[Pkg-freeipa-devel] python-nss: Changes to 'master'
Timo Aaltonen
tjaalton at moszumanska.debian.org
Tue Sep 20 13:13:10 UTC 2016
.hgtags | 13
debian/changelog | 10
debian/control | 24
debian/pyversions | 1
debian/rules | 7
debian/watch | 3
doc/ChangeLog | 79
doc/examples/cert_dump.py | 108 -
doc/examples/cert_trust.py | 48
doc/examples/httplib_example.py | 55
doc/examples/pbkdf2_example.py | 227 ++
doc/examples/ssl_example.py | 140 -
doc/examples/ssl_version_range.py | 90
doc/examples/verify_cert.py | 85
doc/examples/verify_server.py | 77
setup.py | 60
src/__init__.py | 3
src/py_nspr_common.h | 397 +++-
src/py_nspr_error.c | 149 -
src/py_nspr_error.h | 12
src/py_nspr_io.c | 400 ++--
src/py_nspr_io.h | 11
src/py_nss.c | 3643 ++++++++++++++++++++++++++------------
src/py_nss.h | 12
src/py_ssl.c | 423 ++--
src/py_ssl.h | 12
src/py_traceback.h | 18
test/run_tests | 9
test/setup_certs.py | 98 -
test/test_cert_components.py | 41
test/test_cert_request.py | 10
test/test_cipher.py | 50
test/test_client_server.py | 148 -
test/test_digest.py | 62
test/test_misc.py | 9
test/test_ocsp.py | 4
test/test_pkcs12.py | 67
37 files changed, 4506 insertions(+), 2099 deletions(-)
New commits:
commit 064a6f46e36d72be1e08e829b29f043fc069cc34
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Tue Sep 20 16:07:48 2016 +0300
releasing package python-nss version 1.0.0-1
diff --git a/debian/changelog b/debian/changelog
index 5f0560b..eeb6dd7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-python-nss (1.0.0-1) UNRELEASED; urgency=medium
+python-nss (1.0.0-1) unstable; urgency=medium
* New upstream release.
* watch: Updated url.
@@ -6,7 +6,7 @@ python-nss (1.0.0-1) UNRELEASED; urgency=medium
* control: Bump policy to 3.9.8, no changes.
* control: Use https vcs urls.
- -- Timo Aaltonen <tjaalton at debian.org> Wed, 21 Oct 2015 22:55:58 +0300
+ -- Timo Aaltonen <tjaalton at debian.org> Tue, 20 Sep 2016 16:07:00 +0300
python-nss (0.16.0-1) unstable; urgency=medium
commit 5ea5d14b8eafeee647bd3d3df3b73dc7da79cc45
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Tue Sep 20 16:06:57 2016 +0300
control: Use https vcs urls.
diff --git a/debian/changelog b/debian/changelog
index 18e3b40..5f0560b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,6 +4,7 @@ python-nss (1.0.0-1) UNRELEASED; urgency=medium
* watch: Updated url.
* Add python3-nss, use pybuild
* control: Bump policy to 3.9.8, no changes.
+ * control: Use https vcs urls.
-- Timo Aaltonen <tjaalton at debian.org> Wed, 21 Oct 2015 22:55:58 +0300
diff --git a/debian/control b/debian/control
index 4938d7b..1e10227 100644
--- a/debian/control
+++ b/debian/control
@@ -12,8 +12,8 @@ X-Python-Version: >= 2.7
X-Python3-Version: >= 3.3
Standards-Version: 3.9.8
Homepage: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Python_binding_for_NSS
-Vcs-Git: git://anonscm.debian.org/pkg-freeipa/python-nss.git
-Vcs-Browser: http://anonscm.debian.org/cgit/pkg-freeipa/python-nss.git
+Vcs-Git: https://anonscm.debian.org/git/pkg-freeipa/python-nss.git
+Vcs-Browser: https://anonscm.debian.org/cgit/pkg-freeipa/python-nss.git
Package: python-nss
Architecture: any
commit 8cb75253758296c6fe4a0f3335cd3929eeda583d
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Tue Sep 20 16:06:15 2016 +0300
control: Bump policy to 3.9.8, no changes.
diff --git a/debian/changelog b/debian/changelog
index 48df6a5..18e3b40 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,7 @@ python-nss (1.0.0-1) UNRELEASED; urgency=medium
* New upstream release.
* watch: Updated url.
* Add python3-nss, use pybuild
+ * control: Bump policy to 3.9.8, no changes.
-- Timo Aaltonen <tjaalton at debian.org> Wed, 21 Oct 2015 22:55:58 +0300
diff --git a/debian/control b/debian/control
index c7b4649..4938d7b 100644
--- a/debian/control
+++ b/debian/control
@@ -10,7 +10,7 @@ Build-Depends: debhelper (>= 9),
libnss3-dev,
X-Python-Version: >= 2.7
X-Python3-Version: >= 3.3
-Standards-Version: 3.9.6
+Standards-Version: 3.9.8
Homepage: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Python_binding_for_NSS
Vcs-Git: git://anonscm.debian.org/pkg-freeipa/python-nss.git
Vcs-Browser: http://anonscm.debian.org/cgit/pkg-freeipa/python-nss.git
commit d6ca5659cb878d17022bb010862f5405a81db7ae
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Tue Sep 20 16:05:39 2016 +0300
Add python3-nss, use pybuild
diff --git a/debian/changelog b/debian/changelog
index 9373760..48df6a5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,7 @@ python-nss (1.0.0-1) UNRELEASED; urgency=medium
* New upstream release.
