[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[minion-cvs] Made TODO reflect open spec issues; updates to reflect ...



Update of /home/minion/cvsroot/src/minion/src
In directory moria.seul.org:/tmp/cvs-serv12628/src

Modified Files:
	crypt.c 
Added Files:
	README 
Log Message:
Made TODO reflect open spec issues; updates to reflect spec; more testing.


TODO file: remove completed items; add a list of what's still
blocking; push advanced SSL stuff off till release "0.2".

src/README, lib/mixminion/README: describe the purpose of each file.

Common.py, HashLog.py, Queue.py: refactor logging a bit

MMTPClient.py: Check hash of server's key.  Change from LF to CRLF.

MMTPServer.py: 
	- Remember when each connection last saw action.  
	- Check hash of server's key.
	- Change from LF to CRLF.

test.py:
	- Add tests for PEM-encoded RSA keys.
	- Made all the tests absolutely clean up /tmp after themselves.
	- Added support for automatic generation of private keys and DH
	  parameters for server testing.  The tests for MMTP can now run
	  on a machine other than my own.
	- Test keyid checking
	- Suppress log messages during testing.



--- NEW FILE: README ---
DIRECTORY: src/

C Source files for Mixminion's cryptography and TLS extension.  Right
now, all of these depend on OpenSSL 0.9.7.  Once NSS supports
server-side DHE, I'd like to do a clean port.

If you're not familiar with writing Python extensions, you should read
"Extending and Embedding the Python Interpreter" at
"http://www.python.org/doc/current/ext/ext.html";.  Please be aware
that we're trying to keep backward compatibility to Python 2.0,
however, so compare "http://www.python.org/doc/2.0/ext/ext.html"; as well.

main.c: functions to initialize the _minionlib Python extension.

tls.c: wrapper functions to expose a minimal subset of TLS to Python.

crypt.c: wrapper functions to expose cryptographic primitives to Python.

_minionlib.h: Header file.


Index: crypt.c
===================================================================
RCS file: /home/minion/cvsroot/src/minion/src/crypt.c,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -d -r1.7 -r1.8
--- crypt.c	5 Jul 2002 23:34:33 -0000	1.7
+++ crypt.c	9 Jul 2002 04:07:14 -0000	1.8
@@ -483,21 +483,18 @@
 		rsa = NULL;
 
 		if (password) {
-			printf("Got here 1\n");
 			if (!PEM_write_PKCS8PrivateKey(file, pkey,
 						       EVP_des_ede3_cbc(),
 						       NULL, 0,
 						       NULL, password))
 				goto error;
 		} else {
-			printf("Got here 2\n");
 			if (!PEM_write_PKCS8PrivateKey(file, pkey,
 						       NULL, 
 						       NULL, 0,
 						       NULL, NULL))
 				goto error;
 		}
-		printf("got here 3\n");
 	}
 	Py_INCREF(Py_None);
 	return Py_None;
@@ -830,7 +827,10 @@
 
 const char mm_generate_dh_parameters__doc__[] = 
    "generate_dh_parameters(filename, [bits, [verbose]])\n\n"
-   "XXXX";
+   "Generate a DH parameter file named <filename>. The parameters will be of\n"
+   "size <bits>, which defaults to 512.  If <verbose>, a pattern of dots\n"
+   "will appear on the screen to let you know that the program is still\n"
+   "thinking.";
 
 PyObject *
 mm_generate_dh_parameters(PyObject *self, PyObject *args, PyObject *kwargs)
@@ -872,7 +872,11 @@
 
 const char mm_generate_cert__doc__[] = 
    "generate_cert(filename, rsa, days, cn)\n\n"
-   "XXXX";
+   "Generate a self-signed X509 certificate suitable for use by a Mixminion\n"
+   "server.  The certificate will be stored to <filename>, and use the\n"
+   "=private= key <rsa>.  It will be valid for the next <days> days.  The\n"
+   "certificate\'s commonName field will be set to <cn>.  All other fields\n"
+   "will be given reasonable defaults.\n";
 
 PyObject *
 mm_generate_cert(PyObject *self, PyObject *args, PyObject *kwargs)
@@ -925,7 +929,6 @@
 		goto error;
 	if (!X509_gmtime_adj(X509_get_notBefore(x509),0)) 
 		goto error;
-	/* XXXX */
 	if (!X509_gmtime_adj(X509_get_notAfter(x509), 60L*60L*24L*days)) 
 		goto error;
 	if (!(X509_set_pubkey(x509, pkey)))
@@ -943,7 +946,6 @@
 	goto done;
 
 error:
-	P(error);
 	retval = NULL;
 	mm_SSL_ERR(1);
  done: