diff -r 886cd7fb12ed M2Crypto-0.21.1/M2Crypto/X509.py
--- M2Crypto-0.21.1/M2Crypto/X509.py Thu Mar 10 14:07:58 2011 -0800
+++ M2Crypto-0.21.1/M2Crypto/X509.py Fri Mar 11 09:03:37 2011 -0800
@@ -446,9 +446,9 @@
assert m2.x509_type_check(self.x509), "'x509' type error"
- def get_pubkey(self):
+ def get_pubkey(self, md="sha1"):
assert m2.x509_type_check(self.x509), "'x509' type error"
def set_pubkey(self, pkey):
"""
@@ -1067,7 +1067,8 @@
else:
self._pyfree = 1
-
+ self.revocations = None
+
def __del__(self):
if getattr(self, '_pyfree', 0):
@@ -1084,21 +1085,67 @@
return buf.read_all()
-def load_crl(file):
+ def get_last_update(self):
+ assert m2.x509_CRL_type_check(self.crl), "'x509_CRL' type error"
+
+ def get_next_update(self):
+ assert m2.x509_CRL_type_check(self.crl), "'x509_CRL' type error"
+
+ def verify(self, pkey):
+ assert m2.x509_CRL_type_check(self.crl), "'x509_CRL' type error"
+
+ def get_issuer(self):
+ assert m2.x509_CRL_type_check(self.crl), "'x509_CRL' type error"
+ return X509_Name(m2.x509_CRL_get_issuer(self.crl))
+
+ def is_revoked(self, cert):
+ if self.revocations is None:
+ self.revocations = {}
+ revo_stk_ptr = m2.x509_CRL_get_revoked(self.crl)
+ for i in range(m2.sk_x509_REVOKED_num(revo_stk_ptr)):
+ revo_ptr = m2.sk_x509_REVOKED_get(revo_stk_ptr, i)
+ revo_sn = m2.asn1_integer_get(
+ m2.x509_REVOKED_get_serial_number(revo_ptr))
+ cnt = m2.x509_REVOKED_get_ext_count(revo_ptr)
+ reason = None
+ for i in range(m2.x509_REVOKED_get_ext_count(revo_ptr)):
+ ext_ptr = m2.x509_REVOKED_get_ext(revo_ptr, i)
+ name = m2.x509_extension_get_name(ext_ptr)
+ if name == "CRLReason":
+ ext = X509_Extension(ext_ptr, _pyfree=0)
+ reason = ext.get_value()
+ self.revocations[revo_sn] = (True, reason)
+ return self.revocations.get(cert.get_serial_number(), None)
+
+
+def load_crl(file, format=FORMAT_PEM):
"""
Load CRL from file.
@type file: string
@param file: Name of file containing CRL in PEM format.
+ @type format: int, either FORMAT_PEM or FORMAT_DER
+ @param format: Describes the format of the file to be loaded, either PEM or DER.
+
@rtype: M2Crypto.X509.CRL
@return: M2Crypto.X509.CRL object.
