[Pkg-freeipa-devel] python-nss: Changes to 'master'

Timo Aaltonen tjaalton at moszumanska.debian.org
Tue Sep 20 13:13:10 UTC 2016


 .hgtags                           |   13 
 debian/changelog                  |   10 
 debian/control                    |   24 
 debian/pyversions                 |    1 
 debian/rules                      |    7 
 debian/watch                      |    3 
 doc/ChangeLog                     |   79 
 doc/examples/cert_dump.py         |  108 -
 doc/examples/cert_trust.py        |   48 
 doc/examples/httplib_example.py   |   55 
 doc/examples/pbkdf2_example.py    |  227 ++
 doc/examples/ssl_example.py       |  140 -
 doc/examples/ssl_version_range.py |   90 
 doc/examples/verify_cert.py       |   85 
 doc/examples/verify_server.py     |   77 
 setup.py                          |   60 
 src/__init__.py                   |    3 
 src/py_nspr_common.h              |  397 +++-
 src/py_nspr_error.c               |  149 -
 src/py_nspr_error.h               |   12 
 src/py_nspr_io.c                  |  400 ++--
 src/py_nspr_io.h                  |   11 
 src/py_nss.c                      | 3643 ++++++++++++++++++++++++++------------
 src/py_nss.h                      |   12 
 src/py_ssl.c                      |  423 ++--
 src/py_ssl.h                      |   12 
 src/py_traceback.h                |   18 
 test/run_tests                    |    9 
 test/setup_certs.py               |   98 -
 test/test_cert_components.py      |   41 
 test/test_cert_request.py         |   10 
 test/test_cipher.py               |   50 
 test/test_client_server.py        |  148 -
 test/test_digest.py               |   62 
 test/test_misc.py                 |    9 
 test/test_ocsp.py                 |    4 
 test/test_pkcs12.py               |   67 
 37 files changed, 4506 insertions(+), 2099 deletions(-)

New commits:
commit 064a6f46e36d72be1e08e829b29f043fc069cc34
Author: Timo Aaltonen <tjaalton at debian.org>
Date:   Tue Sep 20 16:07:48 2016 +0300

    releasing package python-nss version 1.0.0-1

diff --git a/debian/changelog b/debian/changelog
index 5f0560b..eeb6dd7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-python-nss (1.0.0-1) UNRELEASED; urgency=medium
+python-nss (1.0.0-1) unstable; urgency=medium
 
   * New upstream release.
   * watch: Updated url.
@@ -6,7 +6,7 @@ python-nss (1.0.0-1) UNRELEASED; urgency=medium
   * control: Bump policy to 3.9.8, no changes.
   * control: Use https vcs urls.
 
- -- Timo Aaltonen <tjaalton at debian.org>  Wed, 21 Oct 2015 22:55:58 +0300
+ -- Timo Aaltonen <tjaalton at debian.org>  Tue, 20 Sep 2016 16:07:00 +0300
 
 python-nss (0.16.0-1) unstable; urgency=medium
 

commit 5ea5d14b8eafeee647bd3d3df3b73dc7da79cc45
Author: Timo Aaltonen <tjaalton at debian.org>
Date:   Tue Sep 20 16:06:57 2016 +0300

    control: Use https vcs urls.

diff --git a/debian/changelog b/debian/changelog
index 18e3b40..5f0560b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,6 +4,7 @@ python-nss (1.0.0-1) UNRELEASED; urgency=medium
   * watch: Updated url.
   * Add python3-nss, use pybuild
   * control: Bump policy to 3.9.8, no changes.
+  * control: Use https vcs urls.
 
  -- Timo Aaltonen <tjaalton at debian.org>  Wed, 21 Oct 2015 22:55:58 +0300
 
diff --git a/debian/control b/debian/control
index 4938d7b..1e10227 100644
--- a/debian/control
+++ b/debian/control
@@ -12,8 +12,8 @@ X-Python-Version: >= 2.7
 X-Python3-Version: >= 3.3
 Standards-Version: 3.9.8
 Homepage: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Python_binding_for_NSS
-Vcs-Git: git://anonscm.debian.org/pkg-freeipa/python-nss.git
-Vcs-Browser: http://anonscm.debian.org/cgit/pkg-freeipa/python-nss.git
+Vcs-Git: https://anonscm.debian.org/git/pkg-freeipa/python-nss.git
+Vcs-Browser: https://anonscm.debian.org/cgit/pkg-freeipa/python-nss.git
 
 Package: python-nss
 Architecture: any

commit 8cb75253758296c6fe4a0f3335cd3929eeda583d
Author: Timo Aaltonen <tjaalton at debian.org>
Date:   Tue Sep 20 16:06:15 2016 +0300

    control: Bump policy to 3.9.8, no changes.

diff --git a/debian/changelog b/debian/changelog
index 48df6a5..18e3b40 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,7 @@ python-nss (1.0.0-1) UNRELEASED; urgency=medium
   * New upstream release.
   * watch: Updated url.
   * Add python3-nss, use pybuild
+  * control: Bump policy to 3.9.8, no changes.
 
