Request to support additional OpenSSL interfaces
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
pyOpenSSL |
New
|
Undecided
|
Erik Trauschke |
Bug Description
I need a few more interfaces to the OpenSSL library in pyOpenSSL. Namely they are:
X509_CRL_verify()
X509_CRL_
X509_CRL_
X509_verify()
X509_check_ca()
I attached a patch which adds these interfaces and includes test cases. Most of the added interfaces are very close to what is already supported:
-the verify calls correspond to X509Req_verify which is already in
-CRL_get_issuer corresponds to X509_get_issuer
-CRL_get_nextUpdate corresponds to all of the date retrieval functions like X509_get_notBefore
The only one which is new is X509_check_ca() which just returns a number.
I see that there are bugs/patches for some of interfaces I put in:
- X509_CRL_
https:/
This patch only returns an issuer string, not an X509Name object. I think it should be consistent with the other get_issuer() call of the X509 module.
-X509_verify():
https:/
The patch offered there checks the integrity with a complete certificate, creating a keystore first. I think all that is required to make a determination if the cert was issued by a certain CA is to verify it against the CA's public key. This is also how the OpenSSL interface was designed.
Let me know if something is missing to get these interfaces into pyOpenSSL and I'll fix my patch.
PS: The test_dump_
Changed in pyopenssl: | |
assignee: | nobody → Erik Trauschke (erik-trauschke) |
Thanks. I'll take a look at this as soon as I can.