add get_digest method to X509Req

[bwhmather]

(depends on bwhmather/cryptography@1b55947c).
Writing a simple ca and need to be able verify that a certificate request received by the server is the same as the one sent by the client. Comparing digests seems like the obvious way to do it.

[alex]

You can write this as _ffi.new("unsigned int *", len(result_buffer))

[bwhmather]

Fixed. Admittedly whole function was copied and pasted from X509.digest.
The test for X509.digest is currently failing (#150) so I haven't made the corresponding change there.
Also added bit to the documentation.

[alex]

This probably needs an entry in the docs as well

[ihamburglar]

There have been a few releases of cryptography since this PR was submitted. Perhaps we should get this retested?

[bwhmather]

pyca/cryptography#1472 has been merged so it should indeed work now. I figured I would need to wait for the release before bumping here and then forgot... Sorry

[hynek]

This needs to be rebased and a changelog entry.

[coveralls]

Coverage decreased (-2.37%) to 92.94% when pulling a5a5dad on bwhmather:X509Req.get_digest into 5992c07 on pyca:master.

[coveralls]

Coverage decreased (-2.37%) to 92.94% when pulling a5a5dad on bwhmather:X509Req.get_digest into 5992c07 on pyca:master.

[bwhmather]

Apparently default digest was changed in 0.9.8 to SHA1. This is causing the tests to fail. Will figure out what the digest should be and fix the tests.

[coveralls]

Coverage decreased (-0.02%) to 95.29% when pulling 6a9ace7 on bwhmather:X509Req.get_digest into e9ae673 on pyca:master.

[coveralls]

Coverage decreased (-0.85%) to 94.46% when pulling a66105d on bwhmather:X509Req.get_digest into e9ae673 on pyca:master.

[coveralls]

Coverage decreased (-0.84%) to 94.47% when pulling dfed66e on bwhmather:X509Req.get_digest into e9ae673 on pyca:master.

[hynek]

First of all, please accept my sincere apologies for this PR not moving along as we’d like to. I’ve tried to come up with a long-term solution to the general x509 problem domain and would also welcome your feedback to this thread:

https://mail.python.org/pipermail/cryptography-dev/2015-December/000539.html

(please note that there’s already responses: https://mail.python.org/pipermail/cryptography-dev/2015-December/thread.html https://mail.python.org/pipermail/cryptography-dev/2016-January/thread.html ).

I really hope this could be a way to loosen the guardian knot that the pyOpenSSL’s x509 layer currently presents to us maintainers and lightens the frustrations for contributors like you.

[codecov-io]

Current coverage is 87.60%

Merging #170 into master will decrease coverage by -0.13% as of 8fdae08

@@            master   #170   diff @@
=====================================
  Files            7      7       
  Stmts         2047   2057    +10
  Branches       377    380     +3
  Methods          0      0       
=====================================
+ Hit           1796   1802     +6
- Partial        121    123     +2
- Missed         130    132     +2

Review entire Coverage Diff as of 8fdae08

Powered by Codecov. Updated on successful CI builds.

[reaperhulk]

At this point this functionality can be obtained via converting to a cryptography object (to_cryptography) and computing a digest over the tbs_certrequest_bytes. Apologies for mishandling this PR 😞

[bwhmather]

Not a problem. Thank you for following up.