[Pkg-freeipa-devel] [Git][freeipa-team/python-nss][master] 14 commits: Added tag PYNSS_RELEASE_1_0_0 for changeset 9a5cf0294fc1
Timo Aaltonen
gitlab at salsa.debian.org
Thu Dec 3 15:39:35 GMT 2020
Timo Aaltonen pushed to branch master at FreeIPA packaging / python-nss
Commits:
3bf7e4a7 by John Dennis at 2016-09-02T13:06:18-04:00
Added tag PYNSS_RELEASE_1_0_0 for changeset 9a5cf0294fc1
- - - - -
ea420813 by John Dennis at 2016-10-11T13:42:47-04:00
Add doc/examples/ssl_cipher_info.py
- - - - -
9c44cdd5 by John Dennis at 2017-02-28T18:06:27-05:00
Add TLS 1.3 cipher suites
TLS 1.3 does not use any of the TLS 1.2 cipher suites but introduced a
new set of cipher suites. The new cipher suites no longer define key
agreement and authentication protocol.
Signed-off-by: Christian Heimes <cheimes at redhat.com>
- - - - -
58f07a78 by John Dennis at 2017-02-28T18:09:25-05:00
ssl_cipher_info: Try to enable TLS 1.3
Attempt to enable TLS version 1.3 in ssl_cipher_info.py example script.
At the moment NSS 3.28.1 and older have TLS 1.3 support disabled. With a
custom build of NSS, ssl_cipher_info.py is able to establish a TLS 1.3
connection to tls13.crypto.mozilla.org.
SSL connect to: tls13.crypto.mozilla.org
try connecting to: 52.32.149.186
connected to: 52.32.149.186
handshake complete, peer = 52.32.149.186, negotiated host = tls13.crypto.mozilla.org
Connection Info:
SSL Protocol Version: 3.4 (tls1.3)
Cipher: 128-bit AES-GCM
MAC: 128-bit AEAD
Auth: 2048-bit TLS 1.3
Key Exchange: 255-bit TLS 1.3
Compression: NULL
Channel:
--------
Protocol Version: 3.4 (tls1.3)
Cipher Suite: TLS_AES_128_GCM_SHA256 (0x1301)
Auth Key Bits: 2048
Key Exchange Key Bits: 255
Creation Time: 1970-01-01 01:00:00
Last Access Time: 1970-01-01 01:00:00
Expiration Time: 1970-01-01 01:00:00
Compression Method: NULL (0x0)
Session ID:
Suite:
------
Cipher Suite: TLS_AES_128_GCM_SHA256 (0x1301)
Auth Algorithm: TLS 1.3 (0xa)
Key Exchange Type: TLS 1.3 (0x7)
Symmetric Cipher: AES-GCM (0xa)
Symmetric Key Bits: 128
Effective Symmetric Key Bits: 128
Symmetric Key Space: 128
MAC Algorithm: AEAD (0x6)
MAC Bits: 128
FIPS: True
Exportable: False
Nonstandard: False
Signed-off-by: Christian Heimes <cheimes at redhat.com>
- - - - -
70299bb8 by John Dennis at 2017-02-28T18:11:19-05:00
Fix bdist_wheel support to build python-nss as Python wheel
The '-d' argument is already reserved as alias for destination
directory. The bdist_wheel builder uses -d to build wheels in a
temporary directory.
Signed-off-by: Christian Heimes <cheimes at redhat.com>
- - - - -
caa3100b by John Dennis at 2017-02-28T18:13:34-05:00
Update changelog and bump version
Signed-off-by: Christian Heimes <cheimes at redhat.com>
- - - - -
f4a8fe06 by Timo Aaltonen at 2020-11-05T11:10:25+02:00
Merge branch 'upstream'
- - - - -
f8502548 by Timo Aaltonen at 2020-11-05T11:10:51+02:00
bump the version
- - - - -
b8491b1e by Timo Aaltonen at 2020-11-05T11:11:19+02:00
control: Migrate to debhelper-compat.
- - - - -
09007c2b by Timo Aaltonen at 2020-12-03T17:25:58+02:00
rules: Override auto_clean, complicates building the source.
- - - - -
c52f9636 by Timo Aaltonen at 2020-12-03T17:28:20+02:00
fix-ftbfs.diff: Fix type conflicts. (Closes: #973131)
- - - - -
be2e3eb0 by Timo Aaltonen at 2020-12-03T17:31:24+02:00
source: Upstream didn't bump the version in src/__init__.py, so ignore the diff to tarball.
- - - - -
5b11ffc8 by Timo Aaltonen at 2020-12-03T17:31:39+02:00
control: Bump policy to 4.5.1.
- - - - -
550f056d by Timo Aaltonen at 2020-12-03T17:31:49+02:00
releasing package python-nss version 1.0.1-1
- - - - -
12 changed files:
- .hgtags
- debian/changelog
- − debian/compat
- debian/control
- + debian/patches/fix-ftbfs.diff
- debian/patches/series
- debian/rules
- + debian/source/local-options
- doc/ChangeLog
- + doc/examples/ssl_cipher_info.py
- setup.py
- src/py_ssl.c
Changes:
=====================================
.hgtags
=====================================
@@ -35,3 +35,5 @@ bbe06f8d7b1bd897a9a836ec9ae977413e0e0c55 PYNSS_RELEASE_0_17_0
84c4fa461e3040f7b3ecbdcb370de7ca921f87d4 PYNSS_RELEASE_1_0_0
84c4fa461e3040f7b3ecbdcb370de7ca921f87d4 PYNSS_RELEASE_1_0_0
96fff7c15b21fb0e25acfa9d68b9094623f5fcf4 PYNSS_RELEASE_1_0_0
+96fff7c15b21fb0e25acfa9d68b9094623f5fcf4 PYNSS_RELEASE_1_0_0
+9a5cf0294fc1f888d93f5a9bbf4e0217039036da PYNSS_RELEASE_1_0_0
=====================================
debian/changelog
=====================================
@@ -1,3 +1,15 @@
+python-nss (1.0.1-1) unstable; urgency=medium
+
+ * New upstream release.