* watch: Updated url.
+ * Add python3-nss, use pybuild
-- Timo Aaltonen <tjaalton at debian.org> Wed, 21 Oct 2015 22:55:58 +0300
diff --git a/debian/control b/debian/control
index d205fe5..c7b4649 100644
--- a/debian/control
+++ b/debian/control
@@ -4,8 +4,12 @@ Priority: extra
Maintainer: Debian FreeIPA Team <pkg-freeipa-devel at lists.alioth.debian.org>
Uploaders: Timo Aaltonen <tjaalton at debian.org>
Build-Depends: debhelper (>= 9),
+ dh-python,
python-all-dev (>= 2.6.6-3~),
+ python3-all-dev,
libnss3-dev,
+X-Python-Version: >= 2.7
+X-Python3-Version: >= 3.3
Standards-Version: 3.9.6
Homepage: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Python_binding_for_NSS
Vcs-Git: git://anonscm.debian.org/pkg-freeipa/python-nss.git
@@ -24,3 +28,17 @@ Description: Python bindings for Network Security Services (NSS)
and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3
certificates, and other security standards. Specific NSS
implementations have been FIPS-140 certified.
+
+Package: python3-nss
+Architecture: any
+Provides: ${python3:Provides}
+Depends: ${shlibs:Depends}, ${misc:Depends}, ${python3:Depends}
+Description: Python3 bindings for Network Security Services (NSS)
+ This package provides Python3 bindings for Network Security Services (NSS)
+ and the Netscape Portable Runtime (NSPR).
+ .
+ NSS is a set of libraries supporting security-enabled client and
+ server applications. Applications built with NSS can support SSL v2
+ and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3
+ certificates, and other security standards. Specific NSS
+ implementations have been FIPS-140 certified.
diff --git a/debian/pyversions b/debian/pyversions
deleted file mode 100644
index 3ad2293..0000000
--- a/debian/pyversions
+++ /dev/null
@@ -1 +0,0 @@
-2.7-
diff --git a/debian/rules b/debian/rules
index de1bd88..0590af0 100755
--- a/debian/rules
+++ b/debian/rules
@@ -4,5 +4,10 @@
# Uncomment this to turn on verbose mode.
#export DH_VERBOSE=1
+export PYBUILD_NAME=nss
%:
- dh $@ --with python2
+ dh $@ --with python2,python3 --buildsystem=pybuild
+
+override_dh_auto_install:
+ dh_auto_install
+ rm -rf debian/python*-nss/usr/lib/python*/dist-packages/python_nss-*.egg-info
commit c1944934ed2473564e76da4e434c936112ea383a
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Tue Sep 20 15:48:38 2016 +0300
update changelog
diff --git a/debian/changelog b/debian/changelog
index 28cdec5..9373760 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,6 @@
-python-nss (0.16.0-2) UNRELEASED; urgency=medium
+python-nss (1.0.0-1) UNRELEASED; urgency=medium
+ * New upstream release.
* watch: Updated url.
-- Timo Aaltonen <tjaalton at debian.org> Wed, 21 Oct 2015 22:55:58 +0300
commit 3391743a30eddfe11721754412f08f14c7835790
Author: Timo Aaltonen <tjaalton at debian.org>
Date: Tue Sep 20 15:37:52 2016 +0300
watch: update again
diff --git a/debian/changelog b/debian/changelog
index c0778d0..28cdec5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,6 @@
python-nss (0.16.0-2) UNRELEASED; urgency=medium
- * watch: Use pypi.debian.net url, old one is unreliable.
+ * watch: Updated url.
