Heikki Toivonen · Heikki Toivonen · Heikki Toivonen · Heikki Toivonen · Heikki Toivonen · Heikki Toivonen
--- a/CHANGES
+++ b/CHANGES
-0.20
----
+0.21 - 2011-01-12
+-----------------
+- Support OpenSSL 1.0. Thanks to Miloslav Trmac for figuring out how to fix
+  test_smime.py
+- Rename m2.engine_init to engine_init_error so that
+  ENGINE_init and ENGINE_finish can be exposed, thanks to Erlo
+- 0.20 started releasing Python locks even around some operations that
+  interacted with the Python runtime, potentially causing crashes and other
+  weirdness, fix by Miloslav Trmac
+- Make httpslib.ProxyHTTPSConnection work with Python 2.3
+
+0.20.2 - 2009-10-06
+-------------------
+- (Re)Enable configuration and use with OpenSSL 0.9.7g and older by disabling
+  RSA PSS methods when using such old OpenSSL, thanks to Stef Walter
+
+0.20.1 - 2009-08-27
+-------------------
+- Fix regression in httpslib.ProxyHTTPSConnection, by Miloslav Trmac
+
+0.20 - 2009-08-10
+-----------------
 - Deprecated M2Crypto.PGP subpackage since nobody seems to be using it nor
  is it being maintained (if you do use it, please let me know)
 - Added fedora_setup.sh to help work around differences on Fedora Core -based

--- a/LICENCE
+++ b/LICENCE
@@ -6,6 +6,8 @@ All rights reserved.
 Portions copyright (c) 2005-2006 Vrije Universiteit Amsterdam. 
 All rights reserved.

+Copyright (c) 2008-2010 Heikki Toivonen. All rights reserved.
+
 Permission to use, copy, modify, and distribute this software and its
 documentation for any purpose and without fee is hereby granted,
 provided that the above copyright notice appear in all copies and that

--- a/M2Crypto/Engine.py
+++ b/M2Crypto/Engine.py
@@ -10,7 +10,7 @@ from M2Crypto import m2, EVP, X509, Err

 class EngineError(Exception): pass

-m2.engine_init(EngineError)
+m2.engine_init_error(EngineError)

 class Engine:
    """Wrapper for ENGINE object."""
@@ -32,6 +32,16 @@ class Engine:
        if getattr(self, '_pyfree', 0):
            self.m2_engine_free(self._ptr)

+    def init(self):
+        """Obtain a functional reference to the engine.
+        
+        @return: 0 on error, non-zero on success."""
+        return m2.engine_init(self._ptr)
+        
+    def finish(self):
+        """Release a functional and structural reference to the engine."""
+        return m2.engine_finish(self._ptr)
+
    def ctrl_cmd_string(self, cmd, arg, optional = 0):
        """Call ENGINE_ctrl_cmd_string"""
        if not m2.engine_ctrl_cmd_string(self._ptr, cmd, arg, optional):

--- a/M2Crypto/RSA.py
+++ b/M2Crypto/RSA.py
@@ -163,6 +163,8 @@ class RSA:
    def sign_rsassa_pss(self, digest, algo='sha1', salt_length=20):
        """
        Signs a digest with the private key using RSASSA-PSS
+        
+        @requires: OpenSSL 0.9.7h or later.

        @type digest: str
        @param digest: A digest created by using the digest method
@@ -187,6 +189,8 @@ class RSA:
        """
        Verifies the signature RSASSA-PSS

+        @requires: OpenSSL 0.9.7h or later.
+
        @type data: str
        @param data: Data that has been signed


--- a/M2Crypto/SSL/Connection.py
+++ b/M2Crypto/SSL/Connection.py
@@ -272,7 +272,12 @@ class Connection:
    
    def get_peer_cert_chain(self):
        """Return the peer certificate chain; if the peer did not provide 
-        a certificate chain, return None."""
+        a certificate chain, return None.
+        
+        @warning: The returned chain will be valid only for as long as the
+        connection object is alive. Once the connection object gets freed,
+        the chain will be freed as well.
+        """
        c=m2.ssl_get_peer_cert_chain(self.ssl)
        if c is None:
            return None

--- a/M2Crypto/__init__.py
+++ b/M2Crypto/__init__.py
@@ -13,11 +13,11 @@ Copyright (c) 1999-2004 Ng Pheng Siong. All rights reserved.
 Portions created by Open Source Applications Foundation (OSAF) are
 Copyright (C) 2004-2007 OSAF. All Rights Reserved.

-Copyright 2008-2009 Heikki Toivonen. All rights reserved.
+Copyright 2008-2010 Heikki Toivonen. All rights reserved.
 """

-version_info = (0, 20)
-version = '.'.join([str(v) for v in version_info])
+version_info = (0, 21)
+version = '.'.join([str(_v) for _v in version_info])

 import __m2crypto
 import m2

--- a/M2Crypto/callback.py
+++ b/M2Crypto/callback.py
-"""Copyright (c) 1999-2003 Ng Pheng Siong. All rights reserved."""
+"""Deprecated, use the util module instead.
+
+Copyright (c) 1999-2003 Ng Pheng Siong. All rights reserved."""

 import warnings


--- a/M2Crypto/httpslib.py
+++ b/M2Crypto/httpslib.py
@@ -4,7 +4,7 @@ Copyright (c) 1999-2004 Ng Pheng Siong. All rights reserved."""

