SOURCES: pyOpenSSL-0.8-pkcs12.patch (NEW), pyOpenSSL-0.8-crl.patch (NEW), p...

Mon Mar 30 10:52:33 CEST 2009

Author: duddits                      Date: Mon Mar 30 08:52:33 2009 GMT
Module: SOURCES                       Tag: HEAD
---- Log message:
- new patches for pyOpenSSL 0.8
- added with Arnaud Desmon's consent <arnaud dot desmons at free dot
fr>

---- Files affected:
SOURCES:
   pyOpenSSL-0.8-pkcs12.patch (NONE -> 1.1)  (NEW), pyOpenSSL-0.8-crl.patch (NONE -> 1.1)  (NEW), pyOpenSSL-0.8-pkcs12_cafile.patch (NONE -> 1.1)  (NEW)

---- Diffs:

================================================================
Index: SOURCES/pyOpenSSL-0.8-pkcs12.patch
diff -u /dev/null SOURCES/pyOpenSSL-0.8-pkcs12.patch:1.1

--- /dev/null	Mon Mar 30 10:52:33 2009
+++ SOURCES/pyOpenSSL-0.8-pkcs12.patch	Mon Mar 30 10:52:26 2009
@@ -0,0 +1,171 @@
+diff -ruN ../pyOpenSSL-0.8/src/crypto/crypto.c ./src/crypto/crypto.c
+--- ../pyOpenSSL-0.8/src/crypto/crypto.c	2008-09-22 02:36:55.000000000 +0200
++++ ./src/crypto/crypto.c	2009-03-29 19:39:23.000000000 +0200
+@@ -425,6 +425,42 @@
+     return buffer;
+ }
+ 
++static char crypto_dump_pkcs12_doc[] = "";
++
++static PyObject *
++crypto_dump_pkcs12(PyObject *spam, PyObject *args)
++{
++    int type, ret, buf_len;
++    char *temp;
++    BIO *bio;
++    PyObject *buffer;
++    crypto_PKCS12Obj *p12;
++    PKCS12 *p12_data;
++    crypto_PKeyObj *key;
++    crypto_X509Obj *cert;
++    char *pass;
++
++    if (!PyArg_ParseTuple(args, "O!s:dump_pkcs12",
++			  &crypto_PKCS12_Type, &p12, &pass))
++        return NULL;
++    key = (crypto_PKeyObj *)p12->key;
++    cert = (crypto_X509Obj *)p12->cert;
++    p12_data = PKCS12_create(pass, 0, key->pkey, cert->x509, 0, 0, 0, 0, 0, 0);
++    bio = BIO_new(BIO_s_mem());
++    ret = i2d_PKCS12_bio(bio, p12_data);
++    if (ret == 0)
++	    {
++		    BIO_free(bio);
++		    exception_from_error_queue();
++		    return NULL;
++	    }
++    buf_len = BIO_get_mem_data(bio, &temp);
++    buffer = PyString_FromStringAndSize(temp, buf_len);
++    PKCS12_free(p12_data);
++    BIO_free(bio);
++    return buffer;
++}
++
+ static char crypto_load_pkcs7_data_doc[] = "\n\
+ Load pkcs7 data from a buffer\n\
+ \n\
+@@ -532,6 +568,22 @@
+     return (PyObject *)crypto_X509_New(X509_new(), 1);
+ }
+ 
++static char crypto_PKCS12_doc[] = "";
++
++static PyObject *
++crypto_PKCS12(PyObject *spam, PyObject *args)
++{
++	crypto_PKCS12Obj *self;
++	
++	if (!PyArg_ParseTuple(args, ":PKCS12"))
++		return NULL;
++
++	if (!(self = PyObject_GC_New(crypto_PKCS12Obj, &crypto_PKCS12_Type)))
++		return NULL;
++
++	return (PyObject *)self;
++}
++
+ static char crypto_X509Name_doc[] = "\n\
+ The factory function inserted in the module dictionary as a copy\n\
+ constructor for X509Name objects.\n\
+@@ -683,8 +735,10 @@
