M2Crypto: X509.X509_Extension_Stack() throws AssertionError

  • Thread starter Matthias Güntert
  • Start date
M

Matthias Güntert

Hello python-list members

Why is the following code snippet throwing an AssertionError? Is that
behavior a bug within X509.X509_Extension_Stack()? How would you suggest
popping every element from the stack?

Regards,
Matthias Güntert

-------------------------------------------------
from M2Crypto import X509

if __name__ == '__main__':
cert_extension_stack = X509.X509_Extension_Stack()

cert_extension_1 = X509.new_extension("basicConstraints",
"CA:FALSE")
cert_extension_1.set_critical()

cert_extension_2 = X509.new_extension("keyUsage", "101000000")
cert_extension_2.set_critical()

cert_extension_3 = X509.new_extension("subjectAlternativeName",
"DNS:www.mydomain.tld")

print cert_extension_stack.push(cert_extension_1)
print cert_extension_stack.push(cert_extension_2)
print cert_extension_stack.push(cert_extension_3)

print cert_extension_stack.pop()
-------------------------------------------------

-------------------------------------------------
Traceback (most recent call last):
File "test.py", line 18, in <module>
print cert_extension_stack.pop()
File "/usr/lib64/python2.6/site-packages/M2Crypto/X509.py", line 159,
in pop
assert len(self.pystack) == 0
AssertionError
1
2
3
-------------------------------------------------
 
H

Heikki Toivonen

Matthias said:
Why is the following code snippet throwing an AssertionError? Is that
behavior a bug within X509.X509_Extension_Stack()? How would you suggest
popping every element from the stack?

cert_extension_2 = X509.new_extension("keyUsage", "101000000")
Click to expand...

Maybe your OpenSSL is too old. keyUsage needs to be defined in OpenSSL
obj_dat.h file for this to work.
cert_extension_3 = X509.new_extension("subjectAlternativeName",
"DNS:www.mydomain.tld")
Click to expand...

And I believe you mispelled this, try subjectAltName.

With the change in spelling for subjectAltName your test passes for me
using OpenSSL 1.0.0beta3 and M2Crypto 0.20beta with the (still
incomplete) patch to make M2Crypto work with OpenSSL 1.0:
https://bugzilla.osafoundation.org/show_bug.cgi?id=12855
 
M

Matthias Güntert

Maybe your OpenSSL is too old. keyUsage needs to be defined in OpenSSL
obj_dat.h file for this to work.
Click to expand...

I am using OpenSSL version 0.9.8k-fips which is the latest version.

I replaced:
cert_extension_2 = X509.new_extension("keyUsage", "101000000")
with:
cert_extension_2 = X509.new_extension("keyUsage", "keyCertSign,
cRLSign")

which worked for me.

Also I found an easy way to iterate through the extension stack using:

cert = X509.X509()
for e in cert_extension_stack:
cert.add_ext(e)
And I believe you mispelled this, try subjectAltName.
Click to expand...

Changing "subjectAlternativeName" to "subjectAltName" did the trick.

Thank you!
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

M2Crypto: AttributeError: 'CSR' object has no attribute 'pkey' 1
How to fix ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:2570) 0
M2Crypto running error 0
[M2Crypto] Problems uploading to IIS using FTP over SSL 1
[M2Crypto] Problems uploading to IIS using FTP over SSL 0
Thread._stop() behavior changed in Python 3.4 0
Cannot use multiprocessing and zip together on windows 0
How can I hide my stack frames in a TestCase subclass? 5

Members online

Total: 29 (members: 2, guests: 27)
Robots: 90

Forum statistics

Threads
473,780
Messages
2,569,611
Members
45,270
Latest member
TopCryptoTwitterChannels_

Latest Threads

Top