[Gajim-devel] Re : PKCS12 with password

2011-07-25 Thread Saleem Edah-Tally 
Here's the CLI output running gajim in non-verbose, with a PKCS12 password 
protected container :

*

16:01:50 (W) gajim.c.x.tls_nb Unable to load client pkcs12 certificate from 
file 
/home/user/xmpp_lab_set_pwd.p12: ([('PKCS12 routines', 'PKCS12_parse', 'mac 
verify failure')],) ... Is it a valid PKCS12 cert?
16:01:50 (E) gajim.c.x.tls_nb Error while TLS handshake: 
Traceback (most recent call last):
  File /usr/share/gajim/src/common/xmpp/tls_nb.py, line 422, in 
_startSSL_pyOpenSSL
tcpsock._sslObj.do_handshake()
SysCallError: (-1, 'Unexpected EOF')
*


Attached is a verbose log also.

More precision : I am using jabberd2 2.2.14 configured to accept only encrypted 
connections.

Thank you for considering.





- Message d'origine 
De : Yann Leboulanger aste...@lagaule.org
À : nmset nm...@yahoo.com
Cc : Gajim Devel gajim-devel@gajim.org
Envoyé le : Lun 25 juillet 2011, 15h 17min 57s
Objet : Re: [Gajim-devel] PKCS12 with password16:06:36 (I) gajim.gajim Encodings: d:utf-8, 
fs:UTF-8, p:UTF-8
16:06:36 (D) gajim.gtkgui_helpers I/O Error 
writing settings to '/home/user/.kde/share/services/xmpp.protocol'
Traceback (most recent call last):
  File /usr/share/gajim/src/gtkgui_helpers.py, line 722, in 
set_gajim_as_xmpp_handler
f = open(path_to_kde_file, 'a')
IOError: [Errno 2] Aucun fichier ou dossier de ce type: 
'/home/user/.kde/share/services/xmpp.protocol'
16:06:36 (D) gajim.c.resolver Import of 
libasyncns-python failed, getaddrinfo will block
Traceback (most recent call last):
  File /usr/share/gajim/src/common/resolver.py, line 44, in module
import libasyncns
  File /usr/share/gajim/src/common/demandimport.py, line 85, in _demandimport
return _origimport(name, globals, locals, fromlist)
ImportError: No module named libasyncns
16:06:38 (D) gajim.plugin_system Attributes 
processing started
16:06:38 (D) gajim.plugin_system WhiteboardPlugin 
: class 'whiteboard.plugin.WhiteboardPlugin'
16:06:38 (D) gajim.plugin_system is subclass of 
GajimPlugin
16:06:38 (D) gajim.plugin_system plugin : module 
'whiteboard.plugin' from '/usr/share/gajim/plugins/whiteboard/plugin.pyo'
16:06:38 (D) gajim.plugin_system whiteboard_widget 
: module 'whiteboard.whiteboard_widget' from 
'/usr/share/gajim/plugins/whiteboard/whiteboard_widget.pyo'
16:06:38 (D) gajim.plugin_system Attributes 
processing started
16:06:38 (D) gajim.plugin_system 
AcronymsExpanderPlugin : class 
'acronyms_expander.acronyms_expander.AcronymsExpanderPlugin'
16:06:38 (D) gajim.plugin_system is subclass of 
GajimPlugin
16:06:38 (D) gajim.plugin_system acronyms_expander 
: module 'acronyms_expander.acronyms_expander' from 
'/usr/share/gajim/plugins/acronyms_expander/acronyms_expander.pyo'
16:06:38 (D) gajim.plugin_system Attributes 
processing started
16:06:38 (D) gajim.plugin_system 
LengthNotifierPlugin : class 
'length_notifier.length_notifier.LengthNotifierPlugin'
16:06:38 (D) gajim.plugin_system is subclass of 
GajimPlugin
16:06:38 (D) gajim.plugin_system length_notifier : 
module 'length_notifier.length_notifier' from 
'/usr/share/gajim/plugins/length_notifier/length_notifier.pyo'
16:06:38 (D) gajim.plugin_system Attributes 
processing started
16:06:38 (D) gajim.plugin_system FtpManager : 
class 'ftp_manager.ftp_manager.FtpManager'
16:06:38 (D) gajim.plugin_system is subclass of 
GajimPlugin
16:06:38 (D) gajim.plugin_system ftp_manager : 
module 'ftp_manager.ftp_manager' from 
'/usr/share/gajim/plugins/ftp_manager/ftp_manager.pyo'
16:06:38 (D) gajim.plugin_system Attributes 
processing started
16:06:38 (D) gajim.plugin_system 
BannerTweaksPlugin : class 'banner_tweaks.plugin.BannerTweaksPlugin'
16:06:38 (D) gajim.plugin_system is subclass of 
GajimPlugin
16:06:38 (D) gajim.plugin_system plugin : module 
'banner_tweaks.plugin' from '/usr/share/gajim/plugins/banner_tweaks/plugin.pyo'
16:06:38 (D) gajim.plugin_system 
GajimPlugin.__init__() entered
16:06:38 (D) gajim.plugin_system 
GajimPlugin.load_config() entered
16:06:38 (D) gajim.plugin_system 
GajimPlugin.load_config() left
16:06:38

Re: [Gajim-devel] Re : PKCS12 with password

2011-07-25 Thread Yann Leboulanger 

the only thing I see is that:

Unable to load client pkcs12 certificate from file 
/home/user/xmpp_lab_set_pwd.p12: ([('PKCS12 routines', 'PKCS12_parse', 
'mac verify failure')],) ... Is it a valid PKCS12 cert?


which isn't very explicit why it fails to open the cert. We don't know 
if it's because it's encrypted.


could you try that in a python console:
 import OpenSSL.crypto
 OpenSSL.crypto.load_pkcs12(open('FULL_PATH_TO_YOUR_CERT').read())

what does that print?

The only other solution I see is: try to open cert, if that fails for 
any reason, ask for a passphrase. That's not very nice, but why not ...

___
Gajim-devel mailing list
Gajim-devel@gajim.org
http://lists.gajim.org/cgi-bin/listinfo/gajim-devel

[Gajim-devel] Re : PKCS12 with password

2011-07-25 Thread Saleem Edah-Tally 
- Message d'origine 

De : Yann Leboulanger aste...@lagaule.org
À : nmset nm...@yahoo.com
Cc : Gajim Devel gajim-devel@gajim.org
Envoyé le : Lun 25 juillet 2011, 15h 17min 57s
Objet : Re: [Gajim-devel] PKCS12 with password

Connection object should try to open the 
certificat, if that fails, asks a password, before trying to connect. 


One suggestion :

In the UI where the user declares what p12 to use for his account, there could 
be a checkbox with which the user says if the p12 file is encrypted or not.

This way, the code in tls_nb.py does not have to be exception dependent but 
rather based on user declaration.

If the user has declared an encrypted p12 file, a dialog asks for the password 
and load_pkcs is called with two arguments (the file, the password), else, with 
one single argument. as it is now.
___
Gajim-devel mailing list
Gajim-devel@gajim.org
http://lists.gajim.org/cgi-bin/listinfo/gajim-devel