+     { "dump_certificate_request", (PyCFunction)crypto_dump_certificate_request, METH_VARARGS, crypto_dump_certificate_request_doc },
+     { "load_pkcs7_data", (PyCFunction)crypto_load_pkcs7_data, METH_VARARGS, crypto_load_pkcs7_data_doc },
+     { "load_pkcs12", (PyCFunction)crypto_load_pkcs12, METH_VARARGS, crypto_load_pkcs12_doc },
++    { "dump_pkcs12", (PyCFunction)crypto_dump_pkcs12, METH_VARARGS, crypto_dump_pkcs12_doc },
+     /* Factory functions */
+     { "X509",    (PyCFunction)crypto_X509,    METH_VARARGS, crypto_X509_doc },
++    { "PKCS12",    (PyCFunction)crypto_PKCS12,    METH_VARARGS, crypto_PKCS12_doc },
+     { "X509Name",(PyCFunction)crypto_X509Name,METH_VARARGS, crypto_X509Name_doc },
+     { "X509Req", (PyCFunction)crypto_X509Req, METH_VARARGS, crypto_X509Req_doc },
+     { "PKey",    (PyCFunction)crypto_PKey,    METH_VARARGS, crypto_PKey_doc },
+@@ -782,6 +836,7 @@
+ 
+     /* Initialize the C API pointer array */
+     crypto_API[crypto_X509_New_NUM]      = (void *)crypto_X509_New;
++    crypto_API[crypto_PKCS12_New_NUM]      = (void *)crypto_PKCS12_New;
+     crypto_API[crypto_X509Name_New_NUM]  = (void *)crypto_X509Name_New;
+     crypto_API[crypto_X509Req_New_NUM]   = (void *)crypto_X509Req_New;
+     crypto_API[crypto_X509Store_New_NUM] = (void *)crypto_X509Store_New;
+diff -ruN ../pyOpenSSL-0.8/src/crypto/crypto.h ./src/crypto/crypto.h
+--- ../pyOpenSSL-0.8/src/crypto/crypto.h	2008-09-22 02:36:55.000000000 +0200
++++ ./src/crypto/crypto.h	2009-03-29 19:39:23.000000000 +0200
+@@ -70,6 +70,10 @@
+ 
+ #define crypto_API_pointers             8
+ 
++#define crypto_PKCS12_New_NUM            9
++#define crypto_PKCS12_New_RETURN         crypto_PKCS12Obj *
++#define crypto_PKCS12_New_PROTO          (PKCS12 *, char *)
++
+ #ifdef crypto_MODULE
+ 
+ extern crypto_X509_New_RETURN      crypto_X509_New      crypto_X509_New_PROTO;
+@@ -79,6 +83,7 @@
+ extern crypto_PKey_New_RETURN      crypto_PKey_New      crypto_PKey_New_PROTO;
+ extern crypto_X509Extension_New_RETURN crypto_X509Extension_New crypto_X509Extension_New_PROTO;
+ extern crypto_PKCS7_New_RETURN     crypto_PKCS7_New     crypto_PKCS7_New_PROTO;
++extern crypto_PKCS12_New_RETURN     crypto_PKCS12_New     crypto_PKCS12_New_PROTO;
+ extern crypto_NetscapeSPKI_New_RETURN  crypto_NetscapeSPKI_New  crypto_NetscapeSPKI_New_PROTO;
+ 
+ #else /* crypto_MODULE */
+@@ -99,6 +104,8 @@
+  (*(crypto_X509Extension_New_RETURN (*)crypto_X509Extension_New_PROTO) crypto_API[crypto_X509Extension_New_NUM])
+ #define crypto_PKCS7_New        \
+  (*(crypto_PKCS7_New_RETURN (*)crypto_PKCS7_New_PROTO) crypto_API[crypto_PKCS7_New_NUM])
++#define crypto_PKCS12_New        \
++ (*(crypto_PKCS12_New_RETURN (*)crypto_PKCS12_New_PROTO) crypto_API[crypto_PKCS12_New_NUM])
+ #define crypto_NetscapeSPKI_New     \
