From 002f5104376406449965ab90210ce5417b2e7784 Mon Sep 17 00:00:00 2001 From: Hayden Roche Date: Mon, 2 Aug 2021 13:16:47 -0700 Subject: [PATCH] Add support for a subset of pyOpenSSL 19.0.0. Specifically, the subset needed to support the Python module ndg_httpsclient. --- pyopenssl/19.0.0/README.md | 20 ++ pyopenssl/19.0.0/ndg_httpsclient-0.5.1.patch | 246 +++++++++++++++++++ pyopenssl/19.0.0/pyopenssl-19.0.0.patch | 211 ++++++++++++++++ 3 files changed, 477 insertions(+) create mode 100644 pyopenssl/19.0.0/README.md create mode 100644 pyopenssl/19.0.0/ndg_httpsclient-0.5.1.patch create mode 100644 pyopenssl/19.0.0/pyopenssl-19.0.0.patch diff --git a/pyopenssl/19.0.0/README.md b/pyopenssl/19.0.0/README.md new file mode 100644 index 00000000..57eaea11 --- /dev/null +++ b/pyopenssl/19.0.0/README.md @@ -0,0 +1,20 @@ +# Building pyOpenSSL with wolfSSL ++ It's recommended that you do the following steps using a Python virtual environment. Create it with `python -m venv /path/to/new/virtual/environment` and activate it with `source /path/to/new/virtual/environment/bin/activate`. ++ Clone wolfssl-py with `git clone git@github.com:wolfSSL/wolfssl-py.git`. `cd wolfssl-py`. ++ Build and install wolfssl-py with `pip install .`. ++ Download pyOpenSSL 19.0.0 with `curl -O https://files.pythonhosted.org/packages/40/d0/8efd61531f338a89b4efa48fcf1972d870d2b67a7aea9dcf70783c8464dc/pyOpenSSL-19.0.0.tar.gz`. ++ Extract the code with `tar xvf pyOpenSSL-19.0.0.tar.gz`. `cd pyOpenSSL-19.0.0`. ++ Apply the pyopenssl-19.0.0.patch file with `patch -p1 < pyopenssl-19.0.0.patch` (assuming the patch file is in the pyopenssl-19.0.0 directory; adjust the path according to your situation). This patch adds wolfSSl support. ++ Install pyOpenSSL with `pip install .`. At this time, only portions of pyOpenSSL have been ported to work with wolfSSL. Specifically, we've ported the parts used by the module ndg_httpsclient. The next section covers running the ndg_httpsclient unit tests. + +# Testing ++ Download ndg_httpsclient 0.5.1 with `curl -O https://files.pythonhosted.org/packages/b9/f8/8f49278581cb848fb710a362bfc3028262a82044167684fb64ad068dbf92/ndg_httpsclient-0.5.1.tar.gz`. ++ Extract the code with `tar xvf ndg_httpsclient-0.5.1.tar.gz`. `cd ndg_httpsclient-0.5.1`. ++ Patch ndg_httpsclient to update the test certs and keys with `patch -p1 < ndg_httpsclient-0.5.1.patch` (assuming the patch file is in the ndg_httpsclient-0.5.1 directory; adjust the path according to your situation). This patch doesn't modify the core ndg_httpsclient code; it just makes the test assets usable. ++ Start the test server in the background using the provided script. First, `cd ndg/httpsclient/test/`. Then, `./scripts/openssl_https_server.sh > server.log 2>&1 &` ++ `cd ../../..` to get back to the root directory. ++ Run the tests (all should pass): + + `python -m ndg.httpsclient.test.test_https`. + + `python -m ndg.httpsclient.test.test_urllib2`. + + `python -m ndg.httpsclient.test.test_utils`. ++ Make sure to kill the server that was launched in the background when done testing. diff --git a/pyopenssl/19.0.0/ndg_httpsclient-0.5.1.patch b/pyopenssl/19.0.0/ndg_httpsclient-0.5.1.patch new file mode 100644 index 00000000..a8ec7ae4 --- /dev/null +++ b/pyopenssl/19.0.0/ndg_httpsclient-0.5.1.patch @@ -0,0 +1,246 @@ +diff --git a/ndg/httpsclient/test/pki/ca.key b/ndg/httpsclient/test/pki/ca.key +new file mode 100644 +index 0000000..4e79919 +--- /dev/null ++++ b/ndg/httpsclient/test/pki/ca.key +@@ -0,0 +1,52 @@ ++-----BEGIN PRIVATE KEY----- ++MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCgt4pztK0kuPJa ++48Fz7SmDzLlAnhVAXM5zWNduGqga6BK9X8GlOoA88Jt3mGQRPycwgeRnoSRdY2XG ++9i+uoo4qetO/DdZSMSax2geRpcCGr6/Ugds9sJBsH5EII5u7GVn1jvaWVSs4MBNv ++t1z051zgsIs9H/34WOdwHV3lvjFC3vhWiUgPR0J3l2YyrL6VRiOzItLJwi2ZZxqZ ++0wQQ8KinoBeWQCrdDd5APFoe2XIg6bKti/YRacUfkVF6+El1OdvjwV1RMPJrdP4F ++alGrMX9GHc2YjTklNuZK60I6zyZKBLKLQlM2Bo5ouVu1hUEsSQRNQc9YAFbCteCE ++gwgdrDcFlqzZr2eUoTrNBIHGOwIz+MmimAIOMsjELD9Jn8qii/J7/K+EwpijvVid ++AIi/7WkhovsYyvExBnOsmJRWWlhe0LKPH7m6IPha4oKrr9oQpR3ejpl2Y2GQbxHS ++4GaK/DECa4ygyywJkLYYbt0Eb5oWUAbQ5b6rN7PieONXBPt49o7+CBGbrIlE2juz ++f5KUSmlX+isosfj47sUmbYfBMgFncdI5us4m2OVyMzmnOEAULgzS6X2+cJydoWaH ++MHtsfuHxftFqoQK4ciGF9ZNSIQ9/6uILkL3rZ4YyokffPM9pcIoVWDJhe2mFFklj ++N/ehThsafr266Y+Xjsxwt32Wx5G4uQIDAQABAoICADoHa08xyl57BM66c4wW8qlr ++Dux857FwkP5m8ooHx/DHIJUN8Q5mnAzk102MUX1ErzK9g6nDLi0mCYaYN0k32lsO ++NExEg8DzjEQlNBxrm6NF5he1t2KD0PGpSCWHLeCVW7zlHLXVFKDaAvqQW1j1/LwI ++Io40ce/sscvyXofob0L03Pfp44HYufASU00ywDGHvLYeebttiCdeaeVmoo43Rr4X ++eMzAaHmeW0QYRnXjD2lA2En/Qh6xcQJf5uqeoW9ZL8MBe18obC9Oc7Wi2NAWNB0t ++/6D4RMziEK62WRiA2RNatNjBXugf3+WCH9HfxlNmHc6DV4kvviPZpbJS2WhVWRvx ++8fgodN3nT6Rbl+bgc1yy8BUHzoBecRELStpZFapsYnEhXzXJkmLtwxVF5gIvVwMR ++fKJKTFqpVzfD+XFP2VonbDrhgIHSEK3TtKmks7tkB/swz3ftIQiTvGq3Oca+22so ++8P4xVRsmzAoyumeJgK0pW12hg891HKQzrcITiO2XO5TM+3RszOJq7/KSi4d7ebS0 ++Cd/+g0F3VrfI32VTQv2eS6YKHyHxzZIwq1OdRDQCl8ZCMUk72MpF80rjJfZCXgII ++/Yq65ez60eW+JsF5Ua+jaSFfjAjQiFxLyUUZxY0yIybzNWsDeyy2+kqya+rvvc8c ++3LQc0pkJiROaWXr6NOcBAoIBAQDPpv+RdON4DLA5DZjs9nDlh2Q9jxHoRPIcPVUJ ++shQUILjCQxeYyeOww7g/p0BhA/3BHhJSxCKkvHbo3OD0S/G2TOmpHjifR9Lvv5vm ++pN/t5EJYJHbXUIA7XKq9wHLvg8W1cA+RjPaGGlTIoCZNTXh11p741fUxdcNtOCPH ++p+OBE1nVZFotpZllKafL6n4vRurwpt/Ip6pygCMKQ8fllkNmSX4UwXxNPBgJyO+J ++mW1Vp2EMHqVOr5mZaj0hH6iddazsBIF2cFbz8bnP06kuhDqKzXQR6T2FelycFyfl ++OH0vC1E6F/cr7YfDxcxSBrtHTnxmUk4vJc0nlT78FiLwH/dhAoIBAQDGIvw+t5ue ++gG9DIEjd5eJyI9rCOdyMy67gavbkLywzzfAmIpD23zMoPp1yyhB1oXMGjWns5AJz ++vZ+9I+aiLoxGHFumq5FnWgxq6GSOb+xgmL8SiwRSjjc850vGjkWRNpx7/hcD0T7m ++qAAHxYOowtW4FRg4xmJM3YIK/NQ3gYz0Kqn61BnXwrbJSga91fTybtXqTIPCoK7G ++cJQMIXijChl2HahtL2dn+e3VNktLmRqYcG1gGOcS0qZKgLikiZaXJobm87AHVB8J ++gnpN7GjeQekilE6zYg1v9mJ4KGtn9jlc+z5in8M9gzxh1UMtJGmo7eLiKpxjnnI4 ++MmOqfmfvB7hZAoIBACfLyY8G59FKHTvR70z6rghPOlbR5IyvKfdfibyh9FcnLkGM ++uij+CDUITXdlhmERcsBgEwLps/n+ZIucSUCIjXpyoxVWRWPBUBvCjQ5W6tOcu1pJ ++Ir2BIBJAYDideWmNx4ZOQ62RZm2s/jK0/qIyBrQOvcjSuHsSJrH34GOTOXazTrQm ++12GIKy3IHfBmsGg/Hyef06OQ/omTJSQCeXz2n1QrIY64xinHKpQ1fjLQxLN1sJOy ++C9xYqwdL5QtEFfyXYNyawHUCcqet2/6IghP4I4AWf/guyyuZl8YSagL0IImzkY2g ++qi4xB6PtdIsD30B7Ojwh6fn/NKIxaDDHzUpX1gECggEBALrBzTsce52J99Wwv54Q ++ikIF07PRMDax4jL7/50TbbmiumJnoHZh6elcI7JIDf2iYTZi4t38COepa8Cu7zwd ++XfDT1/ugqdxd/2hhhi7QBmECeM90o21hSWWpqj4Majw22obw+CaL+5sT7Xtly/St ++OR9bGsqhC5TiESpkJ2/uN7sJ39BiTb2Wdg4DLZmP62L737wJxQQVyseW46UPg5NB +++L/hspi/3tsds/SNSamHNY9MIXw73MpcLYv6CpBkc8Ii+XMFbP1raBnhl4CNfkdI ++nwQOAKSKnpnTBfu2NY73ghhHZQU3C6OWaLradog9Uy58k6eUfHZVqdmYfWL95N9k ++SnkCggEAQ9oqCgTs1H8pEVZPGGAGMjoFJT69HH+tKI3I/kLTEkJFP5zVz/jlFWqD ++E5E935r9WexLSHazZFwb6CAaeJuzuYKfZmOgCKSPmHLkop1jR1yBqvzjXPPqJo9b ++Si6igNS7ufEw1uM8ru+/wCYrUA20sVQSeECNL1B1re1Av8AtMvNCJxkclo5o6A5P ++mFygoVlpPasKJr8dzMExtcLdtHl6XbpNS55kcO/JpnevhUTVpq3URvpsf21xmFuj ++fy27gWvcokG9WLpuPyd90ShzocJyjLRXteFcjHkPtNwUJc3QGh8xlPoqs7MfSA76 ++ep2Pg4lXDl4+iO5SDobGse4Ka/Pkkw== ++-----END PRIVATE KEY----- +diff --git a/ndg/httpsclient/test/pki/ca/7e15277f.0 b/ndg/httpsclient/test/pki/ca/7e15277f.0 +index b9b6ac9..d98d4c8 100644 +--- a/ndg/httpsclient/test/pki/ca/7e15277f.0 ++++ b/ndg/httpsclient/test/pki/ca/7e15277f.0 +@@ -1,20 +1,30 @@ + -----BEGIN CERTIFICATE----- +-MIIDLjCCAhagAwIBAgIBATANBgkqhkiG9w0BAQsFADA3MRQwEgYDVQQDDAtOREcg +-VGVzdCBDQTEMMAoGA1UECgwDTkRHMREwDwYDVQQLDAhTZWN1cml0eTAeFw0xNjEy +-MTUyMTMyNDNaFw0yMTEyMTQyMTMyNDNaMDcxFDASBgNVBAMMC05ERyBUZXN0IENB +-MQwwCgYDVQQKDANOREcxETAPBgNVBAsMCFNlY3VyaXR5MIIBIjANBgkqhkiG9w0B +-AQEFAAOCAQ8AMIIBCgKCAQEAv8L7md7A3NvKIYndyjHV7f1xVH6gJ8JPrecxAiVs +-nidsYUm8saBV/dFf1jPMQ6hdjIuxLXlopLxThkHlCes/OTxLzBFLvFQQaxLExTsX +-OmgeM4q20a2JLTqkmItPIYDVTYgi0EaF+I9Z1BwWGEfYr3uTizpr48rnzpXgRwrZ +-rjRc53zLKpeqyBs7Qmg5Jlzmk/A+UWJ2ryCWLY9KFE3uPstybYpwq7YayD6upVwc +-vedhh+zpXU3E9r/cnlZ4sKSP2M1QSOTb2l5XnlOU/MLODYW70uItNqs1j1XPuHYh +-/ikO+jmjPUtL0IE47+LcaMU6BpaOCLzcjsSn/DDMYcDB7wIDAQABo0UwQzASBgNV +-HRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU9S+bGqsW +-uQzR/yHDdHoU6afNTE0wDQYJKoZIhvcNAQELBQADggEBAF2scAHd7xjgnJqAUX0b +-7f7QKjpuYHrt48tH+pFOh5j3IgdOqTgRLc/N8lEqoH4M0lKZKbBerM9FiQ4eXCwy +-3Rswn3wXPvi3HJGgvZYUt8J6KY5+syHU4iuzuSHOjznC0lLZkRz6kfZHX+paqro4 +-1CsHhCt3ew17QMWEP6UtfZfBCg+kiEfBtSsTUIth0HgdH033PWh5v+nOzGN+3o2t +-ORlzpttV+0RLlsw54l51I6rCEnfKOKtEy491JUs2whUwzp9v8tG4jev3PDVWhSSS +-6jaSNvW4v7SDH0pnw52ZWzaRtA/pV/dCQOlqJ87wDNPdoVGpwqtYF/7Zdw2ty4gU +-oSM= +------END CERTIFICATE----- ++MIIFLjCCAxagAwIBAgIBATANBgkqhkiG9w0BAQsFADA3MRQwEgYDVQQDDAtOREcg ++VGVzdCBDQTEMMAoGA1UECgwDTkRHMREwDwYDVQQLDAhTZWN1cml0eTAeFw0yMDAy ++MjcxMDM4MDhaFw0yNTAyMjUxMDM4MDhaMDcxFDASBgNVBAMMC05ERyBUZXN0IENB ++MQwwCgYDVQQKDANOREcxETAPBgNVBAsMCFNlY3VyaXR5MIICIjANBgkqhkiG9w0B ++AQEFAAOCAg8AMIICCgKCAgEAoLeKc7StJLjyWuPBc+0pg8y5QJ4VQFzOc1jXbhqo ++GugSvV/BpTqAPPCbd5hkET8nMIHkZ6EkXWNlxvYvrqKOKnrTvw3WUjEmsdoHkaXA ++hq+v1IHbPbCQbB+RCCObuxlZ9Y72llUrODATb7dc9Odc4LCLPR/9+FjncB1d5b4x ++Qt74VolID0dCd5dmMqy+lUYjsyLSycItmWcamdMEEPCop6AXlkAq3Q3eQDxaHtly ++IOmyrYv2EWnFH5FRevhJdTnb48FdUTDya3T+BWpRqzF/Rh3NmI05JTbmSutCOs8m ++SgSyi0JTNgaOaLlbtYVBLEkETUHPWABWwrXghIMIHaw3BZas2a9nlKE6zQSBxjsC ++M/jJopgCDjLIxCw/SZ/Koovye/yvhMKYo71YnQCIv+1pIaL7GMrxMQZzrJiUVlpY ++XtCyjx+5uiD4WuKCq6/aEKUd3o6ZdmNhkG8R0uBmivwxAmuMoMssCZC2GG7dBG+a ++FlAG0OW+qzez4njjVwT7ePaO/ggRm6yJRNo7s3+SlEppV/orKLH4+O7FJm2HwTIB ++Z3HSObrOJtjlcjM5pzhAFC4M0ul9vnCcnaFmhzB7bH7h8X7RaqECuHIhhfWTUiEP ++f+riC5C962eGMqJH3zzPaXCKFVgyYXtphRZJYzf3oU4bGn69uumPl47McLd9lseR ++uLkCAwEAAaNFMEMwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYw ++HQYDVR0OBBYEFIYdooV3qYYhM6aq0LTBYQWA9j1BMA0GCSqGSIb3DQEBCwUAA4IC ++AQAzqykz00ztLxbAEVc8QbfxMYVa5QYp4Ljdl7Wb4IPb4WY6fDkkJ1wRNg/KWZov ++CkTsiFvQSG5eHEVDLPUjW4WJ+eJI3uPeNjUTB+9i88pjbLqP1VBeiNdpTcOAu4w8 ++cosK1wk6K3LNHATXZArD+8mHEFAHinuqlYwkBekIPBgMgbKr/WlaowV7fkIAUpxm ++K2W7oLt3ZvWmFrsFcywLsyXmA8EC3d5svQ01YLHE7xJUcjatKSJyc+0dnMNy+ZZN ++6NTPCefHwi5ShWWmkwtmvCChzePpYP/tBqkAIHLB7js2nHLZYtJYT1CqOGHdy3bL ++DWHYU527Dj949K03/ZE8jkBqzQje5uAw9bqluydXXkAtMO8rMktIsEjZuMsyzD1b ++Z8qdeHvwHQjnA1fvMuAO2QDTb8zGc8Mcn2/Jbj9ZD61cej75GWPIDolwSmMIA7fT ++HyyD8NiOnqM1tGQZQWGTlwZidH6Z7jUASZd+J/+pVKyFmA6ecgo54/w/wTQSv/6S ++ZWGp4ZYdjdpZ/coX2kbulej+Z3m0m4WB66LbvKD8zCYymRu5ULtS59QElliDKERS ++U41awYtdgP/R/cz/SBoYxPvY/n1sOWT0mQp1+ctehDf+tDMirjOst71eq6n/85CR ++NuP+k4yntJuzOjuxZ2MI8iuGDrqi/rFx2AhXXNCkCFDArw== ++-----END CERTIFICATE----- +\ No newline at end of file +diff --git a/ndg/httpsclient/test/pki/localhost.crt b/ndg/httpsclient/test/pki/localhost.crt +index 99711dc..74a393a 100644 +--- a/ndg/httpsclient/test/pki/localhost.crt ++++ b/ndg/httpsclient/test/pki/localhost.crt +@@ -1,19 +1,30 @@ + -----BEGIN CERTIFICATE----- +-MIIDDTCCAfWgAwIBAgIBADANBgkqhkiG9w0BAQsFADA3MRQwEgYDVQQDDAtOREcg +-VGVzdCBDQTEMMAoGA1UECgwDTkRHMREwDwYDVQQLDAhTZWN1cml0eTAeFw0xNjEy +-MTYwMTA3MzJaFw0xOTEyMTYwMTA3MzJaMDUxDDAKBgNVBAoMA05ERzERMA8GA1UE +-CwwIU2VjdXJpdHkxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB +-BQADggEPADCCAQoCggEBAMOuihdNsoWgVg+DsRBc4kckQ5oiCVsx9NiRkUoCE3mu +-dQb6pCRhoD3vjMMt18Ajr9xNMtqTtP3lqQ4iId4bd3WaNc2L4a9698QOnpY+Z70T +-0pFckNvVcC+5kXHPCFsm/jIVsjJDdPQWM0fFqPGZTwQ8ssS5P9jdB2JHchHFOCWd +-IYYO0jY1BEJ1AXeK4XzfU0/00s0LnleLrbEpNB9ckQaSbLU7I9o7fDr/5+WbV8tI +-C5OG/ZZW7jlc4t4TLpzkUatBGW3c2PKJPgtWBAbtScxbtHB4mXV6iwmp3hlLT6tx +-vKD+b8TFpxGPdoOfIHX6/hjMJa+kr4Z4MDHeNfHu6eUCAwEAAaMmMCQwDAYDVR0T +-AQH/BAIwADAUBgNVHREEDTALgglsb2NhbGhvc3QwDQYJKoZIhvcNAQELBQADggEB +-AHm7NNZvti4QfopARMIcuokWHac18Ka7HBRE04WxLw9vKuYYu1m7d/0sUhk3KuBB +-ANOyzlt5y7ecEIAqxGe0m1yftD4Dgj33wB7kHvbIKUceKI563PM757RgDm6C70/p +-3OwOCcx2FsSaKLFBdtahzv1cMriN7JpEoa1qT3MnmFyaK8hEaXxbRGwDDAXRgOix +-ftOkNc5w0glQ7dl9CYq2QvsnMtG327pvyo6lBTKNjFzppZ/msOagPONuAcrtLAiU +-wTNk5Aqlj6a+Njtq/LJFdeyYsVxwuqvVnEsU+9FJFL8PYrWpG8fA1dIXaPS+06Oi +-vAMwOmVKhtgKvbaGcYa6efM= ++MIIFDTCCAvWgAwIBAgIBADANBgkqhkiG9w0BAQsFADA3MRQwEgYDVQQDDAtOREcg ++VGVzdCBDQTEMMAoGA1UECgwDTkRHMREwDwYDVQQLDAhTZWN1cml0eTAeFw0yMDAy ++MjcxMDU2NTlaFw0yMzAyMjYxMDU2NTlaMDUxDDAKBgNVBAoMA05ERzERMA8GA1UE ++CwwIU2VjdXJpdHkxEjAQBgNVBAMMCWxvY2FsaG9zdDCCAiIwDQYJKoZIhvcNAQEB ++BQADggIPADCCAgoCggIBALAc2LCkaet7eZdOPQgSRcz2e1mJQ3qwMqT1BdMn+AG/ ++9ZMInCftXmJBHpb5WKeA4hclCP+sFUfaxt2TcJ7rNsPX6rkN5JFwMAIDMzjaq8Dr ++1ZYjenTvInnb6tWIK2KP9nVdJRxSCXHIdN0pvJQdyi+3LOnTHyfHKIH9lTBLf2HY ++Y1tpGFDWL/ywHbh7krUkIfC3vSx6xZXBNgStIH4gjpP2DxKfuPmSw1Kae2vOKcRJ ++29PwB/H1TaPr0VvQTNN+cBC2oOehXpH/QRbU8Nye7uq4z/llKD5LMZAOJe7VUU5A ++zxUH7DE27824CmS1ywd5JueyednsnsTjltEayQcnvAm/OEIr6rO0aDVmZH40i/W1 +++NdiWgGxt3OrvjU71BQAlaknshv2xDx9UNsLrQ+iOpDdsYxpD84s4Za0V+qnq1J5 ++QCSD7oaQLi4SG9nPLC+wpEhMCVGCHtClfL1NVSBYVycbPp1iLQP3xCiwV9058XVP ++T2psI+PaPLeXp1ZNpEkRl+/UyAdDKqb3C6nE1tqNbTURhuL/ECFFHiH1k4mlGZfG ++n2YL90ROqKFm6YdYE357vPrdjDbow32Cqt8wJqTE3mIaxZH+vLqKRezbU8fmo+7g ++yEMePsCTWw0yXPyorioLAbFZBO5512sa09CXLGmeTaLs0215zaK81HnAgMwFWT+9 ++AgMBAAGjJjAkMAwGA1UdEwEB/wQCMAAwFAYDVR0RBA0wC4IJbG9jYWxob3N0MA0G ++CSqGSIb3DQEBCwUAA4ICAQASq7gPmWVMjm6XzmHJ2LSIJAjGEmjWSNBf1rvbEItH ++NjxzLu4VfiShgj9y53yWoNJSJGGGtoKmaNQK63x9GzTQbN60izXlW20FP32b9Idz ++6y7Ta4JSqNx1Q/OW+ABsWZZ68Ob19XLr8QY5fog3Teh7Q0jzln/rxteB7OUTJ5QC ++o5Nq7PDlg/R9buRZnHHb1tmBHbSbkXK9wjgSQMtbga2EQuewJ5KYHYUrdYsklg2u ++wqnxtL7iND1dGcG2J3QKdC2fT1i7EdU5ZFvDxo9VOPvQmrIzzHKfyfgmOD3QhOrz ++2rCcze86Vi8zlk0yk8oQNTjLndnJgSWYq0OFl7iape1ObblulILDhb80RI5N6pK2 ++WIb05Kl4Sm/bNcphi5KHtQlr7HzSNojr4qgHlo5KdQ6IW/ZOIGHgq6OjcifAIsKw ++wkojOqriFdeKAiU83bWvxVUW/F9Yfe/hHCjjRxp6xMRoGTh63jGmAWxu/WR9GpFP ++pfVsHLHg3p8tU4TusU1I5TuHZ/8B7atpFdlS5J8mc5bVB6oHYuaJVg4bbMGQIfll ++m5CTfEKfTxkLjVtUGEhmoutb60qnXECNhUYFef69hMZ5VOUj4gAC8e2JKm/8yjG+ ++K9USxsK1YTAMIKBbLqNsJmOB8mz08CxPU8R6XCvzDPr4rqnG18IcUxAlbYiH77eA ++qg== + -----END CERTIFICATE----- +diff --git a/ndg/httpsclient/test/pki/localhost.key b/ndg/httpsclient/test/pki/localhost.key +index 98a3db4..4be01f3 100644 +--- a/ndg/httpsclient/test/pki/localhost.key ++++ b/ndg/httpsclient/test/pki/localhost.key +@@ -1,27 +1,51 @@ + -----BEGIN RSA PRIVATE KEY----- +-MIIEpAIBAAKCAQEAw66KF02yhaBWD4OxEFziRyRDmiIJWzH02JGRSgITea51Bvqk +-JGGgPe+Mwy3XwCOv3E0y2pO0/eWpDiIh3ht3dZo1zYvhr3r3xA6elj5nvRPSkVyQ +-29VwL7mRcc8IWyb+MhWyMkN09BYzR8Wo8ZlPBDyyxLk/2N0HYkdyEcU4JZ0hhg7S +-NjUEQnUBd4rhfN9TT/TSzQueV4utsSk0H1yRBpJstTsj2jt8Ov/n5ZtXy0gLk4b9 +-llbuOVzi3hMunORRq0EZbdzY8ok+C1YEBu1JzFu0cHiZdXqLCaneGUtPq3G8oP5v +-xMWnEY92g58gdfr+GMwlr6SvhngwMd418e7p5QIDAQABAoIBAGgyO2PXQpU24DyY +-oiMVYoQBQmIDd7nwqvDa6mNfIaGsjLIvqlGZDmuMcAbKFVVBa3ZCQS70ce60aMWW +-1TPgqkab28RclMsNDnt+UWGtTy32LSyr/pKgX4F6LYFNfaST6c0fkmiDVPZYD+xK +-ywAC43ldHM/12JKQd0sUwh/GRXR4/Y9anWR4uLcfWCRU/7JVefdUe1VWeeelCMB4 +-wCcv9aQeFKnKeRopg5sryMo0thXSJCrO7UTSBmyasgNlMjUFpIIlPZQrWKXBtN48 +-NT7yGZ4j4RpSS8jhIxZASmyj1eyn2bZEk5SFcFM0wN78lOIOyGBB50QJBSEuKvHT +-suFBzI0CgYEA53PCyAxHcA4wfuZJgF24VTVUpyZEjjTBRtLrZxUrIagVph5iS9f8 +-X8henBabaNBB/xsb17qPesCpqGJJEj2XpSKjTQdzmjCUZV8oZSLW87esXwm0Jfb6 +-dmDqShwlph5l31ZG27I2uTMV8HE8PAOta5rBEFsEwEZDmwtsIvwu6NsCgYEA2G+Q +-ZbFelFC6+aGKPTPrPVzX45IMPRE23f3euTJdEA+T06BD60LC0jQlxmQghlDUZkxs +-s9ihPnj2nHuaxJyR4G+/56oba5Jds2ZAiU7FNGZpBHh5J6tUligRJ8cjdRiKJheb +-H6imcRiD++6P2PnQUPuSnfnxo+yxDotUxtfflD8CgYA3brIn10kEvWFAA0d3Rvru +-7Wbo4XFp3ZisrbdTaO57kRYeQwinwYLgLcz69S8jWz1zK7rvX+8dJyd6/I8jnzzC +-gBk8SZyWQSxJWxEBp+ZzWHogCOLsdMpnr65tMXCS6JTdeHxgAb65fFK002nptbfD +-Hb0/fY0Vv75RU9sCRgO2IQKBgQC+MALuKZdXsz0qIRZtw5LCQDSBiBPzEY5qMiym +-BqiadWXMP/eO4wJ5XlOXauLdxGdwYVXgD8tZL0hdp4wPmxng47H5q5QeyeZGv+KU +-BcDq09cSk567CiXxMNIqZyY0PlUfNf0dK8DeftFz72U+H/87OmXTJhB9oH7RrgPY +-G1gfVwKBgQDiCfLBoEfwOpif1XAglNdIv6J1M3rwS85txHlY8H91iiBaoKosLzdj +-ZTeqOn6ofsWj1NaR8OudZApZZT1gHjmDUnpzrQZvHn1gelsVwoZfXs1ZWX+J4giD +-Rt3aZFRc4uPVgVNLHf4kADWao5bwvbxWfx74J2LQ4QJ4rxFumeg8HA== ++MIIJJwIBAAKCAgEAsBzYsKRp63t5l049CBJFzPZ7WYlDerAypPUF0yf4Ab/1kwic ++J+1eYkEelvlYp4DiFyUI/6wVR9rG3ZNwnus2w9fquQ3kkXAwAgMzONqrwOvVliN6 ++dO8iedvq1YgrYo/2dV0lHFIJcch03Sm8lB3KL7cs6dMfJ8cogf2VMEt/YdhjW2kY ++UNYv/LAduHuStSQh8Le9LHrFlcE2BK0gfiCOk/YPEp+4+ZLDUpp7a84pxEnb0/AH ++8fVNo+vRW9BM035wELag56Fekf9BFtTw3J7u6rjP+WUoPksxkA4l7tVRTkDPFQfs ++MTbvzbgKZLXLB3km57J52eyexOOW0RrJBye8Cb84Qivqs7RoNWZkfjSL9bX412Ja ++AbG3c6u+NTvUFACVqSeyG/bEPH1Q2wutD6I6kN2xjGkPzizhlrRX6qerUnlAJIPu ++hpAuLhIb2c8sL7CkSEwJUYIe0KV8vU1VIFhXJxs+nWItA/fEKLBX3TnxdU9Pamwj ++49o8t5enVk2kSRGX79TIB0MqpvcLqcTW2o1tNRGG4v8QIUUeIfWTiaUZl8afZgv3 ++RE6ooWbph1gTfnu8+t2MNujDfYKq3zAmpMTeYhrFkf68uopF7NtTx+aj7uDIQx4+ ++wJNbDTJc/KiuKgsBsVkE7nnXaxrT0JcsaZ5NouzTbXnNorzUecCAzAVZP70CAwEA ++AQKCAgA7nFgAWnZ7vZyniVUBMWYs/VU9Nkf/9DoAOeuR0JqSxQ3ziduJbEAhU9dt ++1NKcR/S/Tsrf97hwTO45O9nIAOfVnHUX1EsEq4ukcr7YxLOUJn9yRWoCwJrT0ouH ++YYMF5qLOkQuprV8DA44C+kiZfgfc5MywDMUj6racYWApK7TfQqZG36jaW9V8W4SD ++2FgNNkDCwP6oWpocmXyWUp+H8a8xB/2MGUI8P+AbSqzyDaN3jGR7NWkLDjQMgxqn ++UDdg8xAtqBOIs8dV9adregJZOva1vn6u9P2NMFiDYTaXw960dR1jCf55nhXHdT8X ++Xa1uRyTTEkdKa1xGWp7HAqD+6gUsWw+fuavVMmMcgBm4tYSvFActBPZrpIuh6H1e ++8g/ow+mnn1E/sfeu5vbvYCaq5mhchC7T9snI0FDH+eDqa9xBIqBA/f11IFE/kryA ++zw2ZdieB5EtW9E8yMOdfVhTAj5y3nuBPcQPwlWVpoYY7PVX407qth3SpT7x8Xgan ++lZFFraKvQ2MSI3iOrzHCinlsvc8SsmWJifDHAFxFmqead+Yi+M/BH0F8zkFikvmp ++swWGE5znZX7EBiSVBwx7H6IFH+3HhAPVnADW4WIyykdoEydNczX0STuoj7XJdKiS ++BPgse3aYfvy7bDpwUhdKbjT97Uvsm3Zj3HkEl8X1TMK2MtqUYQKCAQEA6PpoGQke ++p2LRLsVdOekYG2M4uJDNtqEQ5qaZxrYEMupFPlcZv7JbIyqmE98hgKAaf+mE2fJq ++Qn5puydgaLfsHjmcn3UUDTEvLnAx9Qrp79md5VFwOcAtTNA/eKhJSYujAMedJlFC ++RcnHuxK3qWy0VODDx2qwqC+9GBUtH/fREQ8SXeJXfnGVwaR8vsWgtti3JefvcP21 ++pHKmA8EpAK7tEuJuKBbqabbNXfsBswpfKnlG4DwcEbIWyOZ6GjSJKQuVvDQ6dGcI ++YW6wC0jiqvMr8g5KbpfXP9uWhOTMg5epQqn9ALEetpnRZ3pIzLauW/pKKhcm48wG ++mnADLBsYLvyuFQKCAQEAwYPtbG2RhFhMfOJjZxOVx6h/0HDsfRYmV9YZXpSs9lJE ++9em0hdoA2ZF+aO8kjgWpZzG/yEnn9ZYTrks6vD+Q+bxXmtGOgt5YgB9XcaOFzhMy ++QbqN9ChqZ7FezhWnYVz05GA9WQ0YqNmC7wRN22DlYUkkSx8vViDTpcTxZrgq+KAS ++7h3tpENsQ9W8VEzCnKk8UcvvvbrjLDZ9AdZhbsgWa6YMxzEHduS7XnRk4pzKsLoD ++zE+Flu5f0TYZoivNCt2v8qZToUt+3x63clgSxssxh40HCkpq8X46EvGSySTADRN9 ++ZQTnxF+IxrsBg08DEkvYujUHyOx9gjSsdwPu1jPdCQKCAQAi9YAtUYsB/vf4lrD4 ++gZuWcHsQZtoXb2/DzHgCs0lKApFFW3iHpVG7oyisjqzOSjfvvbCrq456T9G5vZzf ++2clad7aizsSlfh3gUAGPDYYw8WyZ/nBimg2yGwWLK2Vj3col0c4o88SICFEqJxLc ++H22n1tpJ0B6V/iPXu0W8KEl8z9AnulD6rjyUhAQb9De7eCVzUKxDPi7FcFas9Y0b ++hyQX01ZIObgPCNkkIwgMP6AsFWqnNx3XIev9VWg5Cm0SdaSQSx4CXXuKczuDVfp9 ++QGP1vGM62Rn5gQ/C/Toa/OTvFeba9bjwGYCskFLgNQFQ1+vNCRBS2kibX/d55M7q ++LgxJAoIBACq29jdS0CYIX4nJZuuftRYHKX9XDbxmoTwONDdeVfdhHXuyhHhvMHTV ++2rNK5iS7NzNiFdUeCyd4Ywu761EWLugRHL09uFlGvv447NJWp/he4F8F0MOuEB6n ++VifjO7kQDbZDUAdSDrlmmbIsnwrnjno07N/wGEDIqi8TE736tPGAU+1fic8SWtl2 ++WkW5U9PEv13GyDp3ACIIPPuk2IjdfaVxV6y4M8+YmYs14fbraQotZR06CGDSaTAC ++4xGa3X2ihW3oLNmTkoOpghCpRCvBOkOTa5Rn7Mc1d5gq3p2rkQDR5oHf3VDJTaWg ++LatQS3tEZqhjgD5nhSSyf8cdhSCe/hECggEAW8H26QCB+oDaQjevURUbkT4a5tE3 ++sX9bGXlpAK+JE/hMJqxspNmXeTKm/GsMKT/JGaOIqstIYNsILjAihGbZj9OalOnX ++re4rVYq5Cs7mDXVP7vLSeyX8Z6Y8qiWiwtx3UMwMXYs6+2qPbHFPr5Ult53rswaE ++lIbGdYbPouEGPXxs4J0Xy4h+CQtCi5UVuR16gq2gPmqhMwLz19gXRPh3V+5hH32B ++cgnqMKgAKxoJNpuPBL/v1OJ9YTFwFUokUMk3IzgTsblOXtxtpAlomv1lX6Y5JQxX ++aBw0t8HRxMF+fdqq5xHEcgvp+CWqBNuPXdVPAH25nibsPuTgnPIb27PTew== + -----END RSA PRIVATE KEY----- diff --git a/pyopenssl/19.0.0/pyopenssl-19.0.0.patch b/pyopenssl/19.0.0/pyopenssl-19.0.0.patch new file mode 100644 index 00000000..7da0e5f8 --- /dev/null +++ b/pyopenssl/19.0.0/pyopenssl-19.0.0.patch @@ -0,0 +1,211 @@ +diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py +index 0687fc3..78e9c58 100644 +--- a/src/OpenSSL/SSL.py ++++ b/src/OpenSSL/SSL.py +@@ -22,6 +22,8 @@ from OpenSSL._util import ( + path_string as _path_string, + text_to_bytes_and_warn as _text_to_bytes_and_warn, + no_zero_allocator as _no_zero_allocator, ++ wolfssl as _wolfssl, ++ wolfssl_debug as _wolfssl_debug + ) + + from OpenSSL.crypto import ( +@@ -120,10 +122,12 @@ except NameError: + + OPENSSL_VERSION_NUMBER = _lib.OPENSSL_VERSION_NUMBER + SSLEAY_VERSION = _lib.SSLEAY_VERSION +-SSLEAY_CFLAGS = _lib.SSLEAY_CFLAGS +-SSLEAY_PLATFORM = _lib.SSLEAY_PLATFORM +-SSLEAY_DIR = _lib.SSLEAY_DIR +-SSLEAY_BUILT_ON = _lib.SSLEAY_BUILT_ON ++ ++if not _wolfssl: ++ SSLEAY_CFLAGS = _lib.SSLEAY_CFLAGS ++ SSLEAY_PLATFORM = _lib.SSLEAY_PLATFORM ++ SSLEAY_DIR = _lib.SSLEAY_DIR ++ SSLEAY_BUILT_ON = _lib.SSLEAY_BUILT_ON + + SENT_SHUTDOWN = _lib.SSL_SENT_SHUTDOWN + RECEIVED_SHUTDOWN = _lib.SSL_RECEIVED_SHUTDOWN +@@ -191,7 +195,7 @@ SESS_CACHE_NO_INTERNAL = _lib.SSL_SESS_CACHE_NO_INTERNAL + SSL_ST_CONNECT = _lib.SSL_ST_CONNECT + SSL_ST_ACCEPT = _lib.SSL_ST_ACCEPT + SSL_ST_MASK = _lib.SSL_ST_MASK +-if _lib.Cryptography_HAS_SSL_ST: ++if not _wolfssl and _lib.Cryptography_HAS_SSL_ST: + SSL_ST_INIT = _lib.SSL_ST_INIT + SSL_ST_BEFORE = _lib.SSL_ST_BEFORE + SSL_ST_OK = _lib.SSL_ST_OK +@@ -306,8 +310,22 @@ class _VerifyHelper(_CallbackExceptionHelper): + @wraps(callback) + def wrapper(ok, store_ctx): + x509 = _lib.X509_STORE_CTX_get_current_cert(store_ctx) +- _lib.X509_up_ref(x509) +- cert = X509._from_raw_x509_ptr(x509) ++ if _wolfssl: ++ # _from_raw_x509_ptr has code to call X509_free on the X509 ++ # object when it's time to do garbage collection. With wolfSSL, ++ # when that X509_free call happens, it's possible that the X509 ++ # object has already been freed by FreeX509 (an internal ++ # function). That function doesn't care what the reference count ++ # is and does the free unconditionally. This causes problems ++ # when the garbage collector comes along and tries to free the ++ # already freed X509. The solution for the wolfSSL case is to ++ # duplicate the object rather than fiddling with the ref count. ++ x509_copy = _lib.X509_dup(x509) ++ cert = X509._from_raw_x509_ptr(x509_copy) ++ else: ++ _lib.X509_up_ref(x509) ++ cert = X509._from_raw_x509_ptr(x509) ++ + error_number = _lib.X509_STORE_CTX_get_error(store_ctx) + error_depth = _lib.X509_STORE_CTX_get_error_depth(store_ctx) + +@@ -650,18 +668,21 @@ def _make_requires(flag, error): + return _requires_decorator + + ++npn_criteria = True if _wolfssl else _lib.Cryptography_HAS_NEXTPROTONEG + _requires_npn = _make_requires( +- _lib.Cryptography_HAS_NEXTPROTONEG, "NPN not available" ++ npn_criteria, "NPN not available" + ) + + ++alpn_criteria = True if _wolfssl else _lib.Cryptography_HAS_ALPN + _requires_alpn = _make_requires( +- _lib.Cryptography_HAS_ALPN, "ALPN not available" ++ alpn_criteria, "ALPN not available" + ) + + ++sni_criteria = True if _wolfssl else _lib.Cryptography_HAS_TLSEXT_HOSTNAME + _requires_sni = _make_requires( +- _lib.Cryptography_HAS_TLSEXT_HOSTNAME, "SNI not available" ++ sni_criteria, "SNI not available" + ) + + +@@ -1622,7 +1643,7 @@ class Connection(object): + raise WantReadError() + elif error == _lib.SSL_ERROR_WANT_WRITE: + raise WantWriteError() +- elif error == _lib.SSL_ERROR_ZERO_RETURN: ++ elif error == _lib.SSL_ERROR_ZERO_RETURN or (_wolfssl and error == _lib.SOCKET_PEER_CLOSED_E): + raise ZeroReturnError() + elif error == _lib.SSL_ERROR_WANT_X509_LOOKUP: + # TODO: This is untested. +diff --git a/src/OpenSSL/_util.py b/src/OpenSSL/_util.py +index cf8b888..b76f7a5 100644 +--- a/src/OpenSSL/_util.py ++++ b/src/OpenSSL/_util.py +@@ -3,13 +3,20 @@ import warnings + + from six import PY3, binary_type, text_type + +-from cryptography.hazmat.bindings.openssl.binding import Binding ++wolfssl = True ++wolfssl_debug = False + ++if wolfssl: ++ from wolfssl._ffi import ffi, lib ++ if wolfssl_debug: ++ lib.wolfSSL_Debugging_ON() ++else: ++ from cryptography.hazmat.bindings.openssl.binding import Binding + +-binding = Binding() +-binding.init_static_locks() +-ffi = binding.ffi +-lib = binding.lib ++ binding = Binding() ++ binding.init_static_locks() ++ ffi = binding.ffi ++ lib = binding.lib + + + # This is a special CFFI allocator that does not bother to zero its memory +diff --git a/src/OpenSSL/crypto.py b/src/OpenSSL/crypto.py +index 12e92df..e1043a6 100644 +--- a/src/OpenSSL/crypto.py ++++ b/src/OpenSSL/crypto.py +@@ -22,6 +22,7 @@ from OpenSSL._util import ( + UNSPECIFIED as _UNSPECIFIED, + text_to_bytes_and_warn as _text_to_bytes_and_warn, + make_assert as _make_assert, ++ wolfssl as _wolfssl + ) + + __all__ = [ +@@ -181,9 +182,15 @@ def _get_asn1_time(timestamp): + ): + return _ffi.string(_lib.ASN1_STRING_data(string_timestamp)) + else: +- generalized_timestamp = _ffi.new("ASN1_GENERALIZEDTIME**") +- _lib.ASN1_TIME_to_generalizedtime(timestamp, generalized_timestamp) +- if generalized_timestamp[0] == _ffi.NULL: ++ if not _wolfssl: ++ generalized_timestamp = _ffi.new("ASN1_GENERALIZEDTIME**") ++ _lib.ASN1_TIME_to_generalizedtime(timestamp, generalized_timestamp) ++ null_error = generalized_timestamp[0] == _ffi.NULL ++ else: ++ generalized_timestamp = _lib.ASN1_TIME_to_generalizedtime(timestamp, _ffi.NULL) ++ null_error = generalized_timestamp == _ffi.NULL ++ ++ if null_error: + # This may happen: + # - if timestamp was not an ASN1_TIME + # - if allocating memory for the ASN1_GENERALIZEDTIME failed +@@ -195,11 +202,19 @@ def _get_asn1_time(timestamp): + # deterministically. + _untested_error("ASN1_TIME_to_generalizedtime") + else: +- string_timestamp = _ffi.cast( +- "ASN1_STRING*", generalized_timestamp[0]) +- string_data = _lib.ASN1_STRING_data(string_timestamp) +- string_result = _ffi.string(string_data) +- _lib.ASN1_GENERALIZEDTIME_free(generalized_timestamp[0]) ++ if not _wolfssl: ++ string_timestamp = _ffi.cast("ASN1_STRING*", ++ generalized_timestamp[0]) ++ string_data = _lib.ASN1_STRING_data(string_timestamp) ++ string_result = _ffi.string(string_data) ++ _lib.ASN1_GENERALIZEDTIME_free(generalized_timestamp[0]) ++ else: ++ string_timestamp = _ffi.cast( ++ "WOLFSSL_ASN1_TIME*", generalized_timestamp) ++ string_data = _lib.wolfSSL_ASN1_TIME_get_data(string_timestamp) ++ string_result = _ffi.string(string_data) ++ _lib.ASN1_TIME_free(generalized_timestamp) ++ + return string_result + + +@@ -1562,15 +1577,17 @@ class X509StoreFlags(object): + """ + CRL_CHECK = _lib.X509_V_FLAG_CRL_CHECK + CRL_CHECK_ALL = _lib.X509_V_FLAG_CRL_CHECK_ALL +- IGNORE_CRITICAL = _lib.X509_V_FLAG_IGNORE_CRITICAL +- X509_STRICT = _lib.X509_V_FLAG_X509_STRICT +- ALLOW_PROXY_CERTS = _lib.X509_V_FLAG_ALLOW_PROXY_CERTS +- POLICY_CHECK = _lib.X509_V_FLAG_POLICY_CHECK +- EXPLICIT_POLICY = _lib.X509_V_FLAG_EXPLICIT_POLICY +- INHIBIT_MAP = _lib.X509_V_FLAG_INHIBIT_MAP +- NOTIFY_POLICY = _lib.X509_V_FLAG_NOTIFY_POLICY +- CHECK_SS_SIGNATURE = _lib.X509_V_FLAG_CHECK_SS_SIGNATURE +- CB_ISSUER_CHECK = _lib.X509_V_FLAG_CB_ISSUER_CHECK ++ ++ if not _wolfssl: ++ ALLOW_PROXY_CERTS = _lib.X509_V_FLAG_ALLOW_PROXY_CERTS ++ CB_ISSUER_CHECK = _lib.X509_V_FLAG_CB_ISSUER_CHECK ++ CHECK_SS_SIGNATURE = _lib.X509_V_FLAG_CHECK_SS_SIGNATURE ++ EXPLICIT_POLICY = _lib.X509_V_FLAG_EXPLICIT_POLICY ++ IGNORE_CRITICAL = _lib.X509_V_FLAG_IGNORE_CRITICAL ++ INHIBIT_MAP = _lib.X509_V_FLAG_INHIBIT_MAP ++ NOTIFY_POLICY = _lib.X509_V_FLAG_NOTIFY_POLICY ++ X509_STRICT = _lib.X509_V_FLAG_X509_STRICT ++ POLICY_CHECK = _lib.X509_V_FLAG_POLICY_CHECK + + + class X509Store(object):