On Tue, 2010-02-23 at 12:04 -0500, Seth Vidal wrote:
> I agree that the above is ugly. If anyone has a better idea on how to read
> a crl from python, I'm all ears.
I use pyOpenSSL [1] with a patch [2] (that will hopefully be included in
the upcoming release of pyOpenSSL) that allows you to read/write/modify
CRL files.
While i'm looking up the url's, i notice you already posted a comment on
launchpad :) Anyway, here's a piece of code from my own app, that
reads a CRL and prints some info about the revoked certificates:
import time
crlfile='my.crl'
text = open(crlfile, 'r').read()
print "Parsing CRL file %s" % self.crlfile
try:
crl = crypto.load_crl(crypto.FILETYPE_PEM, text)
revs = crl.get_revoked()
except:
print "\nError: CRL support is not available in your version
of"
print "pyOpenSSL. Please check the README file that came
with"
print "StoneVPN to see what you can do about this. For now,
"
print "you will have to display the CRL file manually using:
\n"
print "$ openssl crl -in %s -noout -text\n" % self.crlfile
sys.exit()
if not revs is None:
print "Total certificates revoked: %s\n" % len(revs)
print "Serial\tRevoked at date"
print "======\t========================"
for revoked in revs:
revSerial = revoked.get_serial()
revDate = revoked.get_rev_date()[0:-1]
revoDate = time.strptime(revDate, "%Y%m%d%H%M%S")
print str(revSerial) + "\t" + time.strftime("%c",
revoDate)
else:
print "No revoked certificates found."
Hope it's useful to you.
refs:
1 https://launchpad.net/pyopenssl
2 https://bugs.launchpad.net/pyopenssl/+bug/404436
kind regards,
--
Léon
_______________________________________________
Func-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/func-list