+  (*(crypto_NetscapeSPKI_New_RETURN (*)crypto_NetscapeSPKI_New_PROTO) crypto_API[crypto_NetscapeSPKI_New_NUM])
+ 
+diff -ruN ../pyOpenSSL-0.8/src/crypto/pkcs12.c ./src/crypto/pkcs12.c
+--- ../pyOpenSSL-0.8/src/crypto/pkcs12.c	2008-09-22 02:36:55.000000000 +0200
++++ ./src/crypto/pkcs12.c	2009-03-29 19:39:23.000000000 +0200
+@@ -55,6 +55,38 @@
+     return self->key;
+ }
+ 
++static char crypto_PKCS12_set_certificate_doc[] = "";
++static PyObject *
++crypto_PKCS12_set_certificate(crypto_PKCS12Obj *self, PyObject *args)
++{
++    crypto_X509Obj *cert;
++
++    if (!PyArg_ParseTuple(args, "O!:set_certificate", &crypto_X509_Type, &cert))
++        return NULL;
++
++    self->cert = (PyObject *)cert;
++    Py_INCREF(cert);
++    Py_INCREF(Py_None);
++    return Py_None;
++}
++
++static char crypto_PKCS12_set_privatekey_doc[] = "";
++static PyObject *
++crypto_PKCS12_set_privatekey(crypto_PKCS12Obj *self, PyObject *args)
++{
++    crypto_PKeyObj *pkey;
++
++    if (!PyArg_ParseTuple(args, "O!:set_privatekey", &crypto_PKey_Type, &pkey))
++        return NULL;
++
++    self->key = (PyObject *)pkey;
++    Py_INCREF(Py_None);
++    Py_INCREF(pkey);
++    return Py_None;
++}
++
++
++
+ static char crypto_PKCS12_get_ca_certificates_doc[] = "\n\
+ Return CA certificates within of the PKCS12 object\n\
+ \n\
+@@ -83,7 +115,9 @@
+ static PyMethodDef crypto_PKCS12_methods[] =
+ {
+     ADD_METHOD(get_certificate),
++    ADD_METHOD(set_certificate),
+     ADD_METHOD(get_privatekey),
++    ADD_METHOD(set_privatekey),
+     ADD_METHOD(get_ca_certificates),
+     { NULL, NULL }
+ };

================================================================
Index: SOURCES/pyOpenSSL-0.8-crl.patch
diff -u /dev/null SOURCES/pyOpenSSL-0.8-crl.patch:1.1
--- /dev/null	Mon Mar 30 10:52:34 2009
+++ SOURCES/pyOpenSSL-0.8-crl.patch	Mon Mar 30 10:52:27 2009
@@ -0,0 +1,434 @@
+diff -ruN ../pyOpenSSL-0.8/setup.py ./setup.py
+--- ../pyOpenSSL-0.8/setup.py	2008-09-22 02:36:54.000000000 +0200
++++ ./setup.py	2009-03-29 19:53:40.000000000 +0200
+@@ -37,13 +37,13 @@
+               'src/crypto/x509store.c', 'src/crypto/x509req.c',
+               'src/crypto/x509ext.c', 'src/crypto/pkcs7.c',
+               'src/crypto/pkcs12.c', 'src/crypto/netscape_spki.c',
+-              'src/util.c']
++              'src/util.c', 'src/crypto/crl.c']
+ crypto_dep = ['src/crypto/crypto.h', 'src/crypto/x509.h',
+               'src/crypto/x509name.h', 'src/crypto/pkey.h',
+               'src/crypto/x509store.h', 'src/crypto/x509req.h',
+               'src/crypto/x509ext.h', 'src/crypto/pkcs7.h',
+               'src/crypto/pkcs12.h', 'src/crypto/netscape_spki.h',
+-              'src/util.h']
++              'src/util.h', 'src/crypto/crl.h']
+ rand_src = ['src/rand/rand.c', 'src/util.c']
+ rand_dep = ['src/util.h']