+ * control: Migrate to debhelper-compat.
+ * rules: Override auto_clean, complicates building the source.
+ * fix-ftbfs.diff: Fix type conflicts. (Closes: #973131)
+ * source: Upstream didn't bump the version in src/__init__.py, so
+ ignore the diff to tarball.
+ * control: Bump policy to 4.5.1.
+
+ -- Timo Aaltonen <tjaalton at debian.org> Thu, 03 Dec 2020 17:31:41 +0200
+
python-nss (1.0.0-2) unstable; urgency=medium
* Bump debhelper to 12.
=====================================
debian/compat deleted
=====================================
@@ -1 +0,0 @@
-12
=====================================
debian/control
=====================================
@@ -3,11 +3,11 @@ Section: python
Priority: extra
Maintainer: Debian FreeIPA Team <pkg-freeipa-devel at lists.alioth.debian.org>
Uploaders: Timo Aaltonen <tjaalton at debian.org>
-Build-Depends: debhelper (>= 12),
+Build-Depends: debhelper-compat (= 12),
dh-python,
python3-all-dev,
libnss3-dev,
-Standards-Version: 4.4.0
+Standards-Version: 4.5.1
Homepage: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Python_binding_for_NSS
Vcs-Git: https://salsa.debian.org/freeipa-team/python-nss.git
Vcs-Browser: https://salsa.debian.org/freeipa-team/python-nss
=====================================
debian/patches/fix-ftbfs.diff
=====================================
@@ -0,0 +1,549 @@
+From 079d4f65a743fb9e952ab109c1a24997c15398a7 Mon Sep 17 00:00:00 2001
+From: Alexander Scheel <ascheel at redhat.com>
+Date: Thu, 3 Dec 2020 10:03:50 -0500
+Subject: [PATCH] Rename {DSA,RSA}PublicKey to Py{DSA,RSA}PublicKey
+
+These two structs have also been added to NSS as of v3.58. Because we
+duplicate the name with different members, we should prefix the
+python-nss classes with "Py" in the C code to distinguish them.
+
+Signed-off-by: Alexander Scheel <ascheel at redhat.com>
+---
+ src/py_nss.c | 180 +++++++++++++++++++++++++--------------------------
+ src/py_nss.h | 8 +--
+ 2 files changed, 94 insertions(+), 94 deletions(-)
+
+diff --git a/src/py_nss.c b/src/py_nss.c
+index 3e8ccdb..d033ac2 100644
+--- a/src/py_nss.c
++++ b/src/py_nss.c
+@@ -7091,7 +7091,7 @@ KEYPQGParams_new_from_SECKEYPQGParams(const SECKEYPQGParams *params)
+ }
+
+ /* ========================================================================== */
+-/* =========================== RSAPublicKey Class =========================== */
++/* ========================== PyRSAPublicKey Class ========================== */
+ /* ========================================================================== */
+
+ /* ============================ Attribute Access ============================ */
+@@ -7100,7 +7100,7 @@ KEYPQGParams_new_from_SECKEYPQGParams(const SECKEYPQGParams *params)
+ // via integer_secitem_to_pylong()
+
+ static PyObject *
+-RSAPublicKey_get_modulus(RSAPublicKey *self, void *closure)
++PyRSAPublicKey_get_modulus(PyRSAPublicKey *self, void *closure)
+ {
+ TraceMethodEnter(self);
+
+@@ -7109,7 +7109,7 @@ RSAPublicKey_get_modulus(RSAPublicKey *self, void *closure)
+ }
+
+ static PyObject *
+-RSAPublicKey_get_exponent(RSAPublicKey *self, void *closure)
++PyRSAPublicKey_get_exponent(PyRSAPublicKey *self, void *closure)
+ {
+ TraceMethodEnter(self);
+
+@@ -7118,20 +7118,20 @@ RSAPublicKey_get_exponent(RSAPublicKey *self, void *closure)
+ }
+
+ static
+-PyGetSetDef RSAPublicKey_getseters[] = {
+- {"modulus", (getter)RSAPublicKey_get_modulus, (setter)NULL, "RSA modulus", NULL},
+- {"exponent", (getter)RSAPublicKey_get_exponent, (setter)NULL, "RSA exponent", NULL},
++PyGetSetDef PyRSAPublicKey_getseters[] = {
++ {"modulus", (getter)PyRSAPublicKey_get_modulus, (setter)NULL, "RSA modulus", NULL},
++ {"exponent", (getter)PyRSAPublicKey_get_exponent, (setter)NULL, "RSA exponent", NULL},
+ {NULL} /* Sentinel */
+ };
+
+-static PyMemberDef RSAPublicKey_members[] = {
++static PyMemberDef PyRSAPublicKey_members[] = {
+ {NULL} /* Sentinel */
+ };
+
+ /* ============================== Class Methods ============================= */
+
+ static PyObject *
+-RSAPublicKey_format_lines(RSAPublicKey *self, PyObject *args, PyObject *kwds)
++PyRSAPublicKey_format_lines(PyRSAPublicKey *self, PyObject *args, PyObject *kwds)
+ {
+ static char *kwlist[] = {"level", NULL};
+ int level = 0;
+@@ -7147,12 +7147,12 @@ RSAPublicKey_format_lines(RSAPublicKey *self, PyObject *args, PyObject *kwds)
+ return NULL;
+ }
+
+- if ((obj = RSAPublicKey_get_modulus(self, NULL)) == NULL) {