  -- Timo Aaltonen <tjaalton at debian.org>  Wed, 21 Oct 2015 22:55:58 +0300
 
diff --git a/debian/control b/debian/control
index c7b4649..4938d7b 100644
--- a/debian/control
+++ b/debian/control
@@ -10,7 +10,7 @@ Build-Depends: debhelper (>= 9),
  libnss3-dev,
 X-Python-Version: >= 2.7
 X-Python3-Version: >= 3.3
-Standards-Version: 3.9.6
+Standards-Version: 3.9.8
 Homepage: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Python_binding_for_NSS
 Vcs-Git: git://anonscm.debian.org/pkg-freeipa/python-nss.git
 Vcs-Browser: http://anonscm.debian.org/cgit/pkg-freeipa/python-nss.git

commit d6ca5659cb878d17022bb010862f5405a81db7ae
Author: Timo Aaltonen <tjaalton at debian.org>
Date:   Tue Sep 20 16:05:39 2016 +0300

    Add python3-nss, use pybuild

diff --git a/debian/changelog b/debian/changelog
index 9373760..48df6a5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,7 @@ python-nss (1.0.0-1) UNRELEASED; urgency=medium
 
   * New upstream release.
   * watch: Updated url.
+  * Add python3-nss, use pybuild
 
  -- Timo Aaltonen <tjaalton at debian.org>  Wed, 21 Oct 2015 22:55:58 +0300
 
diff --git a/debian/control b/debian/control
index d205fe5..c7b4649 100644
--- a/debian/control
+++ b/debian/control
@@ -4,8 +4,12 @@ Priority: extra
 Maintainer: Debian FreeIPA Team <pkg-freeipa-devel at lists.alioth.debian.org>
 Uploaders: Timo Aaltonen <tjaalton at debian.org>
 Build-Depends: debhelper (>= 9),
+ dh-python,
  python-all-dev (>= 2.6.6-3~),
+ python3-all-dev,
  libnss3-dev,
+X-Python-Version: >= 2.7
+X-Python3-Version: >= 3.3
 Standards-Version: 3.9.6
 Homepage: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Python_binding_for_NSS
 Vcs-Git: git://anonscm.debian.org/pkg-freeipa/python-nss.git
@@ -24,3 +28,17 @@ Description: Python bindings for Network Security Services (NSS)
  and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3
  certificates, and other security standards. Specific NSS
  implementations have been FIPS-140 certified.
+
+Package: python3-nss
+Architecture: any
+Provides: ${python3:Provides}
+Depends: ${shlibs:Depends}, ${misc:Depends}, ${python3:Depends}
+Description: Python3 bindings for Network Security Services (NSS)
+ This package provides Python3 bindings for Network Security Services (NSS)
+ and the Netscape Portable Runtime (NSPR).
+ .
+ NSS is a set of libraries supporting security-enabled client and
+ server applications. Applications built with NSS can support SSL v2
+ and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3
+ certificates, and other security standards. Specific NSS
+ implementations have been FIPS-140 certified.
diff --git a/debian/pyversions b/debian/pyversions
deleted file mode 100644
index 3ad2293..0000000
--- a/debian/pyversions
+++ /dev/null
@@ -1 +0,0 @@
-2.7-
diff --git a/debian/rules b/debian/rules
index de1bd88..0590af0 100755
--- a/debian/rules
+++ b/debian/rules
@@ -4,5 +4,10 @@
 # Uncomment this to turn on verbose mode.
 #export DH_VERBOSE=1
 
+export PYBUILD_NAME=nss
 %:
-	dh $@ --with python2
+	dh $@ --with python2,python3 --buildsystem=pybuild
+
+override_dh_auto_install:
+	dh_auto_install
+	rm -rf debian/python*-nss/usr/lib/python*/dist-packages/python_nss-*.egg-info

commit c1944934ed2473564e76da4e434c936112ea383a
Author: Timo Aaltonen <tjaalton at debian.org>
Date:   Tue Sep 20 15:48:38 2016 +0300

    update changelog

diff --git a/debian/changelog b/debian/changelog
index 28cdec5..9373760 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,6 @@
-python-nss (0.16.0-2) UNRELEASED; urgency=medium
+python-nss (1.0.0-1) UNRELEASED; urgency=medium
 
+  * New upstream release.
   * watch: Updated url.
 
  -- Timo Aaltonen <tjaalton at debian.org>  Wed, 21 Oct 2015 22:55:58 +0300

commit 3391743a30eddfe11721754412f08f14c7835790
Author: Timo Aaltonen <tjaalton at debian.org>
Date:   Tue Sep 20 15:37:52 2016 +0300

    watch: update again

diff --git a/debian/changelog b/debian/changelog
index c0778d0..28cdec5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,6 @@
 python-nss (0.16.0-2) UNRELEASED; urgency=medium
 
-  * watch: Use pypi.debian.net url, old one is unreliable.
+  * watch: Updated url.
 
  -- Timo Aaltonen <tjaalton at debian.org>  Wed, 21 Oct 2015 22:55:58 +0300
 
diff --git a/debian/watch b/debian/watch
index 84c3516..0136321 100644
--- a/debian/watch
+++ b/debian/watch
@@ -1,3 +1,2 @@
 version=3
-opts=uversionmangle=s/(rc|a|b|c)/~$1/ \
-http://pypi.debian.net/python-nss/python-nss-(.+)\.(?:zip|tgz|tbz|txz|(?:tar\.(?:gz|bz2|xz)))
+http://ftp.mozilla.org/pub/security/python-nss/releases/PYNSS_RELEASE_(.+)/src/python-nss-(.+)\.(?:zip|tgz|tbz|txz|(?:tar\.(?:gz|bz2|xz)))

commit 170f503ce2b087a4204505eb8698a9bfe9ea9480
Author: John Dennis <jdennis at redhat.com>
Date:   Fri Sep 2 13:05:56 2016 -0400