+ ssl_src = ['src/ssl/connection.c', 'src/ssl/context.c', 'src/ssl/ssl.c',
+diff -ruN ../pyOpenSSL-0.8/src/crypto/crl.c ./src/crypto/crl.c
+--- ../pyOpenSSL-0.8/src/crypto/crl.c	1970-01-01 01:00:00.000000000 +0100
++++ ./src/crypto/crl.c	2009-03-29 19:53:40.000000000 +0200
+@@ -0,0 +1,237 @@
++#include <Python.h>
++#define crypto_MODULE
++#include "crypto.h"
++
++static char *CVSid = "@(#) $Id$";
++
++static void crypto_CRL_dealloc(crypto_CRLObj *self);
++
++static const char *crl_reasons[] = {
++        /* CRL reason strings */
++        "unspecified",
++        "keyCompromise",
++        "CACompromise",
++        "affiliationChanged",
++        "superseded",
++        "cessationOfOperation",
++        "certificateHold",
++        "removeFromCRL",
++        /* Additional pseudo reasons */
++        "holdInstruction",
++        "keyTime",
++        "CAkeyTime"
++};
++
++#define NUM_REASONS (sizeof(crl_reasons) / sizeof(char *))
++
++int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_GENERALIZEDTIME **pinvtm, const char *str)
++{
++        char *tmp = NULL;
++        char *rtime_str, *reason_str = NULL, *arg_str = NULL, *p;
++        int reason_code = -1;
++        int ret = 0;
++        unsigned int i;
++        ASN1_OBJECT *hold = NULL;
++        ASN1_GENERALIZEDTIME *comp_time = NULL;
++        tmp = BUF_strdup(str);
++
++        p = strchr(tmp, ',');
++        rtime_str = tmp;
++        if (p) {
++		*p = '\0';
++		p++;
++		reason_str = p;
++		p = strchr(p, ',');
++		if (p) {
++			*p = '\0';
++			arg_str = p + 1;
++		}
++	}	
++        if (prevtm) {
++		*prevtm = ASN1_UTCTIME_new();
++		if (!ASN1_UTCTIME_set_string(*prevtm, rtime_str))
++			goto err;
++	}
++        if (reason_str) {
++		for (i = 0; i < NUM_REASONS; i++) {
++			if(!strcasecmp(reason_str, crl_reasons[i])) {
++				reason_code = i;
++				break;
++			}
++		}
++		if (reason_code == OCSP_REVOKED_STATUS_NOSTATUS)
++			goto err;
++
++		if (reason_code == 7)
++			reason_code = OCSP_REVOKED_STATUS_REMOVEFROMCRL;
++		else if (reason_code == 8) {
++			if (!arg_str)
++				goto err;
++			reason_code = OCSP_REVOKED_STATUS_CERTIFICATEHOLD;
++			hold = OBJ_txt2obj(arg_str, 0);
++
++			if (!hold)
++				goto err;
++			if (phold) *phold = hold;
++		}
++		else if ((reason_code == 9) || (reason_code == 10)) {
++			if (!arg_str)
++				goto err;
++			comp_time = ASN1_GENERALIZEDTIME_new();
++			if (!ASN1_GENERALIZEDTIME_set_string(comp_time, arg_str))
++				goto err;
++			if (reason_code == 9)
++				reason_code = OCSP_REVOKED_STATUS_KEYCOMPROMISE;
++			else
++				reason_code = OCSP_REVOKED_STATUS_CACOMPROMISE;
++		}
++	}
++
++        if (preason) *preason = reason_code;
++        if (pinvtm) *pinvtm = comp_time;
++        else ASN1_GENERALIZEDTIME_free(comp_time);
++	
++        ret = 1;
++
++ err:
++        if (tmp) OPENSSL_free(tmp);
