/tests/test_smime.py.fips M2Crypto-0.20.2/tests/test_smime.py
+--- M2Crypto-0.20.2/tests/test_smime.py.fips 2010-05-19 07:06:44.035105357 +0200
++++ M2Crypto-0.20.2/tests/test_smime.py 2010-05-19 07:06:44.040120779 +0200
+@@ -219,7 +219,7 @@ class WriteLoadTestCase(unittest.TestCas
+ buf = BIO.MemoryBuffer()
+ assert SMIME.load_pkcs7(self.filename).write_der(buf) == 1
+ s = buf.read()
+- assert len(s) in (1204, 1243), len(s)
++ assert len(s) in (1188, 1204, 1243), len(s)
+
+ def test_load_pkcs7(self):
+ assert SMIME.load_pkcs7(self.filename).type() == SMIME.PKCS7_SIGNED
+diff -up M2Crypto-0.20.2/tests/test_ssl.py.fips M2Crypto-0.20.2/tests/test_ssl.py
+--- M2Crypto-0.20.2/tests/test_ssl.py.fips 2010-05-19 07:06:44.019113781 +0200
++++ M2Crypto-0.20.2/tests/test_ssl.py 2010-05-19 07:06:44.040120779 +0200
+@@ -51,7 +51,7 @@ class VerifyCB:
+ def __call__(self, ok, store):
+ return verify_cb_new_function(ok, store)
+
+-sleepTime = float(os.getenv('M2CRYPTO_TEST_SSL_SLEEP', 0.5))
++sleepTime = float(os.getenv('M2CRYPTO_TEST_SSL_SLEEP', 1.5))
+
+ def find_openssl():
+ if os.name == 'nt' or sys.platform == 'cygwin':
+diff -up M2Crypto-0.20.2/tests/test_x509.py.fips M2Crypto-0.20.2/tests/test_x509.py
+--- M2Crypto-0.20.2/tests/test_x509.py.fips 2010-05-19 07:06:44.019113781 +0200
++++ M2Crypto-0.20.2/tests/test_x509.py 2010-05-19 07:06:44.040120779 +0200
+@@ -394,7 +394,7 @@ class X509TestCase(unittest.TestCase):
+ return
+
+ def test_load_request_bio(self):
+- (req, _) = self.mkreq(512)
++ (req, _) = self.mkreq(1024)
+
+ r1 = X509.load_request_der_string(req.as_der())
+ r2 = X509.load_request_string(req.as_der(), X509.FORMAT_DER)
diff --git a/SOURCES/m2crypto-0.21.1-AES_crypt.patch b/SOURCES/m2crypto-0.21.1-AES_crypt.patch
new file mode 100644
index 0000000..e16382c
--- /dev/null
+++ b/SOURCES/m2crypto-0.21.1-AES_crypt.patch
@@ -0,0 +1,23 @@
+Index: SWIG/_aes.i
+===================================================================
+--- SWIG/_aes.i (revision 724)
++++ SWIG/_aes.i (working copy)
+@@ -64,6 +64,7 @@
+ const void *buf;
+ Py_ssize_t len;
+ unsigned char *out;
++ PyObject *res;
+
+ if (PyObject_AsReadBuffer(in, &buf, &len) == -1)
+ return NULL;
+@@ -76,7 +77,9 @@
+ AES_encrypt((const unsigned char *)in, out, key);
+ else
+ AES_decrypt((const unsigned char *)in, out, key);
+- return PyString_FromStringAndSize((char*)out, outlen);
++ res = PyString_FromStringAndSize((char*)out, outlen);
++ PyMem_Free(out);
++ return res;
+ }
+
+ int AES_type_check(AES_KEY *key) {
diff --git a/SOURCES/m2crypto-0.21.1-IPv6.patch b/SOURCES/m2crypto-0.21.1-IPv6.patch
new file mode 100644
index 0000000..fe36f3e
--- /dev/null
+++ b/SOURCES/m2crypto-0.21.1-IPv6.patch
@@ -0,0 +1,60 @@
+diff -urN M2Crypto/M2Crypto/httpslib.py M2Crypto-0.21.1/M2Crypto/httpslib.py
+--- M2Crypto/M2Crypto/httpslib.py 2011-01-15 20:10:05.000000000 +0100
++++ M2Crypto-0.21.1/M2Crypto/httpslib.py 2012-03-13 15:04:13.848836581 +0100
+@@ -44,10 +44,33 @@
+ HTTPConnection.__init__(self, host, port, strict)
+
+ def connect(self):
+- self.sock = SSL.Connection(self.ssl_ctx)
+- if self.session:
+- self.sock.set_session(self.session)
+- self.sock.connect((self.host, self.port))
++ error = None
++ # We ignore the returned sockaddr because SSL.Connection.connect needs
++ # a host name.
++ for (family, _, _, _, _) in \
++ socket.getaddrinfo(self.host, self.port, 0, socket.SOCK_STREAM):
++ sock = None
++ try:
++ try:
++ sock = SSL.Connection(self.ssl_ctx, family=family)
++ if self.session is not None:
++ sock.set_session(self.session)
++ sock.connect((self.host, self.port))
++
++ self.sock = sock
++ sock = None
++ return
++ except socket.error, e:
++ # Other exception are probably SSL-related, in that case we
++ # abort and the exception is forwarded to the caller.
++ error = e
++ finally:
++ if sock is not None:
++ sock.close()
++
++ if error is None:
++ raise AssertionError("Empty list returned by getaddrinfo")
++ raise error
+
+ def close(self):
+ # This kludges around line 545 of httplib.py,
+diff -urN M2Crypto/M2Crypto/SSL/Connection.py M2Crypto-0.21.1/M2Crypto/SSL/Connection.py
+--- M2Crypto/M2Crypto/SSL/Connection.py 2012-03-13 15:00:25.058411492 +0100
++++ M2Crypto-0.21.1/M2Crypto/SSL/Connection.py 2012-03-13 15:04:13.849836578 +0100
+@@ -38,13 +38,13 @@
+ m2_bio_free = m2.bio_free
+ m2_ssl_free = m2.ssl_free
+
+- def __init__(self, ctx, sock=None):
++ def __init__(self, ctx, sock=None, family=socket.AF_INET):
+ self.ctx = ctx
+ self.ssl = m2.ssl_new(self.ctx.ctx)
+ if sock is not None:
+ self.socket = sock
+ else:
+- self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
++ self.socket = socket.socket(family, socket.SOCK_STREAM)
+ self.socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
+ self._fileno = self.socket.fileno()
+
diff --git a/SOURCES/m2crypto-0.21.1-SSL_CTX_new.patch b/SOURCES/m2crypto-0.21.1-SSL_CTX_new.patch
new file mode 100644
index 0000000..4be91ac
--- /dev/null
+++ b/SOURCES/m2crypto-0.21.1-SSL_CTX_new.patch
@@ -0,0 +1,22 @@
+diff -ur M2Crypto/SWIG/_ssl.i M2Crypto-0.21.1/SWIG/_ssl.i
+--- M2Crypto/SWIG/_ssl.i 2013-12-07 05:11:09.638393899 +0100
++++ M2Crypto-0.21.1/SWIG/_ssl.i 2013-12-07 05:54:06.791902199 +0100
+@@ -60,8 +60,18 @@
+ %rename(tlsv1_method) TLSv1_method;
+ extern SSL_METHOD *TLSv1_method(void);
+
++%typemap(out) SSL_CTX * {
++ if ($1 != NULL)
++ $result = SWIG_NewPointerObj($1, $1_descriptor, 0);
++ else {
++ PyErr_SetString(_ssl_err, ERR_reason_error_string(ERR_get_error()));
++ $result = NULL;
++ }
++}
+ %rename(ssl_ctx_new) SSL_CTX_new;
+ extern SSL_CTX *SSL_CTX_new(SSL_METHOD *);
++%typemap(out) SSL_CTX *;
++
+ %rename(ssl_ctx_free) SSL_CTX_free;
+ extern void SSL_CTX_free(SSL_CTX *);
+ %rename(ssl_ctx_set_verify_depth) SSL_CTX_set_verify_depth;
diff --git a/SOURCES/m2crypto-0.21.1-certs.patch b/SOURCES/m2crypto-0.21.1-certs.patch
new file mode 100644
index 0000000..be95177
--- /dev/null
+++ b/SOURCES/m2crypto-0.21.1-certs.patch
@@ -0,0 +1,669 @@
+Index: tests/ca.pem
+===================================================================
+--- tests/ca.pem (revision 739)
++++ tests/ca.pem (working copy)
+@@ -2,61 +2,56 @@
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+- d1:b6:bf:af:06:17:8c:bd
++ b4:7e:b2:de:87:00:03:0b
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, ST=California, O=M2Crypto, CN=Heikki Toivonen
+ Validity
+- Not Before: Jul 28 04:30:50 2009 GMT
+- Not After : Jul 27 04:30:50 2012 GMT
++ Not Before: Nov 21 15:31:30 2012 GMT
++ Not After : Nov 21 15:31:30 2015 GMT
+ Subject: C=US, ST=California, O=M2Crypto, CN=Heikki Toivonen
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+- RSA Public Key: (1024 bit)
+- Modulus (1024 bit):
+- 00:c8:9b:59:18:c2:bf:21:68:dc:d4:62:30:1f:43:
+- 29:52:85:8d:36:fc:20:7f:11:1b:c6:f3:e6:c2:7a:
+- d0:17:0e:6e:78:43:21:e9:e2:df:9f:31:87:e8:7a:
+- 37:88:1f:a4:56:a1:e9:cb:13:7b:1b:c0:28:cf:5a:
+- db:a3:e7:50:6c:c6:55:76:e3:61:e8:73:4b:c2:8c:
+- ee:1c:29:c1:ee:2d:fd:e2:30:34:69:06:ea:d0:af:
+- bd:c5:db:86:70:92:26:0a:33:1b:70:a9:e7:6e:a4:
+- 2e:ee:4a:8a:f3:b2:6c:c9:97:28:39:28:28:3f:c5:
+- 90:4d:4e:83:0a:0e:cd:98:93
++ Public-Key: (1024 bit)
++ Modulus:
++ 00:d2:2f:57:58:be:05:6d:45:14:d0:70:90:56:10:
++ 80:f6:e3:e6:8a:ff:1e:0b:58:fa:a1:e6:95:a1:23:
++ 8d:01:c6:48:85:99:ab:f9:1b:e0:9a:15:6a:d1:50:
++ 73:fb:8f:7c:d2:73:4e:4a:c0:88:f9:54:f9:86:d9:
++ 01:86:4e:02:68:bc:d0:1c:8d:d2:2e:ce:7e:54:ac:
++ 45:a5:b7:39:c6:e9:f4:e0:70:2c:57:e6:21:24:f6:
++ 52:f8:fa:0b:b3:63:53:ea:eb:11:ca:ef:90:32:9f:
++ 15:08:6b:2d:0e:3d:61:69:22:f2:0f:dc:08:65:45:
++ 34:a2:29:8e:66:5e:45:95:91
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+- AD:64:45:74:8F:83:C7:2C:D5:D7:A0:85:91:10:40:9A:9C:96:CF:EE
++ 80:D9:6A:1E:15:FE:8B:61:51:62:60:4D:B3:CC:95:44:78:2D:89:E6
+ X509v3 Authority Key Identifier:
+- keyid:AD:64:45:74:8F:83:C7:2C:D5:D7:A0:85:91:10:40:9A:9C:96:CF:EE
+- DirName:/C=US/ST=California/O=M2Crypto/CN=Heikki Toivonen
+- serial:D1:B6:BF:AF:06:17:8C:BD
++ keyid:80:D9:6A:1E:15:FE:8B:61:51:62:60:4D:B3:CC:95:44:78:2D:89:E6
+
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: sha1WithRSAEncryption
+- c8:11:af:7d:6d:fb:1c:82:0d:c0:e7:41:f4:b2:a5:b0:69:6d:
+- 18:e3:04:aa:49:e6:4a:69:6d:c3:e3:8b:ab:d1:18:ac:72:ef:
+- 48:9e:49:c7:57:75:2d:00:1e:08:9f:c3:dc:ca:5f:91:38:0d:
+- ac:f8:1f:cc:fc:f7:c2:5b:ce:d7:0c:cf:b2:fe:c9:a9:ce:b8:
+- 07:45:17:1c:cf:b3:07:f9:1f:69:6a:94:03:be:62:62:9c:af:
+- a2:24:25:2d:1f:63:0a:91:6b:bb:e3:6c:ec:20:de:80:d3:04:
+- b4:5e:42:1f:27:bc:1f:79:98:18:ba:fb:8a:34:24:a9:40:1e:
+- b9:7b
++ b0:37:88:ab:56:c5:19:e7:1b:d2:d3:c0:00:98:ff:f0:0a:35:
++ 89:ff:a0:a8:14:bd:fc:84:b6:ee:6b:05:92:20:87:58:38:69:
++ b2:16:b8:89:f3:4f:3c:9d:0f:da:b6:ea:35:9f:cf:e9:4f:05:
++ 19:8b:6a:06:68:51:96:1c:0f:60:23:80:19:ff:cd:3e:2b:4b:
++ 0c:1a:ff:bd:f6:0d:6b:11:25:0f:ba:87:2c:46:47:c0:32:e8:
++ 8a:14:4c:30:26:35:2b:58:9c:6b:c6:0e:d1:e3:c8:6a:b0:c0:
++ e0:82:98:77:07:2e:67:ba:0c:e5:a5:04:0d:81:ca:54:92:b5:
++ 27:fa
+ -----BEGIN CERTIFICATE-----
+-MIICzjCCAjegAwIBAgIJANG2v68GF4y9MA0GCSqGSIb3DQEBBQUAME8xCzAJBgNV
+-BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQKEwhNMkNyeXB0bzEY
+-MBYGA1UEAxMPSGVpa2tpIFRvaXZvbmVuMB4XDTA5MDcyODA0MzA1MFoXDTEyMDcy
+-NzA0MzA1MFowTzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAP
+-BgNVBAoTCE0yQ3J5cHRvMRgwFgYDVQQDEw9IZWlra2kgVG9pdm9uZW4wgZ8wDQYJ
+-KoZIhvcNAQEBBQADgY0AMIGJAoGBAMibWRjCvyFo3NRiMB9DKVKFjTb8IH8RG8bz
+-5sJ60BcObnhDIeni358xh+h6N4gfpFah6csTexvAKM9a26PnUGzGVXbjYehzS8KM
+-7hwpwe4t/eIwNGkG6tCvvcXbhnCSJgozG3Cp526kLu5KivOybMmXKDkoKD/FkE1O
+-gwoOzZiTAgMBAAGjgbEwga4wHQYDVR0OBBYEFK1kRXSPg8cs1deghZEQQJqcls/u
+-MH8GA1UdIwR4MHaAFK1kRXSPg8cs1deghZEQQJqcls/uoVOkUTBPMQswCQYDVQQG
+-EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEChMITTJDcnlwdG8xGDAW
+-BgNVBAMTD0hlaWtraSBUb2l2b25lboIJANG2v68GF4y9MAwGA1UdEwQFMAMBAf8w
+-DQYJKoZIhvcNAQEFBQADgYEAyBGvfW37HIINwOdB9LKlsGltGOMEqknmSmltw+OL
+-q9EYrHLvSJ5Jx1d1LQAeCJ/D3MpfkTgNrPgfzPz3wlvO1wzPsv7Jqc64B0UXHM+z
+-B/kfaWqUA75iYpyvoiQlLR9jCpFru+Ns7CDegNMEtF5CHye8H3mYGLr7ijQkqUAe
+-uXs=
++MIICbDCCAdWgAwIBAgIJALR+st6HAAMLMA0GCSqGSIb3DQEBBQUAME8xCzAJBgNV
++BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMREwDwYDVQQKDAhNMkNyeXB0bzEY
++MBYGA1UEAwwPSGVpa2tpIFRvaXZvbmVuMB4XDTEyMTEyMTE1MzEzMFoXDTE1MTEy
++MTE1MzEzMFowTzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExETAP
++BgNVBAoMCE0yQ3J5cHRvMRgwFgYDVQQDDA9IZWlra2kgVG9pdm9uZW4wgZ8wDQYJ
++KoZIhvcNAQEBBQADgY0AMIGJAoGBANIvV1i+BW1FFNBwkFYQgPbj5or/HgtY+qHm
++laEjjQHGSIWZq/kb4JoVatFQc/uPfNJzTkrAiPlU+YbZAYZOAmi80ByN0i7OflSs
++RaW3Ocbp9OBwLFfmIST2Uvj6C7NjU+rrEcrvkDKfFQhrLQ49YWki8g/cCGVFNKIp
++jmZeRZWRAgMBAAGjUDBOMB0GA1UdDgQWBBSA2WoeFf6LYVFiYE2zzJVEeC2J5jAf
++BgNVHSMEGDAWgBSA2WoeFf6LYVFiYE2zzJVEeC2J5jAMBgNVHRMEBTADAQH/MA0G
++CSqGSIb3DQEBBQUAA4GBALA3iKtWxRnnG9LTwACY//AKNYn/oKgUvfyEtu5rBZIg
++h1g4abIWuInzTzydD9q26jWfz+lPBRmLagZoUZYcD2AjgBn/zT4rSwwa/732DWsR
++JQ+6hyxGR8Ay6IoUTDAmNStYnGvGDtHjyGqwwOCCmHcHLme6DOWlBA2BylSStSf6
+ -----END CERTIFICATE-----
