1

I tried installing M2Crypto and facing problems. I don't want to force my customers to use such libraries which are difficult to install. So, I thought I would give pyOpenSSL a try. I am able to get the public key from pem certificate but am not able to find any way to verify the signature.

IAdapter
  • 62,595
  • 73
  • 179
  • 242
Bhargava
  • 189
  • 3
  • 12
  • 1
    This is not an answer to your question, but as the m2crypto maintainer I would like to hear what exact difficulties you had with the installation. Send me email or something... – Heikki Toivonen Sep 24 '09 at 23:05
  • Hi, Thanks for asking. This is what I got. building 'M2Crypto.__m2crypto' extension swigging SWIG/_m2crypto.i to SWIG/_m2crypto_wrap.c swig -python -I/usr/local/include/python2.6 -I/usr/include -includeall -o SWIG/_m2crypto_wrap.c SWIG/_m2crypto.i /usr/include/openssl/opensslconf.h:27: Error: CPP #error ""This openssl-devel package does not work your architecture?"". Use the -cpperraswarn option to continue swig processing. error: command 'swig' failed with exit status 1 – Bhargava Oct 01 '09 at 09:21
  • Have you tried to use the fedora_setup.sh script that comes in the source tarball? – Heikki Toivonen Oct 06 '09 at 23:24

2 Answers2

0

You simply can't do this with pyOpenSSL. It is a very limited wrapper around openssl library. But I have a guess what's wrong with building M2Crypto on your host. Try running:

export SWIG_FEATURES=-I/usr/include/openssl

before trying to install M2Crypto.

abbot
  • 27,408
  • 6
  • 54
  • 57
  • Thanks Mr Abbot. I tried this, but did not help. But it did give me enough idea to fix the problem. I had to modify setup.py to add his path for swig and also setup the __i386__ definition. Thanks a bunch. – Bhargava Oct 02 '09 at 13:16
  • abbot could you have a look at my question about PKCS7 and M2Crypto please? http://stackoverflow.com/questions/15700945/how-to-get-the-signed-content-from-a-pkcs7-envelop-with-m2crypto?noredirect=1#comment23450500_15700945 – Natim May 04 '13 at 06:28
0

I believe that what you want is the code from this blog entry (it's mine):

http://www.v13.gr/blog/?p=303

As you can see you have to use DER to handle the certificate and get the appropriate parts. That took me a considerable amount of effort and days so let me know whether it worked for you too.

V13
  • 853
  • 8
  • 14