++        if (!phold) ASN1_OBJECT_free(hold);
++        if (!pinvtm) ASN1_GENERALIZEDTIME_free(comp_time);
++
++        return ret;
++}
++int make_revoked(X509_REVOKED *rev, const char *str)
++{
++        char *tmp = NULL;
++        int reason_code = -1;
++        int i, ret = 0;
++        ASN1_OBJECT *hold = NULL;
++        ASN1_GENERALIZEDTIME *comp_time = NULL;
++        ASN1_ENUMERATED *rtmp = NULL;
++
++        ASN1_TIME *revDate = NULL;
++
++        i = unpack_revinfo(&revDate, &reason_code, &hold, &comp_time, str);
++
++        if (i == 0)
++                goto err;
++
++        if (rev && !X509_REVOKED_set_revocationDate(rev, revDate))
++                goto err;
++
++        if (rev && (reason_code != OCSP_REVOKED_STATUS_NOSTATUS)) {
++		rtmp = ASN1_ENUMERATED_new();
++		if (!rtmp || !ASN1_ENUMERATED_set(rtmp, reason_code))
++			goto err;
++		if (!X509_REVOKED_add1_ext_i2d(rev, NID_crl_reason, rtmp, 0, 0))
++			goto err;
++	}
++	
++        if (rev && comp_time) {
++		if (!X509_REVOKED_add1_ext_i2d(rev, NID_invalidity_date, comp_time, 0, 0))
++			goto err;
++	}
++        if (rev && hold) {
++		if (!X509_REVOKED_add1_ext_i2d(rev, NID_hold_instruction_code, hold, 0, 0))
++			goto err;
++	}
++
++        if (reason_code != OCSP_REVOKED_STATUS_NOSTATUS)
++                ret = 2;
++        else ret = 1;
++ err:
++        if (tmp) OPENSSL_free(tmp);
++        ASN1_OBJECT_free(hold);
++        ASN1_GENERALIZEDTIME_free(comp_time);
++        ASN1_ENUMERATED_free(rtmp);
++        ASN1_TIME_free(revDate);
++
++        return ret;
++}
++
++static char crypto_CRL_make_revoked_doc[] = "";
++static PyObject *
++crypto_CRL_make_revoked(crypto_CRLObj *self, PyObject *args)
++{
++    char *t, *id;
++    X509_REVOKED *r;
++    BIGNUM *serial=NULL;
++    ASN1_INTEGER *tmpser;
++
++    if (!PyArg_ParseTuple(args, "ss:make_revoked", &t, &id))
++        return NULL;
++
++    r = X509_REVOKED_new();
++    make_revoked(r, t);
++    if (!BN_hex2bn(&serial, id))
++	    return 0;
++    tmpser = BN_to_ASN1_INTEGER(serial, NULL);
++    BN_free(serial);
++    serial = NULL;
++    X509_REVOKED_set_serialNumber(r, tmpser);
++    ASN1_INTEGER_free(tmpser);
++
++    X509_CRL_add0_revoked(self->crl,r);
++
++    Py_INCREF(Py_None);
++    return Py_None;
++}
++
++crypto_CRLObj *
++crypto_CRL_New(X509_CRL *crl)
++{
++    crypto_CRLObj *self;
++
++    self = PyObject_New(crypto_CRLObj, &crypto_CRL_Type);
++    self->crl = crl;
++    return self;
++}
++
++
++/*
++ * ADD_METHOD(name) expands to a correct PyMethodDef declaration
++ *   {  'name', (PyCFunction)crypto_PKCS12_name, METH_VARARGS, crypto_PKCS12_name_doc }
++ * for convenience
++ */
++#define ADD_METHOD(name)        \
++    { #name, (PyCFunction)crypto_CRL_##name, METH_VARARGS, crypto_CRL_##name##_doc }
++static PyMethodDef crypto_CRL_methods[] =