-- Timo Aaltonen <tjaalton at debian.org> Wed, 21 Oct 2015 22:55:58 +0300
diff --git a/debian/watch b/debian/watch
index 84c3516..0136321 100644
--- a/debian/watch
+++ b/debian/watch
@@ -1,3 +1,2 @@
version=3
-opts=uversionmangle=s/(rc|a|b|c)/~$1/ \
-http://pypi.debian.net/python-nss/python-nss-(.+)\.(?:zip|tgz|tbz|txz|(?:tar\.(?:gz|bz2|xz)))
+http://ftp.mozilla.org/pub/security/python-nss/releases/PYNSS_RELEASE_(.+)/src/python-nss-(.+)\.(?:zip|tgz|tbz|txz|(?:tar\.(?:gz|bz2|xz)))
commit 170f503ce2b087a4204505eb8698a9bfe9ea9480
Author: John Dennis <jdennis at redhat.com>
Date: Fri Sep 2 13:05:56 2016 -0400
Add missing CHACHA20 constants to Changelog
diff --git a/doc/ChangeLog b/doc/ChangeLog
index 4068326..ddb4b2a 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -1,4 +1,6 @@
-2016-09-01 John Dennis <jdennis at redhat.com> 1.0.0beta2
+2016-09-01 John Dennis <jdennis at redhat.com> 1.0.0
+ * Official 1.0.0 release, only minor tweaks from 1.0.0.beta1
+
* Allow custom include root in setup.py as command line arg
* Add TLS chacha20 poly1305 constants
@@ -11,6 +13,15 @@
- nss.get_all_tokens
+ * The following constants were added:
+
+ - ssl.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+ - ssl.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
+ - ssl.TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+ - ssl.TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
+ - ssl.TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
+
+
2015-09-03 John Dennis <jdennis at redhat.com> 1.0.0beta1
The primary enhancement in this version is support for Python3
Single code base supports both Py2 (minimum version 2.7) and Py3
commit 92ef898ee4e5f3796648a8c30696f6f7128827a7
Author: John Dennis <jdennis at redhat.com>
Date: Fri Sep 2 12:35:48 2016 -0400
Added tag PYNSS_RELEASE_1_0_0 for changeset 96fff7c15b21
diff --git a/.hgtags b/.hgtags
index b032733..be4368c 100644
--- a/.hgtags
+++ b/.hgtags
@@ -33,3 +33,5 @@ cb9a0b1701b6872be3558d24f62f75aaf9981357 PYNSS_RELEASE_1_0_0beta1
bbe06f8d7b1bd897a9a836ec9ae977413e0e0c55 PYNSS_RELEASE_0_17_0
2c018bb03ee3796222f6c6479215c8890f446551 PYNSS_RELEASE_0_17_0
84c4fa461e3040f7b3ecbdcb370de7ca921f87d4 PYNSS_RELEASE_1_0_0
+84c4fa461e3040f7b3ecbdcb370de7ca921f87d4 PYNSS_RELEASE_1_0_0
+96fff7c15b21fb0e25acfa9d68b9094623f5fcf4 PYNSS_RELEASE_1_0_0
commit 0fc1959ba1690cbfb1c83c8e1de9161015304326
Author: John Dennis <jdennis at redhat.com>
Date: Fri Sep 2 12:21:37 2016 -0400
add nss.get_all_tokens()
diff --git a/doc/ChangeLog b/doc/ChangeLog
index 42cb63c..4068326 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -7,6 +7,10 @@
possible for the binding to know in all cases, especially if the
socket is created from an external socket passed in.
+ * The following module functions were added:
+
+ - nss.get_all_tokens
+
2015-09-03 John Dennis <jdennis at redhat.com> 1.0.0beta1
The primary enhancement in this version is support for Python3
Single code base supports both Py2 (minimum version 2.7) and Py3
diff --git a/src/py_nss.c b/src/py_nss.c
index 08a4998..3e8ccdb 100644
--- a/src/py_nss.c
+++ b/src/py_nss.c
@@ -2452,6 +2452,32 @@ CERTCertExtension_tuple(CERTCertExtension **extensions, RepresentationKind repr_
static PyObject *
+PK11SlotList_to_tuple(PK11SlotList *list)
+{
+ Py_ssize_t len, i;
+ PyObject *tuple = NULL;
+ PyObject *py_slotinfo = NULL;
+ PK11SlotListElement *le;
+
+ /* Count number of elements in list, allocate tuple */
+ for (le = list->head, len = 0; le; le = le->next) len++;
+
+ if ((tuple = PyTuple_New(len)) == NULL) {
+ return NULL;
+ }
+
+ for (le = list->head, i = 0; le; le = le->next, i++) {
+ if ((py_slotinfo = PK11Slot_new_from_PK11SlotInfo(le->slot)) == NULL) {
+ Py_DECREF(tuple);
+ return NULL;
+ }
+ PyTuple_SetItem(tuple, i, py_slotinfo);
+ }
+
+ return tuple;
+}
+
+static PyObject *
CERTCertList_to_tuple(CERTCertList *cert_list, bool add_reference)
{
Py_ssize_t n_certs = 0;
@@ -22693,6 +22719,100 @@ pk11_get_internal_key_slot(PyObject *self, PyObject *args)
return py_slot;
}
+
+PyDoc_STRVAR(pk11_get_all_tokens_doc,
+"get_all_tokens(mechanism=CKM_INVALID_MECHANISM, need_rw=False, load_certs=False, pin_args=None) -> (PK11Slot, ...)\n\
+\n\
+:Parameters:\n\
+ mechanism : int\n\
+ key mechanism enumeration constant (CKM_*).\n\
+ Use CKM_INVALID_MECHANISM to get all tokens.\n\
+ need_rw : boolean\n\
+ need read/write\n\
+ load_certs : boolean\n\
+ load certificates\n\
+ pin_args : tuple\n\
+ Extra parameters which will\n\
+ be passed to the password callback function.\n\