+Index: tests/recipient.pem
+===================================================================
+--- tests/recipient.pem (revision 739)
++++ tests/recipient.pem (working copy)
+@@ -2,26 +2,26 @@
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+- d1:b6:bf:af:06:17:8c:c1
++ b4:7e:b2:de:87:00:03:0f
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, ST=California, O=M2Crypto, CN=Heikki Toivonen
+ Validity
+- Not Before: Jul 28 04:39:19 2009 GMT
+- Not After : Jul 26 04:39:19 2019 GMT
++ Not Before: Nov 21 15:39:34 2012 GMT
++ Not After : Jan 8 15:39:34 2023 GMT
+ Subject: C=US, ST=California, O=M2Crypto, CN=Recipient/emailAddress=recipient@example.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+- RSA Public Key: (1024 bit)
+- Modulus (1024 bit):
+- 00:c2:21:a3:4f:64:59:9c:21:39:21:d2:3c:e7:0a:
+- 60:72:c8:39:b3:c3:27:4a:6d:56:8f:a0:5d:1b:c6:
+- e4:3e:26:61:09:a9:ae:04:83:69:3f:9d:2b:12:7e:
+- d4:f7:8e:d0:6e:a9:8c:9b:d1:bf:17:0c:bd:d0:73:
+- 99:02:6e:7e:cb:7a:80:2d:cf:b1:29:c0:30:36:3f:
+- 68:12:3e:4e:bf:f9:8b:3d:1d:56:af:24:94:ae:d5:
+- 59:b4:00:50:0c:c0:2b:59:c3:99:b3:8a:19:f1:86:
+- 14:bd:ee:e9:c4:f1:d7:6a:0c:e9:67:8a:94:9a:2d:
+- 2d:60:25:22:c6:72:68:c2:0d
++ Public-Key: (1024 bit)
++ Modulus:
++ 00:ac:b6:2e:f0:34:34:7d:d4:e6:63:79:60:53:b9:
++ fe:91:a5:bf:49:ec:99:4c:33:2f:85:96:55:e8:09:
++ dc:18:47:1a:72:49:04:a2:e8:78:73:57:c7:bb:e9:
++ c7:aa:c5:07:84:14:b6:01:1c:e3:8a:fd:f3:19:01:
++ 11:9d:48:bc:24:8a:0f:c6:40:ed:d7:30:b1:92:ab:
++ c2:61:8c:5d:ea:08:c6:c4:d6:a5:22:00:d9:aa:da:
++ 57:5d:cc:2f:1a:35:1b:31:de:dc:c7:3b:83:91:38:
++ d9:07:e1:c7:a7:54:bd:94:95:10:c6:2d:dc:00:e1:
++ 28:99:b5:3b:28:95:aa:4e:d5
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+@@ -29,33 +29,33 @@
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+- 11:CB:60:AC:55:85:52:84:C5:C8:20:5A:50:13:D0:89:C7:7A:B7:81
++ CD:26:EB:42:79:6D:04:7F:95:23:46:1E:03:C9:40:2D:D2:00:AE:71
+ X509v3 Authority Key Identifier:
+- keyid:AD:64:45:74:8F:83:C7:2C:D5:D7:A0:85:91:10:40:9A:9C:96:CF:EE
++ keyid:80:D9:6A:1E:15:FE:8B:61:51:62:60:4D:B3:CC:95:44:78:2D:89:E6
+
+ Signature Algorithm: sha1WithRSAEncryption
+- 87:56:17:6d:ba:3b:a6:c4:22:af:20:f1:a0:e5:9d:27:c4:50:
+- bd:79:eb:d2:84:e5:9a:00:5f:5d:5a:c3:34:58:77:f5:a9:00:
+- f9:76:e9:2d:89:b4:3f:9d:e3:cf:15:0c:64:1b:0a:03:db:e4:
+- 6f:2b:ff:1c:82:89:1a:0f:7e:83:58:0f:e6:da:af:26:97:49:
+- 4a:59:d7:61:3f:4b:ed:1d:5b:51:00:3b:83:96:c7:1e:3d:84:
+- f4:91:1f:70:69:12:b9:a7:2c:5b:1b:05:cd:74:90:2b:a0:ba:
+- e7:70:cd:6b:7d:ac:be:d7:92:50:e9:f5:c0:42:29:04:ef:8f:
+- a1:68
++ a9:5e:b2:4c:24:15:dd:49:d1:4d:e3:dd:e3:da:6b:23:99:45:
++ 2d:a1:84:f2:9b:6e:48:3c:e9:ce:f8:7f:f3:1f:d3:85:99:94:
++ 7e:19:8c:ca:be:3a:ca:97:b9:de:c8:4f:08:28:fc:7f:24:37:
++ 95:e1:d5:60:97:07:2b:be:62:f4:02:1d:27:8f:9e:0d:36:1a:
++ d5:45:6f:27:c3:34:21:13:1b:28:93:9d:cb:a6:30:0d:8f:4a:
++ 5f:4c:4a:97:7b:fe:ed:ce:18:84:5a:ec:4f:f8:84:2e:cb:72:
++ 28:90:cb:e3:5a:f4:83:16:bd:a8:ef:f0:f5:12:6c:26:3e:af:
++ c7:a8
+ -----BEGIN CERTIFICATE-----
+-MIICtzCCAiCgAwIBAgIJANG2v68GF4zBMA0GCSqGSIb3DQEBBQUAME8xCzAJBgNV
+-BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQKEwhNMkNyeXB0bzEY
+-MBYGA1UEAxMPSGVpa2tpIFRvaXZvbmVuMB4XDTA5MDcyODA0MzkxOVoXDTE5MDcy
+-NjA0MzkxOVowbzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAP
+-BgNVBAoTCE0yQ3J5cHRvMRIwEAYDVQQDEwlSZWNpcGllbnQxJDAiBgkqhkiG9w0B
++MIICtzCCAiCgAwIBAgIJALR+st6HAAMPMA0GCSqGSIb3DQEBBQUAME8xCzAJBgNV
++BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMREwDwYDVQQKDAhNMkNyeXB0bzEY
++MBYGA1UEAwwPSGVpa2tpIFRvaXZvbmVuMB4XDTEyMTEyMTE1MzkzNFoXDTIzMDEw
++ODE1MzkzNFowbzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExETAP
++BgNVBAoMCE0yQ3J5cHRvMRIwEAYDVQQDDAlSZWNpcGllbnQxJDAiBgkqhkiG9w0B
+ CQEWFXJlY2lwaWVudEBleGFtcGxlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
+-gYkCgYEAwiGjT2RZnCE5IdI85wpgcsg5s8MnSm1Wj6BdG8bkPiZhCamuBINpP50r
+-En7U947QbqmMm9G/Fwy90HOZAm5+y3qALc+xKcAwNj9oEj5Ov/mLPR1WrySUrtVZ
+-tABQDMArWcOZs4oZ8YYUve7pxPHXagzpZ4qUmi0tYCUixnJowg0CAwEAAaN7MHkw
++gYkCgYEArLYu8DQ0fdTmY3lgU7n+kaW/SeyZTDMvhZZV6AncGEcackkEouh4c1fH
++u+nHqsUHhBS2ARzjiv3zGQERnUi8JIoPxkDt1zCxkqvCYYxd6gjGxNalIgDZqtpX
++XcwvGjUbMd7cxzuDkTjZB+HHp1S9lJUQxi3cAOEombU7KJWqTtUCAwEAAaN7MHkw
+ CQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2Vy
+-dGlmaWNhdGUwHQYDVR0OBBYEFBHLYKxVhVKExcggWlAT0InHereBMB8GA1UdIwQY
+-MBaAFK1kRXSPg8cs1deghZEQQJqcls/uMA0GCSqGSIb3DQEBBQUAA4GBAIdWF226
+-O6bEIq8g8aDlnSfEUL1569KE5ZoAX11awzRYd/WpAPl26S2JtD+d488VDGQbCgPb
+-5G8r/xyCiRoPfoNYD+baryaXSUpZ12E/S+0dW1EAO4OWxx49hPSRH3BpErmnLFsb
+-Bc10kCuguudwzWt9rL7XklDp9cBCKQTvj6Fo
++dGlmaWNhdGUwHQYDVR0OBBYEFM0m60J5bQR/lSNGHgPJQC3SAK5xMB8GA1UdIwQY
++MBaAFIDZah4V/othUWJgTbPMlUR4LYnmMA0GCSqGSIb3DQEBBQUAA4GBAKleskwk
++Fd1J0U3j3ePaayOZRS2hhPKbbkg86c74f/Mf04WZlH4ZjMq+OsqXud7ITwgo/H8k
++N5Xh1WCXByu+YvQCHSePng02GtVFbyfDNCETGyiTncumMA2PSl9MSpd7/u3OGIRa
++7E/4hC7LciiQy+Na9IMWvajv8PUSbCY+r8eo
+ -----END CERTIFICATE-----
+Index: tests/recipient_key.pem
+===================================================================
+--- tests/recipient_key.pem (revision 739)
++++ tests/recipient_key.pem (working copy)
+@@ -1,15 +1,15 @@
+ -----BEGIN RSA PRIVATE KEY-----
+-MIICXAIBAAKBgQDCIaNPZFmcITkh0jznCmByyDmzwydKbVaPoF0bxuQ+JmEJqa4E
+-g2k/nSsSftT3jtBuqYyb0b8XDL3Qc5kCbn7LeoAtz7EpwDA2P2gSPk6/+Ys9HVav
+-JJSu1Vm0AFAMwCtZw5mzihnxhhS97unE8ddqDOlnipSaLS1gJSLGcmjCDQIDAQAB
+-AoGAZlrJ+kAUpyc1Mkng5ogoFhzPn6ITg0Bm1U9eCBkzmjkuDKQ0JhkLUwkQ/q10
+-qBnad55ZjoZmVEbZhaCNWiTcIIy0nKAMWNKRcg3vTgrnbmbjco1HECDStfJKogZl
+-7egoIImHnU1f/IeKQDUYUfs/INonmnnZ1d2jrU7QsdTz84ECQQDzhT0UwP8S1oma
+-0IBgeUOt5ptZs7nFdZnbIKCd+ADra6NiQznokCHe5K0WZHqPKvN9asKx1u0h+97H
+-Wmk6Fw7RAkEAzBR1+mTRSrlJT8/NTCsIDPtCK/+OhmGbNy1pfsOWq1lN58Za5HV7
+-fmtaH2No+MP+DlfNigsg557GzAYl2ZumfQJAHQj33W+dehuGUKUniVksDqH+R9W8
+-AqUg8RWU0QDu6yLsWhz13JrCzxao5JCaZFOUsJF4IUglAfZL+6z1+u0g4QJAH5aL
+-LFaujoJfdpsTi9adSGUbuPO1e9dfzwqYaaaci6knBdkN+I62rrqvGGyqstajXFT6
+-24MddLx+yNWqxiPxgQJBAKF8YiR4eLqLSnq4ftqCqVCC1XbA2H9b7G5RBWi00WFq
+-3Nx+B/wjLzbqsMamTCIDUCEW+MzFx6otCxduDZRMKH8=
++MIICWwIBAAKBgQCsti7wNDR91OZjeWBTuf6Rpb9J7JlMMy+FllXoCdwYRxpySQSi
++6HhzV8e76ceqxQeEFLYBHOOK/fMZARGdSLwkig/GQO3XMLGSq8JhjF3qCMbE1qUi
++ANmq2lddzC8aNRsx3tzHO4ORONkH4cenVL2UlRDGLdwA4SiZtTsolapO1QIDAQAB
++AoGAXMxCqiOStK2I4Jfdzv7XrlA9WK38rDmwZfmhzNxHWvARYKilChcYaPkYQ3pY
++IwRchnZOWIi6JftO+/dcDIOBOsqlIRPcy7T1rMrNoouNy5IglzL5nAUfkGiPzm7Q
++xW5/jl7t5OA2YO8ID4jDvFjZ8Lo+mwQRD0Pd8eXyZZ/E1Z0CQQDarp9wz2HBnBQJ
++FY8yASX6CcLN6brrateC/gy+E8Sy82t4TOwWpLC3d8LEgYD7AZtu41VB50mUCg5e
++EbrGkZrjAkEAyi9J1TOf/LzrFEYOnskYiTkKLgHG1uJuDdcF4NtGn+tEc85X7R9A
++jAQdZGFeN26fgDqmHJlm4W0473H8sXQE5wJAJpK2vQdXjvcg8ZlD8OYS9M/T9M5N
++kkj+SrTVOpHyGD6nrkijPDtAkJwnVtIhFiVqbVzcJQvPBrXfYuhtsajtUQJAHS50
++FpyL49uUhmmSJKLbsrqT2I4TF+K4hbDaPVkIuX4odBp9IFFZbJwPbfSLt650wPo2
++DXyql7C+/fhSw33+UwJAea5E2ZMIXMwPwVH/oOaeiUqwEcJ0hQ97Y3DkiI9USPBz
++U3W9Nu/6eTEuFmadfPpT6SlwAbOTjEICpuOP3oPShg==
+ -----END RSA PRIVATE KEY-----
+Index: tests/server.pem
+===================================================================
+--- tests/server.pem (revision 739)
++++ tests/server.pem (working copy)
+@@ -2,26 +2,26 @@
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+- d1:b6:bf:af:06:17:8c:be
++ b4:7e:b2:de:87:00:03:0c
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, ST=California, O=M2Crypto, CN=Heikki Toivonen
+ Validity
+- Not Before: Jul 28 04:31:41 2009 GMT
+- Not After : Jul 26 04:31:41 2019 GMT
++ Not Before: Nov 21 15:33:54 2012 GMT
++ Not After : Jan 8 15:33:54 2023 GMT
+ Subject: C=US, ST=California, O=M2Crypto, CN=localhost
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+- RSA Public Key: (1024 bit)
+- Modulus (1024 bit):
+- 00:d4:99:6f:33:3f:e6:ac:0a:34:d8:0e:45:97:f3:
+- 2b:6a:50:2a:84:30:0a:52:9c:15:30:9f:05:29:3a:
+- 21:f4:c1:c3:01:9e:2f:55:56:4e:35:ac:f1:16:1e:
+- 26:8d:b5:26:b7:99:78:92:ea:1c:74:46:ab:41:12:
+- ef:cc:53:62:cc:59:5c:9e:c4:86:df:d9:25:35:55:
+- 05:4b:16:ff:d9:90:e3:f4:51:b4:b4:fa:c5:98:4b:
+- 60:f0:60:7f:14:4e:1e:dd:61:9b:22:a2:9c:21:17:
+- 43:a3:cb:07:80:f5:75:59:9c:55:1c:fe:e0:66:d4:
+- 70:77:5e:13:06:0c:05:c7:1f
++ Public-Key: (1024 bit)
++ Modulus:
++ 00:dd:9d:eb:7f:82:43:ed:f2:06:1c:1d:b3:fa:e1:
++ 41:8a:4b:bd:b4:1d:82:04:ee:63:b3:22:af:cf:94:
++ 88:36:52:18:3e:01:b6:37:15:59:93:7f:cc:88:5a:
++ 56:ea:02:c1:a2:bd:9f:c2:87:a4:f6:0e:cb:ca:e9:
++ b8:c6:50:3c:87:30:15:7e:e0:4b:1d:b9:5f:8e:4f:
++ 2b:af:64:9b:24:14:01:a7:6a:47:ab:72:f5:26:66:
++ a5:73:33:11:bf:81:28:4f:88:14:76:49:e1:7b:ce:
++ b8:11:fd:3c:ad:83:95:8f:be:30:ec:78:ab:d7:68:
++ b9:70:f5:87:7a:96:f7:35:dd
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+@@ -29,47 +29,47 @@
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+- 04:05:3D:6A:A7:E8:D7:52:BD:2F:C4:52:30:7C:2C:BD:D3:81:46:C6
++ 14:E4:DE:06:C8:F0:45:E8:3B:FD:48:7A:6C:9C:AC:14:1F:D5:DB:E0
+ X509v3 Authority Key Identifier:
+- keyid:AD:64:45:74:8F:83:C7:2C:D5:D7:A0:85:91:10:40:9A:9C:96:CF:EE
++ keyid:80:D9:6A:1E:15:FE:8B:61:51:62:60:4D:B3:CC:95:44:78:2D:89:E6
+
+ Signature Algorithm: sha1WithRSAEncryption
+- ac:2b:ad:86:36:96:5c:fb:34:2c:02:ca:d9:5f:a7:8e:b6:58:
+- 24:1d:27:b6:8e:81:aa:69:0e:60:26:64:2e:72:a1:ff:d8:ba:
+- bb:7e:5d:46:c7:07:2d:a8:c8:4c:df:1e:ba:c8:bc:21:5b:f2:
+- b3:01:4c:d6:3b:10:fd:49:70:e6:83:01:f3:24:e2:a9:97:d7:
+- c3:9c:5b:2d:d7:64:2b:e5:e2:0e:3e:d9:8c:e6:93:86:39:32:
+- 50:43:5f:36:4a:3b:b0:05:e7:65:a3:b3:ef:50:56:7f:7e:dc:
+- f0:65:83:ac:42:7e:97:a0:c0:7e:63:c6:c8:c6:35:d3:60:d1:
+- 4f:51
++ 74:b4:9d:87:61:b0:e5:8e:7b:38:11:1b:26:18:ba:f6:03:38:
++ 1b:84:3f:be:95:70:eb:d6:1d:2c:d7:1e:d8:b7:26:62:84:db:
++ cb:f4:40:6b:af:97:0e:76:5f:fb:da:d7:2b:bb:c8:bd:38:a3:
++ 02:c1:f2:60:f4:ec:11:d8:81:54:b6:7a:a4:5b:66:72:40:cb:
++ 72:ff:12:a3:8f:e7:6a:76:73:b3:9f:72:4e:68:40:0c:11:bd:
++ bd:4d:93:2e:33:27:7d:8d:0a:93:c2:71:de:4f:a2:58:0c:8e:
++ f0:ad:d2:28:05:bc:04:72:30:6d:5b:d1:4e:73:48:f1:1d:83:
++ 65:a6
+ -----BEGIN CERTIFICATE-----
+-MIICkTCCAfqgAwIBAgIJANG2v68GF4y+MA0GCSqGSIb3DQEBBQUAME8xCzAJBgNV
+-BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQKEwhNMkNyeXB0bzEY
+-MBYGA1UEAxMPSGVpa2tpIFRvaXZvbmVuMB4XDTA5MDcyODA0MzE0MVoXDTE5MDcy
+-NjA0MzE0MVowSTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAP
+-BgNVBAoTCE0yQ3J5cHRvMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcN
+-AQEBBQADgY0AMIGJAoGBANSZbzM/5qwKNNgORZfzK2pQKoQwClKcFTCfBSk6IfTB
+-wwGeL1VWTjWs8RYeJo21JreZeJLqHHRGq0ES78xTYsxZXJ7Eht/ZJTVVBUsW/9mQ
+-4/RRtLT6xZhLYPBgfxROHt1hmyKinCEXQ6PLB4D1dVmcVRz+4GbUcHdeEwYMBccf
++MIICkTCCAfqgAwIBAgIJALR+st6HAAMMMA0GCSqGSIb3DQEBBQUAME8xCzAJBgNV
++BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMREwDwYDVQQKDAhNMkNyeXB0bzEY
++MBYGA1UEAwwPSGVpa2tpIFRvaXZvbmVuMB4XDTEyMTEyMTE1MzM1NFoXDTIzMDEw
++ODE1MzM1NFowSTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExETAP
++BgNVBAoMCE0yQ3J5cHRvMRIwEAYDVQQDDAlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcN
++AQEBBQADgY0AMIGJAoGBAN2d63+CQ+3yBhwds/rhQYpLvbQdggTuY7Mir8+UiDZS
++GD4BtjcVWZN/zIhaVuoCwaK9n8KHpPYOy8rpuMZQPIcwFX7gSx25X45PK69kmyQU
