Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Initial version:

 - m2ext.m2 module (m2ext._m2ext) with low-level C functions
 - m2ext.SSL module with a Context class extended with validate_certificate
  • Loading branch information...
commit a1d515402d0bec57a12df4edba9eb41fbd889039 0 parents
@abbot authored
6 .gitignore
@@ -0,0 +1,6 @@
+*~
+*.pyc
+*.pyo
+/swig/*_wrap.c
+/build
+/dist
16 m2ext/SSL.py
@@ -0,0 +1,16 @@
+from M2Crypto import SSL, X509
+import _m2ext
+
+class Context(SSL.Context):
+ def validate_certificate(self, cert):
+ """
+ Validate a certificate using this SSL Context
+ """
+ store_ctx = X509.X509_Store_Context(_m2ext.x509_store_ctx_new(), _pyfree=1)
+ _m2ext.x509_store_ctx_init(store_ctx.ctx,
+ self.get_cert_store().store,
+ cert.x509, None)
+ rc = _m2ext.x509_verify_cert(store_ctx.ctx)
+ if rc < 0:
+ raise SSL.SSLError("Empty context")
+ return rc != 0
2  m2ext/__init__.py
@@ -0,0 +1,2 @@
+import SSL
+import m2
1  m2ext/m2.py
@@ -0,0 +1 @@
+from _m2ext import *
59 setup.py
@@ -0,0 +1,59 @@
+from distutils.core import setup
+from distutils.command import build_ext
+from distutils.core import Extension
+
+import os, sys
+
+class OpensslBuilder(build_ext.build_ext):
+ """
+ Specialization of build_ext to enable swig_opts to inherit any
+ include_dirs settings made at the command line or in a setup.cfg
+ file
+ """
+
+ user_options = build_ext.build_ext.user_options + [
+ ('openssl=', 'o', 'Prefix for openssl installation location'),
+ ('swig-extra=', None, 'Extra swig options')]
+
+ def initialize_options(self):
+ build_ext.build_ext.initialize_options(self)
+ self.swig_extra = None
+ if os.name == 'nt':
+ self.libraries = ['ssleay32', 'libeay32']
+ self.openssl = 'c:\\pkg'
+ else:
+ self.libraries = ['ssl', 'crypto']
+ self.openssl = '/usr'
+
+ def finalize_options(self):
+ build_ext.build_ext.finalize_options(self)
+
+ openssl_include = os.path.join(self.openssl, 'include')
+ openssl_lib = os.path.join(self.openssl, 'lib')
+
+ self.swig_opts = ['-I%s' % i for i in self.include_dirs + [openssl_include]] + ['-includeall', '-noproxy']
+ if self.swig_extra is not None:
+ if hasattr(self.swig_extra, 'pop'):
+ self.swig_opts.extend(self.swig_extra)
+ else:
+ self.swig_opts.append(self.swig_extra)
+
+ self.include_dirs.append(openssl_include)
+ self.library_dirs.append(openssl_lib)
+
+m2ext = Extension(name="m2ext._m2ext",
+ sources=["swig/m2ext.i"],
+ extra_compile_args=["-DTHREADING"])
+
+setup(
+ name='m2ext',
+ version='0.1',
+ description='M2Crypto Extensions',
+ author='Lev Shamardin',
+ author_email='shamardin@gmail.com',
+ license='BSD',
+ url='https://github.com/abbot/m2ext',
+ ext_modules = [m2ext],
+ packages=["m2ext"],
+ cmdclass = {'build_ext': OpensslBuilder},
+)
55 swig/m2ext.i
@@ -0,0 +1,55 @@
+%module _m2ext
+
+%{
+#include <openssl/err.h>
+#include <openssl/rand.h>
+%}
+
+%include <openssl/opensslv.h>
+
+%{
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
+#include <openssl/x509v3.h>
+#include <openssl/stack.h>
+
+#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+#define STACK _STACK
+#endif
+%}
+
+%rename(x509_store_ctx_new) X509_STORE_CTX_new;
+extern X509_STORE_CTX *X509_STORE_CTX_new(void);
+
+
+%inline %{
+int x509_store_ctx_init(X509_STORE_CTX *ctx, X509_STORE *store,
+ X509 *x509, STACK *chain)
+{
+ return X509_STORE_CTX_init(ctx, store, x509, (STACK_OF(X509)*)chain);
+}
+%}
+
+%rename(x509_store_ctx_set_purpose) X509_STORE_CTX_set_purpose;
+extern int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
+
+%rename(x509_verify_cert) X509_verify_cert;
+extern int X509_verify_cert(X509_STORE_CTX *ctx);
+
+%rename(x509_extension_get_object) X509_EXTENSION_get_object;
+extern ASN1_OBJECT * X509_EXTENSION_get_object(X509_EXTENSION *ex);
+
+%inline %{
+PyObject *x509_extension_get_data(X509_EXTENSION *ex)
+{
+ ASN1_OCTET_STRING *data = X509_EXTENSION_get_data(ex);
+ return PyString_FromStringAndSize(data->data, data->length);
+}
+%}
+
+%inline %{
+long ssl_ctx_add_extra_chain_cert(SSL_CTX* ctx, X509* x509)
+{
+ return SSL_CTX_add_extra_chain_cert(ctx, x509);
+}
+%}
Please sign in to comment.
Something went wrong with that request. Please try again.