+\n\
+Return a tuple of PK11Slot objects.\n\
+\n\
+Example::\n\
+\n\
+ import nss.nss as nss\n\
+ nss.nss_init_nodb()\n\
+\n\
+ slots = nss.get_all_tokens()\n\
+ for slot in slots:\n\
+ print slot\n\
+ print\n\
+\n\
+ Slot Name: NSS User Private Key and Certificate Services\n\
+ Token Name: NSS Certificate DB\n\
+ Is Hardware: False\n\
+ Is Present: True\n\
+ Is Read Only: True\n\
+ Is Internal: True\n\
+ Needs Login: False\n\
+ Needs User Init: True\n\
+ Is Friendly: True\n\
+ Is Removable: False\n\
+ Has Protected Authentication Path: False\n\
+ Is Disabled: False (no reason)\n\
+ Has Root Certs: False\n\
+ Best Wrap Mechanism: CKM_DES3_ECB (0x132)\n\
+\n\
+ Slot Name: NSS Internal Cryptographic Services\n\
+ Token Name: NSS Generic Crypto Services\n\
+ Is Hardware: False\n\
+ Is Present: True\n\
+ Is Read Only: True\n\
+ Is Internal: True\n\
+ Needs Login: False\n\
+ Needs User Init: True\n\
+ Is Friendly: True\n\
+ Is Removable: False\n\
+ Has Protected Authentication Path: False\n\
+ Is Disabled: False (no reason)\n\
+ Has Root Certs: False\n\
+ Best Wrap Mechanism: CKM_DES3_ECB (0x132)\n\
+\n\
+");
+
+static PyObject *
+pk11_get_all_tokens(PyObject *self, PyObject *args, PyObject *kwds)
+{
+ static char *kwlist[] = {"mechanism", "need_rw", "load_certs", "pin_args", NULL};
+ unsigned long mechanism = CKM_INVALID_MECHANISM;
+ int need_rw = 0;
+ int load_certs = 0;
+ PyObject *pin_args = Py_None;
+ PyObject *tuple = NULL;
+ PK11SlotList *list = NULL;
+
+
+ TraceMethodEnter(self);
+
+ if (!PyArg_ParseTupleAndKeywords(args, kwds, "|kiiO&:get_all_tokens", kwlist,
+ &mechanism, &need_rw, &load_certs,
+ TupleOrNoneConvert, &pin_args))
+ return NULL;
+
+ if (PyNone_Check(pin_args)) {
+ pin_args = NULL;
+ }
+
+ if ((list = PK11_GetAllTokens(CKM_INVALID_MECHANISM, PR_FALSE, PR_FALSE, pin_args)) == NULL) {
+ return set_nspr_error(NULL);
+ }
+
+ tuple = PK11SlotList_to_tuple(list);
+ PK11_FreeSlotList(list);
+
+ return tuple;
+}
+
+
PyDoc_STRVAR(pk11_find_slot_by_name_doc,
"find_slot_by_name(name) -> `PK11Slot`\n\
\n\
@@ -25053,6 +25173,7 @@ module_methods[] = {
{"get_best_slot", (PyCFunction)pk11_get_best_slot, METH_VARARGS, pk11_get_best_slot_doc},
{"get_internal_slot", (PyCFunction)pk11_get_internal_slot, METH_NOARGS, pk11_get_internal_slot_doc},
{"get_internal_key_slot", (PyCFunction)pk11_get_internal_key_slot, METH_NOARGS, pk11_get_internal_key_slot_doc},
+ {"get_all_tokens", (PyCFunction)pk11_get_all_tokens, METH_VARARGS|METH_KEYWORDS, pk11_get_all_tokens_doc},
{"find_slot_by_name", (PyCFunction)pk11_find_slot_by_name, METH_VARARGS, pk11_find_slot_by_name_doc},
{"create_context_by_sym_key", (PyCFunction)pk11_create_context_by_sym_key, METH_VARARGS|METH_KEYWORDS, pk11_create_context_by_sym_key_doc},
{"import_sym_key", (PyCFunction)pk11_import_sym_key, METH_VARARGS, pk11_import_sym_key_doc},
commit 089b0e696309144bd2d8e66d4378cade1833007f
Author: John Dennis <jdennis at redhat.com>
Date: Thu Sep 1 15:24:13 2016 -0400
Added tag PYNSS_RELEASE_1_0_0 for changeset 84c4fa461e30
diff --git a/.hgtags b/.hgtags
index 19d6b29..b032733 100644
--- a/.hgtags
+++ b/.hgtags
@@ -32,3 +32,4 @@ bbe06f8d7b1bd897a9a836ec9ae977413e0e0c55 PYNSS_RELEASE_0_17_0
cb9a0b1701b6872be3558d24f62f75aaf9981357 PYNSS_RELEASE_1_0_0beta1
bbe06f8d7b1bd897a9a836ec9ae977413e0e0c55 PYNSS_RELEASE_0_17_0
2c018bb03ee3796222f6c6479215c8890f446551 PYNSS_RELEASE_0_17_0
+84c4fa461e3040f7b3ecbdcb370de7ca921f87d4 PYNSS_RELEASE_1_0_0
commit 76e1f280e1f56221a59a8ef1b24a3cc1545e3822
Author: John Dennis <jdennis at redhat.com>
Date: Thu Sep 1 15:23:37 2016 -0400
bump version to 1.0.0
diff --git a/setup.py b/setup.py
index b0040d9..dcc17b9 100644
--- a/setup.py
+++ b/setup.py
@@ -16,7 +16,7 @@ from distutils.util import subst_vars, change_root
from distutils.command.build_py import build_py as _build_py
from distutils.command.sdist import sdist as _sdist
-version = "1.0.0beta2"
+version = "1.0.0"
doc_manifest = [
[['include README LICENSE* doc/ChangeLog',
diff --git a/src/__init__.py b/src/__init__.py
index c785819..d9a352b 100644
--- a/src/__init__.py
+++ b/src/__init__.py
@@ -301,4 +301,4 @@ To be added
"""
-__version__ = '1.0.0beta2'
+__version__ = '1.0.0'
commit b3ca66790e2d9446be9d2e641586db365369f023
Author: John Dennis <jdennis at redhat.com>
Date: Thu Sep 1 14:57:16 2016 -0400
Remove checks for whether a socket is open for reading. It's not
possible for the binding to know in all cases, especially if the
socket is created from an external socket passed in.