++AadqR6ty9SZmpXMzEb+BKE+IFHZJ4XvOuBH9PK2DlY++MOx4q9douXD1h3qW9zXd
+ AgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2Vu
+-ZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQEBT1qp+jXUr0vxFIwfCy904FG
+-xjAfBgNVHSMEGDAWgBStZEV0j4PHLNXXoIWREECanJbP7jANBgkqhkiG9w0BAQUF
+-AAOBgQCsK62GNpZc+zQsAsrZX6eOtlgkHSe2joGqaQ5gJmQucqH/2Lq7fl1Gxwct
+-qMhM3x66yLwhW/KzAUzWOxD9SXDmgwHzJOKpl9fDnFst12Qr5eIOPtmM5pOGOTJQ
+-Q182SjuwBedlo7PvUFZ/ftzwZYOsQn6XoMB+Y8bIxjXTYNFPUQ==
++ZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQU5N4GyPBF6Dv9SHpsnKwUH9Xb
++4DAfBgNVHSMEGDAWgBSA2WoeFf6LYVFiYE2zzJVEeC2J5jANBgkqhkiG9w0BAQUF
++AAOBgQB0tJ2HYbDljns4ERsmGLr2AzgbhD++lXDr1h0s1x7YtyZihNvL9EBrr5cO
++dl/72tcru8i9OKMCwfJg9OwR2IFUtnqkW2ZyQMty/xKjj+dqdnOzn3JOaEAMEb29
++TZMuMyd9jQqTwnHeT6JYDI7wrdIoBbwEcjBtW9FOc0jxHYNlpg==
+ -----END CERTIFICATE-----
+ -----BEGIN RSA PRIVATE KEY-----
+-MIICXgIBAAKBgQDUmW8zP+asCjTYDkWX8ytqUCqEMApSnBUwnwUpOiH0wcMBni9V
+-Vk41rPEWHiaNtSa3mXiS6hx0RqtBEu/MU2LMWVyexIbf2SU1VQVLFv/ZkOP0UbS0
+-+sWYS2DwYH8UTh7dYZsiopwhF0OjyweA9XVZnFUc/uBm1HB3XhMGDAXHHwIDAQAB
+-AoGBALBHrSm8kYMTT2/anZ/5tIUJhcdnohePbg6LvJbLqf4tb4l25V6IGn9tL9Yc
+-F/GmRD02VwDSd9d+BWAG2Kj+d0rfdCLfKY9O8PVVm0DF6grLZ7ugItYqUHRDYOdV
+-MOVOQrx+mCIzHtoEtQ6HLqmqt2rIX731L1TA7OLNm3XHyISJAkEA/mgNNNg0e23G
+-64z83yxxwPEnBrnKd1+xjH9QJ0Z9SJJuF4sNXRIFA4YUNvv2MNe3gMS4Hg9w78HL
+-PwcEzLnO9QJBANXuWAZGV58CdkM2w7H9+ukxMbQeLSnmgjpdddo31qqbfgFAYZMK
+-LppRqyosj+a2qQ6vua0ndstTImSi7KPmCUMCQQDbwr5Fu836ISYIK830aswIw0fX
+-A37mB3+zwfZXNwjaO8NmCvQMRZiXJqcnqBdOsckOLuBs9yGzuk/7rfBzeL5RAkA2
+-uBcly7o/vsZ3HLvjfB5ApUecVZehvwcSXLN3VI8A5nLNaSVMEe+nozoPuIQ6NAB7
+-9DCe/JgjG6mRaibzKTS3AkEAjTl5MTKkYR78+2u3NRU/ypa1iKCicSvI/Ryw7p/z
+-Q8XmVA0CmNRvltf9gA1gJ04ZijBPtl+s09uppaCw9L3vuA==
++MIICXAIBAAKBgQDdnet/gkPt8gYcHbP64UGKS720HYIE7mOzIq/PlIg2Uhg+AbY3
++FVmTf8yIWlbqAsGivZ/Ch6T2DsvK6bjGUDyHMBV+4EsduV+OTyuvZJskFAGnaker
++cvUmZqVzMxG/gShPiBR2SeF7zrgR/Tytg5WPvjDseKvXaLlw9Yd6lvc13QIDAQAB
++AoGAIZzWHxzO2MQgkRsgNSj9G9CpESx4j+7oSD82kzFgB30kGCOCU5B1aZ20k+m/
++zPZmEBzaolKYfol392rDj7CTvVT5VQh5QzkVeU28iLOBVqUJ1fwh5gBvIy5iEXzo
++O58M8y2IDyJ2W84UUtIav8LD3xGKDxD7k14FW5TIwXfCE4ECQQD8gAI7RHfViv0M
++9qSsZ7MapR4wwJKolapfHJda8hM+uEaSanJ/2RwAe5mfn92VUubmAG+Xcoe9HR9x
++dJQ5hAllAkEA4LBSq3T8+5wNUBE7V9OUP4Eh8ytbEviurNizfM4sBTrsXBVyDoBU
+++ji9BCcDtbaB+GewnpsrXeqSJ/eKxMnvGQJALInH2vxwxtIFYMwAsAh6pzCI6sCN
++Hf+IVc6NRBV/H4kRqbHtEHATaGJk7qscQsKkx9070dL57nm8mh6eJqcLoQJBALM0
++LltNrVBIQF3xwHDl8UFNDvTRSYwyB68YDt+l2Ho7arRu7k8ej6gahLbBHzZY4ARt
++PvLhM49uPS/fQTB/FlECQHaIJA/MFMtpFpv2h0Vsq5Rq0kayzFy/1Cf7k+E9wVUg
++gqcUvnEaT990We8Ffri/HlBtIuiuC7lVtv7zKu//VHU=
+ -----END RSA PRIVATE KEY-----
+Index: tests/signer.pem
+===================================================================
+--- tests/signer.pem (revision 739)
++++ tests/signer.pem (working copy)
+@@ -2,26 +2,26 @@
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+- d1:b6:bf:af:06:17:8c:c0
++ b4:7e:b2:de:87:00:03:0e
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, ST=California, O=M2Crypto, CN=Heikki Toivonen
+ Validity
+- Not Before: Jul 28 04:37:25 2009 GMT
+- Not After : Jul 26 04:37:25 2019 GMT
++ Not Before: Nov 21 15:37:55 2012 GMT
++ Not After : Jan 8 15:37:55 2023 GMT
+ Subject: C=US, ST=California, O=M2Crypto, CN=Signer/emailAddress=signer@example.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+- RSA Public Key: (1024 bit)
+- Modulus (1024 bit):
+- 00:c3:9c:76:f3:21:aa:10:19:9f:77:e3:82:1d:9d:
+- c3:4a:da:bc:c3:83:71:d1:89:78:8b:82:a4:b9:c5:
+- 70:bb:e3:00:bf:49:b8:99:96:67:0b:bf:fe:72:cb:
+- d9:b6:63:85:f4:fb:86:55:32:22:1e:6e:ce:fd:88:
+- 5c:75:9d:77:3c:92:17:c5:b2:70:04:59:02:33:ef:
+- be:33:26:f1:e4:72:41:45:72:f1:bf:c4:21:b1:fe:
+- de:92:b9:f3:25:3e:1a:15:4b:26:47:29:cc:38:7f:
+- 58:3b:ae:b7:c5:69:e7:48:81:b6:55:61:45:c3:3f:
+- b6:9d:06:e5:17:41:f6:f2:e9
++ Public-Key: (1024 bit)
++ Modulus:
++ 00:a1:f3:c0:4b:84:03:54:c4:db:dd:95:75:4b:d2:
++ e3:4b:63:5e:fb:e9:68:32:3a:79:3a:5b:3c:f1:ae:
++ 3c:65:11:a1:a2:86:d9:45:20:c1:a8:3c:e9:64:c6:
++ 5c:9a:58:ee:ae:d3:4e:af:07:95:80:5f:4c:fe:64:
++ bd:65:ae:2c:91:fc:fa:bf:dc:aa:5f:da:36:4c:0a:
++ 77:61:e6:a4:f6:a3:54:92:bf:39:12:84:44:d9:ab:
++ 12:da:78:43:20:b6:50:6c:9d:87:3a:27:86:95:14:
++ a7:9c:f2:d8:36:29:fb:1e:24:64:61:13:48:b5:de:
++ 17:61:49:6c:2a:61:da:03:b1
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+@@ -29,33 +29,33 @@
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+- 22:CA:29:B7:D7:39:B4:BF:35:F9:36:5E:EE:2B:E4:17:4E:F9:6E:EE
++ 07:7D:13:C0:AF:F5:E4:63:CD:7C:64:68:FF:D2:67:FC:27:46:DC:04
+ X509v3 Authority Key Identifier:
+- keyid:AD:64:45:74:8F:83:C7:2C:D5:D7:A0:85:91:10:40:9A:9C:96:CF:EE
++ keyid:80:D9:6A:1E:15:FE:8B:61:51:62:60:4D:B3:CC:95:44:78:2D:89:E6
+
+ Signature Algorithm: sha1WithRSAEncryption
+- 5f:a0:da:6b:37:b4:bb:25:34:a7:ed:f3:f7:2e:f2:85:aa:91:
+- 01:8f:c3:80:e5:44:87:df:9e:64:5e:5f:3e:5c:7f:c1:07:12:
+- 2a:46:cc:bb:9f:a4:a5:c8:3f:84:9a:a4:9e:d5:26:33:af:b4:
+- 5f:eb:8e:7d:81:65:f6:44:18:78:89:17:74:fb:07:dc:04:65:
+- fa:15:0c:b2:f3:e7:e7:af:1f:d9:02:c4:c4:44:b7:95:91:47:
+- fe:c0:2a:e1:7a:ae:dd:5f:f8:a9:fa:bb:dd:89:2d:0b:05:b6:
+- ce:ba:12:37:7f:97:4c:48:a9:fb:d4:b7:a5:d1:61:f6:85:ea:
+- 30:8c
++ 00:64:bc:be:4b:42:72:54:ca:7e:02:28:87:90:07:c8:cb:ad:
++ ac:18:fa:89:bb:1e:a8:20:c1:1a:39:d2:e3:ba:b6:d9:1c:b6:
++ bf:bb:c7:dc:46:3b:99:ac:81:13:99:f7:88:9f:b2:ae:19:ff:
++ d7:37:c2:83:aa:ca:c8:d2:03:1f:ce:00:b8:86:2a:b0:2d:80:
++ e8:83:c0:83:34:8a:dd:9f:75:c5:df:61:ff:cc:c1:8b:ab:e0:
++ e1:13:02:ff:63:4b:1d:58:0b:5d:3a:a4:e9:a3:b5:3a:19:2f:
++ dc:a4:c2:4a:b4:46:5e:0c:fa:59:4e:c5:31:5f:a2:18:aa:c8:
++ a4:92
+ -----BEGIN CERTIFICATE-----
+-MIICsTCCAhqgAwIBAgIJANG2v68GF4zAMA0GCSqGSIb3DQEBBQUAME8xCzAJBgNV
+-BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQKEwhNMkNyeXB0bzEY
+-MBYGA1UEAxMPSGVpa2tpIFRvaXZvbmVuMB4XDTA5MDcyODA0MzcyNVoXDTE5MDcy
+-NjA0MzcyNVowaTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAP
+-BgNVBAoTCE0yQ3J5cHRvMQ8wDQYDVQQDEwZTaWduZXIxITAfBgkqhkiG9w0BCQEW
++MIICsTCCAhqgAwIBAgIJALR+st6HAAMOMA0GCSqGSIb3DQEBBQUAME8xCzAJBgNV
++BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMREwDwYDVQQKDAhNMkNyeXB0bzEY
++MBYGA1UEAwwPSGVpa2tpIFRvaXZvbmVuMB4XDTEyMTEyMTE1Mzc1NVoXDTIzMDEw
++ODE1Mzc1NVowaTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExETAP
++BgNVBAoMCE0yQ3J5cHRvMQ8wDQYDVQQDDAZTaWduZXIxITAfBgkqhkiG9w0BCQEW
+ EnNpZ25lckBleGFtcGxlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
+-w5x28yGqEBmfd+OCHZ3DStq8w4Nx0Yl4i4KkucVwu+MAv0m4mZZnC7/+csvZtmOF
+-9PuGVTIiHm7O/YhcdZ13PJIXxbJwBFkCM+++Mybx5HJBRXLxv8Qhsf7ekrnzJT4a
+-FUsmRynMOH9YO663xWnnSIG2VWFFwz+2nQblF0H28ukCAwEAAaN7MHkwCQYDVR0T
++ofPAS4QDVMTb3ZV1S9LjS2Ne++loMjp5Ols88a48ZRGhoobZRSDBqDzpZMZcmlju
++rtNOrweVgF9M/mS9Za4skfz6v9yqX9o2TAp3Yeak9qNUkr85EoRE2asS2nhDILZQ
++bJ2HOieGlRSnnPLYNin7HiRkYRNItd4XYUlsKmHaA7ECAwEAAaN7MHkwCQYDVR0T
+ BAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNh
+-dGUwHQYDVR0OBBYEFCLKKbfXObS/Nfk2Xu4r5BdO+W7uMB8GA1UdIwQYMBaAFK1k
+-RXSPg8cs1deghZEQQJqcls/uMA0GCSqGSIb3DQEBBQUAA4GBAF+g2ms3tLslNKft
+-8/cu8oWqkQGPw4DlRIffnmReXz5cf8EHEipGzLufpKXIP4SapJ7VJjOvtF/rjn2B
+-ZfZEGHiJF3T7B9wEZfoVDLLz5+evH9kCxMREt5WRR/7AKuF6rt1f+Kn6u92JLQsF
+-ts66Ejd/l0xIqfvUt6XRYfaF6jCM
++dGUwHQYDVR0OBBYEFAd9E8Cv9eRjzXxkaP/SZ/wnRtwEMB8GA1UdIwQYMBaAFIDZ
++ah4V/othUWJgTbPMlUR4LYnmMA0GCSqGSIb3DQEBBQUAA4GBAABkvL5LQnJUyn4C
++KIeQB8jLrawY+om7HqggwRo50uO6ttkctr+7x9xGO5msgROZ94ifsq4Z/9c3woOq
++ysjSAx/OALiGKrAtgOiDwIM0it2fdcXfYf/MwYur4OETAv9jSx1YC106pOmjtToZ
++L9ykwkq0Rl4M+llOxTFfohiqyKSS
+ -----END CERTIFICATE-----
+Index: tests/signer_key.pem
+===================================================================
+--- tests/signer_key.pem (revision 739)
++++ tests/signer_key.pem (working copy)
+@@ -1,15 +1,15 @@
+ -----BEGIN RSA PRIVATE KEY-----
+-MIICXAIBAAKBgQDDnHbzIaoQGZ9344IdncNK2rzDg3HRiXiLgqS5xXC74wC/SbiZ
+-lmcLv/5yy9m2Y4X0+4ZVMiIebs79iFx1nXc8khfFsnAEWQIz774zJvHkckFFcvG/
+-xCGx/t6SufMlPhoVSyZHKcw4f1g7rrfFaedIgbZVYUXDP7adBuUXQfby6QIDAQAB
+-AoGAZL24JQ85XoFTt5Lb+BS/91Uf0jFn9Nov0um9nE8q+Bi40ctN3wuulkaS7Nw/
+-i8dFvh2r2USwfavjvn7z3z7xoMG8V2c1ZFJCI2CKjocuWVkGwNnIsbO7/BOG03nu
+-vir/i7TXN0YbN8zMhfuFC9APmR8bdmMa2KgHXzQcLuAmI4ECQQDhDIkC97l6rMKG
+-QWbYrbc7GoMZNwCsPb/fasUknGmtPmq+s818i335u1yyhAk5pwKV7HF+WyZ76S2A
+-P1bZf9+FAkEA3oN98qoklVmWSK0qV+CKHjZHSqtt32q2eu6+eAO5fVZOWHwXhS/B
+-MkTtfKJbIDTLyUnwhKyht/hXOniVqHE5FQJAf99VgoArvc6oAQzsWTXrpQOddhhQ
+-o426lkHenrzZNvz+PjmACsJf5CRXuX9Ylo+U4ockvb0hEssddX+H47HK2QJBAIYr
+-aV1SJH79pvWpnLeiSAYRmok2tyiZMvELVkQNkuI1kUYfhRslAWxrTXvyddoEm8CC
+-2glWAqlokEhMf4kyxEUCQCIQbV+XFoEqkECchik34PPmcPi2ends32dv/sW+AKjQ
+-pxKpWbxVB4sEOPZzpmujP0LLxvCY4HOUJDlhENGQ8MM=
++MIICXAIBAAKBgQCh88BLhANUxNvdlXVL0uNLY1776WgyOnk6WzzxrjxlEaGihtlF
++IMGoPOlkxlyaWO6u006vB5WAX0z+ZL1lriyR/Pq/3Kpf2jZMCndh5qT2o1SSvzkS
++hETZqxLaeEMgtlBsnYc6J4aVFKec8tg2KfseJGRhE0i13hdhSWwqYdoDsQIDAQAB
++AoGAOAsY1UkWugPxrellkNqmq1T07qnj09XmU6p1GZFY9wS18X9GuqROP8DsZ2I5
++c3QpDLi09t7h/m18QGBuJjyy0Tk3iFsLZ1+F1nNCFOZTeRybWA2MS91P9bpYri63
++tarTxHaDe/RsMsaXe2HBp2rjw/jxT3y5DYwwWPQWjEIgf/0CQQDT7yeEtdj5LN1O
++NW9Coj3MzAodjyz5Jz1bCRGvhXpnralaM8Oyl1Dix99wGM64VuHvE5Lg0gY1ySg2
++YJeYfuo/AkEAw6AmUTUrG8+axMkKX+rXz7LvaOR6Ad39uXO3S2lhbACQAy1Tn4W+
++gJ2x0zJY+lY8oRQpXqZi1wzdLI/JGL82DwJAQvZmcx0N8DUHu6VQgSpIAoRZkdti
++J1sJnNDxwJaZBVcukiyW4b/Ds9PZOk7sSfxRqLtzhgt2INptFTlRzMIU+wJBALYc
++1s7uoi0HvVrIlUHpy/Js73dEi1hForgMQ2yOs8TpWSe8AIcW6Nuu8iZcTnzt3w9N
++R533Yzgzn4qmaF0DVH0CQGHvjKMwb63YsnyjiUHtjG/zlN7FZWAIr3wEPNoMl2dd
++s33jU+euC2oKygr1tSUf1lSM+yLCvDTetzg+1uBNfmg=
+ -----END RSA PRIVATE KEY-----
+Index: tests/test_ssl_offline.py
+===================================================================
+--- tests/test_ssl_offline.py (revision 739)
++++ tests/test_ssl_offline.py (working copy)
+@@ -16,7 +16,7 @@
+ def test_checker(self):
+
+ check = Checker.Checker(host=srv_host,
+- peerCertHash='7B754EFA41A264AAD370D43460BC8229F9354ECE')
++ peerCertHash='6D5C51BF6C90686A87E015A07731B252B7638D93')
+ x509 = X509.load_cert('tests/server.pem')
+ assert check(x509, srv_host)
+ self.assertRaises(Checker.WrongHost, check, x509, 'example.com')
+Index: tests/test_x509.py
+===================================================================
+--- tests/test_x509.py (revision 739)
++++ tests/test_x509.py (working copy)
+@@ -340,14 +340,14 @@
+ def test_fingerprint(self):
+ x509 = X509.load_cert('tests/x509.pem')
+ fp = x509.get_fingerprint('sha1')
+- expected = '8D2EB9E203B5FFDC7F4FA7DC4103E852A55B808D'
++ expected = 'B2522F9B4F6F2461475D0C6267911537E738494F'
+ assert fp == expected, '%s != %s' % (fp, expected)
+
+ def test_load_der_string(self):
+ f = open('tests/x509.der', 'rb')
+ x509 = X509.load_cert_der_string(''.join(f.readlines()))
+ fp = x509.get_fingerprint('sha1')
+- expected = '8D2EB9E203B5FFDC7F4FA7DC4103E852A55B808D'
++ expected = 'B2522F9B4F6F2461475D0C6267911537E738494F'
+ assert fp == expected, '%s != %s' % (fp, expected)
+
+ def test_save_der_string(self):
+Index: tests/x509.der
+===================================================================
+Cannot display: file marked as a binary type.