    Add missing CHACHA20 constants to Changelog

diff --git a/doc/ChangeLog b/doc/ChangeLog
index 4068326..ddb4b2a 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -1,4 +1,6 @@
-2016-09-01  John Dennis  <jdennis at redhat.com> 1.0.0beta2
+2016-09-01  John Dennis  <jdennis at redhat.com> 1.0.0
+  * Official 1.0.0 release, only minor tweaks from 1.0.0.beta1
+
   * Allow custom include root in setup.py as command line arg
 
   * Add TLS chacha20 poly1305 constants
@@ -11,6 +13,15 @@
 
     - nss.get_all_tokens
 
+  * The following constants were added:
+	
+    - ssl.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+    - ssl.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
+    - ssl.TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+    - ssl.TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
+    - ssl.TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
+
+	
 2015-09-03  John Dennis  <jdennis at redhat.com> 1.0.0beta1
   The primary enhancement in this version is support for Python3
   Single code base supports both Py2 (minimum version 2.7) and Py3

commit 92ef898ee4e5f3796648a8c30696f6f7128827a7
Author: John Dennis <jdennis at redhat.com>
Date:   Fri Sep 2 12:35:48 2016 -0400

    Added tag PYNSS_RELEASE_1_0_0 for changeset 96fff7c15b21

diff --git a/.hgtags b/.hgtags
index b032733..be4368c 100644
--- a/.hgtags
+++ b/.hgtags
@@ -33,3 +33,5 @@ cb9a0b1701b6872be3558d24f62f75aaf9981357 PYNSS_RELEASE_1_0_0beta1
 bbe06f8d7b1bd897a9a836ec9ae977413e0e0c55 PYNSS_RELEASE_0_17_0
 2c018bb03ee3796222f6c6479215c8890f446551 PYNSS_RELEASE_0_17_0
 84c4fa461e3040f7b3ecbdcb370de7ca921f87d4 PYNSS_RELEASE_1_0_0
+84c4fa461e3040f7b3ecbdcb370de7ca921f87d4 PYNSS_RELEASE_1_0_0
+96fff7c15b21fb0e25acfa9d68b9094623f5fcf4 PYNSS_RELEASE_1_0_0

commit 0fc1959ba1690cbfb1c83c8e1de9161015304326
Author: John Dennis <jdennis at redhat.com>
Date:   Fri Sep 2 12:21:37 2016 -0400

    add nss.get_all_tokens()

diff --git a/doc/ChangeLog b/doc/ChangeLog
index 42cb63c..4068326 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -7,6 +7,10 @@
     possible for the binding to know in all cases, especially if the
     socket is created from an external socket passed in.
 
+  * The following module functions were added:
+
+    - nss.get_all_tokens
+
 2015-09-03  John Dennis  <jdennis at redhat.com> 1.0.0beta1
   The primary enhancement in this version is support for Python3
   Single code base supports both Py2 (minimum version 2.7) and Py3
diff --git a/src/py_nss.c b/src/py_nss.c
index 08a4998..3e8ccdb 100644
--- a/src/py_nss.c
+++ b/src/py_nss.c
@@ -2452,6 +2452,32 @@ CERTCertExtension_tuple(CERTCertExtension **extensions, RepresentationKind repr_
 
 
 static PyObject *
+PK11SlotList_to_tuple(PK11SlotList *list)
+{
+    Py_ssize_t len, i;
+    PyObject *tuple = NULL;
+    PyObject *py_slotinfo = NULL;
+    PK11SlotListElement *le;
+
+    /* Count number of elements in list, allocate tuple */
+    for (le = list->head, len = 0; le; le = le->next) len++;
+
+    if ((tuple = PyTuple_New(len)) == NULL) {
+        return NULL;
+    }
+
+    for (le = list->head, i = 0; le; le = le->next, i++) {
+        if ((py_slotinfo = PK11Slot_new_from_PK11SlotInfo(le->slot)) == NULL) {
+            Py_DECREF(tuple);
+            return NULL;
+        }
+        PyTuple_SetItem(tuple, i, py_slotinfo);
+    }
+
+    return tuple;
+}
+
+static PyObject *
 CERTCertList_to_tuple(CERTCertList *cert_list, bool add_reference)
 {
     Py_ssize_t n_certs = 0;
@@ -22693,6 +22719,100 @@ pk11_get_internal_key_slot(PyObject *self, PyObject *args)
     return py_slot;
 }
 