diff --git a/doc/ChangeLog b/doc/ChangeLog
index 060e39c..42cb63c 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -1,3 +1,12 @@
+2016-09-01 John Dennis <jdennis at redhat.com> 1.0.0beta2
+ * Allow custom include root in setup.py as command line arg
+
+ * Add TLS chacha20 poly1305 constants
+
+ * Remove checks for whether a socket is open for reading. It's not
+ possible for the binding to know in all cases, especially if the
+ socket is created from an external socket passed in.
+
2015-09-03 John Dennis <jdennis at redhat.com> 1.0.0beta1
The primary enhancement in this version is support for Python3
Single code base supports both Py2 (minimum version 2.7) and Py3
diff --git a/setup.py b/setup.py
index 7f2b966..b0040d9 100644
--- a/setup.py
+++ b/setup.py
@@ -16,7 +16,7 @@ from distutils.util import subst_vars, change_root
from distutils.command.build_py import build_py as _build_py
from distutils.command.sdist import sdist as _sdist
-version = "1.0.0beta1"
+version = "1.0.0beta2"
doc_manifest = [
[['include README LICENSE* doc/ChangeLog',
diff --git a/src/__init__.py b/src/__init__.py
index a805466..c785819 100644
--- a/src/__init__.py
+++ b/src/__init__.py
@@ -301,4 +301,4 @@ To be added
"""
-__version__ = '1.0.0beta1'
+__version__ = '1.0.0beta2'
diff --git a/src/py_nspr_io.c b/src/py_nspr_io.c
index 04af9cb..edaa022 100644
--- a/src/py_nspr_io.c
+++ b/src/py_nspr_io.c
@@ -1518,11 +1518,11 @@ HostEntry_new_from_PRNetAddr(PRNetAddr *pr_netaddr)
} \
}
-#define SOCKET_CHECK_OPEN(py_socket) \
-{ \
- if (!py_socket->open_for_read || !py_socket->pr_socket) { \
- return err_closed(); \
- } \
+#define SOCKET_CHECK_OPEN(py_socket) \
+{ \
+ if (!py_socket->pr_socket) { \
+ return err_closed(); \
+ } \
}
static void
@@ -2057,7 +2057,6 @@ Socket_connect(Socket *self, PyObject *args, PyObject *kwds)
}
Py_END_ALLOW_THREADS
- SOCKET_OPEN_FOR_READ(self);
Py_RETURN_NONE;
}
@@ -2116,7 +2115,6 @@ Socket_accept(Socket *self, PyObject *args, PyObject *kwds)
if ((py_socket = Socket_new_from_PRFileDesc(pr_socket, self->family)) == NULL) {
goto error;
}
- SOCKET_OPEN_FOR_READ(py_socket);
if ((return_values = Py_BuildValue("NN", py_socket, py_netaddr)) == NULL) {
goto error;
@@ -2201,7 +2199,6 @@ Socket_accept_read(Socket *self, PyObject *args, PyObject *kwds)
if ((py_socket = Socket_new_from_PRFileDesc(pr_socket, self->family)) == NULL) {
goto error;
}
- SOCKET_OPEN_FOR_READ(py_socket);
if ((return_values = Py_BuildValue("NNN", py_socket, py_netaddr, py_buf)) == NULL) {
goto error;
@@ -2332,10 +2329,6 @@ Socket_shutdown(Socket *self, PyObject *args, PyObject *kwds)
}
Py_END_ALLOW_THREADS
- if (how == PR_SHUTDOWN_RCV || how == PR_SHUTDOWN_BOTH) {
- SOCKET_CLOSED_FOR_READ(self);
- }
-
Py_RETURN_NONE;
}
@@ -2360,11 +2353,11 @@ Socket_close(Socket *self, PyObject *args)
Py_BEGIN_ALLOW_THREADS
if (PR_Close(self->pr_socket) != PR_SUCCESS) {
Py_BLOCK_THREADS
+ self->pr_socket = NULL;
return set_nspr_error(NULL);
}
Py_END_ALLOW_THREADS
- SOCKET_CLOSED_FOR_READ(self);
self->pr_socket = NULL;
Py_RETURN_NONE;
}
@@ -3315,7 +3308,6 @@ Socket_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
self->family = 0;
self->py_netaddr = NULL;
self->makefile_refs = 0;
- self->open_for_read = 0;
INIT_READAHEAD(&self->readahead);
TraceObjNewLeave(self);
diff --git a/src/py_nspr_io.h b/src/py_nspr_io.h