+svn:mime-type = application/octet-stream
+Index: tests/x509.pem
+===================================================================
+--- tests/x509.pem (revision 739)
++++ tests/x509.pem (working copy)
+@@ -2,26 +2,26 @@
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+- d1:b6:bf:af:06:17:8c:bf
++ b4:7e:b2:de:87:00:03:0d
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, ST=California, O=M2Crypto, CN=Heikki Toivonen
+ Validity
+- Not Before: Jul 28 04:34:34 2009 GMT
+- Not After : Jul 26 04:34:34 2019 GMT
++ Not Before: Nov 21 15:35:24 2012 GMT
++ Not After : Jan 8 15:35:24 2023 GMT
+ Subject: C=US, ST=California, O=M2Crypto, CN=X509
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+- RSA Public Key: (1024 bit)
+- Modulus (1024 bit):
+- 00:d3:62:55:12:30:b8:dc:84:7c:63:bd:80:1d:19:
+- 1a:72:f2:28:f8:59:0b:2a:6b:f2:2a:23:9d:bb:0f:
+- 7f:92:5e:dd:27:74:bc:78:0a:27:ab:1c:2e:23:1c:
+- 26:77:48:b6:8f:03:ef:57:1c:a0:54:ae:1a:e8:f5:
+- 24:a1:46:a1:27:48:55:33:98:fc:db:6a:83:2e:89:
+- 3f:e0:f3:91:9d:da:4f:db:74:90:9d:a6:8d:4a:46:
+- cb:9f:ba:b8:60:df:ae:ee:22:4b:3f:80:55:f7:1d:
+- 89:3c:2b:28:df:46:19:d5:18:ac:e9:07:4e:40:81:
+- 75:bc:da:5b:d5:e1:c2:04:15
++ Public-Key: (1024 bit)
++ Modulus:
++ 00:ba:3b:21:75:3a:4f:78:99:14:56:ae:68:36:6f:
++ 52:f3:01:a4:c4:0c:cc:27:eb:e2:c5:e1:78:19:ba:
++ d4:47:05:35:df:d4:1c:10:8b:70:33:a2:f3:27:31:
++ 9e:1d:b7:2d:f8:ff:01:4a:4b:90:a7:29:4e:79:09:
++ ad:df:3a:85:96:fc:fd:cb:ea:8c:37:b6:e4:b2:67:
++ ec:fd:20:e1:0c:45:98:42:31:80:74:0e:78:fa:58:
++ 09:0d:2e:e5:82:38:8d:30:23:80:12:0c:40:c7:3f:
++ 26:94:e9:5b:43:f1:64:e2:1e:5d:fc:77:92:93:b4:
++ 4f:5f:8d:88:a0:03:b7:5e:a1
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+@@ -29,47 +29,47 @@
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+- B1:C4:6F:98:6F:E8:3B:8C:A1:26:11:81:97:9A:12:50:4A:1A:6C:88
++ E8:C1:6E:60:19:13:82:40:65:B9:67:26:B7:8E:D6:7C:EE:33:8D:72
+ X509v3 Authority Key Identifier:
+- keyid:AD:64:45:74:8F:83:C7:2C:D5:D7:A0:85:91:10:40:9A:9C:96:CF:EE
++ keyid:80:D9:6A:1E:15:FE:8B:61:51:62:60:4D:B3:CC:95:44:78:2D:89:E6
+
+ Signature Algorithm: sha1WithRSAEncryption
+- 3f:0b:44:bc:d2:da:5f:a9:39:be:08:53:e6:fd:10:ff:d6:f0:
+- a3:51:f6:be:03:20:cc:b3:52:cf:0f:7c:3f:56:42:6f:9d:72:
+- 9b:09:a5:64:3f:43:29:24:2b:d6:79:94:54:2f:99:e8:ce:fe:
+- fd:de:bb:ca:43:28:16:ff:32:ac:3d:c5:56:db:87:23:3c:d4:
+- 69:f7:4e:1b:c4:be:c9:d8:27:99:2a:64:be:3a:6b:7e:51:85:
+- db:75:35:40:a5:6c:ae:53:c3:09:e7:00:35:17:64:1a:17:71:
+- c5:d5:59:e5:8f:fc:96:4a:f9:81:33:23:4c:c1:60:71:93:18:
+- 0a:c4
++ cf:57:f4:f6:7d:be:e0:32:d1:44:ba:15:f7:44:2c:69:df:54:
++ a1:09:28:7f:7f:66:37:db:71:6f:2f:4b:b0:61:f5:96:09:56:
++ 50:e4:14:87:81:70:93:bb:9d:1e:8a:65:06:e8:67:c5:fb:24:
++ b1:17:b5:36:83:cb:53:88:0e:55:5c:91:80:26:56:f2:0b:50:
++ 19:86:6c:3b:1b:37:64:e1:64:2b:18:c3:5b:aa:d3:78:84:75:
++ 4f:59:c4:46:6e:9a:fb:a2:3b:86:79:87:09:a7:a6:e3:c8:91:
++ 5d:ea:2c:76:d4:ff:a3:3e:ad:6c:bd:bb:e2:c1:1d:1e:d3:81:
++ 6c:4a
+ -----BEGIN CERTIFICATE-----
+-MIICjDCCAfWgAwIBAgIJANG2v68GF4y/MA0GCSqGSIb3DQEBBQUAME8xCzAJBgNV
+-BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQKEwhNMkNyeXB0bzEY
+-MBYGA1UEAxMPSGVpa2tpIFRvaXZvbmVuMB4XDTA5MDcyODA0MzQzNFoXDTE5MDcy
+-NjA0MzQzNFowRDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAP
+-BgNVBAoTCE0yQ3J5cHRvMQ0wCwYDVQQDEwRYNTA5MIGfMA0GCSqGSIb3DQEBAQUA
+-A4GNADCBiQKBgQDTYlUSMLjchHxjvYAdGRpy8ij4WQsqa/IqI527D3+SXt0ndLx4
+-CierHC4jHCZ3SLaPA+9XHKBUrhro9SShRqEnSFUzmPzbaoMuiT/g85Gd2k/bdJCd
+-po1KRsufurhg367uIks/gFX3HYk8KyjfRhnVGKzpB05AgXW82lvV4cIEFQIDAQAB
++MIICjDCCAfWgAwIBAgIJALR+st6HAAMNMA0GCSqGSIb3DQEBBQUAME8xCzAJBgNV
++BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMREwDwYDVQQKDAhNMkNyeXB0bzEY
++MBYGA1UEAwwPSGVpa2tpIFRvaXZvbmVuMB4XDTEyMTEyMTE1MzUyNFoXDTIzMDEw
++ODE1MzUyNFowRDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExETAP
++BgNVBAoMCE0yQ3J5cHRvMQ0wCwYDVQQDDARYNTA5MIGfMA0GCSqGSIb3DQEBAQUA
++A4GNADCBiQKBgQC6OyF1Ok94mRRWrmg2b1LzAaTEDMwn6+LF4XgZutRHBTXf1BwQ
++i3AzovMnMZ4dty34/wFKS5CnKU55Ca3fOoWW/P3L6ow3tuSyZ+z9IOEMRZhCMYB0
++Dnj6WAkNLuWCOI0wI4ASDEDHPyaU6VtD8WTiHl38d5KTtE9fjYigA7deoQIDAQAB
+ o3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRl
+-ZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUscRvmG/oO4yhJhGBl5oSUEoabIgwHwYD
+-VR0jBBgwFoAUrWRFdI+DxyzV16CFkRBAmpyWz+4wDQYJKoZIhvcNAQEFBQADgYEA
+-PwtEvNLaX6k5vghT5v0Q/9bwo1H2vgMgzLNSzw98P1ZCb51ymwmlZD9DKSQr1nmU
+-VC+Z6M7+/d67ykMoFv8yrD3FVtuHIzzUafdOG8S+ydgnmSpkvjprflGF23U1QKVs
+-rlPDCecANRdkGhdxxdVZ5Y/8lkr5gTMjTMFgcZMYCsQ=
++ZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU6MFuYBkTgkBluWcmt47WfO4zjXIwHwYD
++VR0jBBgwFoAUgNlqHhX+i2FRYmBNs8yVRHgtieYwDQYJKoZIhvcNAQEFBQADgYEA
++z1f09n2+4DLRRLoV90Qsad9UoQkof39mN9txby9LsGH1lglWUOQUh4Fwk7udHopl
++BuhnxfsksRe1NoPLU4gOVVyRgCZW8gtQGYZsOxs3ZOFkKxjDW6rTeIR1T1nERm6a
+++6I7hnmHCaem48iRXeosdtT/oz6tbL274sEdHtOBbEo=
+ -----END CERTIFICATE-----
+ -----BEGIN RSA PRIVATE KEY-----
+-MIICXQIBAAKBgQDTYlUSMLjchHxjvYAdGRpy8ij4WQsqa/IqI527D3+SXt0ndLx4
+-CierHC4jHCZ3SLaPA+9XHKBUrhro9SShRqEnSFUzmPzbaoMuiT/g85Gd2k/bdJCd
+-po1KRsufurhg367uIks/gFX3HYk8KyjfRhnVGKzpB05AgXW82lvV4cIEFQIDAQAB
+-AoGATPipcY48QlAb21XNqMrTTrfPI1+JKVFVRPLjJJJoKaxRa2SenDdWaoBAbJh7
+-iUP49erA5D+QQkWDlwBs7i0B0NqSkZAUVTfzRjGackTNJUQ+smfeqRLMH+Oru6DS
+-VFbb818nJOJKqMMhMz8SrPrrbg+qiHlJ3JUQnNzTYohOMAECQQDvTJBSSit34ZBO
+-ABj4vWYucCnOygcpICQnIsG97sZmF8tuF55tA5e+0v9R7BPuyAjrQnKJqDj3r/AY
+-AxhgngGVAkEA4iMGoHzoSQvh+gT0A2rPCtVo+URNswIEZhQmMuA0VjrFCphWkZE+
+-3jgDsJTNQUJs4mczQMcBzL34Nh1cJThYgQJARMMrdXn6o6gdX0yH4HIMOqvgV5uW
+-Eys5OEW0hm9mc0/DFQ+UZp7xq9PVqiS8VZEFfxTI9OVx+TqFM2EwUBMXQQJBAIge
+-n0mRhl0Z6v+NZbh83X3e8h5BUCf1ieJMNKYhMT/KhnsXMdzTui0XOJldKKQksNgj
+-WMWgROQSYctpJuM8pIECQQCNN27XVHs4YAQ6GvBkrHsK5w6LZkm6UaJgbCqDqyeS
+-eqfPp9VRurZ/FhK1mPbgNN67U4Ik1nwjR0o8wD4mreIj
++MIICXgIBAAKBgQC6OyF1Ok94mRRWrmg2b1LzAaTEDMwn6+LF4XgZutRHBTXf1BwQ
++i3AzovMnMZ4dty34/wFKS5CnKU55Ca3fOoWW/P3L6ow3tuSyZ+z9IOEMRZhCMYB0
++Dnj6WAkNLuWCOI0wI4ASDEDHPyaU6VtD8WTiHl38d5KTtE9fjYigA7deoQIDAQAB
++AoGBALdK8ZBGtuc0i28RM2K4SQUCDiAjlGCKa2Vll+aDGuFXwIGva3vhMaqw6+8c
++h8ope6cBnUx5eUL9hc3dd/Moz0dxM34p2zu/fZbiFD2yrKlkVSXHv6YobYhUagod
++htPwb+tQOrQqYpHZ/zPeVkAa/EfmM88RD603nlFHbCz5PpFBAkEA5HWMYUaXD+1M
++kX3YjXy3ESmKr3zPdbQkw6tDiQ6ijl1jUX+b4BKGSgINFYsmXlaFYM/GeJWJ0z64
++BiPkSnhueQJBANCuYg0ykia6miTUWzXv3i8r8voVt593KmrAf23JwUM+jZnAd4yl
++xwSHkJSX5Ualp1cYDfKD9wzKj8vjq4mCx2kCQQCYlJFvHnAhqQDsYrpQtKynf7Eq
++RxdfqzKqpCV00htrLZ/5fFqkqnqZzwjiDI9RjkOCRwJs4qKsPUU2hJ4hxpExAkEA
++llzwfb3wnUNbiioRRr39hFPQke5QDvEYeS8XIo57WO6brSuHeKqCynq77LW+GLeH
++6jOE6Te5LVhPYIQ9t6mp8QJAKPE2g1wc0kmlzaOkNrlj67PPcRKqRVqL1RWIaSz9
++Dh3KWyvOnOQAKbShI9EbXqdINKM7JxJAhSL4LPBd3ejxSA==
+ -----END RSA PRIVATE KEY-----
diff --git a/SOURCES/m2crypto-0.21.1-gcc_macros.patch b/SOURCES/m2crypto-0.21.1-gcc_macros.patch
new file mode 100644
index 0000000..61dbbe6
--- /dev/null
+++ b/SOURCES/m2crypto-0.21.1-gcc_macros.patch
@@ -0,0 +1,11 @@
+diff -urN M2Crypto/SWIG/_m2crypto.i M2Crypto-0.21.1/SWIG/_m2crypto.i
+--- M2Crypto/SWIG/_m2crypto.i 2011-01-15 20:10:06.000000000 +0100
++++ M2Crypto-0.21.1/SWIG/_m2crypto.i 2011-01-18 15:37:33.948994579 +0100
+@@ -7,6 +7,7 @@
+ * Copyright (c) 2009-2010 Heikki Toivonen. All rights reserved.
+ *
+ */
++%import "gcc_macros.h"
+
+ %module(threads=1) _m2crypto
+ /* We really don't need threadblock (PyGILState_Ensure() etc.) anywhere.
diff --git a/SOURCES/m2crypto-0.21.1-https-proxy.patch b/SOURCES/m2crypto-0.21.1-https-proxy.patch
new file mode 100644
index 0000000..21b7b94
--- /dev/null
+++ b/SOURCES/m2crypto-0.21.1-https-proxy.patch
@@ -0,0 +1,43 @@
+diff -urN M2Crypto/M2Crypto/httpslib.py M2Crypto-0.21.1/M2Crypto/httpslib.py
+--- M2Crypto/M2Crypto/httpslib.py 2012-03-15 03:27:22.181524406 +0100
++++ M2Crypto-0.21.1/M2Crypto/httpslib.py 2012-03-15 03:27:40.467485033 +0100
+@@ -182,14 +182,14 @@
+ else:
+ HTTPSConnection.putheader(self, header, value)
+
+- def endheaders(self):
++ def endheaders(self, *args, **kwargs):
+ # We've recieved all of hte headers. Use the supplied username
+ # and password for authorization, possibly overriding the authstring
+ # supplied in the headers.
+ if not self._proxy_auth:
+ self._proxy_auth = self._encode_auth()
+
+- HTTPSConnection.endheaders(self)
++ HTTPSConnection.endheaders(self, *args, **kwargs)
+
+ def connect(self):
+ HTTPConnection.connect(self)
+diff -urN M2Crypto/M2Crypto/m2urllib2.py M2Crypto-0.21.1/M2Crypto/m2urllib2.py
+--- M2Crypto/M2Crypto/m2urllib2.py 2011-01-15 20:10:05.000000000 +0100
++++ M2Crypto-0.21.1/M2Crypto/m2urllib2.py 2012-03-15 03:27:40.467485033 +0100
+@@ -64,8 +64,10 @@
+ target_host = urlparse.urlparse(full_url)[1]
+
+ if (target_host != host):
++ request_uri = urlparse.urldefrag(full_url)[0]
+ h = httpslib.ProxyHTTPSConnection(host = host, ssl_context = self.ctx)
+ else:
++ request_uri = req.get_selector()
+ h = httpslib.HTTPSConnection(host = host, ssl_context = self.ctx)
+ # End our change
+ h.set_debuglevel(self._debuglevel)
+@@ -80,7 +82,7 @@
+ # request.
+ headers["Connection"] = "close"
+ try:
+- h.request(req.get_method(), req.get_selector(), req.data, headers)
++ h.request(req.get_method(), request_uri, req.data, headers)
+ r = h.getresponse()
+ except socket.error, err: # XXX what error?
+ raise URLError(err)
diff --git a/SOURCES/m2crypto-0.21.1-memoryview.patch b/SOURCES/m2crypto-0.21.1-memoryview.patch
new file mode 100644
index 0000000..8fcba7d
--- /dev/null
+++ b/SOURCES/m2crypto-0.21.1-memoryview.patch
@@ -0,0 +1,174 @@
+diff -u M2Crypto/SWIG/_lib.h M2Crypto-0.21.1/SWIG/_lib.h
+--- M2Crypto/SWIG/_lib.h 2011-01-19 19:56:37.622364336 +0100
++++ M2Crypto-0.21.1/SWIG/_lib.h 2011-05-10 20:14:38.593211256 +0200
+@@ -7,6 +7,16 @@
+ #define PY_SSIZE_T_MIN INT_MIN
+ #endif
+
++#if PY_VERSION_HEX < 0x02060000
++struct Py_buffer /* Only a subset */
++{
++ void *buf;
++ Py_ssize_t len;
++};
++
++#define PyBUF_CONTIG_RO 0
++#endif /* PY_VERSION_HEX < 0x02060000 */
++
+ typedef struct _blob {
+ unsigned char *data;
+ int len;
+@@ -20,6 +30,10 @@
+ int *buffer_len);
+ static int m2_PyString_AsStringAndSizeInt(PyObject *obj, char **s, int *len);
+
++/* Always use these two together, to correctly handle non-memoryview objects. */
++static int m2_PyObject_GetBufferInt(PyObject *obj, Py_buffer *view, int flags);
++static void m2_PyBuffer_Release(PyObject *obj, Py_buffer *view);
++
+ void gen_callback(int p, int n, void *arg);
+ int passphrase_callback(char *buf, int num, int v, void *userdata);
+
+diff -u M2Crypto/SWIG/_lib.i M2Crypto-0.21.1/SWIG/_lib.i
+--- M2Crypto/SWIG/_lib.i 2011-01-19 19:49:21.537145465 +0100
++++ M2Crypto-0.21.1/SWIG/_lib.i 2011-05-10 20:19:10.924328007 +0200
+@@ -47,9 +47,36 @@
+ /* Python helpers. */
+
+ %}
++%ignore PyObject_CheckBuffer;
++%ignore PyObject_GetBuffer;
++%ignore PyBuffer_Release;
+ %ignore m2_PyObject_AsReadBufferInt;
++%ignore m2_PyObject_GetBufferInt;
++%ignore m2_PyBuffer_Release;
+ %ignore m2_PyString_AsStringAndSizeInt;
+ %{
++
++#if PY_VERSION_HEX < 0x02060000
++static int PyObject_CheckBuffer(PyObject *obj)
++{
++ (void)obj;
++ return 0;
++}
++
++static int PyObject_GetBuffer(PyObject *obj, Py_buffer *view, int flags)
++{
++ (void)obj;
++ (void)view;
++ (void)flags;
++ return -1;
++}
++
++static void PyBuffer_Release(Py_buffer *view)
++{
++ (void)view;
++}
++#endif /* PY_VERSION_HEX < 0x02060000 */
++
+ static int
+ m2_PyObject_AsReadBufferInt(PyObject *obj, const void **buffer,
+ int *buffer_len)
+@@ -68,6 +95,37 @@
+ return 0;
+ }
+
++static int m2_PyObject_GetBufferInt(PyObject *obj, Py_buffer *view, int flags)
++{
++ int ret;
++
++ if (PyObject_CheckBuffer(obj))
++ ret = PyObject_GetBuffer(obj, view, flags);
++ else {
++ const void *buf;
++
++ ret = PyObject_AsReadBuffer(obj, &buf, &view->len);
++ if (ret == 0)
++ view->buf = (void *)buf;
++ }
++ if (ret)
++ return ret;
++ if (view->len > INT_MAX) {
++ PyErr_SetString(PyExc_ValueError, "object too large");
++ m2_PyBuffer_Release(obj, view);
++ return -1;
++ }
++
++ return 0;
++}
++
++static void m2_PyBuffer_Release(PyObject *obj, Py_buffer *view)
++{
++ if (PyObject_CheckBuffer(obj))
++ PyBuffer_Release(view);
++ /* else do nothing, view->buf comes from PyObject_AsReadBuffer */
++}
++
+ static int
+ m2_PyString_AsStringAndSizeInt(PyObject *obj, char **s, int *len)
+ {
+diff -u M2Crypto/SWIG/_ssl.i M2Crypto-0.21.1/SWIG/_ssl.i
+--- M2Crypto/SWIG/_ssl.i 2011-01-19 19:56:51.957338576 +0100
++++ M2Crypto-0.21.1/SWIG/_ssl.i 2011-05-10 19:58:26.779904541 +0200
+@@ -700,12 +700,12 @@
+ }
+
+ int ssl_write(SSL *ssl, PyObject *blob, double timeout) {
+- const void *buf;
+- int len, r, ssl_err, ret;
++ Py_buffer buf;
++ int r, ssl_err, ret;
+ struct timeval tv;
+
+
+- if (m2_PyObject_AsReadBufferInt(blob, &buf, &len) == -1) {
++ if (m2_PyObject_GetBufferInt(blob, &buf, PyBUF_CONTIG_RO) == -1) {
+ return -1;
+ }
+
+@@ -713,7 +713,7 @@
+ gettimeofday(&tv, NULL);
+ again:
+ Py_BEGIN_ALLOW_THREADS
+- r = SSL_write(ssl, buf, len);
++ r = SSL_write(ssl, buf.buf, buf.len);
+ ssl_err = SSL_get_error(ssl, r);
+ Py_END_ALLOW_THREADS
+
+@@ -741,22 +741,22 @@
+ ret = -1;
+ }
+
+-
++ m2_PyBuffer_Release(blob, &buf);
+ return ret;
+ }
+
+ int ssl_write_nbio(SSL *ssl, PyObject *blob) {
+- const void *buf;
+- int len, r, err, ret;
++ Py_buffer buf;
++ int r, err, ret;
+
+
+- if (m2_PyObject_AsReadBufferInt(blob, &buf, &len) == -1) {
++ if (m2_PyObject_GetBufferInt(blob, &buf, PyBUF_CONTIG_RO) == -1) {
+ return -1;
+ }
+
+
+ Py_BEGIN_ALLOW_THREADS
+- r = SSL_write(ssl, buf, len);
++ r = SSL_write(ssl, buf.buf, buf.len);
+ Py_END_ALLOW_THREADS
+
+
+@@ -785,7 +785,7 @@
+ ret = -1;
+ }
+
+-
++ m2_PyBuffer_Release(blob, &buf);
+ return ret;
+ }
+
diff --git a/SOURCES/m2crypto-0.21.1-smime-doc.patch b/SOURCES/m2crypto-0.21.1-smime-doc.patch
new file mode 100644
index 0000000..15f31b6
--- /dev/null
+++ b/SOURCES/m2crypto-0.21.1-smime-doc.patch
@@ -0,0 +1,166 @@
+Index: demo/smime.howto/sign.py
+===================================================================
+--- demo/smime.howto/sign.py (revision 739)
++++ demo/smime.howto/sign.py (working copy)
+@@ -18,7 +18,7 @@
+ # Instantiate an SMIME object; set it up; sign the buffer.
