Ticket #101 (assigned task)

Opened 11 months ago

Last modified 10 months ago

Implement GnuTLS certtool python-wrapper for X509 certificates

Reported by: stephan Assigned to: stephan (accepted)
Priority: blocker Milestone: 0.2.0
Component: server Version: 0.1.7
Keywords: Cc:

Description (Last modified by stephan)

Even though using the openssl binary is perfectly sane going for certtool is a better idea.

Using this wrapper "pending groups" as noted in #59 (or a similar approach) should be possible with certificate authentication.

Change History

01/05/08 14:16:57 changed by stephan

  • status changed from new to assigned.

01/07/08 13:33:37 changed by stephan

  • description changed.

01/08/08 13:09:23 changed by stephan

First version committed to source:branches/restructuring/nwu/common/certtool.py (r418).

01/13/08 14:02:23 changed by stephan

The wrapper seems to be working properly now, but needs some to have some error checking implemented.

01/16/08 17:19:08 changed by stephan

Error handling has to be added to the wrapper and tests need to be written for it.

01/17/08 15:43:42 changed by yvesjm

  • version set to 0.1.7.

01/17/08 17:05:18 changed by yvesjm

A few bugs needing to be fixed: 

nwuserver@pressa:~/src/nwu-svn/trunk$ bin/nwu-server -l=DEBUG

nwuserver@pressa:~/src/nwu-svn/trunk$ Traceback (most recent call last):

  File "/home/yves/src/nwu-svn/trunk/bin/nwu-server", line 25, in <module>

    app.main()

  File "/home/yves/src/nwu-svn/trunk/nwu/common/app.py", line 323, in main

    self.rootCommand.execute_command(self, self.args)

  File "/home/yves/src/nwu-svn/trunk/nwu/common/app.py", line 78, in execute_command

    return self.execute(app, unhandled_args, cmdName)

  File "/home/yves/src/nwu-svn/trunk/nwu/server/app.py", line 70, in execute

    app.daemonize()

  File "/home/yves/src/nwu-svn/trunk/nwu/server/app.py", line 398, in daemonize

    stderr_old = file(ERRORLOG, 'a+')

NameError: global name 'ERRORLOG' is not defined




nwuserver@pressa:~/src/nwu-svn/trunk$ bin/nwu-server -l=DEBUG --force-init -i -f

2008-01-17 16:57:06,240 (INFO): Initializing database.

2008-01-17 16:57:06,241 (INFO): Running as user 'nwuserver'.

2008-01-17 16:57:06,286 (DEBUG): Creating necessary tables in the database.

2008-01-17 16:57:06,294 (INFO): Crypto initialization is starting.

Traceback (most recent call last):

  File "bin/nwu-server", line 25, in <module>

    app.main()

  File "/home/yves/src/nwu-svn/trunk/nwu/common/app.py", line 323, in main

    self.rootCommand.execute_command(self, self.args)

  File "/home/yves/src/nwu-svn/trunk/nwu/common/app.py", line 78, in execute_command

    return self.execute(app, unhandled_args, cmdName)

  File "/home/yves/src/nwu-svn/trunk/nwu/server/app.py", line 66, in execute

    app.initialize(self.option_is_set('force-init'))

  File "/home/yves/src/nwu-svn/trunk/nwu/server/app.py", line 325, in initialize

    self.cryptoHelper.initCrypto()

  File "/home/yves/src/nwu-svn/trunk/nwu/server/app.py", line 95, in initCrypto

    os.chmod(self.app.ca_serial, stat.S_IWUSR)

OSError: [Errno 2] No such file or directory: '/etc/nwu/ca_serial'

Fixes to be commited shortly.

01/17/08 21:22:00 changed by stephan

As of [452] source:branches/stephan/nwu/common/gnutlsext.py is becoming more usable as replacement for the certtool wrapper.

If we can natively generate keys, sign them, etc. we cannot only expect things to be a bit faster but we could also get rid of the temporary-file mess created through certtool.py.

-->