rpms
/
pyOpenSSL
21
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

allow changing the digest used when exporting CRL and use SHA1 by default

Browse Source
epel9
Tomas Mraz 10 years ago
parent 182ee034ca
commit 712320d348
2 changed files with 55 additions and 1 deletions
Show Stats Download Patch File Download Diff File

47
pyOpenSSL-0.14-crl-digest.patch
Unescape View File

@ -0,0 +1,47 @@
commit 2923dc0f475e0d1a7893c7ca264c95c75f8ba9dd
Author: Bulat Gaifullin <gaifullinbf@gmail.com>
Date: Sun Sep 21 22:36:48 2014 +0400
added parameter digest to select digest algorithm for CRL
diff --git a/OpenSSL/crypto.py b/OpenSSL/crypto.py
index 313a30a..efa1d91 100644
--- a/OpenSSL/crypto.py
+++ b/OpenSSL/crypto.py
@@ -1707,7 +1707,7 @@ class CRL(object):
_raise_current_error()
- def export(self, cert, key, type=FILETYPE_PEM, days=100):
+ def export(self, cert, key, type=FILETYPE_PEM, days=100, digest="sha1"):
"""
export a CRL as a string
@@ -1721,6 +1721,7 @@ class CRL(object):
:param days: The number of days until the next update of this CRL.
:type days: :py:data:`int`
+ :param digest: The message digest to use
:return: :py:data:`str`
"""
@@ -1731,6 +1732,10 @@ class CRL(object):
if not isinstance(type, int):
raise TypeError("type must be an integer")
+ digest_obj = _lib.EVP_get_digestbyname(_byte_string(digest))
+ if digest_obj == _ffi.NULL:
+ raise ValueError("No such digest method")
+
bio = _lib.BIO_new(_lib.BIO_s_mem())
if bio == _ffi.NULL:
# TODO: This is untested.
@@ -1750,7 +1755,7 @@ class CRL(object):
_lib.X509_CRL_set_issuer_name(self._crl, _lib.X509_get_subject_name(cert._x509))
- sign_result = _lib.X509_CRL_sign(self._crl, key._pkey, _lib.EVP_md5())
+ sign_result = _lib.X509_CRL_sign(self._crl, key._pkey, digest_obj)
if not sign_result:
_raise_current_error()

9
pyOpenSSL.spec
Unescape View File

@ -5,8 +5,10 @@
Summary: Python wrapper module around the OpenSSL library Summary: Python wrapper module around the OpenSSL library
Name: pyOpenSSL Name: pyOpenSSL
Version: 0.14 Version: 0.14
Release: 3%{?dist} Release: 4%{?dist}
Source0: http://pypi.python.org/packages/source/p/pyOpenSSL/pyOpenSSL-%{version}.tar.gz Source0: http://pypi.python.org/packages/source/p/pyOpenSSL/pyOpenSSL-%{version}.tar.gz
# The patch is included upstream except we use sha1 by default instead of md5
Patch1: pyOpenSSL-0.14-crl-digest.patch
BuildArch: noarch BuildArch: noarch
License: ASL 2.0 License: ASL 2.0
@ -54,6 +56,8 @@ Documentation for pyOpenSSL
%prep %prep
%setup -q -n pyOpenSSL-%{version} %setup -q -n pyOpenSSL-%{version}
%patch1 -p1 -b .digest
%build %build
%if 0%{?with_python3} %if 0%{?with_python3}
rm -rf %{py3dir} rm -rf %{py3dir}
@ -96,6 +100,9 @@ popd
%doc examples doc/_build/html %doc examples doc/_build/html
%changelog %changelog
* Thu May 14 2015 Tomáš Mráz <tmraz@redhat.com> - 0.14-4
- allow changing the digest used when exporting CRL and use SHA1 by default
* Fri Jan 30 2015 Miro Hrončok <mhroncok@redhat.com> - 0.14-3 * Fri Jan 30 2015 Miro Hrončok <mhroncok@redhat.com> - 0.14-3
- Fix bogus requires (python3-cryptography should belong to python3-pyOpenSSL) - Fix bogus requires (python3-cryptography should belong to python3-pyOpenSSL)

Write Preview
Loading…
Cancel
Save