From 7a4919c83984fa72b30fde65c9e0635c8674a453 Mon Sep 17 00:00:00 2001 From: Ray Date: Sat, 18 Jan 2014 18:02:25 -0800 Subject: [PATCH] First Stable Release The version number is incremented to 1.0.0. Thanks to doneir for reporting that a number of unit test were failing. This was because two test certificates had expired. This commit replaces these with updated certificates, along with the tool used for programmatic certificate generation. The new certificates are set to remain valid for approximately ten years. --- ChangeLog | 17 ++++++++++++ dtls/test/certs/ca-cert.pem | 22 ++++++++-------- dtls/test/certs/keycert.pem | 43 ++++++++++++++++++------------ dtls/test/certs/server-cert.pem | 46 +++++++++------------------------ dtls/test/certs/server-key.pem | 10 ------- dtls/test/makecerts | 36 ++++++++++++++++++++++++++ dtls/test/openssl_ca.cnf | 11 ++++++++ dtls/test/openssl_server.cnf | 11 ++++++++ setup.py | 19 +++++++++----- 9 files changed, 137 insertions(+), 78 deletions(-) create mode 100644 ChangeLog delete mode 100644 dtls/test/certs/server-key.pem create mode 100755 dtls/test/makecerts create mode 100644 dtls/test/openssl_ca.cnf create mode 100644 dtls/test/openssl_server.cnf diff --git a/ChangeLog b/ChangeLog new file mode 100644 index 0000000..231a7c5 --- /dev/null +++ b/ChangeLog @@ -0,0 +1,17 @@ +2014-01-18 Ray Brown + + * setup.py: First stable version, 1.0.0 + * dtls/test/makecerts: Generate valid and current certificates for + unit test suite + * dtls/test/openssl_ca.cnf: Configuration file for CA certificate + * dtls/test/openssl_server.cnf: Configuration file for server + certificate + * dtls/test/certs/ca-cert.pem: updated certificate, valid for 10 years + * dtls/test/certs/server-cert.pem: updated certificate, valid for + 10 years + * dtls/test/certs/keycert.pem: updated server certificate from server-cert.pem, along with that certificate's private key + * dtls/test/server-key.pem: deleted (it was not needed) + +2012-12-31 Ray Brown + + * All: Version 0.1.0: initial public release diff --git a/dtls/test/certs/ca-cert.pem b/dtls/test/certs/ca-cert.pem index c51b49b..e125a65 100644 --- a/dtls/test/certs/ca-cert.pem +++ b/dtls/test/certs/ca-cert.pem @@ -1,13 +1,13 @@ -----BEGIN CERTIFICATE----- -MIIB3TCCAYegAwIBAgIJAJdD48tCuQ4ZMA0GCSqGSIb3DQEBBQUAMEoxCzAJBgNV -BAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRMwEQYDVQQKEwpSYXkgQ0EgSW5j -MREwDwYDVQQDEwhSYXlDQUluYzAeFw0xMjA5MjEyMTE0MTZaFw0xMzA5MjEyMTE0 -MTZaMEoxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRMwEQYDVQQK -EwpSYXkgQ0EgSW5jMREwDwYDVQQDEwhSYXlDQUluYzBcMA0GCSqGSIb3DQEBAQUA -A0sAMEgCQQC33ThS1uvx6c9/jdQgPrLnVepv9NJdtyRMIDH3ZVfIKwwC6Nde3CJh -bdo3j2njxlY7pw0P6J/F6mQpGtsRGaX1AgMBAAGjUDBOMB0GA1UdDgQWBBQBj0cB -lkz531jiz4oLP0osGlVR3zAfBgNVHSMEGDAWgBQBj0cBlkz531jiz4oLP0osGlVR -3zAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA0EAUyS5rT6LFjhhPeoW1Gk1 -sibwzgPSKdEzllt0vGZtWESekkoJ0UxnDvRzKv8OEVSclt+2YuzJXuZGteFABxDA -Cw== +MIICCzCCAXQCCQCwvSKaN4J3cTANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJV +UzETMBEGA1UECBMKV2FzaGluZ3RvbjETMBEGA1UEChMKUmF5IENBIEluYzERMA8G +A1UEAxMIUmF5Q0FJbmMwHhcNMTQwMTE4MjEwMjUwWhcNMjQwMTE2MjEwMjUwWjBK +MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjETMBEGA1UEChMKUmF5 +IENBIEluYzERMA8GA1UEAxMIUmF5Q0FJbmMwgZ8wDQYJKoZIhvcNAQEBBQADgY0A +MIGJAoGBAN/UYXt4uq+YdTDnm7WPCu+0B50kJXWU3sSS+WAAhr3BHh7qa7UTiRXy +yGYysgvtwriETAZRckzd+hdblNRUWXGJdRvtyx94nLpPpI8p4djBrJ5IMPqK5SgW +ZP4XTWs694VtUBAvHCX+Ly+t0O5Rw3NmqxY1MakooqU9t+wL0H0TAgMBAAEwDQYJ +KoZIhvcNAQEFBQADgYEANemjvYCJrTc/6im0DmDC6AW8KrLG0xj31HWpq1dO9LG7 +mlVFgbVtbcuCZgA78kxgw1vN6kBBLEsAJC8gkg++AO/w3a4oP+U9txAr9KRg6IGA +FiUohuWbjKBnQEpceoECgrymooF3ayzke/vf3wcMYy153uC+H4t96Yc5T066c4o= -----END CERTIFICATE----- diff --git a/dtls/test/certs/keycert.pem b/dtls/test/certs/keycert.pem index 05ee34c..696cb73 100644 --- a/dtls/test/certs/keycert.pem +++ b/dtls/test/certs/keycert.pem @@ -1,21 +1,30 @@ -----BEGIN PRIVATE KEY----- -MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEAuPd3JmydJfXhyii0 -agsVgRMOUcOyuldbaf/Lu4bZ+U0zH0OSoYkv0Ahbz7ehK+oGMeUy/SuGVAn7JLyj -zlYi8QIDAQABAkAygtnV82lC2Y/Mbis+nkJEGlkZuRCQ1JRRMRqI3n2eF6CviqF3 -PiBXIEEExzKihC9bvbHKTAkYDLr+/4YpbiQBAiEA7JLS5Lp7KI/ayWwEzl2r5XXu -k/cbH++A4zZz6A9XIsECIQDIJ8ciDa5/VGyQnYMzBNgKnwaFDDBOiEUFDaU/9ZN8 -MQIgCG3Gw819G9ncQrbtiOi/eiJ0iKMSPVYMMow7HvaE9UECIQCLyQwPwlJd5s4z -aW4ZkYZ4VHuvK8YI8q6RSuhf9Nhd4QIgFbRNdEeehgrzGzGug2yVCMzVzS3MQNBJ -6LqBZaPlFsM= +MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBANjL+g7MpTEB40Vo +2pxWbx33YwgXQ6QbnLg1QyKlrH6DEEotyDRWI/ZftvWbjGUh0zUGhQaLzF3ZNgdM +VkF5j0wCgRdwPon1ct5wJUg6GCWvfi4B/HlQrWg8JDaWoGuDcTqLh6KYfDdWTlWC +Bq3pOW14gVe3d12R8Bxu9PCK8jrvAgMBAAECgYAQFjqs5HSRiWFS4i/uj99Y6uV3 +UTqcr8vWQ2WC6aY+EP2hc3o6n/W1L28FFJC7ZGImuiAe1zrH7/k5W2m/HAUM7M9p +oBcp7ZVMFU6R00cQWVKCpQRCpNHnn+tVJdRGiHRj9836/u2z3shBxDYgXJIR787V +SlBXkCcsi0Clem5ocQJBAPp/0tF4CpoaOCAnNN+rDjPNGcH57lmpSZBMXZVAVCRq +vJDdH9SIcb19gKToCF1MUd7CJWbSHKxh49Hr+prBW8cCQQDdjrH8EZ4CDYvoJbVX +iWFfbh6lPwv8uaj43HoHq4+51mhHvLxO8a1AKMSgD2cg7yJYYIpTTAf21gqU3Yt9 +wJeZAkEAl75e4u0o3vkLDs8xRFzGmbKg69SPAll+ap8YAZWaYwUVfVu2MHUHEZa5 +GyxEBOB6p8pMBeE55WLXMw8UHDMNeQJADEWRGjMnm1mAvFUKXFThrdV9oQ2C7nai +I1ai87XO+i4kDIUpsP216O3ZJjx0K+DS+C4wuzhk4IkugNxck5SNUQJASxf8E4z5 +W5rP2XXIohGpDyzI+criUYQ6340vKB9bPsCQ2QooQq1BH0wGA2fY82Kr95E8KhUo +zGoP1DtpzgwOQg== -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIIBgDCCASoCAQEwDQYJKoZIhvcNAQEEBQAwSjELMAkGA1UEBhMCVVMxEzARBgNV -BAgTCldhc2hpbmd0b24xEzARBgNVBAoTClJheSBDQSBJbmMxETAPBgNVBAMTCFJh -eUNBSW5jMB4XDTEyMDkyMTIxMTYxOFoXDTEzMDkyMTIxMTYxOFowTDELMAkGA1UE -BhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xFDASBgNVBAoTC1JheSBTcnYgSW5j -MRIwEAYDVQQDEwlSYXlTcnZJbmMwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAuPd3 -JmydJfXhyii0agsVgRMOUcOyuldbaf/Lu4bZ+U0zH0OSoYkv0Ahbz7ehK+oGMeUy -/SuGVAn7JLyjzlYi8QIDAQABMA0GCSqGSIb3DQEBBAUAA0EAEkxVF8HEGV8N4mYA -hDciYpttnnb9pYL1okHGrhaIFqu9D10LfP1SKps/6s/qNSk3YaIVjydWOHEf6xr4 -zJkiFw== +MIICDTCCAXYCCQCxc2uXBLZhDjANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJV +UzETMBEGA1UECBMKV2FzaGluZ3RvbjETMBEGA1UEChMKUmF5IENBIEluYzERMA8G +A1UEAxMIUmF5Q0FJbmMwHhcNMTQwMTE4MjEwMjUwWhcNMjQwMTE2MjEwMjUwWjBM +MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEUMBIGA1UEChMLUmF5 +IFNydiBJbmMxEjAQBgNVBAMTCVJheVNydkluYzCBnzANBgkqhkiG9w0BAQEFAAOB +jQAwgYkCgYEA2Mv6DsylMQHjRWjanFZvHfdjCBdDpBucuDVDIqWsfoMQSi3INFYj +9l+29ZuMZSHTNQaFBovMXdk2B0xWQXmPTAKBF3A+ifVy3nAlSDoYJa9+LgH8eVCt +aDwkNpaga4NxOouHoph8N1ZOVYIGrek5bXiBV7d3XZHwHG708IryOu8CAwEAATAN +BgkqhkiG9w0BAQUFAAOBgQBw0XUTYzfiI0Fi9g4GuyWD2hjET3NtrT4Ccu+Jiivy +EvwhzHtVGAPhrV+VCL8sS9uSOZlmfK/ZVraDiFGpJLDMvPP5y5fwq5VGrFuZispG +X6bTBq2AIKzGGXxhwPqD8F7su7bmZDnZFRMRk2Bh16rv0mtzx9yHtqC5YJZ2a3JK +2g== -----END CERTIFICATE----- diff --git a/dtls/test/certs/server-cert.pem b/dtls/test/certs/server-cert.pem index e93f97b..c407cb0 100644 --- a/dtls/test/certs/server-cert.pem +++ b/dtls/test/certs/server-cert.pem @@ -1,36 +1,14 @@ -Certificate: - Data: - Version: 1 (0x0) - Serial Number: 1 (0x1) - Signature Algorithm: md5WithRSAEncryption - Issuer: C=US, ST=Washington, O=Ray CA Inc, CN=RayCAInc - Validity - Not Before: Sep 21 21:16:18 2012 GMT - Not After : Sep 21 21:16:18 2013 GMT - Subject: C=US, ST=Washington, O=Ray Srv Inc, CN=RaySrvInc - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (512 bit) - Modulus: - 00:b8:f7:77:26:6c:9d:25:f5:e1:ca:28:b4:6a:0b: - 15:81:13:0e:51:c3:b2:ba:57:5b:69:ff:cb:bb:86: - d9:f9:4d:33:1f:43:92:a1:89:2f:d0:08:5b:cf:b7: - a1:2b:ea:06:31:e5:32:fd:2b:86:54:09:fb:24:bc: - a3:ce:56:22:f1 - Exponent: 65537 (0x10001) - Signature Algorithm: md5WithRSAEncryption - 12:4c:55:17:c1:c4:19:5f:0d:e2:66:00:84:37:22:62:9b:6d: - 9e:76:fd:a5:82:f5:a2:41:c6:ae:16:88:16:ab:bd:0f:5d:0b: - 7c:fd:52:2a:9b:3f:ea:cf:ea:35:29:37:61:a2:15:8f:27:56: - 38:71:1f:eb:1a:f8:cc:99:22:17 -----BEGIN CERTIFICATE----- -MIIBgDCCASoCAQEwDQYJKoZIhvcNAQEEBQAwSjELMAkGA1UEBhMCVVMxEzARBgNV -BAgTCldhc2hpbmd0b24xEzARBgNVBAoTClJheSBDQSBJbmMxETAPBgNVBAMTCFJh -eUNBSW5jMB4XDTEyMDkyMTIxMTYxOFoXDTEzMDkyMTIxMTYxOFowTDELMAkGA1UE -BhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xFDASBgNVBAoTC1JheSBTcnYgSW5j -MRIwEAYDVQQDEwlSYXlTcnZJbmMwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAuPd3 -JmydJfXhyii0agsVgRMOUcOyuldbaf/Lu4bZ+U0zH0OSoYkv0Ahbz7ehK+oGMeUy -/SuGVAn7JLyjzlYi8QIDAQABMA0GCSqGSIb3DQEBBAUAA0EAEkxVF8HEGV8N4mYA -hDciYpttnnb9pYL1okHGrhaIFqu9D10LfP1SKps/6s/qNSk3YaIVjydWOHEf6xr4 -zJkiFw== +MIICDTCCAXYCCQCxc2uXBLZhDjANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJV +UzETMBEGA1UECBMKV2FzaGluZ3RvbjETMBEGA1UEChMKUmF5IENBIEluYzERMA8G +A1UEAxMIUmF5Q0FJbmMwHhcNMTQwMTE4MjEwMjUwWhcNMjQwMTE2MjEwMjUwWjBM +MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEUMBIGA1UEChMLUmF5 +IFNydiBJbmMxEjAQBgNVBAMTCVJheVNydkluYzCBnzANBgkqhkiG9w0BAQEFAAOB +jQAwgYkCgYEA2Mv6DsylMQHjRWjanFZvHfdjCBdDpBucuDVDIqWsfoMQSi3INFYj +9l+29ZuMZSHTNQaFBovMXdk2B0xWQXmPTAKBF3A+ifVy3nAlSDoYJa9+LgH8eVCt +aDwkNpaga4NxOouHoph8N1ZOVYIGrek5bXiBV7d3XZHwHG708IryOu8CAwEAATAN +BgkqhkiG9w0BAQUFAAOBgQBw0XUTYzfiI0Fi9g4GuyWD2hjET3NtrT4Ccu+Jiivy +EvwhzHtVGAPhrV+VCL8sS9uSOZlmfK/ZVraDiFGpJLDMvPP5y5fwq5VGrFuZispG +X6bTBq2AIKzGGXxhwPqD8F7su7bmZDnZFRMRk2Bh16rv0mtzx9yHtqC5YJZ2a3JK +2g== -----END CERTIFICATE----- diff --git a/dtls/test/certs/server-key.pem b/dtls/test/certs/server-key.pem deleted file mode 100644 index 51908d6..0000000 --- a/dtls/test/certs/server-key.pem +++ /dev/null @@ -1,10 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEAuPd3JmydJfXhyii0 -agsVgRMOUcOyuldbaf/Lu4bZ+U0zH0OSoYkv0Ahbz7ehK+oGMeUy/SuGVAn7JLyj -zlYi8QIDAQABAkAygtnV82lC2Y/Mbis+nkJEGlkZuRCQ1JRRMRqI3n2eF6CviqF3 -PiBXIEEExzKihC9bvbHKTAkYDLr+/4YpbiQBAiEA7JLS5Lp7KI/ayWwEzl2r5XXu -k/cbH++A4zZz6A9XIsECIQDIJ8ciDa5/VGyQnYMzBNgKnwaFDDBOiEUFDaU/9ZN8 -MQIgCG3Gw819G9ncQrbtiOi/eiJ0iKMSPVYMMow7HvaE9UECIQCLyQwPwlJd5s4z -aW4ZkYZ4VHuvK8YI8q6RSuhf9Nhd4QIgFbRNdEeehgrzGzGug2yVCMzVzS3MQNBJ -6LqBZaPlFsM= ------END PRIVATE KEY----- diff --git a/dtls/test/makecerts b/dtls/test/makecerts new file mode 100755 index 0000000..251b520 --- /dev/null +++ b/dtls/test/makecerts @@ -0,0 +1,36 @@ +#!/bin/bash -eu + +############################################################################## +# +# Generate Certificates for PyDTLS Unit Testing +# +# This script is invoked manually (as opposed to by the unit test suite), in +# order to generate certain certificates that are required to be valid by +# the unit test suite. +# +# This script is not portable: it has been tested on Ubuntu 13.04 only. New +# certificates are written into the current directory. +# +# Copyright 2014 Ray Brown +# +############################################################################## + +DIR=`dirname "$0"` + +# Generate self-signed certificate for the certificate authority +echo Generating CA...; echo +openssl req -config "$DIR/openssl_ca.cnf" -x509 -newkey rsa -nodes -keyout tmp_ca.key -out ca-cert.pem -days 3650 + +# Generate a certificate request +echo Generating certificate request...; echo +openssl req -config "$DIR/openssl_server.cnf" -newkey rsa -nodes -keyout tmp_server.key -out tmp_server.req + +# Sign the request with the certificate authority's certificate created above +echo Signing certificate request...; echo +openssl x509 -req -in tmp_server.req -CA ca-cert.pem -CAkey tmp_ca.key -CAcreateserial -days 3650 -out server-cert.pem + +# Build pem file with private and public keys, ready for unprompted server use +cat tmp_server.key server-cert.pem > keycert.pem + +# Clean up +rm tmp_ca.key tmp_server.key tmp_server.req ca-cert.srl diff --git a/dtls/test/openssl_ca.cnf b/dtls/test/openssl_ca.cnf new file mode 100644 index 0000000..365ab27 --- /dev/null +++ b/dtls/test/openssl_ca.cnf @@ -0,0 +1,11 @@ +RANDFILE = $ENV::HOME/.rnd + +[ req ] +distinguished_name = req_distinguished_name +prompt = no + +[ req_distinguished_name ] +C = US +ST = Washington +O = Ray CA Inc +CN = RayCAInc diff --git a/dtls/test/openssl_server.cnf b/dtls/test/openssl_server.cnf new file mode 100644 index 0000000..2d2e749 --- /dev/null +++ b/dtls/test/openssl_server.cnf @@ -0,0 +1,11 @@ +RANDFILE = $ENV::HOME/.rnd + +[ req ] +distinguished_name = req_distinguished_name +prompt = no + +[ req_distinguished_name ] +C = US +ST = Washington +O = Ray Srv Inc +CN = RaySrvInc diff --git a/setup.py b/setup.py index 32fb143..5f8f9c8 100644 --- a/setup.py +++ b/setup.py @@ -33,7 +33,7 @@ for scheme in INSTALL_SCHEMES.values(): scheme['data'] = scheme['purelib'] NAME = "Dtls" -VERSION = "0.1.0" +VERSION = "1.0.0" DIST_DIR = "dist" FORMAT_TO_SUFFIX = { "zip": ".zip", @@ -59,7 +59,10 @@ def invoke_setup(data_files=None): data_files = load(fl) except IOError: data_files = [] - data_files.append(('dtls', ["NOTICE", "LICENSE", "README.txt"]),) + data_files.append(('dtls', ["NOTICE", + "LICENSE", + "README.txt", + "ChangeLog"]),) setup(name=NAME, version=VERSION, description="Python Datagram Transport Layer Security", @@ -69,7 +72,10 @@ def invoke_setup(data_files=None): license="LICENSE", long_description=open("README.txt").read(), packages=["dtls", "dtls.demux", "dtls.test"], - package_data={"dtls.test": ["certs/*.pem"]}, + package_data={"dtls.test": ["makecerts", + "openssl_ca.cnf", + "openssl_server.cnf", + "certs/*.pem"]}, data_files=data_files, ) finally: @@ -104,11 +110,12 @@ def make_dists(): except OSError: pass rename(source_name, target_name) - # Finally the distribution without prebuilts - argv.append("--formats=zip,gztar") - invoke_setup() if __name__ == "__main__": + # Full upload sequence for new version: + # python setup.py sdist --formats=zip,gztar upload + # python setup.py sdist --prebuilts + # Manually add .sdist_with_openssl. archives to repository if argv[-1] == "--prebuilts": del argv[-1] make_dists()