+
+PyDoc_STRVAR(pk11_get_all_tokens_doc,
+"get_all_tokens(mechanism=CKM_INVALID_MECHANISM, need_rw=False, load_certs=False, pin_args=None) -> (PK11Slot, ...)\n\
+\n\
+:Parameters:\n\
+    mechanism : int\n\
+        key mechanism enumeration constant (CKM_*).\n\
+        Use CKM_INVALID_MECHANISM to get all tokens.\n\
+    need_rw : boolean\n\
+        need read/write\n\
+    load_certs : boolean\n\
+        load certificates\n\
+    pin_args : tuple\n\
+        Extra parameters which will\n\
+        be passed to the password callback function.\n\
+\n\
+Return a tuple of PK11Slot objects.\n\
+\n\
+Example::\n\
+\n\
+    import nss.nss as nss\n\
+    nss.nss_init_nodb()\n\
+\n\
+    slots = nss.get_all_tokens()\n\
+    for slot in slots:\n\
+        print slot\n\
+        print\n\
+\n\
+    Slot Name:                         NSS User Private Key and Certificate Services\n\
+    Token Name:                        NSS Certificate DB\n\
+    Is Hardware:                       False\n\
+    Is Present:                        True\n\
+    Is Read Only:                      True\n\
+    Is Internal:                       True\n\
+    Needs Login:                       False\n\
+    Needs User Init:                   True\n\
+    Is Friendly:                       True\n\
+    Is Removable:                      False\n\
+    Has Protected Authentication Path: False\n\
+    Is Disabled:                       False (no reason)\n\
+    Has Root Certs:                    False\n\
+    Best Wrap Mechanism:               CKM_DES3_ECB (0x132)\n\
+\n\
+    Slot Name:                         NSS Internal Cryptographic Services\n\
+    Token Name:                        NSS Generic Crypto Services\n\
+    Is Hardware:                       False\n\
+    Is Present:                        True\n\
+    Is Read Only:                      True\n\
+    Is Internal:                       True\n\
+    Needs Login:                       False\n\
+    Needs User Init:                   True\n\
+    Is Friendly:                       True\n\
+    Is Removable:                      False\n\
+    Has Protected Authentication Path: False\n\
+    Is Disabled:                       False (no reason)\n\
+    Has Root Certs:                    False\n\
+    Best Wrap Mechanism:               CKM_DES3_ECB (0x132)\n\
+\n\
+");
+
+static PyObject *
+pk11_get_all_tokens(PyObject *self, PyObject *args, PyObject *kwds)
+{
+    static char *kwlist[] = {"mechanism", "need_rw", "load_certs", "pin_args", NULL};
+    unsigned long mechanism = CKM_INVALID_MECHANISM;
+    int need_rw = 0;
+    int load_certs = 0;
+    PyObject *pin_args = Py_None;
+    PyObject *tuple = NULL;
+    PK11SlotList *list = NULL;
+
+
+    TraceMethodEnter(self);
+
+    if (!PyArg_ParseTupleAndKeywords(args, kwds, "|kiiO&:get_all_tokens", kwlist,
+                                     &mechanism, &need_rw, &load_certs,
+                                     TupleOrNoneConvert, &pin_args))
+        return NULL;
+
+    if (PyNone_Check(pin_args)) {
+        pin_args = NULL;
+    }
+
+    if ((list = PK11_GetAllTokens(CKM_INVALID_MECHANISM, PR_FALSE, PR_FALSE, pin_args)) == NULL) {
+        return set_nspr_error(NULL);
+    }
+
+    tuple = PK11SlotList_to_tuple(list);
+    PK11_FreeSlotList(list);
+
+    return tuple;
+}
+
+
 PyDoc_STRVAR(pk11_find_slot_by_name_doc,
 "find_slot_by_name(name) -> `PK11Slot`\n\
 \n\
@@ -25053,6 +25173,7 @@ module_methods[] = {
     {"get_best_slot",                    (PyCFunction)pk11_get_best_slot,                  METH_VARARGS,               pk11_get_best_slot_doc},
     {"get_internal_slot",                (PyCFunction)pk11_get_internal_slot,              METH_NOARGS,                pk11_get_internal_slot_doc},
     {"get_internal_key_slot",            (PyCFunction)pk11_get_internal_key_slot,          METH_NOARGS,                pk11_get_internal_key_slot_doc},
+    {"get_all_tokens",                   (PyCFunction)pk11_get_all_tokens,                 METH_VARARGS|METH_KEYWORDS, pk11_get_all_tokens_doc},
     {"find_slot_by_name",                (PyCFunction)pk11_find_slot_by_name,              METH_VARARGS,               pk11_find_slot_by_name_doc},
     {"create_context_by_sym_key",        (PyCFunction)pk11_create_context_by_sym_key,      METH_VARARGS|METH_KEYWORDS, pk11_create_context_by_sym_key_doc},
     {"import_sym_key",                   (PyCFunction)pk11_import_sym_key,                 METH_VARARGS,               pk11_import_sym_key_doc},

commit 089b0e696309144bd2d8e66d4378cade1833007f
Author: John Dennis <jdennis at redhat.com>
Date:   Thu Sep 1 15:24:13 2016 -0400

    Added tag PYNSS_RELEASE_1_0_0 for changeset 84c4fa461e30

diff --git a/.hgtags b/.hgtags
index 19d6b29..b032733 100644
--- a/.hgtags
+++ b/.hgtags
@@ -32,3 +32,4 @@ bbe06f8d7b1bd897a9a836ec9ae977413e0e0c55 PYNSS_RELEASE_0_17_0
 cb9a0b1701b6872be3558d24f62f75aaf9981357 PYNSS_RELEASE_1_0_0beta1
 bbe06f8d7b1bd897a9a836ec9ae977413e0e0c55 PYNSS_RELEASE_0_17_0
 2c018bb03ee3796222f6c6479215c8890f446551 PYNSS_RELEASE_0_17_0
+84c4fa461e3040f7b3ecbdcb370de7ca921f87d4 PYNSS_RELEASE_1_0_0

commit 76e1f280e1f56221a59a8ef1b24a3cc1545e3822
Author: John Dennis <jdennis at redhat.com>
Date:   Thu Sep 1 15:23:37 2016 -0400

    bump version to 1.0.0

diff --git a/setup.py b/setup.py
index b0040d9..dcc17b9 100644
--- a/setup.py
+++ b/setup.py
@@ -16,7 +16,7 @@ from distutils.util import subst_vars, change_root
 from distutils.command.build_py import build_py as _build_py
 from distutils.command.sdist import sdist as _sdist
 