++ if ((obj = PyRSAPublicKey_get_modulus(self, NULL)) == NULL) {
+ goto fail;
+ }
+ FMT_SEC_INT_OBJ_APPEND_AND_CLEAR(lines, _("Modulus"), obj, level, fail);
+
+- if ((obj = RSAPublicKey_get_exponent(self, NULL)) == NULL) {
++ if ((obj = PyRSAPublicKey_get_exponent(self, NULL)) == NULL) {
+ goto fail;
+ }
+ FMT_SEC_INT_OBJ_APPEND_AND_CLEAR(lines, _("Exponent"), obj, level, fail);
+@@ -7165,41 +7165,41 @@ RSAPublicKey_format_lines(RSAPublicKey *self, PyObject *args, PyObject *kwds)
+ }
+
+ static PyObject *
+-RSAPublicKey_format(RSAPublicKey *self, PyObject *args, PyObject *kwds)
++PyRSAPublicKey_format(PyRSAPublicKey *self, PyObject *args, PyObject *kwds)
+ {
+ TraceMethodEnter(self);
+
+- return format_from_lines((format_lines_func)RSAPublicKey_format_lines, (PyObject *)self, args, kwds);
++ return format_from_lines((format_lines_func)PyRSAPublicKey_format_lines, (PyObject *)self, args, kwds);
+ }
+
+ static PyObject *
+-RSAPublicKey_str(RSAPublicKey *self)
++PyRSAPublicKey_str(PyRSAPublicKey *self)
+ {
+ PyObject *py_formatted_result = NULL;
+
+ TraceMethodEnter(self);
+
+- py_formatted_result = RSAPublicKey_format(self, empty_tuple, NULL);
++ py_formatted_result = PyRSAPublicKey_format(self, empty_tuple, NULL);
+ return py_formatted_result;
+
+ }
+
+-static PyMethodDef RSAPublicKey_methods[] = {
+- {"format_lines", (PyCFunction)RSAPublicKey_format_lines, METH_VARARGS|METH_KEYWORDS, generic_format_lines_doc},
+- {"format", (PyCFunction)RSAPublicKey_format, METH_VARARGS|METH_KEYWORDS, generic_format_doc},
++static PyMethodDef PyRSAPublicKey_methods[] = {
++ {"format_lines", (PyCFunction)PyRSAPublicKey_format_lines, METH_VARARGS|METH_KEYWORDS, generic_format_lines_doc},
++ {"format", (PyCFunction)PyRSAPublicKey_format, METH_VARARGS|METH_KEYWORDS, generic_format_doc},
+ {NULL, NULL} /* Sentinel */
+ };
+
+ /* =========================== Class Construction =========================== */
+
+ static PyObject *
+-RSAPublicKey_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
++PyRSAPublicKey_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
+ {
+- RSAPublicKey *self;
++ PyRSAPublicKey *self;
+
+ TraceObjNewEnter(type);
+
+- if ((self = (RSAPublicKey *)type->tp_alloc(type, 0)) == NULL) {
++ if ((self = (PyRSAPublicKey *)type->tp_alloc(type, 0)) == NULL) {
+ return NULL;
+ }
+
+@@ -7211,7 +7211,7 @@ RSAPublicKey_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
+ }
+
+ static int
+-RSAPublicKey_traverse(RSAPublicKey *self, visitproc visit, void *arg)
++PyRSAPublicKey_traverse(PyRSAPublicKey *self, visitproc visit, void *arg)
+ {
+ TraceMethodEnter(self);
+
+@@ -7221,7 +7221,7 @@ RSAPublicKey_traverse(RSAPublicKey *self, visitproc visit, void *arg)
+ }
+
+ static int
+-RSAPublicKey_clear(RSAPublicKey* self)
++PyRSAPublicKey_clear(PyRSAPublicKey* self)
+ {
+ TraceMethodEnter(self);
+
+@@ -7231,31 +7231,31 @@ RSAPublicKey_clear(RSAPublicKey* self)
+ }
+
+ static void
+-RSAPublicKey_dealloc(RSAPublicKey* self)
++PyRSAPublicKey_dealloc(PyRSAPublicKey* self)
+ {
+ TraceMethodEnter(self);
+
+- RSAPublicKey_clear(self);
++ PyRSAPublicKey_clear(self);
+ Py_TYPE(self)->tp_free((PyObject*)self);
+ }
+
+-PyDoc_STRVAR(RSAPublicKey_doc,
++PyDoc_STRVAR(PyRSAPublicKey_doc,
+ "An object representing an RSA Public Key");
+
+ static int
+-RSAPublicKey_init(RSAPublicKey *self, PyObject *args, PyObject *kwds)
++PyRSAPublicKey_init(PyRSAPublicKey *self, PyObject *args, PyObject *kwds)
+ {
+ TraceMethodEnter(self);
+
+ return 0;
+ }
+
+-static PyTypeObject RSAPublicKeyType = {
++static PyTypeObject PyRSAPublicKeyType = {
+ PyVarObject_HEAD_INIT(NULL, 0)
+- "nss.nss.RSAPublicKey", /* tp_name */
+- sizeof(RSAPublicKey), /* tp_basicsize */
++ "nss.nss.PyRSAPublicKey", /* tp_name */
++ sizeof(PyRSAPublicKey), /* tp_basicsize */
+ 0, /* tp_itemsize */
+- (destructor)RSAPublicKey_dealloc, /* tp_dealloc */
++ (destructor)PyRSAPublicKey_dealloc, /* tp_dealloc */
+ 0, /* tp_print */
+ 0, /* tp_getattr */
+ 0, /* tp_setattr */
+@@ -7266,39 +7266,39 @@ static PyTypeObject RSAPublicKeyType = {
+ 0, /* tp_as_mapping */
+ 0, /* tp_hash */
+ 0, /* tp_call */
+- (reprfunc)RSAPublicKey_str, /* tp_str */
++ (reprfunc)PyRSAPublicKey_str, /* tp_str */
+ 0, /* tp_getattro */
+ 0, /* tp_setattro */
+ 0, /* tp_as_buffer */
+ Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE | Py_TPFLAGS_HAVE_GC, /* tp_flags */
+- RSAPublicKey_doc, /* tp_doc */