+ s = SMIME.SMIME()
+ s.load_key('signer_key.pem', 'signer.pem')
+-p7 = s.sign(buf)
++p7 = s.sign(buf, SMIME.PKCS7_DETACHED)
+
+ # Recreate buf.
+ buf = makebuf('a sign of our times')
+Index: demo/smime.howto/verify.py
+===================================================================
+--- demo/smime.howto/verify.py (revision 739)
++++ demo/smime.howto/verify.py (working copy)
+@@ -23,7 +23,7 @@
+
+ # Load the data, verify it.
+ p7, data = SMIME.smime_load_pkcs7('sign.p7')
+-v = s.verify(p7)
++v = s.verify(p7, data)
+ print v
+ print data
+ print data.read()
+Index: demo/smime.howto/sendsmime.py
+===================================================================
+--- demo/smime.howto/sendsmime.py (revision 739)
++++ demo/smime.howto/sendsmime.py (working copy)
+@@ -16,7 +16,10 @@
+ s = SMIME.SMIME()
+ if sign:
+ s.load_key(from_key, from_cert)
+- p7 = s.sign(msg_bio, flags=SMIME.PKCS7_TEXT)
++ if encrypt:
++ p7 = s.sign(msg_bio, flags=SMIME.PKCS7_TEXT)
++ else:
++ p7 = s.sign(msg_bio, flags=SMIME.PKCS7_TEXT|SMIME.PKCS7_DETACHED)
+ msg_bio = BIO.MemoryBuffer(msg) # Recreate coz sign() has consumed it.
+
+ if encrypt:
+Index: demo/smime/test.py
+===================================================================
+--- demo/smime/test.py (revision 739)
++++ demo/smime/test.py (working copy)
+@@ -28,7 +28,7 @@
+ buf = makebuf()
+ s = SMIME.SMIME()
+ s.load_key('client.pem')
+- p7 = s.sign(buf)
++ p7 = s.sign(buf, SMIME.PKCS7_DETACHED)
+ out = BIO.openfile('clear.p7', 'w')
+ out.write('To: ngps@post1.com\n')
+ out.write('From: ngps@post1.com\n')
+@@ -58,7 +58,7 @@
+ st.load_info('ca.pem')
+ s.set_x509_store(st)
+ p7, data = SMIME.smime_load_pkcs7('clear.p7')
+- v = s.verify(p7)
++ v = s.verify(p7, data)
+ if v:
+ print 'ok'
+ else:
+@@ -105,9 +105,10 @@
+ s.load_key('client.pem')
+
+ # Sign.
+- p7 = s.sign(buf)
++ p7 = s.sign(buf, SMIME.PKCS7_DETACHED)
+
+ # Output the stuff.
++ buf = makebuf() # Recreate buf, because sign() has consumed it.
+ bio = BIO.MemoryBuffer()
+ s.write(bio, p7, buf)
+
+@@ -124,7 +125,7 @@
+
+ # Verify.
+ p7, buf = SMIME.smime_load_pkcs7_bio(bio)
+- v = s.verify(p7, flags=SMIME.PKCS7_DETACHED)
++ v = s.verify(p7, buf, flags=SMIME.PKCS7_DETACHED)
+
+ if v:
+ print 'ok'
+Index: demo/smime/sendsmime.py
+===================================================================
+--- demo/smime/sendsmime.py (revision 739)
++++ demo/smime/sendsmime.py (working copy)
+@@ -16,7 +16,10 @@
+ s = SMIME.SMIME()
+ if sign:
+ s.load_key(from_key, from_cert)
+- p7 = s.sign(msg_bio, flags=SMIME.PKCS7_TEXT)
++ if encrypt:
++ p7 = s.sign(msg_bio, flags=SMIME.PKCS7_TEXT)
++ else:
++ p7 = s.sign(msg_bio, flags=SMIME.PKCS7_TEXT|SMIME.PKCS7_DETACHED)
+ msg_bio = BIO.MemoryBuffer(msg) # Recreate coz sign() has consumed it.
+
+ if encrypt:
+Index: contrib/smimeplus.py
+===================================================================
+--- contrib/smimeplus.py (revision 739)
++++ contrib/smimeplus.py (working copy)
+@@ -64,7 +64,7 @@
+ _sender.load_key_bio(self.__pack(self.key), self.__pack(self.cert),
+ callback=self.__passcallback)
+
+- _signed = _sender.sign(self.__pack(msg))
++ _signed = _sender.sign(self.__pack(msg), M2Crypto.SMIME.PKCS7_DETACHED)
+
+ _out = self.__pack(None)
+ _sender.write(_out, _signed, self.__pack(msg))
+@@ -93,7 +93,7 @@
+ # Load signed message, verify it, and return result
+ _p7, _data = M2Crypto.SMIME.smime_load_pkcs7_bio(self.__pack(smsg))
+ try:
+- return _sender.verify(_p7, flags=M2Crypto.SMIME.PKCS7_SIGNED)
++ return _sender.verify(_p7, _data, flags=M2Crypto.SMIME.PKCS7_SIGNED)
+ except M2Crypto.SMIME.SMIME_Error, _msg:
+ return None
+
+Index: doc/howto.smime.html
+===================================================================
+--- doc/howto.smime.html (revision 739)
++++ doc/howto.smime.html (working copy)
+@@ -646,7 +646,7 @@
+ # Instantiate an SMIME object; set it up; sign the buffer.
+ s = SMIME.SMIME()
+ s.load_key('signer_key.pem', 'signer.pem')
+- p7 = s.sign(buf)
++ p7 = s.sign(buf, SMIME.PKCS7_DETACHED)
+ </PRE
+ ><P
+ ><TT
+@@ -780,7 +780,7 @@
+
+ # Load the data, verify it.
+ p7, data = SMIME.smime_load_pkcs7('sign.p7')
+- v = s.verify(p7)
++ v = s.verify(p7, data)
+ print v
+ print data
+ print data.read()
+@@ -991,7 +991,7 @@
+ tmp = BIO.MemoryBuffer()
+
+ # Write the signed message into the temporary buffer.
+- s.write(tmp, p7, buf)
++ s.write(tmp, p7)
+
+ # Encrypt the temporary buffer.
+ p7 = s.encrypt(tmp)
+@@ -1158,7 +1158,10 @@
+ s = SMIME.SMIME()
+ if sign:
+ s.load_key(from_key, from_cert)
+- p7 = s.sign(msg_bio, flags=SMIME.PKCS7_TEXT)
++ if encrypt:
++ p7 = s.sign(msg_bio, flags=SMIME.PKCS7_TEXT)
++ else:
++ p7 = s.sign(msg_bio, flags=SMIME.PKCS7_TEXT|SMIME.PKCS7_DETACHED)
+ msg_bio = BIO.MemoryBuffer(msg) # Recreate coz sign() has consumed it.
+
+ if encrypt:
diff --git a/SOURCES/m2crypto-0.21.1-sni.patch b/SOURCES/m2crypto-0.21.1-sni.patch
new file mode 100644
index 0000000..cfc40d7
--- /dev/null
+++ b/SOURCES/m2crypto-0.21.1-sni.patch
@@ -0,0 +1,43 @@
+Based on https://bugzilla.osafoundation.org/attachment.cgi?id=5760
+by Sander Steffann <sander@steffann.nl>.
+
+diff -ur M2Crypto/M2Crypto/SSL/Connection.py M2Crypto-0.21.1/M2Crypto/SSL/Connection.py
+--- M2Crypto/M2Crypto/SSL/Connection.py 2013-12-17 02:01:49.843287273 +0100
++++ M2Crypto-0.21.1/M2Crypto/SSL/Connection.py 2013-12-17 02:28:28.357633159 +0100
+@@ -368,3 +368,7 @@
+
+ def set_post_connection_check_callback(self, postConnectionCheck):
+ self.postConnectionCheck = postConnectionCheck
++
++ def set_tlsext_host_name(self, name):
++ "Set the requested hostname for the SNI (Server Name Indication) extension"
++ m2.ssl_set_tlsext_host_name(self.ssl, name)
+diff -ur M2Crypto/SWIG/_ssl.i M2Crypto-0.21.1/SWIG/_ssl.i
+--- M2Crypto/SWIG/_ssl.i 2013-12-17 02:01:49.863287264 +0100
++++ M2Crypto-0.21.1/SWIG/_ssl.i 2013-12-17 02:39:28.138364398 +0100
+@@ -15,6 +15,7 @@
+ #include <openssl/bio.h>
+ #include <openssl/dh.h>
+ #include <openssl/ssl.h>
++#include <openssl/tls1.h>
+ #include <openssl/x509.h>
+ #include <poll.h>
+ #include <sys/time.h>
+@@ -398,6 +399,17 @@
+ return SSL_get_mode(ssl);
+ }
+
++int ssl_set_tlsext_host_name(SSL *ssl, const char *name) {
++ long l;
++
++ if (!(l = SSL_set_tlsext_host_name(ssl, name))) {
++ PyErr_SetString(_ssl_err, ERR_reason_error_string(ERR_get_error()));
++ return -1;
++ }
++ /* Return an "int" to match the 'typemap(out) int' in _lib.i */
++ return 1;
++}
++
+ void ssl_set_client_CA_list_from_file(SSL *ssl, const char *ca_file) {
+ SSL_set_client_CA_list(ssl, SSL_load_client_CA_file(ca_file));
+ }
diff --git a/SOURCES/m2crypto-0.21.1-ssl23.patch b/SOURCES/m2crypto-0.21.1-ssl23.patch
new file mode 100644
index 0000000..5d6699f
--- /dev/null
+++ b/SOURCES/m2crypto-0.21.1-ssl23.patch
@@ -0,0 +1,31 @@
+Index: tests/test_ssl.py
+===================================================================
+--- tests/test_ssl.py (revision 739)
++++ tests/test_ssl.py (working copy)
+@@ -376,7 +376,7 @@
+ def test_sslv23_no_v2(self):
+ if fips_mode: # TLS is required in FIPS mode
+ return
+- self.args.append('-no_tls1')
++ self.args.append('-ssl3')
+ pid = self.start_server(self.args)
+ try:
+ ctx = SSL.Context('sslv23')
+@@ -390,7 +390,7 @@
+ def test_sslv23_no_v2_no_service(self):
+ if fips_mode: # TLS is required in FIPS mode
+ return
+- self.args = self.args + ['-no_tls1', '-no_ssl3']
++ self.args = self.args + ['-ssl2']
+ pid = self.start_server(self.args)
+ try:
+ ctx = SSL.Context('sslv23')
+@@ -403,7 +403,7 @@
+ def test_sslv23_weak_crypto(self):
+ if fips_mode: # TLS is required in FIPS mode
+ return
+- self.args = self.args + ['-no_tls1', '-no_ssl3']
++ self.args = self.args + ['-ssl2']
+ pid = self.start_server(self.args)
+ try:
+ ctx = SSL.Context('sslv23', weak_crypto=1)
diff --git a/SOURCES/m2crypto-0.21.1-supported-ec.patch b/SOURCES/m2crypto-0.21.1-supported-ec.patch
new file mode 100644
index 0000000..8bff224
--- /dev/null
+++ b/SOURCES/m2crypto-0.21.1-supported-ec.patch
@@ -0,0 +1,162 @@
+Modify the test suite to only use the EC curves supported by Fedora's
+OpenSSL (and when having a choice, use the p256 curve).
+
+diff -ur M2Crypto/tests/ec.priv.pem M2Crypto-0.21.1/tests/ec.priv.pem
+--- M2Crypto/tests/ec.priv.pem 2011-01-15 20:10:05.000000000 +0100
++++ M2Crypto-0.21.1/tests/ec.priv.pem 2013-12-17 04:02:00.602961297 +0100
+@@ -1,5 +1,5 @@
+ -----BEGIN EC PRIVATE KEY-----
+-MG0CAQEEHXXhxMbflWHSfCjfxsqHTsIR+BVbREI6JFYGaUs0oAcGBSuBBAAaoUAD
+-PgAEAdJXSN/xnRiDqc4wSiYbWB7LGabs71Y9zzIE1ZbzAcvb7uxtoyUxrmRQC8xD
+-EO2qZX16mtpmgoNz3EeT
++MHcCAQEEIAdDwKEoKa3qnuvofjRFJgNul5Ldzy1EmoArNuY3jmKUoAoGCCqGSM49
++AwEHoUQDQgAEA2q6LZM77EldCKF9mBszDIVJVxepXJt6QpjEDtsmetYsNB2e4D1z
++QOjQGGwz+8NeOSkDqhE+1rNAaCjx93CeRg==
+ -----END EC PRIVATE KEY-----
+diff -ur M2Crypto/tests/ec.pub.pem M2Crypto-0.21.1/tests/ec.pub.pem
+--- M2Crypto/tests/ec.pub.pem 2011-01-15 20:10:05.000000000 +0100
++++ M2Crypto-0.21.1/tests/ec.pub.pem 2013-12-17 04:01:53.627964282 +0100
+@@ -1,4 +1,4 @@
+ -----BEGIN PUBLIC KEY-----
+-MFIwEAYHKoZIzj0CAQYFK4EEABoDPgAEAdJXSN/xnRiDqc4wSiYbWB7LGabs71Y9
+-zzIE1ZbzAcvb7uxtoyUxrmRQC8xDEO2qZX16mtpmgoNz3EeT
++MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEA2q6LZM77EldCKF9mBszDIVJVxep
++XJt6QpjEDtsmetYsNB2e4D1zQOjQGGwz+8NeOSkDqhE+1rNAaCjx93CeRg==
+ -----END PUBLIC KEY-----
+diff -ur M2Crypto/tests/test_ec_curves.py M2Crypto-0.21.1/tests/test_ec_curves.py
+--- M2Crypto/tests/test_ec_curves.py 2011-01-15 20:10:05.000000000 +0100
++++ M2Crypto-0.21.1/tests/test_ec_curves.py 2013-12-17 03:54:58.321142332 +0100
+@@ -25,75 +25,8 @@
+
+
+ curves = [
+- ('secp112r1', 112),
+- ('secp112r2', 112),
+- ('secp128r1', 128),
+- ('secp128r2', 128),
+- ('secp160k1', 160),
+- ('secp160r1', 160),
+- ('secp160r2', 160),
+- ('secp192k1', 192),
+- ('secp224k1', 224),
+- ('secp224r1', 224),
+- ('secp256k1', 256),
+- ('secp384r1', 384),
+- ('secp521r1', 521),
+-
+- ('sect113r1', 113),
+- ('sect113r2', 113),
+- ('sect131r1', 131),
+- ('sect131r2', 131),
+- ('sect163k1', 163),
+- ('sect163r1', 163),
+- ('sect163r2', 163),
+- ('sect193r1', 193),
+- ('sect193r2', 193),
+- ('sect233k1', 233),
+- ('sect233r1', 233),
+- ('sect239k1', 239),
+- ('sect283k1', 283),
+- ('sect283r1', 283),
+- ('sect409k1', 409),
+- ('sect409r1', 409),
+- ('sect571k1', 571),
+- ('sect571r1', 571),
+-
+- ('X9_62_prime192v1', 192),
+- ('X9_62_prime192v2', 192),
+- ('X9_62_prime192v3', 192),
+- ('X9_62_prime239v1', 239),
+- ('X9_62_prime239v2', 239),
+- ('X9_62_prime239v3', 239),
+ ('X9_62_prime256v1', 256),
+-
+- ('X9_62_c2pnb163v1', 163),
+- ('X9_62_c2pnb163v2', 163),
+- ('X9_62_c2pnb163v3', 163),
+- ('X9_62_c2pnb176v1', 176),
+- ('X9_62_c2tnb191v1', 191),
+- ('X9_62_c2tnb191v2', 191),
+- ('X9_62_c2tnb191v3', 191),
+- ('X9_62_c2pnb208w1', 208),
+- ('X9_62_c2tnb239v1', 239),
+- ('X9_62_c2tnb239v2', 239),
+- ('X9_62_c2tnb239v3', 239),
+- ('X9_62_c2pnb272w1', 272),
+- ('X9_62_c2pnb304w1', 304),
+- ('X9_62_c2tnb359v1', 359),
+- ('X9_62_c2pnb368w1', 368),
+- ('X9_62_c2tnb431r1', 431),
+-
+- ('wap_wsg_idm_ecid_wtls1', 113),
+- ('wap_wsg_idm_ecid_wtls3', 163),
+- ('wap_wsg_idm_ecid_wtls4', 113),
+- ('wap_wsg_idm_ecid_wtls5', 163),
+- ('wap_wsg_idm_ecid_wtls6', 112),
+- ('wap_wsg_idm_ecid_wtls7', 160),
+- ('wap_wsg_idm_ecid_wtls8', 112),
+- ('wap_wsg_idm_ecid_wtls9', 160),
+- ('wap_wsg_idm_ecid_wtls10', 233),
+- ('wap_wsg_idm_ecid_wtls11', 233),
+- ('wap_wsg_idm_ecid_wtls12', 224),
++ ('secp384r1', 384),
+ ]
+
+ # The following two curves, according to OpenSSL, have a
+diff -ur M2Crypto/tests/test_ecdh.py M2Crypto-0.21.1/tests/test_ecdh.py
+--- M2Crypto/tests/test_ecdh.py 2011-01-15 20:10:05.000000000 +0100
++++ M2Crypto-0.21.1/tests/test_ecdh.py 2013-12-17 04:02:25.980950434 +0100
+@@ -20,16 +20,16 @@
+
+ def test_compute_key(self):
+ a = EC.load_key(self.privkey)
+- b = EC.gen_params(EC.NID_sect233k1)
++ b = EC.gen_params(EC.NID_X9_62_prime256v1)
+ b.gen_key()
+ ak = a.compute_dh_key(b.pub())
+ bk = b.compute_dh_key(a.pub())
+ assert ak == bk
+
+ def test_pubkey_from_der(self):
+- a = EC.gen_params(EC.NID_sect233k1)
++ a = EC.gen_params(EC.NID_X9_62_prime256v1)
+ a.gen_key()
+- b = EC.gen_params(EC.NID_sect233k1)
++ b = EC.gen_params(EC.NID_X9_62_prime256v1)
+ b.gen_key()
+ a_pub_der = a.pub().get_der()
+ a_pub = EC.pub_key_from_der(a_pub_der)
+diff -ur M2Crypto/tests/test_ecdsa.py M2Crypto-0.21.1/tests/test_ecdsa.py
+--- M2Crypto/tests/test_ecdsa.py 2011-01-15 20:10:05.000000000 +0100
++++ M2Crypto-0.21.1/tests/test_ecdsa.py 2013-12-17 04:02:46.709941569 +0100
+@@ -29,16 +29,16 @@
+
+ def test_loadkey(self):
+ ec = EC.load_key(self.privkey)
+- assert len(ec) == 233
++ assert len(ec) == 256
+
+ def test_loadpubkey(self):
+ # XXX more work needed
+ ec = EC.load_pub_key(self.pubkey)
+- assert len(ec) == 233
++ assert len(ec) == 256
+ self.assertRaises(EC.ECError, EC.load_pub_key, self.errkey)
+
+ def _test_sign_dsa(self):
+- ec = EC.gen_params(EC.NID_sect233k1)
++ ec = EC.gen_params(EC.NID_X9_62_prime256v1)
+ # ec.gen_key()
+ self.assertRaises(EC.ECError, ec.sign_dsa, self.data)
+ ec = EC.load_key(self.privkey)
+@@ -60,8 +60,8 @@
+ assert not ec2.verify_dsa(self.data, s, r)
+
+ def test_genparam(self):
+- ec = EC.gen_params(EC.NID_sect233k1)
+- assert len(ec) == 233
++ ec = EC.gen_params(EC.NID_X9_62_prime256v1)
++ assert len(ec) == 256
+
+
+ def suite():
diff --git a/SOURCES/m2crypto-0.21.1-tests-no-SIGHUP.patch b/SOURCES/m2crypto-0.21.1-tests-no-SIGHUP.patch
new file mode 100644
index 0000000..89c76ca
--- /dev/null
+++ b/SOURCES/m2crypto-0.21.1-tests-no-SIGHUP.patch
@@ -0,0 +1,44 @@
+Koji, the Fedora build system, is apparently setting up the build
+processes to ignore SIGHUP by default, leading the helper processes
+used by test_ssl to never terminate. We could override the SIGHUP
+handling, but sending SIGTERM is more correct anyway.