++{
++    ADD_METHOD(make_revoked),
++    { NULL, NULL }
++};
++#undef ADD_METHOD
++
++
++static PyObject *
++crypto_CRL_getattr(crypto_CRLObj *self, char *name)
++{
++    return Py_FindMethod(crypto_CRL_methods, (PyObject *)self, name);
++}
++
++static void
++crypto_CRL_dealloc(crypto_CRLObj *self)
++{
++    PyObject_Del(self);
++}
++
++PyTypeObject crypto_CRL_Type = {
++    PyObject_HEAD_INIT(NULL)
++    0,
++    "CRL",
++    sizeof(crypto_CRLObj),
++    0,
++    (destructor)crypto_CRL_dealloc,
++    NULL, /* print */
++    (getattrfunc)crypto_CRL_getattr,
++};
++
++int
++init_crypto_crl(PyObject *dict)
++{
++    crypto_CRL_Type.ob_type = &PyType_Type;
++    Py_INCREF(&crypto_CRL_Type);
++    PyDict_SetItemString(dict, "CRLType", (PyObject *)&crypto_CRL_Type);
++    return 1;
++}
++
+diff -ruN ../pyOpenSSL-0.8/src/crypto/crl.h ./src/crypto/crl.h
+--- ../pyOpenSSL-0.8/src/crypto/crl.h	1970-01-01 01:00:00.000000000 +0100
++++ ./src/crypto/crl.h	2009-03-29 19:53:40.000000000 +0200
+@@ -0,0 +1,17 @@
++#ifndef PyOpenSSL_crypto_CRL_H_
++#define PyOpenSSL_crypto_CRL_H_
++
++#include <Python.h>
++
++extern  int       init_crypto_crl   (PyObject *);
++
++extern  PyTypeObject      crypto_CRL_Type;
++
++#define crypto_CRL_Check(v) ((v)->ob_type == &crypto_CRL_Type)
++
++typedef struct {
++    PyObject_HEAD
++    X509_CRL *crl;
++} crypto_CRLObj;
++
++#endif
+diff -ruN ../pyOpenSSL-0.8/src/crypto/crypto.c ./src/crypto/crypto.c
+--- ../pyOpenSSL-0.8/src/crypto/crypto.c	2009-03-29 19:56:15.000000000 +0200
++++ ./src/crypto/crypto.c	2009-03-29 19:54:16.000000000 +0200
+@@ -539,6 +539,47 @@
+     return buffer;
+ }
+ 
++static char crypto_dump_crl_doc[] = "";
++
++static PyObject *
++crypto_dump_crl(PyObject *spam, PyObject *args)
++{
++	int ret, buf_len;
++	char *temp;
++	BIO *bio;
++	PyObject *buffer;
++	crypto_CRLObj *in_crl;
++	crypto_PKeyObj *key;
++	ASN1_TIME *tmptm;
++	crypto_X509Obj *x509;	
++    
++	if (!PyArg_ParseTuple(args, "O!O!O!:dump_crl",
++			      &crypto_CRL_Type, &in_crl, &crypto_X509_Type, &x509, &crypto_PKey_Type, &key))
++		return NULL;
++    
++	bio=BIO_new(BIO_s_mem());
++
++	tmptm = ASN1_TIME_new();
++	if (!tmptm)
++		return 0;
++	X509_gmtime_adj(tmptm,0);
++	X509_CRL_set_lastUpdate(in_crl->crl, tmptm);
++	X509_gmtime_adj(tmptm,(100*24)*60*60);
++	X509_CRL_set_nextUpdate(in_crl->crl, tmptm);
++	ASN1_TIME_free(tmptm);
++	X509_CRL_set_issuer_name(in_crl->crl, X509_get_subject_name(x509->x509));
++	X509_CRL_sign(in_crl->crl, key->pkey, EVP_md5());
++	if (!(ret = PEM_write_bio_X509_CRL(bio, in_crl->crl))) {
++		BIO_free(bio);
++		return NULL;
++	}
++	buf_len = BIO_get_mem_data(bio, &temp);
++	buffer = PyString_FromStringAndSize(temp, buf_len);
++	X509_CRL_free(in_crl->crl);
++	BIO_free(bio);
++	return buffer;
++}
++