+- (traverseproc)RSAPublicKey_traverse, /* tp_traverse */
+- (inquiry)RSAPublicKey_clear, /* tp_clear */
++ PyRSAPublicKey_doc, /* tp_doc */
++ (traverseproc)PyRSAPublicKey_traverse, /* tp_traverse */
++ (inquiry)PyRSAPublicKey_clear, /* tp_clear */
+ 0, /* tp_richcompare */
+ 0, /* tp_weaklistoffset */
+ 0, /* tp_iter */
+ 0, /* tp_iternext */
+- RSAPublicKey_methods, /* tp_methods */
+- RSAPublicKey_members, /* tp_members */
+- RSAPublicKey_getseters, /* tp_getset */
++ PyRSAPublicKey_methods, /* tp_methods */
++ PyRSAPublicKey_members, /* tp_members */
++ PyRSAPublicKey_getseters, /* tp_getset */
+ 0, /* tp_base */
+ 0, /* tp_dict */
+ 0, /* tp_descr_get */
+ 0, /* tp_descr_set */
+ 0, /* tp_dictoffset */
+- (initproc)RSAPublicKey_init, /* tp_init */
++ (initproc)PyRSAPublicKey_init, /* tp_init */
+ 0, /* tp_alloc */
+- RSAPublicKey_new, /* tp_new */
++ PyRSAPublicKey_new, /* tp_new */
+ };
+
+ PyObject *
+-RSAPublicKey_new_from_SECKEYRSAPublicKey(SECKEYRSAPublicKey *rsa)
++PyRSAPublicKey_new_from_SECKEYRSAPublicKey(SECKEYRSAPublicKey *rsa)
+ {
+- RSAPublicKey *self = NULL;
++ PyRSAPublicKey *self = NULL;
+
+ TraceObjNewEnter(NULL);
+
+- if ((self = (RSAPublicKey *) RSAPublicKeyType.tp_new(&RSAPublicKeyType, NULL, NULL)) == NULL) {
++ if ((self = (PyRSAPublicKey *) PyRSAPublicKeyType.tp_new(&PyRSAPublicKeyType, NULL, NULL)) == NULL) {
+ return NULL;
+ }
+
+@@ -7317,13 +7317,13 @@ RSAPublicKey_new_from_SECKEYRSAPublicKey(SECKEYRSAPublicKey *rsa)
+ }
+
+ /* ========================================================================== */
+-/* =========================== DSAPublicKey Class =========================== */
++/* ========================== PyDSAPublicKey Class ========================== */
+ /* ========================================================================== */
+
+ /* ============================ Attribute Access ============================ */
+
+ static PyObject *
+-DSAPublicKey_get_pqg_params(DSAPublicKey *self, void *closure)
++PyDSAPublicKey_get_pqg_params(PyDSAPublicKey *self, void *closure)
+ {
+ TraceMethodEnter(self);
+
+@@ -7332,7 +7332,7 @@ DSAPublicKey_get_pqg_params(DSAPublicKey *self, void *closure)
+ }
+
+ static PyObject *
+-DSAPublicKey_get_public_value(DSAPublicKey *self, void *closure)
++PyDSAPublicKey_get_public_value(PyDSAPublicKey *self, void *closure)
+ {
+ TraceMethodEnter(self);
+
+@@ -7341,20 +7341,20 @@ DSAPublicKey_get_public_value(DSAPublicKey *self, void *closure)
+ }
+
+ static
+-PyGetSetDef DSAPublicKey_getseters[] = {
+- {"pqg_params", (getter)DSAPublicKey_get_pqg_params, (setter)NULL, "DSA P,Q,G params as a KEYPQGParams object", NULL},
+- {"public_value", (getter)DSAPublicKey_get_public_value, (setter)NULL, "DSA public_value", NULL},
++PyGetSetDef PyDSAPublicKey_getseters[] = {
++ {"pqg_params", (getter)PyDSAPublicKey_get_pqg_params, (setter)NULL, "DSA P,Q,G params as a KEYPQGParams object", NULL},
++ {"public_value", (getter)PyDSAPublicKey_get_public_value, (setter)NULL, "DSA public_value", NULL},
+ {NULL} /* Sentinel */
+ };
+
+-static PyMemberDef DSAPublicKey_members[] = {
++static PyMemberDef PyDSAPublicKey_members[] = {
+ {NULL} /* Sentinel */
+ };
+
+ /* ============================== Class Methods ============================= */
+
+ static PyObject *
+-DSAPublicKey_format_lines(DSAPublicKey *self, PyObject *args, PyObject *kwds)
++PyDSAPublicKey_format_lines(PyDSAPublicKey *self, PyObject *args, PyObject *kwds)
+ {
+ static char *kwlist[] = {"level", NULL};
+ int level = 0;
+@@ -7371,13 +7371,13 @@ DSAPublicKey_format_lines(DSAPublicKey *self, PyObject *args, PyObject *kwds)
+ return NULL;
+ }
+
+- if ((obj = DSAPublicKey_get_pqg_params(self, NULL)) == NULL) {
++ if ((obj = PyDSAPublicKey_get_pqg_params(self, NULL)) == NULL) {
+ goto fail;
+ }
+ CALL_FORMAT_LINES_AND_APPEND(lines, obj, level, fail);
+ Py_CLEAR(obj);
+
+- if ((obj = DSAPublicKey_get_public_value(self, NULL)) == NULL) {
++ if ((obj = PyDSAPublicKey_get_public_value(self, NULL)) == NULL) {
+ goto fail;
+ }
+ FMT_SEC_INT_OBJ_APPEND_AND_CLEAR(lines, _("Public Value"), obj, level, fail);
+@@ -7390,41 +7390,41 @@ DSAPublicKey_format_lines(DSAPublicKey *self, PyObject *args, PyObject *kwds)
+ }
+
+ static PyObject *
+-DSAPublicKey_format(DSAPublicKey *self, PyObject *args, PyObject *kwds)
++PyDSAPublicKey_format(PyDSAPublicKey *self, PyObject *args, PyObject *kwds)
+ {
+ TraceMethodEnter(self);
+