+
+diff -ur M2Crypto/tests/test_ssl.py M2Crypto-0.21.1/tests/test_ssl.py
+--- M2Crypto/tests/test_ssl.py 2013-12-18 02:08:42.411669114 +0100
++++ M2Crypto-0.21.1/tests/test_ssl.py 2013-12-18 02:10:57.877589271 +0100
+@@ -20,7 +20,7 @@
+ - ThreadingSSLServer
+ """
+
+-import os, socket, string, sys, tempfile, thread, time, unittest
++import os, signal, socket, string, sys, tempfile, thread, time, unittest
+ from M2Crypto import Rand, SSL, m2, Err
+
+ from fips import fips_mode
+@@ -95,7 +95,7 @@
+ return pid
+
+ def stop_server(self, pid):
+- os.kill(pid, 1)
++ os.kill(pid, signal.SIGTERM)
+ os.waitpid(pid, 0)
+
+ def http_get(self, s):
+@@ -1039,7 +1039,7 @@
+ finally:
+ self.stop_server(pid)
+ finally:
+- os.kill(pipe_pid, 1)
++ os.kill(pipe_pid, signal.SIGTERM)
+ os.waitpid(pipe_pid, 0)
+ os.unlink('tests/' + FIFO_NAME)
+
+@@ -1154,7 +1154,7 @@
+ chunk = string.split(ps)
+ pid, cmd = chunk[0], chunk[4]
+ if cmd == s:
+- os.kill(int(pid), 1)
++ os.kill(int(pid), signal.SIGTERM)
+ f.close()
+ os.unlink(fn)
+
diff --git a/SOURCES/m2crypto-0.21.1-tests-no-export-ciphers.patch b/SOURCES/m2crypto-0.21.1-tests-no-export-ciphers.patch
new file mode 100644
index 0000000..d123e72
--- /dev/null
+++ b/SOURCES/m2crypto-0.21.1-tests-no-export-ciphers.patch
@@ -0,0 +1,14 @@
+Recent Fedora releases have disabled export ciphers by default, so
+don't test that they work.
+
+diff -ur M2Crypto/tests/test_ssl.py M2Crypto-0.21.1/tests/test_ssl.py
+--- M2Crypto/tests/test_ssl.py 2014-01-06 22:35:45.777935677 +0100
++++ M2Crypto-0.21.1/tests/test_ssl.py 2014-01-06 22:43:34.025594902 +0100
+@@ -463,6 +463,7 @@
+ finally:
+ self.stop_server(pid)
+
++ @unittest.skip("Export ciphers are prohibited in recent Fedora releases")
+ def test_use_weak_cipher(self):
+ if fips_mode: # Weak ciphers are prohibited
+ return
diff --git a/SOURCES/m2crypto-0.21.1-tests-random-ports.patch b/SOURCES/m2crypto-0.21.1-tests-random-ports.patch
new file mode 100644
index 0000000..ecca9fa
--- /dev/null
+++ b/SOURCES/m2crypto-0.21.1-tests-random-ports.patch
@@ -0,0 +1,216 @@
+Pouze v M2Crypto-0.21.1: randpool.dat
+diff -ur M2Crypto/tests/test_bio_ssl.py M2Crypto-0.21.1/tests/test_bio_ssl.py
+--- M2Crypto/tests/test_bio_ssl.py 2011-01-15 20:10:05.000000000 +0100
++++ M2Crypto-0.21.1/tests/test_bio_ssl.py 2014-01-06 23:31:47.709383892 +0100
+@@ -11,7 +11,7 @@
+ from M2Crypto import Rand
+ from M2Crypto import threading as m2threading
+
+-from test_ssl import srv_host, srv_port
++from test_ssl import srv_host, allocate_srv_port
+
+ class HandshakeClient(threading.Thread):
+
+@@ -113,6 +113,7 @@
+ conn.set_bio(readbio, writebio)
+ conn.set_accept_state()
+ handshake_complete = False
++ srv_port = allocate_srv_port()
+ sock = socket.socket()
+ sock.bind((srv_host, srv_port))
+ sock.listen(5)
+diff -ur M2Crypto/tests/test_ssl.py M2Crypto-0.21.1/tests/test_ssl.py
+--- M2Crypto/tests/test_ssl.py 2014-01-06 22:49:57.961307007 +0100
++++ M2Crypto-0.21.1/tests/test_ssl.py 2014-01-06 23:30:13.856457390 +0100
+@@ -26,7 +26,16 @@
+ from fips import fips_mode
+
+ srv_host = 'localhost'
+-srv_port = 64000
++
++def allocate_srv_port():
++ s = socket.socket()
++ try:
++ s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
++ s.bind((srv_host, 0))
++ (host, port) = s.getsockname()
++ finally:
++ s.close()
++ return port
+
+ def verify_cb_new_function(ok, store):
+ try:
+@@ -113,17 +122,13 @@
+
+ def setUp(self):
+ self.srv_host = srv_host
+- self.srv_port = srv_port
+- self.srv_addr = (srv_host, srv_port)
+- self.srv_url = 'https://%s:%s/' % (srv_host, srv_port)
++ self.srv_port = allocate_srv_port()
++ self.srv_addr = (srv_host, self.srv_port)
++ self.srv_url = 'https://%s:%s/' % (srv_host, self.srv_port)
+ self.args = ['s_server', '-quiet', '-www',
+ #'-cert', 'server.pem', Implicitly using this
+ '-accept', str(self.srv_port)]
+
+- def tearDown(self):
+- global srv_port
+- srv_port = srv_port - 1
+-
+
+ class PassSSLClientTestCase(BaseSSLClientTestCase):
+
+@@ -136,7 +141,7 @@
+ pid = self.start_server(self.args)
+ try:
+ from M2Crypto import httpslib
+- c = httpslib.HTTPSConnection(srv_host, srv_port)
++ c = httpslib.HTTPSConnection(srv_host, self.srv_port)
+ c.request('GET', '/')
+ data = c.getresponse().read()
+ c.close()
+@@ -153,7 +158,7 @@
+ ctx.load_cert('tests/x509.pem')
+ ctx.set_verify(SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, 1)
+ ctx.set_session_cache_mode(m2.SSL_SESS_CACHE_CLIENT)
+- c = httpslib.HTTPSConnection(srv_host, srv_port, ssl_context=ctx)
++ c = httpslib.HTTPSConnection(srv_host, self.srv_port, ssl_context=ctx)
+ c.request('GET', '/')
+ ses = c.get_session()
+ t = ses.as_text()
+@@ -166,7 +171,7 @@
+ ctx2.load_cert('tests/x509.pem')
+ ctx2.set_verify(SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, 1)
+ ctx2.set_session_cache_mode(m2.SSL_SESS_CACHE_CLIENT)
+- c2 = httpslib.HTTPSConnection(srv_host, srv_port, ssl_context=ctx2)
++ c2 = httpslib.HTTPSConnection(srv_host, self.srv_port, ssl_context=ctx2)
+ c2.set_session(ses)
+ c2.request('GET', '/')
+ ses2 = c2.get_session()
+@@ -186,7 +191,7 @@
+ ctx = SSL.Context()
+ ctx.set_verify(SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, 9)
+ ctx.load_verify_locations('tests/ca.pem')
+- c = httpslib.HTTPSConnection(srv_host, srv_port, ssl_context=ctx)
++ c = httpslib.HTTPSConnection(srv_host, self.srv_port, ssl_context=ctx)
+ c.request('GET', '/')
+ data = c.getresponse().read()
+ c.close()
+@@ -201,7 +206,7 @@
+ ctx = SSL.Context()
+ ctx.set_verify(SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, 9)
+ ctx.load_verify_locations('tests/server.pem')
+- c = httpslib.HTTPSConnection(srv_host, srv_port, ssl_context=ctx)
++ c = httpslib.HTTPSConnection(srv_host, self.srv_port, ssl_context=ctx)
+ self.assertRaises(SSL.SSLError, c.request, 'GET', '/')
+ c.close()
+ finally:
+@@ -211,7 +216,7 @@
+ pid = self.start_server(self.args)
+ try:
+ from M2Crypto import httpslib
+- c = httpslib.HTTPS(srv_host, srv_port)
++ c = httpslib.HTTPS(srv_host, self.srv_port)
+ c.putrequest('GET', '/')
+ c.putheader('Accept', 'text/html')
+ c.putheader('Accept', 'text/plain')
+@@ -232,7 +237,7 @@
+ ctx = SSL.Context()
+ ctx.set_verify(SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, 9)
+ ctx.load_verify_locations('tests/ca.pem')
+- c = httpslib.HTTPS(srv_host, srv_port, ssl_context=ctx)
++ c = httpslib.HTTPS(srv_host, self.srv_port, ssl_context=ctx)
+ c.putrequest('GET', '/')
+ c.putheader('Accept', 'text/html')
+ c.putheader('Accept', 'text/plain')
+@@ -253,7 +258,7 @@
+ ctx = SSL.Context()
+ ctx.set_verify(SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, 9)
+ ctx.load_verify_locations('tests/server.pem')
+- c = httpslib.HTTPS(srv_host, srv_port, ssl_context=ctx)
++ c = httpslib.HTTPS(srv_host, self.srv_port, ssl_context=ctx)
+ c.putrequest('GET', '/')
+ c.putheader('Accept', 'text/html')
+ c.putheader('Accept', 'text/plain')
+@@ -871,7 +876,7 @@
+ from M2Crypto import m2urllib
+ url = m2urllib.FancyURLopener()
+ url.addheader('Connection', 'close')
+- u = url.open('https://%s:%s/' % (srv_host, srv_port))
++ u = url.open('https://%s:%s/' % (srv_host, self.srv_port))
+ data = u.read()
+ u.close()
+ finally:
+@@ -896,7 +901,7 @@
+ from M2Crypto import m2urllib2
+ opener = m2urllib2.build_opener()
+ opener.addheaders = [('Connection', 'close')]
+- u = opener.open('https://%s:%s/' % (srv_host, srv_port))
++ u = opener.open('https://%s:%s/' % (srv_host, self.srv_port))
+ data = u.read()
+ u.close()
+ finally:
+@@ -913,7 +918,7 @@
+ from M2Crypto import m2urllib2
+ opener = m2urllib2.build_opener(ctx)
+ opener.addheaders = [('Connection', 'close')]
+- u = opener.open('https://%s:%s/' % (srv_host, srv_port))
++ u = opener.open('https://%s:%s/' % (srv_host, self.srv_port))
+ data = u.read()
+ u.close()
+ finally:
+@@ -930,7 +935,7 @@
+ from M2Crypto import m2urllib2
+ opener = m2urllib2.build_opener(ctx)
+ opener.addheaders = [('Connection', 'close')]
+- self.assertRaises(SSL.SSLError, opener.open, 'https://%s:%s/' % (srv_host, srv_port))
++ self.assertRaises(SSL.SSLError, opener.open, 'https://%s:%s/' % (srv_host, self.srv_port))
+ finally:
+ self.stop_server(pid)
+
+@@ -942,7 +947,7 @@
+ from M2Crypto import m2urllib2
+ opener = m2urllib2.build_opener(ctx, m2urllib2.HTTPBasicAuthHandler())
+ m2urllib2.install_opener(opener)
+- req = m2urllib2.Request('https://%s:%s/' % (srv_host, srv_port))
++ req = m2urllib2.Request('https://%s:%s/' % (srv_host, self.srv_port))
+ u = m2urllib2.urlopen(req)
+ data = u.read()
+ u.close()
+@@ -963,7 +968,7 @@
+ import gc
+ from M2Crypto import m2urllib2
+ o = m2urllib2.build_opener()
+- r = o.open('https://%s:%s/' % (srv_host, srv_port))
++ r = o.open('https://%s:%s/' % (srv_host, self.srv_port))
+ s = [r.fp._sock.fp]
+ r.close()
+ self.assertEqual(len(gc.get_referrers(s[0])), 1)
+@@ -990,7 +995,7 @@
+ pid = self.start_server(self.args)
+ try:
+ from M2Crypto import httpslib
+- c = httpslib.HTTPS(srv_host, srv_port)
++ c = httpslib.HTTPS(srv_host, self.srv_port)
+ c.putrequest('GET', '/')
+ c.putheader('Accept', 'text/html')
+ c.putheader('Accept', 'text/plain')
+@@ -1029,7 +1034,7 @@
+ pid = self.start_server(self.args)
+ try:
+ from M2Crypto import httpslib
+- c = httpslib.HTTPS(srv_host, srv_port)
++ c = httpslib.HTTPS(srv_host, self.srv_port)
+ c.putrequest('GET', '/' + FIFO_NAME)
+ c.putheader('Accept', 'text/html')
+ c.putheader('Accept', 'text/plain')
+@@ -1086,7 +1091,7 @@
+
+ contextFactory = ContextFactory()
+ factory = EchoClientFactory()
+- wrapper.connectSSL(srv_host, srv_port, factory, contextFactory)
++ wrapper.connectSSL(srv_host, self.srv_port, factory, contextFactory)
+ reactor.run() # This will block until reactor.stop() is called
+ finally:
+ self.stop_server(pid)
diff --git a/SOURCES/m2crypto-0.21.1-timeouts.patch b/SOURCES/m2crypto-0.21.1-timeouts.patch
new file mode 100644
index 0000000..0f3e8b9
--- /dev/null
+++ b/SOURCES/m2crypto-0.21.1-timeouts.patch
@@ -0,0 +1,599 @@
+diff -urN M2Crypto/M2Crypto/SSL/Connection.py M2Crypto-0.21.1/M2Crypto/SSL/Connection.py
+--- M2Crypto/M2Crypto/SSL/Connection.py 2013-11-26 20:01:02.591964970 +0100
++++ M2Crypto-0.21.1/M2Crypto/SSL/Connection.py 2013-11-26 20:01:19.204950349 +0100
+@@ -47,9 +47,11 @@
+ self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+ self.socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
+ self._fileno = self.socket.fileno()
+-
+- self.blocking = self.socket.gettimeout()
+-
++
++ self._timeout = self.socket.gettimeout()
++ if self._timeout is None:
++ self._timeout = -1.0
++
+ self.ssl_close_flag = m2.bio_noclose
+
+
+@@ -147,7 +149,7 @@
+ m2.ssl_set_accept_state(self.ssl)
+
+ def accept_ssl(self):
+- return m2.ssl_accept(self.ssl)
++ return m2.ssl_accept(self.ssl, self._timeout)
+
+ def accept(self):
+ """Accept an SSL connection. The return value is a pair (ssl, addr) where
+@@ -169,7 +171,7 @@
+ m2.ssl_set_connect_state(self.ssl)
+
+ def connect_ssl(self):
+- return m2.ssl_connect(self.ssl)
++ return m2.ssl_connect(self.ssl, self._timeout)
+
+ def connect(self, addr):
+ self.socket.connect(addr)
+@@ -196,7 +198,7 @@
+ return m2.ssl_pending(self.ssl)
+
+ def _write_bio(self, data):
+- return m2.ssl_write(self.ssl, data)
++ return m2.ssl_write(self.ssl, data, self._timeout)
+
+ def _write_nbio(self, data):
+ return m2.ssl_write_nbio(self.ssl, data)
+@@ -204,7 +206,7 @@
+ def _read_bio(self, size=1024):
+ if size <= 0:
+ raise ValueError, 'size <= 0'
+- return m2.ssl_read(self.ssl, size)
++ return m2.ssl_read(self.ssl, size, self._timeout)
+
+ def _read_nbio(self, size=1024):
+ if size <= 0:
+@@ -212,13 +214,13 @@
+ return m2.ssl_read_nbio(self.ssl, size)
+
+ def write(self, data):
+- if self.blocking:
++ if self._timeout != 0.0:
+ return self._write_bio(data)
+ return self._write_nbio(data)
+ sendall = send = write
+
+ def read(self, size=1024):
+- if self.blocking:
++ if self._timeout != 0.0:
+ return self._read_bio(size)
+ return self._read_nbio(size)
+ recv = read
+@@ -226,7 +228,17 @@
+ def setblocking(self, mode):
+ """Set this connection's underlying socket to _mode_."""
+ self.socket.setblocking(mode)
+- self.blocking = mode
++ if mode:
++ self._timeout = -1.0
++ else:
++ self._timeout = 0.0
++
++ def settimeout(self, timeout):
++ """Set this connection's underlying socket's timeout to _timeout_."""
++ self.socket.settimeout(timeout)
++ self._timeout = timeout
++ if self._timeout is None:
++ self._timeout = -1.0
+
+ def fileno(self):
+ return self.socket.fileno()
+@@ -308,15 +320,8 @@
+ """Set the cipher suites for this connection."""
+ return m2.ssl_set_cipher_list(self.ssl, cipher_list)
+
+- def makefile(self, mode='rb', bufsize='ignored'):
+- r = 'r' in mode or '+' in mode
+- w = 'w' in mode or 'a' in mode or '+' in mode
+- b = 'b' in mode
+- m2mode = ['', 'r'][r] + ['', 'w'][w] + ['', 'b'][b]
+- # XXX Need to dup().
+- bio = BIO.BIO(self.sslbio, _close_cb=self.close)
+- m2.bio_do_handshake(bio._ptr())
+- return BIO.IOBuffer(bio, m2mode, _pyfree=0)
++ def makefile(self, mode='rb', bufsize=-1):
++ return socket._fileobject(self, mode, bufsize)
+
+ def getsockname(self):
+ return self.socket.getsockname()
+diff -urN M2Crypto/M2Crypto/SSL/__init__.py M2Crypto-0.21.1/M2Crypto/SSL/__init__.py
+--- M2Crypto/M2Crypto/SSL/__init__.py 2013-11-26 20:01:02.590964971 +0100
++++ M2Crypto-0.21.1/M2Crypto/SSL/__init__.py 2013-11-26 20:01:19.204950349 +0100
+@@ -2,11 +2,14 @@
+
+ Copyright (c) 1999-2004 Ng Pheng Siong. All rights reserved."""