-version = "1.0.0beta2"
+version = "1.0.0"
 
 doc_manifest = [
     [['include README LICENSE* doc/ChangeLog',
diff --git a/src/__init__.py b/src/__init__.py
index c785819..d9a352b 100644
--- a/src/__init__.py
+++ b/src/__init__.py
@@ -301,4 +301,4 @@ To be added
 
 """
 
-__version__ = '1.0.0beta2'
+__version__ = '1.0.0'

commit b3ca66790e2d9446be9d2e641586db365369f023
Author: John Dennis <jdennis at redhat.com>
Date:   Thu Sep 1 14:57:16 2016 -0400

    Remove checks for whether a socket is open for reading. It's not
    possible for the binding to know in all cases, especially if the
    socket is created from an external socket passed in.

diff --git a/doc/ChangeLog b/doc/ChangeLog
index 060e39c..42cb63c 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -1,3 +1,12 @@
+2016-09-01  John Dennis  <jdennis at redhat.com> 1.0.0beta2
+  * Allow custom include root in setup.py as command line arg
+
+  * Add TLS chacha20 poly1305 constants
+
+  * Remove checks for whether a socket is open for reading. It's not
+    possible for the binding to know in all cases, especially if the
+    socket is created from an external socket passed in.
+
 2015-09-03  John Dennis  <jdennis at redhat.com> 1.0.0beta1
   The primary enhancement in this version is support for Python3
   Single code base supports both Py2 (minimum version 2.7) and Py3
diff --git a/setup.py b/setup.py
index 7f2b966..b0040d9 100644
--- a/setup.py
+++ b/setup.py
@@ -16,7 +16,7 @@ from distutils.util import subst_vars, change_root
 from distutils.command.build_py import build_py as _build_py
 from distutils.command.sdist import sdist as _sdist
 
-version = "1.0.0beta1"
+version = "1.0.0beta2"
 
 doc_manifest = [
     [['include README LICENSE* doc/ChangeLog',
diff --git a/src/__init__.py b/src/__init__.py
index a805466..c785819 100644
--- a/src/__init__.py
+++ b/src/__init__.py
@@ -301,4 +301,4 @@ To be added
 
 """
 
-__version__ = '1.0.0beta1'
+__version__ = '1.0.0beta2'
diff --git a/src/py_nspr_io.c b/src/py_nspr_io.c
index 04af9cb..edaa022 100644
--- a/src/py_nspr_io.c
+++ b/src/py_nspr_io.c
@@ -1518,11 +1518,11 @@ HostEntry_new_from_PRNetAddr(PRNetAddr *pr_netaddr)
     }                                                                   \
 }
 
-#define SOCKET_CHECK_OPEN(py_socket)                            \
-{                                                               \
-    if (!py_socket->open_for_read || !py_socket->pr_socket) {   \
-        return err_closed();                                    \
-    }                                                           \
+#define SOCKET_CHECK_OPEN(py_socket)            \
+{                                               \
+    if (!py_socket->pr_socket) {                \
+        return err_closed();                    \
+    }                                           \
 }
 
 static void
@@ -2057,7 +2057,6 @@ Socket_connect(Socket *self, PyObject *args, PyObject *kwds)
     }
     Py_END_ALLOW_THREADS
 
-    SOCKET_OPEN_FOR_READ(self);
     Py_RETURN_NONE;
 }
 
@@ -2116,7 +2115,6 @@ Socket_accept(Socket *self, PyObject *args, PyObject *kwds)
     if ((py_socket = Socket_new_from_PRFileDesc(pr_socket, self->family)) == NULL) {
         goto error;
     }
-    SOCKET_OPEN_FOR_READ(py_socket);
 
     if ((return_values = Py_BuildValue("NN", py_socket, py_netaddr)) == NULL) {
         goto error;
@@ -2201,7 +2199,6 @@ Socket_accept_read(Socket *self, PyObject *args, PyObject *kwds)
     if ((py_socket = Socket_new_from_PRFileDesc(pr_socket, self->family)) == NULL) {
         goto error;
     }
-    SOCKET_OPEN_FOR_READ(py_socket);
 
     if ((return_values = Py_BuildValue("NNN", py_socket, py_netaddr, py_buf)) == NULL) {
         goto error;
@@ -2332,10 +2329,6 @@ Socket_shutdown(Socket *self, PyObject *args, PyObject *kwds)
     }
     Py_END_ALLOW_THREADS
 
-    if (how == PR_SHUTDOWN_RCV || how == PR_SHUTDOWN_BOTH) {
-        SOCKET_CLOSED_FOR_READ(self);
-    }
-
     Py_RETURN_NONE;
 }
 
@@ -2360,11 +2353,11 @@ Socket_close(Socket *self, PyObject *args)
     Py_BEGIN_ALLOW_THREADS
     if (PR_Close(self->pr_socket) != PR_SUCCESS) {
         Py_BLOCK_THREADS
+        self->pr_socket = NULL;
         return set_nspr_error(NULL);
     }
     Py_END_ALLOW_THREADS
 