+- return format_from_lines((format_lines_func)DSAPublicKey_format_lines, (PyObject *)self, args, kwds);
++ return format_from_lines((format_lines_func)PyDSAPublicKey_format_lines, (PyObject *)self, args, kwds);
+ }
+
+ static PyObject *
+-DSAPublicKey_str(DSAPublicKey *self)
++PyDSAPublicKey_str(PyDSAPublicKey *self)
+ {
+ PyObject *py_formatted_result = NULL;
+
+ TraceMethodEnter(self);
+
+- py_formatted_result = DSAPublicKey_format(self, empty_tuple, NULL);
++ py_formatted_result = PyDSAPublicKey_format(self, empty_tuple, NULL);
+ return py_formatted_result;
+
+ }
+
+-static PyMethodDef DSAPublicKey_methods[] = {
+- {"format_lines", (PyCFunction)DSAPublicKey_format_lines, METH_VARARGS|METH_KEYWORDS, generic_format_lines_doc},
+- {"format", (PyCFunction)DSAPublicKey_format, METH_VARARGS|METH_KEYWORDS, generic_format_doc},
++static PyMethodDef PyDSAPublicKey_methods[] = {
++ {"format_lines", (PyCFunction)PyDSAPublicKey_format_lines, METH_VARARGS|METH_KEYWORDS, generic_format_lines_doc},
++ {"format", (PyCFunction)PyDSAPublicKey_format, METH_VARARGS|METH_KEYWORDS, generic_format_doc},
+ {NULL, NULL} /* Sentinel */
+ };
+
+ /* =========================== Class Construction =========================== */
+
+ static PyObject *
+-DSAPublicKey_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
++PyDSAPublicKey_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
+ {
+- DSAPublicKey *self;
++ PyDSAPublicKey *self;
+
+ TraceObjNewEnter(type);
+
+- if ((self = (DSAPublicKey *)type->tp_alloc(type, 0)) == NULL) {
++ if ((self = (PyDSAPublicKey *)type->tp_alloc(type, 0)) == NULL) {
+ return NULL;
+ }
+
+@@ -7436,7 +7436,7 @@ DSAPublicKey_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
+ }
+
+ static int
+-DSAPublicKey_traverse(DSAPublicKey *self, visitproc visit, void *arg)
++PyDSAPublicKey_traverse(PyDSAPublicKey *self, visitproc visit, void *arg)
+ {
+ TraceMethodEnter(self);
+
+@@ -7446,7 +7446,7 @@ DSAPublicKey_traverse(DSAPublicKey *self, visitproc visit, void *arg)
+ }
+
+ static int
+-DSAPublicKey_clear(DSAPublicKey* self)
++PyDSAPublicKey_clear(PyDSAPublicKey* self)
+ {
+ TraceMethodEnter(self);
+
+@@ -7456,31 +7456,31 @@ DSAPublicKey_clear(DSAPublicKey* self)
+ }
+
+ static void
+-DSAPublicKey_dealloc(DSAPublicKey* self)
++PyDSAPublicKey_dealloc(PyDSAPublicKey* self)
+ {
+ TraceMethodEnter(self);
+
+- DSAPublicKey_clear(self);
++ PyDSAPublicKey_clear(self);
+ Py_TYPE(self)->tp_free((PyObject*)self);
+ }
+
+-PyDoc_STRVAR(DSAPublicKey_doc,
++PyDoc_STRVAR(PyDSAPublicKey_doc,
+ "A object representing a DSA Public Key");
+
+ static int
+-DSAPublicKey_init(DSAPublicKey *self, PyObject *args, PyObject *kwds)
++PyDSAPublicKey_init(PyDSAPublicKey *self, PyObject *args, PyObject *kwds)
+ {
+ TraceMethodEnter(self);
+
+ return 0;
+ }
+
+-static PyTypeObject DSAPublicKeyType = {
++static PyTypeObject PyDSAPublicKeyType = {
+ PyVarObject_HEAD_INIT(NULL, 0)
+- "nss.nss.DSAPublicKey", /* tp_name */
+- sizeof(DSAPublicKey), /* tp_basicsize */
++ "nss.nss.PyDSAPublicKey", /* tp_name */
++ sizeof(PyDSAPublicKey), /* tp_basicsize */
+ 0, /* tp_itemsize */
+- (destructor)DSAPublicKey_dealloc, /* tp_dealloc */
++ (destructor)PyDSAPublicKey_dealloc, /* tp_dealloc */
+ 0, /* tp_print */
+ 0, /* tp_getattr */
+ 0, /* tp_setattr */
+@@ -7491,39 +7491,39 @@ static PyTypeObject DSAPublicKeyType = {
+ 0, /* tp_as_mapping */
+ 0, /* tp_hash */
+ 0, /* tp_call */
+- (reprfunc)DSAPublicKey_str, /* tp_str */
++ (reprfunc)PyDSAPublicKey_str, /* tp_str */
+ 0, /* tp_getattro */
+ 0, /* tp_setattro */
+ 0, /* tp_as_buffer */
+ Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE | Py_TPFLAGS_HAVE_GC, /* tp_flags */
+- DSAPublicKey_doc, /* tp_doc */
+- (traverseproc)DSAPublicKey_traverse, /* tp_traverse */
+- (inquiry)DSAPublicKey_clear, /* tp_clear */
++ PyDSAPublicKey_doc, /* tp_doc */
++ (traverseproc)PyDSAPublicKey_traverse, /* tp_traverse */
++ (inquiry)PyDSAPublicKey_clear, /* tp_clear */
+ 0, /* tp_richcompare */
+ 0, /* tp_weaklistoffset */
+ 0, /* tp_iter */
+ 0, /* tp_iternext */
+- DSAPublicKey_methods, /* tp_methods */
+- DSAPublicKey_members, /* tp_members */
+- DSAPublicKey_getseters, /* tp_getset */
++ PyDSAPublicKey_methods, /* tp_methods */
++ PyDSAPublicKey_members, /* tp_members */
++ PyDSAPublicKey_getseters, /* tp_getset */
+ 0, /* tp_base */
+ 0, /* tp_dict */
+ 0, /* tp_descr_get */
+ 0, /* tp_descr_set */
+ 0, /* tp_dictoffset */
+- (initproc)DSAPublicKey_init, /* tp_init */