"""
f=BIO.openfile(file)
- cptr=m2.x509_crl_read_pem(f.bio_ptr())
- f.close()
- if cptr is None:
- raise X509Error(Err.get_error())
- return CRL(cptr, 1)
-
-
+ if format == FORMAT_PEM:
+ cptr=m2.x509_crl_read_pem(f.bio_ptr())
+ f.close()
+ if cptr is None:
+ raise X509Error(Err.get_error())
+ return CRL(cptr, 1)
+ elif format == FORMAT_DER:
+ cptr=m2.d2i_x509_crl(f._ptr())
+ f.close()
+ if cptr is None:
+ raise X509Error(Err.get_error())
+ return CRL(cptr, 1)
+ else:
+ raise ValueError("Unknown format. Must be either FORMAT_DER or FORMAT_PEM")
diff -r 886cd7fb12ed M2Crypto-0.21.1/SWIG/_x509.i
--- M2Crypto-0.21.1/SWIG/_x509.i Thu Mar 10 14:07:58 2011 -0800
+++ M2Crypto-0.21.1/SWIG/_x509.i Fri Mar 11 09:03:37 2011 -0800
@@ -64,6 +64,9 @@
%rename(x509_cmp_current_time) X509_cmp_current_time;
extern int X509_cmp_current_time(ASN1_UTCTIME *);
+%rename(x509_CRL_get_issuer) X509_CRL_get_issuer;
+extern X509_NAME *X509_CRL_get_issuer(X509_CRL *);
+
/* From x509.h */
/* standard trust ids */
@@ -111,6 +114,9 @@
%rename(x509_get_verify_error) X509_verify_cert_error_string;
extern const char *X509_verify_cert_error_string(long);
+%rename(x509_CRL_verify) X509_CRL_verify;
+extern int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r);
+
%constant long X509V3_EXT_UNKNOWN_MASK = (0xfL << 16);
%constant long X509V3_EXT_DEFAULT = 0;
%constant long X509V3_EXT_ERROR_UNKNOWN = (1L << 16);
@@ -127,6 +133,13 @@
%threadallow X509V3_EXT_print;
extern int X509V3_EXT_print(BIO *, X509_EXTENSION *, unsigned long, int);
+%rename(x509_REVOKED_get_ext_count) X509_REVOKED_get_ext_count;
+extern int X509_REVOKED_get_ext_count(X509_REVOKED *);
+%rename(x509_REVOKED_get_ext) X509_REVOKED_get_ext;
+extern X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *, int);
+%rename(x509_REVOKED_get_ext_by_NID) X509_REVOKED_get_ext_by_NID;
+extern X509_EXTENSION *X509_REVOKED_get_ext_by_NID(X509_REVOKED *, int, int);
+
%rename(x509_name_new) X509_NAME_new;
extern X509_NAME *X509_NAME_new( void );
%rename(x509_name_free) X509_NAME_free;
@@ -335,6 +348,7 @@
}
%}
+
%threadallow d2i_x509;
%inline %{
X509 *d2i_x509(BIO *bio) {
@@ -342,6 +356,13 @@
}
%}
+%threadallow d2i_x509_crl;
+%inline %{
+X509_CRL *d2i_x509_crl(BIO *bio) {
+ return d2i_X509_CRL_bio(bio, NULL);
+}
+%}
+
%threadallow d2i_x509_req;
%inline %{
X509_REQ *d2i_x509_req(BIO *bio) {
@@ -415,6 +436,33 @@
return X509_get_notAfter(x);
}
+/* X509_CRL_get_lastUpdate() is a macro. */
+ASN1_UTCTIME *x509_CRL_get_last_update(X509_CRL *x) {
+ return X509_CRL_get_lastUpdate(x);
+}
+
+/* X509_CRL_get_nextUpdate() is a macro. */
+ASN1_UTCTIME *x509_CRL_get_next_update(X509_CRL *x) {
+ return X509_CRL_get_nextUpdate(x);
+}
+
+/* X509_CRL_get_REVOKED() is a macro. */
+STACK_OF(X509_REVOKED) *x509_CRL_get_revoked(X509_CRL *x) {
+ return X509_CRL_get_REVOKED(x);
+}
+
+int sk_x509_REVOKED_num(STACK_OF(X509_REVOKED) *stack) {
+ return sk_X509_REVOKED_num(stack);
+}
+
+X509_REVOKED *sk_x509_REVOKED_get(STACK_OF(X509_REVOKED) *stack, int x) {
+ return sk_X509_REVOKED_value(stack, x);
+}
+
+ASN1_INTEGER *x509_REVOKED_get_serial_number(X509_REVOKED *x) {
+ return x->serialNumber;
+}
+
int x509_sign(X509 *x, EVP_PKEY *pkey, EVP_MD *md) {
return X509_sign(x, pkey, md);
}
@@ -487,6 +535,10 @@
return 1;
}
+int x509_CRL_type_check(X509_CRL *x509_CRL) {
+ return 1;
+}
+
int x509_name_type_check(X509_NAME *name) {
return 1;
}