-    SOCKET_CLOSED_FOR_READ(self);
     self->pr_socket = NULL;
     Py_RETURN_NONE;
 }
@@ -3315,7 +3308,6 @@ Socket_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
     self->family = 0;
     self->py_netaddr = NULL;
     self->makefile_refs = 0;
-    self->open_for_read = 0;
     INIT_READAHEAD(&self->readahead);
 
     TraceObjNewLeave(self);
diff --git a/src/py_nspr_io.h b/src/py_nspr_io.h
index 6e898aa..b576380 100644
--- a/src/py_nspr_io.h
+++ b/src/py_nspr_io.h
@@ -66,20 +66,6 @@ typedef struct {
 } ReadAhead;
 
 
-#define SOCKET_OPEN_FOR_READ(py_socket)         \
-{                                               \
-    Socket *sock = (Socket*)py_socket;          \
-                                                \
-    sock->open_for_read = 1;                    \
-}
-
-#define SOCKET_CLOSED_FOR_READ(py_socket)       \
-{                                               \
-    Socket *sock = (Socket*)py_socket;          \
-                                                \
-    sock->open_for_read = 0;                    \
-}
-
 #define INIT_READAHEAD(readahead)               \
 {                                               \
     (readahead)->buf = NULL;                    \
@@ -99,7 +85,6 @@ typedef struct {
     PRFileDesc *pr_socket;                      \
     int family;                                 \
     int makefile_refs;                          \
-    int open_for_read;                          \
     NetworkAddress *py_netaddr;                 \
     ReadAhead readahead;
 
diff --git a/src/py_ssl.c b/src/py_ssl.c
index 2344b1b..169fcad 100644
--- a/src/py_ssl.c
+++ b/src/py_ssl.c
@@ -576,7 +576,6 @@ SSLSocket_accept(SSLSocket *self, PyObject *args, PyObject *kwds)
     if ((py_ssl_socket = SSLSocket_new_from_PRFileDesc(pr_socket, self->family)) == NULL) {
         goto error;
     }
-    SOCKET_OPEN_FOR_READ(py_ssl_socket);
 
     if ((return_value = Py_BuildValue("NN", py_ssl_socket, py_netaddr)) == NULL) {
         goto error;

commit 4201d4b3737dca4e09ad2d9847f257ede299ea69
Author: John Dennis <jdennis at redhat.com>
Date:   Mon Aug 15 11:40:06 2016 -0400

    Add TLS chacha20 poly1305 constants

diff --git a/src/py_ssl.c b/src/py_ssl.c
index 36e4555..2344b1b 100644
--- a/src/py_ssl.c
+++ b/src/py_ssl.c
@@ -4708,6 +4708,17 @@ if (_AddIntConstantWithLookup(m, #constant, constant, \
     ExportConstant(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256);
     ExportConstant(TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256);
 
+    /* draft-ietf-tls-chacha20-poly1305-04 */
+#ifdef TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+    ExportConstant(TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256);
+    ExportConstant(TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256);
+    ExportConstant(TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256);
+#endif
+#ifdef TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
+    ExportConstant(TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256);
+    ExportConstant(TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256);
+#endif
+
     /* Netscape "experimental" cipher suites. */
     ExportConstant(SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA);
     ExportConstant(SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA);

commit ef2380a1b8a447595ad4bc28f88668087c7ff74d
Author: John Dennis <jdennis at redhat.com>
Date:   Tue Aug 9 17:49:38 2016 -0400

    Allow custom include root in setup.py as command line arg
    
    Patch sumitted by Evan Tschuy <evantschuy at gmail.com> in bug
    https://bugzilla.redhat.com/show_bug.cgi?id=1365684
    
    Thanks Evan!

diff --git a/setup.py b/setup.py
index 9be8378..7f2b966 100644
--- a/setup.py
+++ b/setup.py
@@ -64,7 +64,7 @@ def update_version():
     else:
         os.unlink(tmp_file)
 
-def find_include_dir(dir_names, include_files, include_roots=['/usr/include', '/usr/local/include']):
+def find_include_dir(dir_names, include_files, include_roots=None):
     '''
     Locate an include directory on the system which contains the specified include files.
     You must provide a list of directory basenames to search. You may optionally provide
@@ -73,6 +73,8 @@ def find_include_dir(dir_names, include_files, include_roots=['/usr/include', '/
     files that directory is returned. If no directory is found containing all the include
     files a ValueError is raised.
     '''
+    if not include_roots:
+        include_roots = ['/usr/include', '/usr/local/include']
     if len(dir_names) == 0:
         raise ValueError("directory search list is empty")
     if len(include_files) == 0:
@@ -313,6 +315,7 @@ def main(argv):
 
     debug_compile_args = ['-O0', '-g']
     extra_compile_args = []
+    include_roots = []
 
     for arg in argv[:]:
         if arg in ('-d', '--debug'):
@@ -323,9 +326,12 @@ def main(argv):
             print("compiling with trace")
             extra_compile_args += ['-DDEBUG']
             argv.remove(arg)
+        if arg.startswith('--include-root'):
+            include_roots.append(arg.split('--include-root=')[1])
+            argv.remove(arg)
 