++ (initproc)PyDSAPublicKey_init, /* tp_init */
+ 0, /* tp_alloc */
+- DSAPublicKey_new, /* tp_new */
++ PyDSAPublicKey_new, /* tp_new */
+ };
+
+ PyObject *
+-DSAPublicKey_new_from_SECKEYDSAPublicKey(SECKEYDSAPublicKey *dsa)
++PyDSAPublicKey_new_from_SECKEYDSAPublicKey(SECKEYDSAPublicKey *dsa)
+ {
+- DSAPublicKey *self = NULL;
++ PyDSAPublicKey *self = NULL;
+
+ TraceObjNewEnter(NULL);
+
+- if ((self = (DSAPublicKey *) DSAPublicKeyType.tp_new(&DSAPublicKeyType, NULL, NULL)) == NULL) {
++ if ((self = (PyDSAPublicKey *) PyDSAPublicKeyType.tp_new(&PyDSAPublicKeyType, NULL, NULL)) == NULL) {
+ return NULL;
+ }
+
+@@ -7882,8 +7882,8 @@ static
+ PyGetSetDef PublicKey_getseters[] = {
+ {"key_type", (getter)PublicKey_get_key_type, (setter)NULL, "key type (e.g. rsaKey, dsaKey, etc.) as an int", NULL},
+ {"key_type_str", (getter)PublicKey_get_key_type_str, (setter)NULL, "key type as a string", NULL},
+- {"rsa", (getter)PublicKey_get_rsa, (setter)NULL, "RSA key as a RSAPublicKey object", NULL},
+- {"dsa", (getter)PublicKey_get_dsa, (setter)NULL, "RSA key as a RSAPublicKey object", NULL},
++ {"rsa", (getter)PublicKey_get_rsa, (setter)NULL, "RSA key as a PyRSAPublicKey object", NULL},
++ {"dsa", (getter)PublicKey_get_dsa, (setter)NULL, "RSA key as a PyRSAPublicKey object", NULL},
+ {NULL} /* Sentinel */
+ };
+
+@@ -8087,13 +8087,13 @@ PublicKey_new_from_SECKEYPublicKey(SECKEYPublicKey *pk)
+
+ switch(pk->keyType) { /* FIXME: handle the other cases */
+ case rsaKey:
+- if ((self->py_rsa_key = RSAPublicKey_new_from_SECKEYRSAPublicKey(&pk->u.rsa)) == NULL) {
++ if ((self->py_rsa_key = PyRSAPublicKey_new_from_SECKEYRSAPublicKey(&pk->u.rsa)) == NULL) {
+ Py_CLEAR(self);
+ return NULL;
+ }
+ break;
+ case dsaKey:
+- if ((self->py_dsa_key = DSAPublicKey_new_from_SECKEYDSAPublicKey(&pk->u.dsa)) == NULL) {
++ if ((self->py_dsa_key = PyDSAPublicKey_new_from_SECKEYDSAPublicKey(&pk->u.dsa)) == NULL) {
+ Py_CLEAR(self);
+ return NULL;
+ }
+@@ -25310,8 +25310,8 @@ MOD_INIT(nss)
+ TYPE_READY(AlgorithmIDType);
+ TYPE_READY(RSAGenParamsType);
+ TYPE_READY(KEYPQGParamsType);
+- TYPE_READY(RSAPublicKeyType);
+- TYPE_READY(DSAPublicKeyType);
++ TYPE_READY(PyRSAPublicKeyType);
++ TYPE_READY(PyDSAPublicKeyType);
+ TYPE_READY(SignedDataType);
+ TYPE_READY(PublicKeyType);
+ TYPE_READY(SubjectPublicKeyInfoType);
+diff --git a/src/py_nss.h b/src/py_nss.h
+index c93b3a2..4bc94e6 100644
+--- a/src/py_nss.h
++++ b/src/py_nss.h
+@@ -116,24 +116,24 @@ typedef struct {
+ } SignedCRL;
+
+ /* ========================================================================== */
+-/* ============================ RSAPublicKey Class ========================== */
++/* =========================== PyRSAPublicKey Class ========================= */
+ /* ========================================================================== */
+
+ typedef struct {
+ PyObject_HEAD
+ PyObject *py_modulus;
+ PyObject *py_exponent;
+-} RSAPublicKey;
++} PyRSAPublicKey;
+
+ /* ========================================================================== */
+-/* ============================ DSAPublicKey Class ========================== */
++/* =========================== PyDSAPublicKey Class ========================= */
+ /* ========================================================================== */
+
+ typedef struct {
+ PyObject_HEAD
+ PyObject *py_pqg_params;
+ PyObject *py_public_value;
+-} DSAPublicKey;
++} PyDSAPublicKey;
+
+ /* ========================================================================== */
+ /* ============================ RSAGenParams Class ========================== */
=====================================
debian/patches/series
=====================================
@@ -1 +1 @@
-#placeholder
+fix-ftbfs.diff
=====================================
debian/rules
=====================================
@@ -9,6 +9,8 @@ export PYBUILD_NAME=nss
%:
dh $@ --with python3 --buildsystem=pybuild
+override_dh_auto_clean:
+
override_dh_auto_install:
dh_auto_install
rm -rf debian/python*-nss/usr/lib/python*/dist-packages/python_nss-*.egg-info
=====================================
debian/source/local-options
=====================================
@@ -0,0 +1 @@
+extend-diff-ignore = src/__init__.py
=====================================
doc/ChangeLog
=====================================
@@ -1,3 +1,18 @@
+2017-02-16 Christian Heimes <cheimes at redhat.com> 1.0.1
+
+ * Add TLS 1.3 cipher suites.
