From: Stephen Hansen on
On 6/13/10 2:59 PM, astral wrote:
>
> which one is for windows, for Python version 2.5.4 ? And how to uninstall
> when required?
>

You can try http://www.egenix.com/products/python/pyOpenSSL/ -- its
fairly low-level OpenSSL, but its pretty comprehensive.

And you uninstall it in Add & Remove Programs.

--

Stephen Hansen
... Also: Ixokai
... Mail: me+list/python (AT) ixokai (DOT) io
... Blog: http://meh.ixokai.io/

From: Antoine Pitrou on
On Sun, 13 Jun 2010 14:13:32 -0700
geremy condra <debatem1(a)gmail.com> wrote:
> On Sun, Jun 13, 2010 at 1:29 PM, astral
> <astral(a)news.eternal-september.org> wrote:
> > I am looking for Python OpenSSL library, for Python version 2.5.4 (on
> > Windows)
> > Which does not require to install Cygwin package. Need just to decrypt file,
> > then uninstall library.
>
> Evpy[1] is designed to be a very easy-to-use interface to OpenSSL,
> although it is by design limited to doing things the right way, so it
> may not meet your needs.

How about contributing to the standard hashlib and ssl modules? Is
there anything there that goes in the way, e.g. design-wise?

Regards

Antoine.


From: geremy condra on
On Mon, Jun 14, 2010 at 10:08 AM, Antoine Pitrou <solipsis(a)pitrou.net> wrote:
> On Sun, 13 Jun 2010 14:13:32 -0700
> geremy condra <debatem1(a)gmail.com> wrote:
>> On Sun, Jun 13, 2010 at 1:29 PM, astral
>> <astral(a)news.eternal-september.org> wrote:
>> > I am looking for Python OpenSSL library, for Python version 2.5.4 (on
>> > Windows)
>> > Which does not require to install Cygwin package. Need just to decrypt file,
>> > then uninstall library.
>>
>> Evpy[1] is designed to be a very easy-to-use interface to OpenSSL,
>> although it is by design limited to doing things the right way, so it
>> may not meet your needs.
>
> How about contributing to the standard hashlib and ssl modules? Is
> there anything there that goes in the way, e.g. design-wise?
>
> Regards
>
> Antoine

Evpy currently uses ctypes for its bindings, so my understanding is
that it isn't eligible for inclusion, but a rewrite as a C extension is
under way and I'd be happy to contribute that.

The hard thing would be finding someone to champion it on the
political side, since I have little interest in fighting the interminable
political battles that go with the push for inclusion.

Geremy Condra
From: Antoine Pitrou on
Le lundi 14 juin 2010 à 13:18 -0400, geremy condra a écrit :
> >>
> >> Evpy[1] is designed to be a very easy-to-use interface to OpenSSL,
> >> although it is by design limited to doing things the right way, so it
> >> may not meet your needs.
> >
> > How about contributing to the standard hashlib and ssl modules? Is
> > there anything there that goes in the way, e.g. design-wise?
> >
> > Regards
> >
> > Antoine
>
> Evpy currently uses ctypes for its bindings, so my understanding is
> that it isn't eligible for inclusion, but a rewrite as a C extension is
> under way and I'd be happy to contribute that.

That was not my question. My question was whether there was a reason to
rewrite a separate OpenSSL-accessing library rather than contributing to
improve the "hashlib" and "ssl" modules which are already part of the
Python stdlib.

Regards

Antoine.


From: John Nagle on
On 6/13/2010 1:59 PM, Michael Crute wrote:
> On Sun, Jun 13, 2010 at 4:29 PM, astral
> <astral(a)news.eternal-september.org> wrote:
>> I am looking for Python OpenSSL library, for Python version 2.5.4 (on
>> Windows)
>> Which does not require to install Cygwin package. Need just to decrypt file,
>> then uninstall library.
>
> You might want to take a look at m2crypto[0]. While I have not
> personally run it on Windows (runs great on OS X and Linux) they do
> provide pre-compiled Windows binaries.
>
> [0] http://chandlerproject.org/bin/view/Projects/MeTooCrypto

M2Crypto for Python 2.5 works well. I've used it both on Windows
and Linux. If you have to build it, though; that's a huge pain.
It uses SWIG, and the build process seems to have problems that
require workarounds.

The new SSL module in Python 2.6 is convenient, but insecure.
It doesn't check whether the remote domain matches the
cert being presented. So it's vulnerable to man-in-the-middle
attacks, or sites with "borrowed" SSL certs. See
"http://mail.python.org/pipermail/python-list/2010-April/1242166.html".

John Nagle