+ static char crypto_load_pkcs7_data_doc[] = "\n\
+ Load pkcs7 data from a buffer\n\
+ \n\
+@@ -628,6 +669,7 @@
+ }
+ 
+ 
++
+ static char crypto_X509_doc[] = "\n\
+ The factory function inserted in the module dictionary to create X509\n\
+ objects\n\
+@@ -662,6 +704,22 @@
+ 	return (PyObject *)self;
+ }
+ 
++
++static char crypto_CRL_doc[] = "";
++
++static PyObject *
++crypto_CRL(PyObject *spam, PyObject *args)
++{
++	crypto_CRLObj *self;
++	
++	if (!PyArg_ParseTuple(args, ":CRL"))
++		return NULL;
++
++	self = crypto_CRL_New(X509_CRL_new());
++
++	return (PyObject *)self;
++}
++
+ static char crypto_X509Name_doc[] = "\n\
+ The factory function inserted in the module dictionary as a copy\n\
+ constructor for X509Name objects.\n\
+@@ -814,6 +872,7 @@
+     { "load_pkcs7_data", (PyCFunction)crypto_load_pkcs7_data, METH_VARARGS, crypto_load_pkcs7_data_doc },
+     { "load_pkcs12", (PyCFunction)crypto_load_pkcs12, METH_VARARGS, crypto_load_pkcs12_doc },
+     { "dump_pkcs12", (PyCFunction)crypto_dump_pkcs12, METH_VARARGS, crypto_dump_pkcs12_doc },
++    { "dump_crl", (PyCFunction)crypto_dump_crl, METH_VARARGS, crypto_dump_crl_doc },
+     /* Factory functions */
+     { "X509",    (PyCFunction)crypto_X509,    METH_VARARGS, crypto_X509_doc },
+     { "PKCS12",    (PyCFunction)crypto_PKCS12,    METH_VARARGS, crypto_PKCS12_doc },
+@@ -822,6 +881,7 @@
+     { "PKey",    (PyCFunction)crypto_PKey,    METH_VARARGS, crypto_PKey_doc },
+     { "X509Extension", (PyCFunction)crypto_X509Extension, METH_VARARGS, crypto_X509Extension_doc },
+     { "NetscapeSPKI", (PyCFunction)crypto_NetscapeSPKI, METH_VARARGS, crypto_NetscapeSPKI_doc },
++    { "CRL",    (PyCFunction)crypto_CRL,    METH_VARARGS, crypto_CRL_doc },
+     { "X509_verify_cert_error_string", (PyCFunction)crypto_X509_verify_cert_error_string, METH_VARARGS, crypto_X509_verify_cert_error_string_doc },
+     { NULL, NULL }
+ };
+@@ -961,7 +1021,8 @@
+         goto error;
+     if (!init_crypto_netscape_spki(dict))
+         goto error;
+-
++    if (!init_crypto_crl(dict))
++        goto error;
+ error:
+     ;
+ }
+diff -ruN ../pyOpenSSL-0.8/src/crypto/crypto.h ./src/crypto/crypto.h
+--- ../pyOpenSSL-0.8/src/crypto/crypto.h	2009-03-29 19:56:12.000000000 +0200
++++ ./src/crypto/crypto.h	2009-03-29 19:53:40.000000000 +0200
+@@ -23,8 +23,30 @@
+ #include "x509ext.h"
+ #include "pkcs7.h"
+ #include "pkcs12.h"
++#include "crl.h"
+ #include "../util.h"
+ 
++
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++#include <ctype.h>
++#include <sys/types.h>
++#include <sys/stat.h>
++#include <openssl/conf.h>
++#include <openssl/bio.h>
++#include <openssl/err.h>
++#include <openssl/bn.h>
++#include <openssl/txt_db.h>
++#include <openssl/evp.h>
++#include <openssl/x509.h>
++#include <openssl/x509v3.h>
<<Diff was trimmed, longer than 597 lines>>