+
+ * ssl_cipher_info.py now attempts to enable TLS 1.3.
+
+ * Fix build issue in setup.py. python-nss can now be build
+ as Python wheel, e.g. `pip wheel -w dist .`
+
+ * The following constants were added:
+
+ - ssl.TLS_AES_128_GCM_SHA256
+ - ssl.TLS_AES_256_GCM_SHA384
+ - ssl.TLS_CHACHA20_POLY1305_SHA256
+
2016-09-01 John Dennis <jdennis at redhat.com> 1.0.0
* Official 1.0.0 release, only minor tweaks from 1.0.0.beta1
=====================================
doc/examples/ssl_cipher_info.py
=====================================
@@ -0,0 +1,208 @@
+from __future__ import absolute_import
+from __future__ import print_function
+
+import argparse
+import sys
+
+from nss.error import NSPRError
+import nss.io as io
+import nss.nss as nss
+import nss.ssl as ssl
+
+#-------------------------------------------------------------------------------
+
+TIMEOUT_SECS = 3
+
+REQUEST = '''\
+GET /index.html HTTP/1.0
+
+'''
+#-------------------------------------------------------------------------------
+
+def print_suite_info(suite):
+ print("Suite:")
+ print("------")
+
+ if not options.use_properties:
+ print(suite)
+ else:
+ print("cipher_suite_name: %s" % (suite.cipher_suite_name))
+ print("cipher_suite: %#x" % (suite.cipher_suite))
+ print("auth_algorithm_name: %s" % (suite.auth_algorithm_name))
+ print("auth_algorithm: %#x" % (suite.auth_algorithm))
+ print("kea_type_name: %s" % (suite.kea_type_name))
+ print("kea_type: %#x" % (suite.kea_type))
+ print("symmetric_cipher_name: %s" % (suite.symmetric_cipher_name))
+ print("symmetric_cipher: %#x" % (suite.symmetric_cipher))
+ print("symmetric_key_bits: %s" % (suite.symmetric_key_bits))
+ print("symmetric_key_space: %s" % (suite.symmetric_key_space))
+ print("effective_key_bits: %s" % (suite.effective_key_bits))
+ print("mac_algorithm_name: %s" % (suite.mac_algorithm_name))
+ print("mac_algorithm: %#x" % (suite.mac_algorithm))
+ print("mac_bits: %s" % (suite.mac_bits))
+ print("is_fips: %s" % (suite.is_fips))
+ print("is_exportable: %s" % (suite.is_exportable))
+ print("is_nonstandard: %s" % (suite.is_nonstandard))
+
+def print_channel_info(channel):
+ print("Channel:")
+ print("--------")
+
+ if not options.use_properties:
+ print(channel)
+ else:
+ print("protocol_version: %#x" % (channel.protocol_version))
+ print("protocol_version string: %s" % (channel.protocol_version_str))
+ print("protocol_version enum: %#x" % (channel.protocol_version_enum))
+ print("major_protocol_version: %s" % (channel.major_protocol_version))
+ print("minor_protocol_version: %s" % (channel.minor_protocol_version))
+ print("cipher_suite: %#x" % (channel.cipher_suite))
+ print("auth_key_bits: %d" % (channel.auth_key_bits))
+ print("kea_key_bits: %d" % (channel.kea_key_bits))
+ print("creation_time: %s" % (channel.creation_time))
+ print("last_access_time: %s" % (channel.last_access_time))
+ print("expiration_time: %s" % (channel.expiration_time))
+ print("creation_time_utc: %s" % (channel.creation_time_utc))
+ print("last_access_time_utc: %s" % (channel.last_access_time_utc))
+ print("expiration_time_utc: %s" % (channel.expiration_time_utc))
+ print("compression_method: %#x" % (channel.compression_method))
+ print("compression_method_name: %s" % (channel.compression_method_name))
+ print("session_id: %s" % (channel.session_id))
+
+def handshake_callback(sock):
+
+ print("handshake complete, peer = %s, negotiated host = %s" %
+ (sock.get_peer_name(), sock.get_negotiated_host()))
+ print("Connection Info:")
+ print(sock.connection_info_str())
+ print()
+
+ channel = sock.get_ssl_channel_info()
+ print_channel_info(channel)
+ print()
+
+ suite = ssl.get_cipher_suite_info(channel.cipher_suite)
+ print_suite_info(suite)
+
+def ssl_connect():
+ print("SSL connect to: %s" % options.hostname)
+
+ valid_addr = False
+ # Get the IP Address of our server
+ try:
+ addr_info = io.AddrInfo(options.hostname)
+ except:
+ print("ERROR: could not resolve hostname \"%s\"" % options.hostname)
+ return
+
+ for net_addr in addr_info:
+ net_addr.port = options.port
+ sock = ssl.SSLSocket(net_addr.family)
+ # Set client SSL socket options
+ sock.set_ssl_option(ssl.SSL_SECURITY, True)
+ sock.set_ssl_option(ssl.SSL_HANDSHAKE_AS_CLIENT, True)
+ sock.set_hostname(options.hostname)
+ try:
+ sock.set_ssl_version_range("tls1.0", "tls1.3")