index 6e898aa..b576380 100644
--- a/src/py_nspr_io.h
+++ b/src/py_nspr_io.h
@@ -66,20 +66,6 @@ typedef struct {
} ReadAhead;
-#define SOCKET_OPEN_FOR_READ(py_socket) \
-{ \
- Socket *sock = (Socket*)py_socket; \
- \
- sock->open_for_read = 1; \
-}
-
-#define SOCKET_CLOSED_FOR_READ(py_socket) \
-{ \
- Socket *sock = (Socket*)py_socket; \
- \
- sock->open_for_read = 0; \
-}
-
#define INIT_READAHEAD(readahead) \
{ \
(readahead)->buf = NULL; \
@@ -99,7 +85,6 @@ typedef struct {
PRFileDesc *pr_socket; \
int family; \
int makefile_refs; \
- int open_for_read; \
NetworkAddress *py_netaddr; \
ReadAhead readahead;
diff --git a/src/py_ssl.c b/src/py_ssl.c
index 2344b1b..169fcad 100644
--- a/src/py_ssl.c
+++ b/src/py_ssl.c
@@ -576,7 +576,6 @@ SSLSocket_accept(SSLSocket *self, PyObject *args, PyObject *kwds)
if ((py_ssl_socket = SSLSocket_new_from_PRFileDesc(pr_socket, self->family)) == NULL) {
goto error;
}
- SOCKET_OPEN_FOR_READ(py_ssl_socket);
if ((return_value = Py_BuildValue("NN", py_ssl_socket, py_netaddr)) == NULL) {
goto error;
commit 4201d4b3737dca4e09ad2d9847f257ede299ea69
Author: John Dennis <jdennis at redhat.com>
Date: Mon Aug 15 11:40:06 2016 -0400
Add TLS chacha20 poly1305 constants
diff --git a/src/py_ssl.c b/src/py_ssl.c
index 36e4555..2344b1b 100644
--- a/src/py_ssl.c
+++ b/src/py_ssl.c
@@ -4708,6 +4708,17 @@ if (_AddIntConstantWithLookup(m, #constant, constant, \
ExportConstant(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256);
ExportConstant(TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256);
+ /* draft-ietf-tls-chacha20-poly1305-04 */
+#ifdef TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+ ExportConstant(TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256);
+ ExportConstant(TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256);
+ ExportConstant(TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256);
+#endif
+#ifdef TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
+ ExportConstant(TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256);
+ ExportConstant(TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256);
+#endif
+
/* Netscape "experimental" cipher suites. */
ExportConstant(SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA);
ExportConstant(SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA);
commit ef2380a1b8a447595ad4bc28f88668087c7ff74d
Author: John Dennis <jdennis at redhat.com>
Date: Tue Aug 9 17:49:38 2016 -0400
Allow custom include root in setup.py as command line arg
Patch sumitted by Evan Tschuy <evantschuy at gmail.com> in bug
https://bugzilla.redhat.com/show_bug.cgi?id=1365684
Thanks Evan!
diff --git a/setup.py b/setup.py
index 9be8378..7f2b966 100644
--- a/setup.py
+++ b/setup.py
@@ -64,7 +64,7 @@ def update_version():
else:
os.unlink(tmp_file)
-def find_include_dir(dir_names, include_files, include_roots=['/usr/include', '/usr/local/include']):
+def find_include_dir(dir_names, include_files, include_roots=None):
'''
Locate an include directory on the system which contains the specified include files.
You must provide a list of directory basenames to search. You may optionally provide
@@ -73,6 +73,8 @@ def find_include_dir(dir_names, include_files, include_roots=['/usr/include', '/
files that directory is returned. If no directory is found containing all the include
files a ValueError is raised.