-    nss_include_dir  = find_include_dir(['nss3', 'nss'],   ['nss.h',  'pk11pub.h'])
-    nspr_include_dir = find_include_dir(['nspr4', 'nspr'], ['nspr.h', 'prio.h'])
+    nss_include_dir  = find_include_dir(['nss3', 'nss'],   ['nss.h',  'pk11pub.h'], include_roots=include_roots)
+    nspr_include_dir = find_include_dir(['nspr4', 'nspr'], ['nspr.h', 'prio.h'], include_roots=include_roots)
 
     nss_error_extension = \
         Extension('nss.error',

commit 314c72fca918fc77d097ab2283a57343589c131e
Author: John Dennis <jdennis at redhat.com>
Date:   Tue Feb 16 11:36:41 2016 -0500

    Added tag PYNSS_RELEASE_0_17_0 for changeset 2c018bb03ee3

diff --git a/.hgtags b/.hgtags
index baa166d..19d6b29 100644
--- a/.hgtags
+++ b/.hgtags
@@ -30,3 +30,5 @@ b4e4d70da0cd5e510b9483197750c9680a29e7a0 PYNSS_RELEASE_0_17_0
 b4e4d70da0cd5e510b9483197750c9680a29e7a0 PYNSS_RELEASE_0_17_0
 bbe06f8d7b1bd897a9a836ec9ae977413e0e0c55 PYNSS_RELEASE_0_17_0
 cb9a0b1701b6872be3558d24f62f75aaf9981357 PYNSS_RELEASE_1_0_0beta1
+bbe06f8d7b1bd897a9a836ec9ae977413e0e0c55 PYNSS_RELEASE_0_17_0
+2c018bb03ee3796222f6c6479215c8890f446551 PYNSS_RELEASE_0_17_0

commit 25cfdec7ea38b2e775bc3dc71a151895d3991dd6
Author: John Dennis <jdennis at redhat.com>
Date:   Tue Feb 16 10:48:08 2016 -0500

    Added tag PYNSS_RELEASE_1_0_0beta1 for changeset cb9a0b1701b6

diff --git a/.hgtags b/.hgtags
index 475ab07..baa166d 100644
--- a/.hgtags
+++ b/.hgtags
@@ -29,3 +29,4 @@ b22fb316b72706f0e53165905436b64ab7ef0f75 PYNSS_RELEASE_0_16_0
 b4e4d70da0cd5e510b9483197750c9680a29e7a0 PYNSS_RELEASE_0_17_0
 b4e4d70da0cd5e510b9483197750c9680a29e7a0 PYNSS_RELEASE_0_17_0
 bbe06f8d7b1bd897a9a836ec9ae977413e0e0c55 PYNSS_RELEASE_0_17_0
+cb9a0b1701b6872be3558d24f62f75aaf9981357 PYNSS_RELEASE_1_0_0beta1

commit 07bac1186345016efb409dafe60850d4e640bda5
Author: John Dennis <jdennis at redhat.com>
Date:   Tue Feb 16 10:33:39 2016 -0500

    Use functions SSL_GetNumImplementedCiphers() and SSL_GetImplementedCiphers()
    instead of global SSL_ImplementedCiphers

diff --git a/src/py_ssl.c b/src/py_ssl.c
index c3c509e..36e4555 100644
--- a/src/py_ssl.c
+++ b/src/py_ssl.c
@@ -4402,15 +4402,20 @@ MOD_INIT(ssl)
         return MOD_ERROR_VAL;
 
     /* SSL_ImplementedCiphers */
-    if ((py_ssl_implemented_ciphers = PyTuple_New(SSL_NumImplementedCiphers)) == NULL) {
-        return MOD_ERROR_VAL;
-    }
+    {
+        PRUint16 n_implemented_ciphers = SSL_GetNumImplementedCiphers();
+        const PRUint16 *implemented_ciphers = SSL_GetImplementedCiphers();
 
-    for (i = 0; i < SSL_NumImplementedCiphers; i++) {
-        PyTuple_SetItem(py_ssl_implemented_ciphers, i, PyLong_FromLong(SSL_ImplementedCiphers[i]));
-    }
+        if ((py_ssl_implemented_ciphers = PyTuple_New(n_implemented_ciphers)) == NULL) {
+            return MOD_ERROR_VAL;
+        }
 
-    PyModule_AddObject(m, "ssl_implemented_ciphers", py_ssl_implemented_ciphers);
+        for (i = 0; i < n_implemented_ciphers; i++) {
+            PyTuple_SetItem(py_ssl_implemented_ciphers, i, PyLong_FromLong(implemented_ciphers[i]));
+        }
+
+        PyModule_AddObject(m, "ssl_implemented_ciphers", py_ssl_implemented_ciphers);
+    }
 
     /***************************************************************************
      * SSL Library Version

commit e1356f4426e284c5eea74e3b453c249971ccdd92
Author: John Dennis <jdennis at redhat.com>
Date:   Thu Sep 3 18:32:00 2015 -0400