+
++import socket
++
+ # M2Crypto
+ from M2Crypto import m2
+
+ class SSLError(Exception): pass
+-m2.ssl_init(SSLError)
++class SSLTimeoutError(SSLError, socket.timeout): pass
++m2.ssl_init(SSLError, SSLTimeoutError)
+
+ # M2Crypto.SSL
+ from Cipher import Cipher, Cipher_Stack
+diff -urN M2Crypto/SWIG/_ssl.i M2Crypto-0.21.1/SWIG/_ssl.i
+--- M2Crypto/SWIG/_ssl.i 2013-11-26 20:01:02.612964952 +0100
++++ M2Crypto-0.21.1/SWIG/_ssl.i 2013-11-26 20:01:19.205950348 +0100
+@@ -11,10 +11,13 @@
+
+ %{
+ #include <pythread.h>
++#include <limits.h>
+ #include <openssl/bio.h>
+ #include <openssl/dh.h>
+ #include <openssl/ssl.h>
+ #include <openssl/x509.h>
++#include <poll.h>
++#include <sys/time.h>
+ %}
+
+ %apply Pointer NONNULL { SSL_CTX * };
+@@ -155,6 +158,11 @@
+ %rename(ssl_session_get_timeout) SSL_SESSION_get_timeout;
+ extern long SSL_SESSION_get_timeout(CONST SSL_SESSION *);
+
++extern PyObject *ssl_accept(SSL *ssl, double timeout = -1);
++extern PyObject *ssl_connect(SSL *ssl, double timeout = -1);
++extern PyObject *ssl_read(SSL *ssl, int num, double timeout = -1);
++extern int ssl_write(SSL *ssl, PyObject *blob, double timeout = -1);
++
+ %constant int ssl_error_none = SSL_ERROR_NONE;
+ %constant int ssl_error_ssl = SSL_ERROR_SSL;
+ %constant int ssl_error_want_read = SSL_ERROR_WANT_READ;
+@@ -210,14 +218,19 @@
+ %constant int SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER = SSL_MODE_ENABLE_PARTIAL_WRITE;
+ %constant int SSL_MODE_AUTO_RETRY = SSL_MODE_AUTO_RETRY;
+
++%ignore ssl_handle_error;
++%ignore ssl_sleep_with_timeout;
+ %inline %{
+ static PyObject *_ssl_err;
++static PyObject *_ssl_timeout_err;
+
+-void ssl_init(PyObject *ssl_err) {
++void ssl_init(PyObject *ssl_err, PyObject *ssl_timeout_err) {
+ SSL_library_init();
+ SSL_load_error_strings();
+ Py_INCREF(ssl_err);
++ Py_INCREF(ssl_timeout_err);
+ _ssl_err = ssl_err;
++ _ssl_timeout_err = ssl_timeout_err;
+ }
+
+ void ssl_ctx_passphrase_callback(SSL_CTX *ctx, PyObject *pyfunc) {
+@@ -403,36 +416,130 @@
+ return ret;
+ }
+
+-PyObject *ssl_accept(SSL *ssl) {
++static void ssl_handle_error(int ssl_err, int ret) {
++ int err;
++
++ switch (ssl_err) {
++ case SSL_ERROR_SSL:
++ PyErr_SetString(_ssl_err,
++ ERR_reason_error_string(ERR_get_error()));
++ break;
++ case SSL_ERROR_SYSCALL:
++ err = ERR_get_error();
++ if (err)
++ PyErr_SetString(_ssl_err, ERR_reason_error_string(err));
++ else if (ret == 0)
++ PyErr_SetString(_ssl_err, "unexpected eof");
++ else if (ret == -1)
++ PyErr_SetFromErrno(_ssl_err);
++ else
++ assert(0);
++ break;
++ default:
++ PyErr_SetString(_ssl_err, "unexpected SSL error");
++ }
++}
++
++static int ssl_sleep_with_timeout(SSL *ssl, const struct timeval *start,
++ double timeout, int ssl_err) {
++ struct pollfd fd;
++ struct timeval tv;
++ int ms, tmp;
++
++ assert(timeout > 0);
++ again:
++ gettimeofday(&tv, NULL);
++ /* tv >= start */
++ if ((timeout + start->tv_sec - tv.tv_sec) > INT_MAX / 1000)
++ ms = -1;
++ else {
++ int fract;
++
++ ms = ((start->tv_sec + (int)timeout) - tv.tv_sec) * 1000;
++ fract = (start->tv_usec + (timeout - (int)timeout) * 1000000
++ - tv.tv_usec + 999) / 1000;
++ if (ms > 0 && fract > INT_MAX - ms)
++ ms = -1;
++ else {
++ ms += fract;
++ if (ms <= 0)
++ goto timeout;
++ }
++ }
++ switch (ssl_err) {
++ case SSL_ERROR_WANT_READ:
++ fd.fd = SSL_get_rfd(ssl);
++ fd.events = POLLIN;
++ break;
++
++ case SSL_ERROR_WANT_WRITE:
++ fd.fd = SSL_get_wfd(ssl);
++ fd.events = POLLOUT;
++ break;
++
++ case SSL_ERROR_WANT_X509_LOOKUP:
++ return 0; /* FIXME: is this correct? */
++
++ default:
++ assert(0);
++ }
++ if (fd.fd == -1) {
++ PyErr_SetString(_ssl_err, "timeout on a non-FD SSL");
++ return -1;
++ }
++ Py_BEGIN_ALLOW_THREADS
++ tmp = poll(&fd, 1, ms);
++ Py_END_ALLOW_THREADS
++ switch (tmp) {
++ case 1:
++ return 0;
++ case 0:
++ goto timeout;
++ case -1:
++ if (errno == EINTR)
++ goto again;
++ PyErr_SetFromErrno(_ssl_err);
++ return -1;
++ }
++ return 0;
++
++ timeout:
++ PyErr_SetString(_ssl_timeout_err, "timed out");
++ return -1;
++}
++
++PyObject *ssl_accept(SSL *ssl, double timeout) {
+ PyObject *obj = NULL;
+- int r, err;
++ int r, ssl_err;
++ struct timeval tv;
+
++ if (timeout > 0)
++ gettimeofday(&tv, NULL);
++ again:
+ Py_BEGIN_ALLOW_THREADS
+ r = SSL_accept(ssl);
++ ssl_err = SSL_get_error(ssl, r);
+ Py_END_ALLOW_THREADS
+
+
+- switch (SSL_get_error(ssl, r)) {
++ switch (ssl_err) {
+ case SSL_ERROR_NONE:
+ case SSL_ERROR_ZERO_RETURN:
+ obj = PyInt_FromLong((long)1);
+ break;
+ case SSL_ERROR_WANT_WRITE:
+ case SSL_ERROR_WANT_READ:
+- obj = PyInt_FromLong((long)0);
+- break;
+- case SSL_ERROR_SSL:
+- PyErr_SetString(_ssl_err, ERR_reason_error_string(ERR_get_error()));
++ if (timeout <= 0) {
++ obj = PyInt_FromLong((long)0);
++ break;
++ }
++ if (ssl_sleep_with_timeout(ssl, &tv, timeout, ssl_err) == 0)
++ goto again;
+ obj = NULL;
+ break;
++ case SSL_ERROR_SSL:
+ case SSL_ERROR_SYSCALL:
+- err = ERR_get_error();
+- if (err)
+- PyErr_SetString(_ssl_err, ERR_reason_error_string(err));
+- else if (r == 0)
+- PyErr_SetString(_ssl_err, "unexpected eof");
+- else if (r == -1)
+- PyErr_SetFromErrno(_ssl_err);
++ ssl_handle_error(ssl_err, r);
+ obj = NULL;
+ break;
+ }
+@@ -441,36 +548,38 @@
+ return obj;
+ }
+
+-PyObject *ssl_connect(SSL *ssl) {
++PyObject *ssl_connect(SSL *ssl, double timeout) {
+ PyObject *obj = NULL;
+- int r, err;
++ int r, ssl_err;
++ struct timeval tv;
+
++ if (timeout > 0)
++ gettimeofday(&tv, NULL);
++ again:
+ Py_BEGIN_ALLOW_THREADS
+ r = SSL_connect(ssl);
++ ssl_err = SSL_get_error(ssl, r);
+ Py_END_ALLOW_THREADS
+
+
+- switch (SSL_get_error(ssl, r)) {
++ switch (ssl_err) {
+ case SSL_ERROR_NONE:
+ case SSL_ERROR_ZERO_RETURN:
+ obj = PyInt_FromLong((long)1);
+ break;
+ case SSL_ERROR_WANT_WRITE:
+ case SSL_ERROR_WANT_READ:
+- obj = PyInt_FromLong((long)0);
+- break;
+- case SSL_ERROR_SSL:
+- PyErr_SetString(_ssl_err, ERR_reason_error_string(ERR_get_error()));
++ if (timeout <= 0) {
++ obj = PyInt_FromLong((long)0);
++ break;
++ }
++ if (ssl_sleep_with_timeout(ssl, &tv, timeout, ssl_err) == 0)
++ goto again;
+ obj = NULL;
+ break;
++ case SSL_ERROR_SSL:
+ case SSL_ERROR_SYSCALL:
+- err = ERR_get_error();
+- if (err)
+- PyErr_SetString(_ssl_err, ERR_reason_error_string(err));
+- else if (r == 0)
+- PyErr_SetString(_ssl_err, "unexpected eof");
+- else if (r == -1)
+- PyErr_SetFromErrno(_ssl_err);
++ ssl_handle_error(ssl_err, r);
+ obj = NULL;
+ break;
+ }
+@@ -483,10 +592,11 @@
+ SSL_set_shutdown(ssl, mode);
+ }
+
+-PyObject *ssl_read(SSL *ssl, int num) {
++PyObject *ssl_read(SSL *ssl, int num, double timeout) {
+ PyObject *obj = NULL;
+ void *buf;
+- int r, err;
++ int r;
++ struct timeval tv;
+
+ if (!(buf = PyMem_Malloc(num))) {
+ PyErr_SetString(PyExc_MemoryError, "ssl_read");
+@@ -494,37 +604,44 @@
+ }
+
+
++ if (timeout > 0)
++ gettimeofday(&tv, NULL);
++ again:
+ Py_BEGIN_ALLOW_THREADS
+ r = SSL_read(ssl, buf, num);
+ Py_END_ALLOW_THREADS
+
+
+- switch (SSL_get_error(ssl, r)) {
+- case SSL_ERROR_NONE:
+- case SSL_ERROR_ZERO_RETURN:
+- buf = PyMem_Realloc(buf, r);
+- obj = PyString_FromStringAndSize(buf, r);
+- break;
+- case SSL_ERROR_WANT_WRITE:
+- case SSL_ERROR_WANT_READ:
+- case SSL_ERROR_WANT_X509_LOOKUP:
+- Py_INCREF(Py_None);
+- obj = Py_None;
+- break;
+- case SSL_ERROR_SSL:
+- PyErr_SetString(_ssl_err, ERR_reason_error_string(ERR_get_error()));
+- obj = NULL;
+- break;
+- case SSL_ERROR_SYSCALL:
+- err = ERR_get_error();
+- if (err)
+- PyErr_SetString(_ssl_err, ERR_reason_error_string(err));
+- else if (r == 0)
+- PyErr_SetString(_ssl_err, "unexpected eof");
+- else if (r == -1)
+- PyErr_SetFromErrno(_ssl_err);
+- obj = NULL;
+- break;
++ if (r >= 0) {
++ buf = PyMem_Realloc(buf, r);
++ obj = PyString_FromStringAndSize(buf, r);
++ } else {
++ int ssl_err;
++
++ ssl_err = SSL_get_error(ssl, r);
++ switch (ssl_err) {
++ case SSL_ERROR_NONE:
++ case SSL_ERROR_ZERO_RETURN:
++ assert(0);
++
++ case SSL_ERROR_WANT_WRITE:
++ case SSL_ERROR_WANT_READ:
++ case SSL_ERROR_WANT_X509_LOOKUP:
++ if (timeout <= 0) {
++ Py_INCREF(Py_None);
++ obj = Py_None;
++ break;
++ }
++ if (ssl_sleep_with_timeout(ssl, &tv, timeout, ssl_err) == 0)
++ goto again;
++ obj = NULL;
++ break;
++ case SSL_ERROR_SSL:
++ case SSL_ERROR_SYSCALL:
++ ssl_handle_error(ssl_err, r);
++ obj = NULL;
++ break;
++ }
+ }
+ PyMem_Free(buf);
+
+@@ -582,22 +699,26 @@
+ return obj;
+ }
+
+-int ssl_write(SSL *ssl, PyObject *blob) {
++int ssl_write(SSL *ssl, PyObject *blob, double timeout) {
+ const void *buf;
+- int len, r, err, ret;
++ int len, r, ssl_err, ret;
++ struct timeval tv;
+
+
+ if (m2_PyObject_AsReadBufferInt(blob, &buf, &len) == -1) {
+ return -1;
+ }
+
+-
++ if (timeout > 0)
++ gettimeofday(&tv, NULL);
++ again:
+ Py_BEGIN_ALLOW_THREADS
+ r = SSL_write(ssl, buf, len);
++ ssl_err = SSL_get_error(ssl, r);
+ Py_END_ALLOW_THREADS
+
+
+- switch (SSL_get_error(ssl, r)) {
++ switch (ssl_err) {
+ case SSL_ERROR_NONE:
+ case SSL_ERROR_ZERO_RETURN:
+ ret = r;
+@@ -605,20 +726,17 @@
+ case SSL_ERROR_WANT_WRITE:
+ case SSL_ERROR_WANT_READ:
+ case SSL_ERROR_WANT_X509_LOOKUP:
++ if (timeout <= 0) {
++ ret = -1;
++ break;
++ }
++ if (ssl_sleep_with_timeout(ssl, &tv, timeout, ssl_err) == 0)
++ goto again;
+ ret = -1;
+ break;
+ case SSL_ERROR_SSL:
+- PyErr_SetString(_ssl_err, ERR_reason_error_string(ERR_get_error()));
+- ret = -1;
+- break;
+ case SSL_ERROR_SYSCALL:
+- err = ERR_get_error();
+- if (err)
+- PyErr_SetString(_ssl_err, ERR_reason_error_string(ERR_get_error()));
+- else if (r == 0)
+- PyErr_SetString(_ssl_err, "unexpected eof");
+- else if (r == -1)
+- PyErr_SetFromErrno(_ssl_err);
++ ssl_handle_error(ssl_err, r);
+ default:
+ ret = -1;
+ }
+diff -urN M2Crypto/tests/test_ssl.py M2Crypto-0.21.1/tests/test_ssl.py
+--- M2Crypto/tests/test_ssl.py 2013-11-26 20:01:02.582964980 +0100
++++ M2Crypto-0.21.1/tests/test_ssl.py 2013-11-26 20:01:33.268937969 +0100
+@@ -972,6 +972,77 @@
+
+ class TwistedSSLClientTestCase(BaseSSLClientTestCase):
+
++ def test_timeout(self):
++ pid = self.start_server(self.args)
++ try:
++ ctx = SSL.Context()
++ s = SSL.Connection(ctx)
++ # Just a really small number so we can timeout
++ s.settimeout(0.000000000000000000000000000001)
++ self.assertRaises(SSL.SSLTimeoutError, s.connect, self.srv_addr)
++ s.close()
++ finally:
++ self.stop_server(pid)
++
++ def test_makefile_timeout(self):
++ # httpslib uses makefile to read the response
++ pid = self.start_server(self.args)
++ try:
++ from M2Crypto import httpslib
++ c = httpslib.HTTPS(srv_host, srv_port)
++ c.putrequest('GET', '/')
++ c.putheader('Accept', 'text/html')
++ c.putheader('Accept', 'text/plain')
++ c.endheaders()
++ c._conn.sock.settimeout(100)
++ err, msg, headers = c.getreply()
++ assert err == 200, err
++ f = c.getfile()
++ data = f.read()
++ c.close()
++ finally:
++ self.stop_server(pid)
++ self.failIf(string.find(data, 's_server -quiet -www') == -1)
++
++ def test_makefile_timeout_fires(self):
++ # This is convoluted because (openssl s_server -www) starts writing the
++ # response as soon as it receives the first line of the request, so it's
++ # possible for it to send the response before the request is sent and
++ # there would be no timeout. So, let the server spend time reading from
++ # an empty pipe
++ FIFO_NAME = 'test_makefile_timeout_fires_fifo'
++ os.mkfifo('tests/' + FIFO_NAME)
++ pipe_pid = os.fork()
++ try:
++ if pipe_pid == 0:
++ try:
++ f = open('tests/' + FIFO_NAME, 'w')
++ try:
++ time.sleep(sleepTime + 1)
++ f.write('Content\n')
++ finally:
++ f.close()
++ finally:
++ os._exit(0)
++ self.args[self.args.index('-www')] = '-WWW'
++ pid = self.start_server(self.args)
++ try:
++ from M2Crypto import httpslib
++ c = httpslib.HTTPS(srv_host, srv_port)
++ c.putrequest('GET', '/' + FIFO_NAME)
++ c.putheader('Accept', 'text/html')
++ c.putheader('Accept', 'text/plain')
++ c.endheaders()
++ c._conn.sock.settimeout(0.0000000001)
++ self.assertRaises(socket.timeout, c.getreply)
++ c.close()
++ finally:
++ self.stop_server(pid)
++ finally:
++ os.kill(pipe_pid, 1)
++ os.waitpid(pipe_pid, 0)
++ os.unlink('tests/' + FIFO_NAME)
++
+ def test_twisted_wrapper(self):
+ # Test only when twisted and ZopeInterfaces are present
+ try:
diff --git a/SPECS/m2crypto.spec b/SPECS/m2crypto.spec
new file mode 100644
index 0000000..a9a2d78
--- /dev/null
+++ b/SPECS/m2crypto.spec
@@ -0,0 +1,477 @@
+%{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}
+
+# Keep this value in sync with the definition in openssl.spec.