+ except NSPRError as e:
+ print("Cannot enable TLS 1.3, {}".format(e))
+
+ # Provide a callback which notifies us when the SSL handshake is
+ # complete
+ sock.set_handshake_callback(handshake_callback)
+
+ try:
+ print("try connecting to: %s" % (net_addr))
+ sock.connect(net_addr, timeout=io.seconds_to_interval(TIMEOUT_SECS))
+ print("connected to: %s" % (net_addr))
+ valid_addr = True
+ break
+ except:
+ continue
+
+ if not valid_addr:
+ print("ERROR: could not connect to \"%s\"" % options.hostname)
+ return
+
+ try:
+ # Talk to the server
+ n_received = 0
+ sock.send(REQUEST.encode('utf-8'))
+ while True:
+ buf = sock.recv(1024)
+ n_received += len(buf)
+ if not buf:
+ break
+ except Exception as e:
+ print(e)
+ sock.shutdown()
+ return
+
+ sock.shutdown()
+ return
+
+
+# -----------------------------------------------------------------------------
+
+parser = argparse.ArgumentParser(
+ description='Example showing how to enumerate cipher suites and '
+ 'get their properties as well as how to get SSL channel information '
+ 'after connecting including the cipher suite in use',
+ formatter_class=argparse.ArgumentDefaultsHelpFormatter)
+
+parser.add_argument('-d', '--db-name',
+ help='NSS database name (e.g. "sql:pki")')
+
+parser.add_argument('-H', '--hostname',
+ help='host to connect to')
+
+parser.add_argument('-p', '--port', type=int,
+ help='host port')
+
+parser.add_argument('-E', '--no-enumerate-cipher-suites',
+ dest='enumerate_cipher_suites',
+ action='store_false',
+ help='do not enumerate cipher suites')
+
+parser.add_argument('-S', '--no-ssl-connect',
+ dest='ssl_connect',
+ action='store_false',
+ help='do not perform SSL connection')
+
+parser.add_argument('-P', '--use-properties',
+ dest='use_properties',
+ action='store_true',
+ help='print using object properties')
+
+parser.set_defaults(db_name='sql:pki',
+ hostname='www.verisign.com',
+ port=443,
+ enumerate_cipher_suites=True,
+ ssl_connect=True,
+ use_properties=False)
+
+options = parser.parse_args()
+
+# Perform basic configuration and setup
+try:
+ nss.nss_init(options.db_name)
+ ssl.set_domestic_policy()
+
+except Exception as e:
+ print(str(e), file=sys.stderr)
+ sys.exit(1)
+
+
+if options.enumerate_cipher_suites:
+ suite_info = ssl.get_cipher_suite_info(ssl.ssl_implemented_ciphers[0])
+
+ print("There are %d implemented ciphers" %
+ (len(ssl.ssl_implemented_ciphers)))
+
+ for cipher in ssl.ssl_implemented_ciphers:
+ suite_info = ssl.get_cipher_suite_info(cipher)
+ print(suite_info)
+ print()
+
+if options.ssl_connect:
+ ssl_connect()
=====================================
setup.py
=====================================
@@ -16,7 +16,7 @@ from distutils.util import subst_vars, change_root
from distutils.command.build_py import build_py as _build_py
from distutils.command.sdist import sdist as _sdist
-version = "1.0.0"
+version = "1.0.1"
doc_manifest = [
[['include README LICENSE* doc/ChangeLog',
@@ -318,7 +318,7 @@ def main(argv):
include_roots = []
for arg in argv[:]:
- if arg in ('-d', '--debug'):
+ if arg in ('--debug', ):
print("compiling with debug")
extra_compile_args += debug_compile_args
argv.remove(arg)
=====================================
src/py_ssl.c
=====================================
@@ -4718,6 +4718,13 @@ if (_AddIntConstantWithLookup(m, #constant, constant, \
ExportConstant(TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256);
#endif
+ /* TLS 1.3 cipher suites */
+#ifdef TLS_AES_128_GCM_SHA256
+ ExportConstant(TLS_AES_128_GCM_SHA256);
+ ExportConstant(TLS_AES_256_GCM_SHA384);
+ ExportConstant(TLS_CHACHA20_POLY1305_SHA256);
+#endif
+
/* Netscape "experimental" cipher suites. */
ExportConstant(SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA);
ExportConstant(SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA);
View it on GitLab: https://salsa.debian.org/freeipa-team/python-nss/-/compare/2179a2952179f7725f5ceec7e5171e578a5b9098...550f056daa080ab7934a8c8b608be370768b8315
--
View it on GitLab: https://salsa.debian.org/freeipa-team/python-nss/-/compare/2179a2952179f7725f5ceec7e5171e578a5b9098...550f056daa080ab7934a8c8b608be370768b8315
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20201203/9d86d1ad/attachment-0001.html>
More information about the Pkg-freeipa-devel
mailing list