    Set version to 1.0.0beta1
    Update Changlog

diff --git a/doc/ChangeLog b/doc/ChangeLog
index 9b45856..060e39c 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -1,3 +1,26 @@
+2015-09-03  John Dennis  <jdennis at redhat.com> 1.0.0beta1
+  The primary enhancement in this version is support for Python3
+  Single code base supports both Py2 (minimum version 2.7) and Py3
+  
+      When built for Py2:
+       - text will be a Unicode object
+       - binary data will be a str object
+       - ints will be Python long object
+      When built for Py3:
+       - text will be a str object
+       - binary data will be a bytes object
+       - ints will be a Python int object
+
+      All pure Python tests and examples have been ported to Py3
+      syntax but should continue to run under Py2.
+	
+  * The following class methods were added:
+
+    - PK11Slot.check_security_officer_passwd
+    - PK11Slot.check_user_passwd
+    - PK11Slot.change_passwd
+    - PK11Slot.init_pin
+
 2014-11-07  John Dennis  <jdennis at redhat.com> 0.17.0
   The primary enhancement in this version is adding support for PBKDF2
 
diff --git a/setup.py b/setup.py
index 94f0ca3..9be8378 100644
--- a/setup.py
+++ b/setup.py
@@ -16,7 +16,7 @@ from distutils.util import subst_vars, change_root
 from distutils.command.build_py import build_py as _build_py
 from distutils.command.sdist import sdist as _sdist
 
-version = "1.0.0"
+version = "1.0.0beta1"
 
 doc_manifest = [
     [['include README LICENSE* doc/ChangeLog',
diff --git a/src/__init__.py b/src/__init__.py
index d9a352b..a805466 100644
--- a/src/__init__.py
+++ b/src/__init__.py
@@ -301,4 +301,4 @@ To be added
 
 """
 
-__version__ = '1.0.0'
+__version__ = '1.0.0beta1'

commit 6b596815041bfa7d836074f33aad337bfe36a6be
Author: John Dennis <jdennis at redhat.com>
Date:   Tue Sep 1 18:39:53 2015 -0400

    fix oid_dotted_decimal() fails for unrecognised oids
    
    see https://bugzilla.redhat.com/show_bug.cgi?id=1246729

diff --git a/src/py_nss.c b/src/py_nss.c
index 81ee358..08a4998 100644
--- a/src/py_nss.c
+++ b/src/py_nss.c
@@ -2984,12 +2984,7 @@ get_oid_tag_from_object(PyObject *obj)
                     return -1;
                 }
                 /* Get the OID tag from the SECItem */
-                if ((oid_tag = SECOID_FindOIDTag(&item)) == SEC_OID_UNKNOWN) {
-                    SECITEM_FreeItem(&item, PR_FALSE);
-                    PyErr_Format(PyExc_ValueError, "could not convert \"%s\" to OID tag", type_string);
-                    Py_DECREF(py_obj_string_utf8);
-                    return -1;
-                }
+                oid_tag = SECOID_FindOIDTag(&item);
                 SECITEM_FreeItem(&item, PR_FALSE);
             } else {
                 oid_tag = oid_tag_from_name(type_string);
@@ -11263,12 +11258,7 @@ AVA_init(AVA *self, PyObject *args, PyObject *kwds)
     }
 
     if (oid_tag == SEC_OID_UNKNOWN) {
-        PyObject *type_str = PyObject_String(py_type);
-        PyObject *type_str_utf8 = PyBaseString_UTF8(type_str, "oid type");
-        PyErr_Format(PyExc_ValueError, "unable to convert \"%s\" to known OID",
-                     PyBytes_AsString(type_str_utf8));
-        Py_DECREF(type_str);
-        Py_XDECREF(type_str_utf8);
+        PyErr_Format(PyExc_ValueError, "unable to convert to known OID");
         return -1;
     }
 
@@ -22203,8 +22193,11 @@ cert_oid_str(PyObject *self, PyObject *args)
         return NULL;
 
    oid_tag = get_oid_tag_from_object(arg);
-   if (oid_tag == SEC_OID_UNKNOWN || oid_tag == -1) {
+   if (oid_tag == SEC_OID_UNKNOWN) {
+       PyErr_Format(PyExc_ValueError, "unable to convert to known OID");
        return NULL;
+   } else if (oid_tag == -1) {
+       return NULL; /* exception already set */
    }
 
    if ((oiddata = SECOID_FindOIDByTag(oid_tag)) == NULL) {
@@ -22247,8 +22240,11 @@ cert_oid_tag_name(PyObject *self, PyObject *args)
         return NULL;
 
     oid_tag = get_oid_tag_from_object(arg);
-    if (oid_tag == SEC_OID_UNKNOWN || oid_tag == -1) {
+    if (oid_tag == SEC_OID_UNKNOWN) {
+        PyErr_Format(PyExc_ValueError, "unable to convert to known OID");
         return NULL;
+    } else if (oid_tag == -1) {
+        return NULL; /* exception already set */
     }
 
     py_name = oid_tag_to_pystr_name(oid_tag);
@@ -22287,8 +22283,11 @@ cert_oid_tag(PyObject *self, PyObject *args)
         return NULL;
 
     oid_tag = get_oid_tag_from_object(arg);
-    if (oid_tag == SEC_OID_UNKNOWN || oid_tag == -1) {
+    if (oid_tag == SEC_OID_UNKNOWN) {
+        PyErr_Format(PyExc_ValueError, "unable to convert to known OID");
         return NULL;
+    } else if (oid_tag == -1) {
+        return NULL; /* exception already set */
     }
 
     result = PyLong_FromLong(oid_tag);
@@ -22326,9 +22325,17 @@ cert_oid_dotted_decimal(PyObject *self, PyObject *args)
     if (!PyArg_ParseTuple(args, "O:oid_dotted_decimal", &arg))
         return NULL;
 
+    if (PySecItem_Check(arg)) {
+        return oid_secitem_to_pystr_dotted_decimal(&((SecItem *)arg)->item);
+    }



More information about the Pkg-freeipa-devel mailing list