+%global multilib_arches %{ix86} ia64 ppc %{power64} s390 s390x sparcv9 sparc64 x86_64
+
+Summary: Support for using OpenSSL in python scripts
+Name: m2crypto
+Version: 0.21.1
+Release: 16%{?dist}
+Source0: http://pypi.python.org/packages/source/M/M2Crypto/M2Crypto-%{version}.tar.gz
+# https://bugzilla.osafoundation.org/show_bug.cgi?id=2341
+Patch0: m2crypto-0.21.1-timeouts.patch
+# This is only precautionary, it does fix anything - not sent upstream
+Patch1: m2crypto-0.21.1-gcc_macros.patch
+# https://bugzilla.osafoundation.org/show_bug.cgi?id=12972
+Patch2: m2crypto-0.20.2-fips.patch
+# https://bugzilla.osafoundation.org/show_bug.cgi?id=12973
+Patch3: m2crypto-0.20.2-check.patch
+# https://bugzilla.osafoundation.org/show_bug.cgi?id=13005
+Patch4: m2crypto-0.21.1-memoryview.patch
+# https://bugzilla.osafoundation.org/show_bug.cgi?id=13020
+Patch5: m2crypto-0.21.1-smime-doc.patch
+# https://bugzilla.osafoundation.org/show_bug.cgi?id=12999
+Patch6: m2crypto-0.21.1-AES_crypt.patch
+# https://bugzilla.osafoundation.org/show_bug.cgi?id=13044
+Patch7: m2crypto-0.21.1-IPv6.patch
+# https://bugzilla.osafoundation.org/show_bug.cgi?id=13049
+Patch8: m2crypto-0.21.1-https-proxy.patch
+# https://bugzilla.osafoundation.org/show_bug.cgi?id=13066
+Patch9: m2crypto-0.21.1-certs.patch
+# https://bugzilla.osafoundation.org/show_bug.cgi?id=13072
+Patch10: m2crypto-0.21.1-ssl23.patch
+# https://bugzilla.osafoundation.org/show_bug.cgi?id=13098
+Patch11: m2crypto-0.21.1-SSL_CTX_new.patch
+# https://bugzilla.osafoundation.org/show_bug.cgi?id=13073
+Patch12: m2crypto-0.21.1-sni.patch
+# https://bugzilla.osafoundation.org/show_bug.cgi?id=13100
+Patch13: m2crypto-0.21.1-supported-ec.patch
+# https://bugzilla.osafoundation.org/show_bug.cgi?id=13101
+Patch14: m2crypto-0.21.1-tests-no-SIGHUP.patch
+# https://bugzilla.osafoundation.org/show_bug.cgi?id=13103
+Patch15: m2crypto-0.21.1-tests-no-export-ciphers.patch
+# https://bugzilla.osafoundation.org/show_bug.cgi?id=13104
+Patch16: m2crypto-0.21.1-tests-random-ports.patch
+License: MIT
+Group: System Environment/Libraries
+URL: http://wiki.osafoundation.org/bin/view/Projects/MeTooCrypto
+BuildRequires: openssl, openssl-devel, python2-devel, python-setuptools
+BuildRequires: perl, pkgconfig, swig, which
+
+%filter_provides_in %{python_sitearch}/M2Crypto/__m2crypto.so
+%filter_setup
+
+%description
+This package allows you to call OpenSSL functions from python scripts.
+
+%prep
+%setup -q -n M2Crypto-%{version}
+%patch0 -p1 -b .timeouts
+%patch1 -p1 -b .gcc_macros
+%patch2 -p1 -b .fips
+%patch3 -p1 -b .check
+%patch4 -p1 -b .memoryview
+%patch5 -p0
+%patch6 -p0 -b .AES_crypt
+%patch7 -p1 -b .IPv6
+%patch8 -p1 -b .https-proxy
+%patch9 -p0 -b .certs
+openssl x509 -in tests/x509.pem -out tests/x509.der -outform DER
+%patch10 -p0 -b .ssl23
+%patch11 -p1 -b .SSL_CTX_new
+%patch12 -p1 -b .sni
+%patch13 -p1 -b .supported-ec
+%patch14 -p1 -b .tests-no-SIGHUP
+%patch15 -p1 -b .tests-no-export-ciphers
+%patch16 -p1 -b .tests-random-ports
+
+# Red Hat opensslconf.h #includes an architecture-specific file, but SWIG
+# doesn't follow the #include.
+
+# Determine which arch opensslconf.h is going to try to #include.
+basearch=%{_arch}
+%ifarch %{ix86}
+basearch=i386
+%endif
+%ifarch sparcv9
+basearch=sparc
+%endif
+%ifarch %{multilib_arches}
+for i in SWIG/_ec.i SWIG/_evp.i; do
+ sed -i -e "s/opensslconf/opensslconf-${basearch}/" "$i"
+done
+%endif
+
+gcc -E -dM - < /dev/null | grep -v __STDC__ \
+ | sed 's/^\(#define \([^ ]*\) .*\)$/#undef \2\n\1/' > SWIG/gcc_macros.h
+
+%build
+CFLAGS="$RPM_OPT_FLAGS" ; export CFLAGS
+if pkg-config openssl ; then
+ CFLAGS="$CFLAGS `pkg-config --cflags openssl`" ; export CFLAGS
+ LDFLAGS="$LDFLAGS`pkg-config --libs-only-L openssl`" ; export LDFLAGS
+fi
+
+# -cpperraswarn is necessary for including opensslconf-${basearch} directly
+SWIG_FEATURES=-cpperraswarn %{__python} setup.py build
+
+%install
+CFLAGS="$RPM_OPT_FLAGS" ; export CFLAGS
+if pkg-config openssl ; then
+ CFLAGS="$CFLAGS `pkg-config --cflags openssl`" ; export CFLAGS
+ LDFLAGS="$LDFLAGS`pkg-config --libs-only-L openssl`" ; export LDFLAGS
+fi
+
+%{__python} setup.py install --root=$RPM_BUILD_ROOT
+
+for i in medusa medusa054; do
+ sed -i -e '1s,#! /usr/local/bin/python,#! %{__python},' \
+ demo/$i/http_server.py
+done
+
+# Windows-only
+rm demo/Zope/starts.bat
+# Fix up documentation permissions
+find demo tests -type f -perm -111 -print0 | xargs -0 chmod a-x
+
+grep -rl '/usr/bin/env python' demo tests \
+ | xargs sed -i "s,/usr/bin/env python,%{__python},"
+
+rm tests/*.{pem,py}.* # Patch backup files
+
+%check
+%{__python} setup.py test
+
+%files
+%doc CHANGES LICENCE README demo
+%{python_sitearch}/M2Crypto
+%{python_sitearch}/M2Crypto-*.egg-info
+
+%changelog
+* Wed Aug 20 2014 Miloslav Trmač <mitr@redhat.com> - 0.21.1-16
+- Sync %%multilib_arches with openssl.
+ Resolves: #1125603
+
+* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 0.21.1-15
+- Mass rebuild 2014-01-24
+
+* Mon Jan 6 2014 Miloslav Trmač <mitr@redhat.com> - 0.21.1-14
+- Don't assume that export ciphers are enabled in the test suite
+ Resolves: #1048887
+- Let the kernel allocate free ports for use by the test suite
+ Resolves: #1048887
+
+* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 0.21.1-13
+- Mass rebuild 2013-12-27
+
+* Thu Dec 19 2013 Miloslav Trmač <mitr@redhat.com> - 0.21.1-12
+- Fix occasional spurious failures in test_makefile_timeout_fires
+ Resolves: #969077
+- Fix incorrect exception handling of SSL_CTX_new (manifesting in FIPS mode)
+ Resolves: #879043
+- Add minimal SNI support, based on a patch by Sander Steffann
+ <sander@steffann.nl>
+ Resolves: #1038795
+- Use only ECC curves available in Fedora in the test suite
+ Related: #1038813
+- Fix terminating test suite helper processes when running in Koji
+ Related: #1038813
+- Run test suite in %%check, don't ship it in the package. Based on a patch by
+ Matěj Cepl <mcepl@redhat.com>.
+ Resolves: #1038813
+
+* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.21.1-11
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
+* Wed Nov 21 2012 Miloslav Trmač <mitr@redhat.com> - 0.21.1-10
+- Replace expired certificates in the test suite
+- Fix running the test suite against recent OpenSSL versions
+
+* Tue Aug 21 2012 Miloslav Trmač <mitr@redhat.com> - 0.21.1-10
+- Drop no longer necessary %%clean and %%defattr commands.
+
+* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.21.1-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Thu Mar 15 2012 Miloslav Trmač <mitr@redhat.com> - 0.21.1-8
+- Fix HTTPS proxy support
+ Resolves: #803554
+
+* Tue Mar 13 2012 Miloslav Trmač <mitr@redhat.com> - 0.21.1-7
+- Support IPv6 in M2Crypto.httpslib
+ Resolves: #742914
+
+* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.21.1-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
+* Thu May 12 2011 Miloslav Trmač <mitr@redhat.com> - 0.21.1-5
+- Fix a memory leak in AES_crypt
+ Resolves: #659881
+
+* Tue May 10 2011 Miloslav Trmač <mitr@redhat.com> - 0.21.1-4
+- Fix handling of buffer() objects as input data to SSL
+ Resolves: #702766
+
+* Mon Mar 28 2011 Miloslav Trmač <mitr@redhat.com> - 0.21.1-3
+- Fix S/MIME documentation and examples
+ Resolves: #618500
+
+* Wed Feb 23 2011 Garrett Holmstrom <gholms@fedoraproject.org> - 0.21.1-3
+- Use the %%__python macro for Python calls and locations
+ Patch by Garrett Holmstrom <gholms@fedoraproject.org>
+
+* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.21.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
+
+* Tue Jan 18 2011 Miloslav Trmač <mitr@redhat.com> - 0.21.1-1
+- Update to m2crypto-0.21.1
+- Make the test suite pass with Python 2.7
+
+* Wed Jul 21 2010 David Malcolm <dmalcolm@redhat.com> - 0.20.2-9
+- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
+
+* Fri Jul 9 2010 Miloslav Trmač <mitr@redhat.com> - 0.20.2-8
+- Allow overriding SSL.Connection.postConnectionCheck from m2urllib2
+ Resolves: #610906
+
+* Wed May 19 2010 Miloslav Trmač <mitr@redhat.com> - 0.20.2-7
+- Make test suite pass in FIPS mode
+ Resolves: #565662
+
+* Thu Mar 4 2010 Miloslav Trmač <mitr@redhat.com> - 0.20.2-6
+- Filter out bogus Provides: __m2crypto.so
+- Drop explicit Requires: python
+
+* Mon Feb 15 2010 Miloslav Trmač <mitr@redhat.com> - 0.20.2-5
+- Make test suite pass with OpenSSL 1.0.0
+- Don't ship patch backup files in %%doc
+
+* Tue Jan 5 2010 Miloslav Trmač <mitr@redhat.com> - 0.20.2-4
+- s/%%define/%%global/
+
+* Mon Dec 7 2009 Miloslav Trmač <mitr@redhat.com> - 0.20.2-3
+- Don't use '!# /usr/bin/env python'
+ Resolves: #521887
+
+* Thu Oct 15 2009 Miloslav Trmač <mitr@redhat.com> - 0.20.2-2
+- Add a dist tag.
+
+* Wed Oct 7 2009 Miloslav Trmač <mitr@redhat.com> - 0.20.2-1
+- Update to m2crypto-0.20.2
+- Drop BuildRoot: and cleaning it at start of %%install
+
+* Sun Aug 30 2009 Miloslav Trmač <mitr@redhat.com> - 0.20.1-1
+- Update to m2crypto-0.20.1
+- Add upstream patch to build with OpenSSL 1.0.0
+
+* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 0.20-2
+- rebuilt with new openssl
+
+* Tue Aug 11 2009 Miloslav Trmač <mitr@volny.cz> - 0.20-1
+- Update to m2crypto-0.20
+- Fix incorrect merge in HTTPS CONNNECT proxy support
+
+* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.19.1-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Wed Jun 24 2009 Miloslav Trmač <mitr@redhat.com> - 0.19.1-9
+- Fix OpenSSL locking callback
+ Resolves: #507903
+
+* Wed Jun 10 2009 Miloslav Trmač <mitr@redhat.com> - 0.19.1-8
+- Don't reject certificates with subjectAltName that does not contain a dNSName
+ Resolves: #504060
+
+* Wed Jun 3 2009 Miloslav Trmač <mitr@redhat.com> - 0.19.1-7
+- Only send the selector in SSL HTTP requests. Patch by James Bowes
+ <jbowes@redhat.com>.
+ Resolves: #491674
+
+* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.19.1-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+
+* Wed Feb 4 2009 Miloslav Trmač <mitr@redhat.com> - 0.19.1-5
+- Close the connection when an m2urllib2 response is closed
+ Resolves: #460692
+- Work around conflicts between macros defined by gcc and swig
+
+* Sat Jan 17 2009 Tomas Mraz <tmraz@redhat.com> - 0.19.1-4
+- rebuild with new openssl
+
+* Sat Nov 29 2008 Ignacio Vazquez-Abrams <ivazqueznet+rpm@gmail.com> - 0.19.1-3
+- Rebuild for Python 2.6
+
+* Mon Nov 10 2008 Miloslav Trmač <mitr@redhat.com> - 0.19.1-2
+- Import all gcc-defined macros into SWIG (recommended by Adam Tkac)
+
+* Mon Oct 13 2008 Miloslav Trmač <mitr@redhat.com> - 0.19.1-1
+- Update to m2crypto-0.19.1
+
+* Mon Oct 6 2008 Miloslav Trmač <mitr@redhat.com> - 0.19-1
+- Update to m2crypto-0.19
+- Fix some rpmlint warnings
+
+* Thu Sep 18 2008 Dennis Gilmore <dennis@ausil.us> - 0.18.2-8
+- enable sparc arches
+
+* Wed Jun 11 2008 Miloslav Trmač <mitr@redhat.com> - 0.18.2-7
+- Update m2urllib2 to match the Python 2.5 code instead
+
+* Sun Jun 8 2008 Miloslav Trmač <mitr@redhat.com> - 0.18.2-6
+- Don't remove the User-Agent header from proxied requests
+ Related: #448858
+- Update m2urllib2.py to work with Python 2.5
+
+* Sat Jun 7 2008 Miloslav Trmač <mitr@redhat.com> - 0.18.2-5
+- Use User-Agent in HTTP proxy CONNECT requests
+ Related: #448858
+
+* Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 0.18.2-4
+- Autorebuild for GCC 4.3
+
+* Fri Jan 11 2008 Miloslav Trmač <mitr@redhat.com> - 0.18.2-3
+- Ship Python egg information
+
+* Tue Dec 4 2007 Miloslav Trmač <mitr@redhat.com> - 0.18.2-2
+- Rebuild with openssl-0.9.8g
+
+* Fri Oct 26 2007 Miloslav Trmač <mitr@redhat.com> - 0.18.2-1
+- Update to m2crypto-0.18.2
+- Remove BuildRequires: unzip
+
+* Sun Sep 23 2007 Miloslav Trmač <mitr@redhat.com> - 0.18-2
+- Add missing Host: header to CONNECT requests (patch by Karl Grindley)
+ Resolves: #239034
+- Fix License:
+
+* Wed Aug 1 2007 Miloslav Trmač <mitr@redhat.com> - 0.18-1
+- Update to m2crypto-0.18
+
+* Wed Jul 11 2007 Miloslav Trmač <mitr@redhat.com> - 0.17-3
+- Try to fix build on Alpha
+ Resolves: #246828
+
+* Fri Apr 27 2007 Miloslav Trmac <mitr@redhat.com> - 0.17-2
+- Make m2xmlrpclib work with Python 2.5
+ Resolves: #237902
+
+* Wed Jan 17 2007 Miloslav Trmac <mitr@redhat.com> - 0.17-1
+- Update to m2crypto-0.17
+- Update for Python 2.5
+
+* Thu Dec 7 2006 Miloslav Trmac <mitr@redhat.com> - 0.16-8
+- Rebuild with updated build tools to avoid DT_TEXTREL on s390x
+ Resolves: #218578
+
+* Thu Dec 7 2006 Jeremy Katz <katzj@redhat.com> - 0.16-7
+- rebuild against python 2.5
+
+* Mon Oct 23 2006 Miloslav Trmac <mitr@redhat.com> - 0.16-6
+- Add support for SSL socket timeouts (based on a patch by James Bowes
+ <jbowes@redhat.com>)
+ Resolves: #219966
+
+* Fri Oct 20 2006 Miloslav Trmac <mitr@redhat.com> - 0.16-5
+- Backport the urllib2 wrapper (code by James Bowes <jbowes@redhat.com>)
+ Resolves: #210956
+- Add proxy support for https using CONNECT (original patch by James Bowes
+ <jbowes@redhat.com>)
+ Resolves: #210963
+
+* Tue Sep 26 2006 Miloslav Trmac <mitr@redhat.com> - 0.16-4
+- Drop Obsoletes: openssl-python, openssl-python was last shipped in RHL 7.1
+- Fix interpreter paths in demos
+
+* Sat Sep 23 2006 Miloslav Trmac <mitr@redhat.com> - 0.16-3
+- Make more compliant with Fedora guidelines
+- Update URL:
+
+* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 0.16-2.1
+- rebuild
+
+* Thu Jul 6 2006 Miloslav Trmac <mitr@redhat.com> - 0.16-2
+- Fix build with rawhide swig
+
+* Thu Jul 6 2006 Miloslav Trmac <mitr@redhat.com> - 0.16-1
+- Update to m2crypto-0.16
+
+* Wed Apr 19 2006 Miloslav Trmac <mitr@redhat.com> - 0.15-4
+- Fix SSL.Connection.accept (#188742)
+
+* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 0.15-3.2
+- bump again for double-long bug on ppc(64)
+
+* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 0.15-3.1
+- rebuilt for new gcc4.1 snapshot and glibc changes
+
+* Tue Jan 3 2006 Miloslav Trmac <mitr@redhat.com> - 0.15-3
+- Add BuildRequires: swig
+
+* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
+- rebuilt
+
+* Wed Nov 9 2005 Miloslav Trmac <mitr@redhat.com> - 0.15-2
+- Rebuild with newer openssl
+
+* Mon Aug 29 2005 Miloslav Trmac <mitr@redhat.com> - 0.15-1
+- Update to m2crypto-0.15
+- Drop bundled swig
+
+* Tue Jun 14 2005 Miloslav Trmac <mitr@redhat.com> - 0.13-5
+- Better fix for #159898, by Dan Williams
+
+* Thu Jun 9 2005 Miloslav Trmac <mitr@redhat.com> - 0.13-4
+- Fix invalid handle_error override in SSL.SSLServer (#159898, patch by Dan
+ Williams)
+
+* Tue May 31 2005 Miloslav Trmac <mitr@redhat.com> - 0.13-3
+- Fix invalid Python version comparisons in M2Crypto.httpslib (#156979)
+- Don't ship obsolete xmlrpclib.py.patch
+- Clean up the build process a bit
+
+* Wed Mar 16 2005 Nalin Dahyabhai <nalin@redhat.com> 0.13-2
+- rebuild
+
+* Tue Nov 23 2004 Karsten Hopp <karsten@redhat.de> 0.13-1
+- update, remove now obsolete patches
+
+* Mon Nov 22 2004 Karsten Hopp <karsten@redhat.de> 0.09-7
+- changed pythonver from 2.3 to 2.4
+
+* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
+- rebuilt
+
+* Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com>
+- rebuilt
+
+* Tue Feb 24 2004 Harald Hoyer <harald@redhat.com> - 0.09-5
+- changed pythonver from 2.2 to 2.3
+- patched setup.py to cope with include path
+
+* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
+- rebuilt
+
+* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
+- rebuilt
+
+* Wed Jan 22 2003 Tim Powers <timp@redhat.com>
+- rebuilt
+
+* Tue Jan 14 2003 Nalin Dahyabhai <nalin@redhat.com> 0.09-1
+- Update to version 0.09
+- Build using bundled copy of SWIG
+- Pick up additional CFLAGS and LDFLAGS from OpenSSL's pkgconfig data, if
+ there is any
+- Handle const changes in new OpenSSL
+- Remove unnecessary ldconfig calls in post/postun
+
+* Thu Dec 12 2002 Elliot Lee <sopwith@redhat.com> 0.07_snap3-2
+- Update to version 0.07_snap3
+
+* Fri Jun 21 2002 Tim Powers <timp@redhat.com>
+- automated rebuild
+
+* Sun May 26 2002 Tim Powers <timp@redhat.com>
+- automated rebuild
+
+* Mon May 20 2002 Nalin Dahyabhai <nalin@redhat.com> 0.05_snap4-4
+- rebuild with Python 2.2
+
+* Wed Apr 24 2002 Nalin Dahyabhai <nalin@redhat.com> 0.05_snap4-3
+- remove a stray -L at link-time which prevented linking with libssl (#59985)
+
+* Thu Aug 23 2001 Nalin Dahyabhai <nalin@redhat.com> 0.05_snap4-2
+- drop patch which isn't needed because we know swig is installed
+
+* Mon Apr 9 2001 Nalin Dahyabhai <nalin@redhat.com> 0.05_snap4-1
+- break off from openssl-python