Recent changes to patches

Merged changes from Dave Cridland's branch

2009-02-12T05:46:27Z

This is a fairly significant upgrade to pyOpenSSL functionality in the sense that many additional OpenSSL APIs are exposed. Dave Cridland appears to have forked pyOpenSSL several years back (relative to the sourceforge branch), adding significant additional functionality including access to the digital signatures API. I have merged those changes back into the sourceforge.net pyOpenSSL branch (pyOpenSSL-0.8), attempting to retain both Dave Cridland's extended functionality, as well as the extensive stability improvements that have been made to the sourceforge.net pyOpenSSL branch. We've been using this patch now for several months with no known issues. Please consider merging.

* Merged changes from Dave Cridland's branch:
-r756 http://svn.dave.cridland.net/svn/projects/pyopenssl/dwd

To apply this patch:

tar xfz pyOpenSSL-0.8.tar.gz
cd pyOpenSSL-0.8
patch -p1 <../pyOpenSSL.diff

Because the patch adds some binary files as well that cannot
be represented in the diff, I have placed the binary files
in pyOpenSSL-0.8-binary. You should manually copy them
to the destination after running the patch command.

All files relevant to this patch can be found in the attached file
pyOpenSSL-diff.tar.gz

Thanks,
James Yonan

Module crashes "Fatal Python error: ceval: tstate mix-up"

2009-01-28T14:23:48Z

Hi,

In a heavily threaded applicaiton that uses the package from more than one thread at a time, the pyOpenSSL 0.8 often makes Python 2.5 interpreter crash with the following errror message:

Fatal Python error: ceval: tstate mix-up
Abort trap: 6 (core dumped)

We have test program that crashes reliably in no time here.

There are other reports of the same issue:

http://groups.google.com/group/comp.lang.python/browse_thread/thread/ab1317191a8182e5

Investigation revealed that it is caused by the mis-use of the key to store per-thread context. Instead, it's suggested to save the context in per-instance private data. It is safe to do this, since one object instance cannot be used in separate threads at the very same time due to SSL_CTX and libopenssl API in general not being thread-friendly. Therefore, external locking at python level is required to properly serialize access to methods of the same instance anyway. But this patch makes it safe to use different instances in different threads at the same time.

Proposed patch is attached. The patch also cleans up some of the old, now unused code.

Thanks!

Remove unused variable definition

2008-07-14T23:17:39Z

Removes an unused variable definition.

return PyObject*

2008-07-14T23:17:07Z

Silences warnings from gcc about returning an incompatible pointer type from Python wrapper routines.

Silence CVSid warnings

2008-07-14T23:15:50Z

Silences "unused variable" warnings from gcc for the static CVSid variable kept in many files.

shebang usr bin env python

2008-04-11T00:53:19Z

This makes it so I can run "./setup.py" on all platforms including cygwin.

{{{
diff -rN -u old-pyOpenSSL-0.7a2/pyOpenSSL-0.7a2/setup.py new-pyOpenSSL-0.7a2/pyOpenSSL-0.7a2/setup.py
--- old-pyOpenSSL-0.7a2/pyOpenSSL-0.7a2/setup.py 2008-04-10 17:50:43.000000000 -0700
+++ new-pyOpenSSL-0.7a2/pyOpenSSL-0.7a2/setup.py 2008-04-10 17:50:43.000000000 -0700
@@ -1,3 +1,4 @@
+#!/usr/bin/env python
# vim:fileencoding=UTF-8
#
# setup.py

}}}

Enable support for building on Solaris

2008-03-23T12:30:25Z

The OpenSSL libs and includes that are installed from SunFreeware are in /usr/sfw. This patch adds support for installing on Solaris by including a check for that directory.

Fix examples/simple

2008-01-18T05:46:08Z

The examples in examples/simple were broken for two reasons:

1) the .py files contained non-ASCII characters, but did not specify a source encoding (see PEP 263),

2) the CA, client and server certificates had expired in 2007.

This patch adds source encoding lines and includes new certificates that will expire in approx 10 years.

The patch has been tested on MacOS X with openssl 0.9.7 and on Windows XP with openssl 0.9.8.

pyOpenSSL doesn't build with OpenSSL 0.9.8 / VC7.1

2005-08-03T15:56:58Z

pyOpenSSL does build fine with VC6 and OpenSSL 0.9.8.

However if you try to create a Windows build for Python
2.4 which requires using VC7.1 (.NET 2003), you get
lots of errors when compiling connection.c.

The fix is easy, albeit a hack and not a real solution:

Edit the file src\ssl\x509name.h:

"""
#define crypto_X509Name_Check(v) ((v)->ob_type ==
&crypto_X509Name_Type)

/* Fix needed to compile pyOpenSSL with VC7.1: */
#ifdef OPENSSL_SYS_WIN32
/* Under Win32 these are defined in wincrypt.h */
#undef X509_NAME
#undef X509_CERT_PAIR
#endif

typedef struct {
"""

With this fix, pyOpenSSL builds against Py2.4. I'm not
sure whether this is due to how pyOpenSSL includes the
OpenSSL header files, but it looks like this is the
cause of the problem.

Perhaps including OpenSSL *before* Python.h would help
- not sure, haven't tested it.

Another hint: you can easily build Windows installers
using the following commands:

set SSL=..\openssl-0.9.8
python setup.py build_ext -I %SSL%\inc32 -L
%SSL%\out32dll bdist_wininst -c -o

(re)enabling X509Extensions

2005-03-18T17:31:57Z

OS: Debian Sarge
python version 2.3.5
pyOpenSSL version 0.6
OpenSSL version 0.9.7e

crypto.X509Extension() causes segmentation fault when it
is instanciated.

This patch seems to work fine on my system.

The main problem was that the ext_method->i2d method is
NULL, I simply put the code used by OpenSSL into the
binding.

Thanks,
Cyril.