search

essaic / ensymble

Automatically exported from code.google.com/p/ensymble
GNU General Public License v2.0
1 stars 0 forks source link

subprocess.open fails with openssl #1

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago 
1. using the 0.29 version
2. trying to sign with signsis

i always got
ValueError: wrong pass phrase or invalid PKCS#8 private key
openssl itself worked fine on the used certificate and key

Debugoutput:
DEBUG: Popen(('/usr/bin/openssl', 'pkcs8 -in /tmp/ensymble-kueskf/keyin.pem 
-out /tmp/ensymble-kueskf/keyout.pem -passin stdin -passout stdin -nocrypt'))
DEBUG: pipeerr.read() = "openssl:Error: 'pkcs8 -in 
/tmp/ensymble-kueskf/keyin.pem -out /tmp/ensymble-kueskf/keyout.pem -passin 
stdin -passout stdin -nocrypt' is an invalid command.

after checking http://docs.python.org/library/subprocess.html i just changed
utils/cryptutil.py

--- ensymble/utils/cryptutil.py.org 2010-07-08 02:11:29.804735374 +0200
+++ ensymble/utils/cryptutil.py 2010-07-08 02:12:19.478791144 +0200
@@ -28,6 +28,7 @@
 import tempfile
 import random
 import subprocess
+import shlex

 opensslcommand = None   # Path to OpenSSL command line tool
@@ -359,14 +360,14 @@
         findopenssl()

     # Construct a command line for subprocess.Popen()
-    cmdline = (opensslcommand, command)
+    cmdline = '%s %s' % (opensslcommand, command)

     if openssldebug:
         # Print command line.
         print "DEBUG: Popen(%s)" % repr(cmdline)

     # Run command.
-    p = subprocess.Popen(cmdline, stdin=subprocess.PIPE,
+    p = subprocess.Popen(shlex.split(cmdline), stdin=subprocess.PIPE,
             stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True)
     (pipein, pipeout, pipeerr) = (p.stdin, p.stdout, p.stderr)
     pipein.write(datain)

which made it run.

linux-2.6.32 x86_64
openssl-0.9.8o
Python 2.6.5

Original issue reported on code.google.com by gjd...@gmail.com on 8 Jul 2010 at 12:15

Attachments:

GoogleCodeExporter commented 8 years ago 
This fixes following issue for me in 0.29, python 2.6:
  ensymble.py: warning: no certificate given, using insecure built-in one
  ensymble.py: wrong pass phrase or invalid private key

Please release a new version with the fix.

Original comment by domen.pu...@gmail.com on 20 Sep 2010 at 10:25

GoogleCodeExporter commented 8 years ago 
Hi all,

I have had the same problem with ensymble 0.29 today.
I have patched before looking at the issues, and my patch is almost the same as 
this one. It just add some more debug output if something append with the Popen:

--- ensymble-0.29.orig/ensymble/utils/cryptutil.py      2010-05-15 
16:47:22.000000000 +0200
+++ ensymble-0.29.new/ensymble/utils/cryptutil.py       2010-09-30 
17:43:25.000000000 +0200
@@ -359,7 +359,7 @@
         findopenssl()

     # Construct a command line for subprocess.Popen()
-    cmdline = (opensslcommand, command)
+    cmdline = (opensslcommand,) + tuple(command.split())

     if openssldebug:
         # Print command line.
@@ -369,13 +369,18 @@
     p = subprocess.Popen(cmdline, stdin=subprocess.PIPE,
             stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True)
     (pipein, pipeout, pipeerr) = (p.stdin, p.stdout, p.stderr)
-    pipein.write(datain)
+    pipein.write('%s\n' % datain)
     dataout = pipeout.read()
     errout = pipeerr.read()

+    # Check status
+    status = p.wait()
+    if status != 0:
+        raise ValueError(errout)
+
     if openssldebug:
         # Print standard error output.
-        print "DEBUG: pipeerr.read() = %s" % repr(errout)
+        print "DEBUG: pipeerr.read() = %s" % errout

     return (dataout, errout)

This would be _very_ great to commit this change (or the 1st one from gjdkbx), 
because the 0.29 don't work without.

My config:
- Python 2.6.1
- Mac OS X Snow Loepard 10.6.4
- OpenSSL 1.0.0a 1 Jun 2010

Thanks in advance.

-- 
Olivier

Original comment by puck...@gmail.com on 30 Sep 2010 at 4:48