'''
+ if not include_roots:
+ include_roots = ['/usr/include', '/usr/local/include']
if len(dir_names) == 0:
raise ValueError("directory search list is empty")
if len(include_files) == 0:
@@ -313,6 +315,7 @@ def main(argv):
debug_compile_args = ['-O0', '-g']
extra_compile_args = []
+ include_roots = []
for arg in argv[:]:
if arg in ('-d', '--debug'):
@@ -323,9 +326,12 @@ def main(argv):
print("compiling with trace")
extra_compile_args += ['-DDEBUG']
argv.remove(arg)
+ if arg.startswith('--include-root'):
+ include_roots.append(arg.split('--include-root=')[1])
+ argv.remove(arg)
- nss_include_dir = find_include_dir(['nss3', 'nss'], ['nss.h', 'pk11pub.h'])
- nspr_include_dir = find_include_dir(['nspr4', 'nspr'], ['nspr.h', 'prio.h'])
+ nss_include_dir = find_include_dir(['nss3', 'nss'], ['nss.h', 'pk11pub.h'], include_roots=include_roots)
+ nspr_include_dir = find_include_dir(['nspr4', 'nspr'], ['nspr.h', 'prio.h'], include_roots=include_roots)
nss_error_extension = \
Extension('nss.error',
commit 314c72fca918fc77d097ab2283a57343589c131e
Author: John Dennis <jdennis at redhat.com>
Date: Tue Feb 16 11:36:41 2016 -0500
Added tag PYNSS_RELEASE_0_17_0 for changeset 2c018bb03ee3
diff --git a/.hgtags b/.hgtags
index baa166d..19d6b29 100644
--- a/.hgtags
+++ b/.hgtags
@@ -30,3 +30,5 @@ b4e4d70da0cd5e510b9483197750c9680a29e7a0 PYNSS_RELEASE_0_17_0
b4e4d70da0cd5e510b9483197750c9680a29e7a0 PYNSS_RELEASE_0_17_0
bbe06f8d7b1bd897a9a836ec9ae977413e0e0c55 PYNSS_RELEASE_0_17_0
cb9a0b1701b6872be3558d24f62f75aaf9981357 PYNSS_RELEASE_1_0_0beta1
+bbe06f8d7b1bd897a9a836ec9ae977413e0e0c55 PYNSS_RELEASE_0_17_0
+2c018bb03ee3796222f6c6479215c8890f446551 PYNSS_RELEASE_0_17_0
commit 25cfdec7ea38b2e775bc3dc71a151895d3991dd6
Author: John Dennis <jdennis at redhat.com>
Date: Tue Feb 16 10:48:08 2016 -0500
Added tag PYNSS_RELEASE_1_0_0beta1 for changeset cb9a0b1701b6
diff --git a/.hgtags b/.hgtags
index 475ab07..baa166d 100644
--- a/.hgtags
+++ b/.hgtags
@@ -29,3 +29,4 @@ b22fb316b72706f0e53165905436b64ab7ef0f75 PYNSS_RELEASE_0_16_0
b4e4d70da0cd5e510b9483197750c9680a29e7a0 PYNSS_RELEASE_0_17_0
b4e4d70da0cd5e510b9483197750c9680a29e7a0 PYNSS_RELEASE_0_17_0
bbe06f8d7b1bd897a9a836ec9ae977413e0e0c55 PYNSS_RELEASE_0_17_0
+cb9a0b1701b6872be3558d24f62f75aaf9981357 PYNSS_RELEASE_1_0_0beta1
commit 07bac1186345016efb409dafe60850d4e640bda5
Author: John Dennis <jdennis at redhat.com>
Date: Tue Feb 16 10:33:39 2016 -0500
Use functions SSL_GetNumImplementedCiphers() and SSL_GetImplementedCiphers()
instead of global SSL_ImplementedCiphers
diff --git a/src/py_ssl.c b/src/py_ssl.c
index c3c509e..36e4555 100644
--- a/src/py_ssl.c
+++ b/src/py_ssl.c
@@ -4402,15 +4402,20 @@ MOD_INIT(ssl)
return MOD_ERROR_VAL;
/* SSL_ImplementedCiphers */
- if ((py_ssl_implemented_ciphers = PyTuple_New(SSL_NumImplementedCiphers)) == NULL) {
- return MOD_ERROR_VAL;
- }
+ {
+ PRUint16 n_implemented_ciphers = SSL_GetNumImplementedCiphers();
+ const PRUint16 *implemented_ciphers = SSL_GetImplementedCiphers();
- for (i = 0; i < SSL_NumImplementedCiphers; i++) {
- PyTuple_SetItem(py_ssl_implemented_ciphers, i, PyLong_FromLong(SSL_ImplementedCiphers[i]));
- }
+ if ((py_ssl_implemented_ciphers = PyTuple_New(n_implemented_ciphers)) == NULL) {
+ return MOD_ERROR_VAL;
+ }
- PyModule_AddObject(m, "ssl_implemented_ciphers", py_ssl_implemented_ciphers);
+ for (i = 0; i < n_implemented_ciphers; i++) {
+ PyTuple_SetItem(py_ssl_implemented_ciphers, i, PyLong_FromLong(implemented_ciphers[i]));
+ }
+
+ PyModule_AddObject(m, "ssl_implemented_ciphers", py_ssl_implemented_ciphers);
+ }
/***************************************************************************
* SSL Library Version
commit e1356f4426e284c5eea74e3b453c249971ccdd92
Author: John Dennis <jdennis at redhat.com>
Date: Thu Sep 3 18:32:00 2015 -0400
Set version to 1.0.0beta1
Update Changlog
diff --git a/doc/ChangeLog b/doc/ChangeLog
index 9b45856..060e39c 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -1,3 +1,26 @@
+2015-09-03 John Dennis <jdennis at redhat.com> 1.0.0beta1
+ The primary enhancement in this version is support for Python3
+ Single code base supports both Py2 (minimum version 2.7) and Py3
+
+ When built for Py2:
+ - text will be a Unicode object
+ - binary data will be a str object
+ - ints will be Python long object
+ When built for Py3:
+ - text will be a str object
+ - binary data will be a bytes object
+ - ints will be a Python int object
+
+ All pure Python tests and examples have been ported to Py3
+ syntax but should continue to run under Py2.
+
+ * The following class methods were added:
+
+ - PK11Slot.check_security_officer_passwd
+ - PK11Slot.check_user_passwd
+ - PK11Slot.change_passwd
+ - PK11Slot.init_pin
+
2014-11-07 John Dennis <jdennis at redhat.com> 0.17.0
The primary enhancement in this version is adding support for PBKDF2
diff --git a/setup.py b/setup.py
index 94f0ca3..9be8378 100644
--- a/setup.py
+++ b/setup.py
@@ -16,7 +16,7 @@ from distutils.util import subst_vars, change_root
from distutils.command.build_py import build_py as _build_py
from distutils.command.sdist import sdist as _sdist
-version = "1.0.0"
+version = "1.0.0beta1"
doc_manifest = [
[['include README LICENSE* doc/ChangeLog',
diff --git a/src/__init__.py b/src/__init__.py
index d9a352b..a805466 100644
--- a/src/__init__.py
+++ b/src/__init__.py
@@ -301,4 +301,4 @@ To be added
"""
-__version__ = '1.0.0'
+__version__ = '1.0.0beta1'
commit 6b596815041bfa7d836074f33aad337bfe36a6be
Author: John Dennis <jdennis at redhat.com>
Date: Tue Sep 1 18:39:53 2015 -0400
fix oid_dotted_decimal() fails for unrecognised oids
see https://bugzilla.redhat.com/show_bug.cgi?id=1246729
diff --git a/src/py_nss.c b/src/py_nss.c
index 81ee358..08a4998 100644
--- a/src/py_nss.c
+++ b/src/py_nss.c
@@ -2984,12 +2984,7 @@ get_oid_tag_from_object(PyObject *obj)
return -1;
}
/* Get the OID tag from the SECItem */
- if ((oid_tag = SECOID_FindOIDTag(&item)) == SEC_OID_UNKNOWN) {
- SECITEM_FreeItem(&item, PR_FALSE);
- PyErr_Format(PyExc_ValueError, "could not convert \"%s\" to OID tag", type_string);
- Py_DECREF(py_obj_string_utf8);
- return -1;
- }
+ oid_tag = SECOID_FindOIDTag(&item);
SECITEM_FreeItem(&item, PR_FALSE);
} else {
oid_tag = oid_tag_from_name(type_string);
@@ -11263,12 +11258,7 @@ AVA_init(AVA *self, PyObject *args, PyObject *kwds)
}
if (oid_tag == SEC_OID_UNKNOWN) {
- PyObject *type_str = PyObject_String(py_type);
- PyObject *type_str_utf8 = PyBaseString_UTF8(type_str, "oid type");
- PyErr_Format(PyExc_ValueError, "unable to convert \"%s\" to known OID",
- PyBytes_AsString(type_str_utf8));
- Py_DECREF(type_str);
- Py_XDECREF(type_str_utf8);
+ PyErr_Format(PyExc_ValueError, "unable to convert to known OID");
return -1;
}
@@ -22203,8 +22193,11 @@ cert_oid_str(PyObject *self, PyObject *args)
return NULL;
oid_tag = get_oid_tag_from_object(arg);
- if (oid_tag == SEC_OID_UNKNOWN || oid_tag == -1) {
+ if (oid_tag == SEC_OID_UNKNOWN) {
+ PyErr_Format(PyExc_ValueError, "unable to convert to known OID");
return NULL;
+ } else if (oid_tag == -1) {
+ return NULL; /* exception already set */
}
if ((oiddata = SECOID_FindOIDByTag(oid_tag)) == NULL) {
@@ -22247,8 +22240,11 @@ cert_oid_tag_name(PyObject *self, PyObject *args)
return NULL;
oid_tag = get_oid_tag_from_object(arg);
- if (oid_tag == SEC_OID_UNKNOWN || oid_tag == -1) {
+ if (oid_tag == SEC_OID_UNKNOWN) {
+ PyErr_Format(PyExc_ValueError, "unable to convert to known OID");
return NULL;
+ } else if (oid_tag == -1) {
+ return NULL; /* exception already set */
}
py_name = oid_tag_to_pystr_name(oid_tag);
@@ -22287,8 +22283,11 @@ cert_oid_tag(PyObject *self, PyObject *args)
return NULL;
oid_tag = get_oid_tag_from_object(arg);
- if (oid_tag == SEC_OID_UNKNOWN || oid_tag == -1) {
+ if (oid_tag == SEC_OID_UNKNOWN) {
+ PyErr_Format(PyExc_ValueError, "unable to convert to known OID");
return NULL;
+ } else if (oid_tag == -1) {
+ return NULL; /* exception already set */
}
result = PyLong_FromLong(oid_tag);
@@ -22326,9 +22325,17 @@ cert_oid_dotted_decimal(PyObject *self, PyObject *args)
if (!PyArg_ParseTuple(args, "O:oid_dotted_decimal", &arg))
return NULL;
+ if (PySecItem_Check(arg)) {
+ return oid_secitem_to_pystr_dotted_decimal(&((SecItem *)arg)->item);
+ }
More information about the Pkg-freeipa-devel
mailing list