 import string, sys
 import socket
-from urlparse import urlsplit
+from urlparse import urlsplit, urlunsplit
 import base64

 from httplib import *
@@ -122,7 +122,7 @@ class ProxyHTTPSConnection(HTTPSConnection):
    def putrequest(self, method, url, skip_host=0, skip_accept_encoding=0):
        #putrequest is called before connect, so can interpret url and get
        #real host/port to be used to make CONNECT request to proxy
-        proto, netloc, path, query, fraqment = urlsplit(url)
+        proto, netloc, path, query, fragment = urlsplit(url)
        if not proto:
            raise ValueError, "unknown URL type: %s" % url
        
@@ -144,7 +144,11 @@ class ProxyHTTPSConnection(HTTPSConnection):

        self._real_host = host
        self._real_port = int(port)
-        HTTPSConnection.putrequest(self, method, rest, skip_host, skip_accept_encoding)
+        rest = urlunsplit((None, None, path, query, fragment))
+        if sys.version_info < (2,4):
+            HTTPSConnection.putrequest(self, method, rest, skip_host)
+        else:
+            HTTPSConnection.putrequest(self, method, rest, skip_host, skip_accept_encoding)

    def putheader(self, header, value):
        # Store the auth header if passed in.

--- a/SWIG/_aes.i
+++ b/SWIG/_aes.i
@@ -76,7 +76,7 @@ PyObject *AES_crypt(const AES_KEY *key, PyObject *in, int outlen, int op) {
        AES_encrypt((const unsigned char *)in, out, key);
    else
        AES_decrypt((const unsigned char *)in, out, key);
-    return PyString_FromStringAndSize(out, outlen);
+    return PyString_FromStringAndSize((char*)out, outlen);
 }

 int AES_type_check(AES_KEY *key) {

--- a/SWIG/_dsa.i
+++ b/SWIG/_dsa.i
@@ -155,13 +155,14 @@ PyObject *dsa_set_g(DSA *dsa, PyObject *value) {
 }
 %}

-%threadallow dsa_read_params;
 %inline %{
 DSA *dsa_read_params(BIO *f, PyObject *pyfunc) {
    DSA *ret;

    Py_INCREF(pyfunc);
+    Py_BEGIN_ALLOW_THREADS
    ret = PEM_read_bio_DSAparams(f, NULL, passphrase_callback, (void *)pyfunc);
+    Py_END_ALLOW_THREADS
    Py_DECREF(pyfunc);
    return ret;
 }
@@ -174,27 +175,29 @@ int dsa_write_params_bio(DSA* dsa, BIO* f) {
 }
 %}

-%threadallow dsa_write_key_bio;
 %inline %{
 int dsa_write_key_bio(DSA* dsa, BIO* f, EVP_CIPHER *cipher, PyObject *pyfunc) {
    int ret;

    Py_INCREF(pyfunc);
+    Py_BEGIN_ALLOW_THREADS
    ret = PEM_write_bio_DSAPrivateKey(f, dsa, cipher, NULL, 0,
                                        passphrase_callback, (void *)pyfunc);
+    Py_END_ALLOW_THREADS
    Py_DECREF(pyfunc);
    return ret;
 }
 %}

-%threadallow dsa_write_key_bio_no_cipher;
 %inline %{
 int dsa_write_key_bio_no_cipher(DSA* dsa, BIO* f, PyObject *pyfunc) {
    int ret;

    Py_INCREF(pyfunc);
+    Py_BEGIN_ALLOW_THREADS
    ret = PEM_write_bio_DSAPrivateKey(f, dsa, NULL, NULL, 0,
                                        passphrase_callback, (void *)pyfunc);
+    Py_END_ALLOW_THREADS
    Py_DECREF(pyfunc);
    return ret;
 }
@@ -207,25 +210,27 @@ int dsa_write_pub_key_bio(DSA* dsa, BIO* f) {
 }
 %}

-%threadallow dsa_read_key;
 %inline %{
 DSA *dsa_read_key(BIO *f, PyObject *pyfunc) {
    DSA *ret;

    Py_INCREF(pyfunc);
+    Py_BEGIN_ALLOW_THREADS
    ret = PEM_read_bio_DSAPrivateKey(f, NULL, passphrase_callback, (void *)pyfunc);
+    Py_END_ALLOW_THREADS
    Py_DECREF(pyfunc);
    return ret;
 }
 %}

-%threadallow dsa_read_pub_key;
 %inline %{
 DSA *dsa_read_pub_key(BIO *f, PyObject *pyfunc) {
    DSA *ret;

    Py_INCREF(pyfunc);
+    Py_BEGIN_ALLOW_THREADS
    ret = PEM_read_bio_DSA_PUBKEY(f, NULL, passphrase_callback, (void *)pyfunc);
+    Py_END_ALLOW_THREADS
    Py_DECREF(pyfunc);
    return ret;
 }

--- a/SWIG/_ec.i
+++ b/SWIG/_ec.i
@@ -205,39 +205,42 @@ int ec_key_write_pubkey(EC_KEY *key, BIO *f) {
 }
 %}

-%threadallow ec_key_read_bio;
 %inline %{
 EC_KEY *ec_key_read_bio(BIO *f, PyObject *pyfunc) {
    EC_KEY *ret;

    Py_INCREF(pyfunc);
+    Py_BEGIN_ALLOW_THREADS
    ret = PEM_read_bio_ECPrivateKey(f, NULL, passphrase_callback, (void *)pyfunc);
+    Py_END_ALLOW_THREADS
    Py_DECREF(pyfunc);
    return ret;
 }
 %}

-%threadallow ec_key_write_bio;
 %inline %{
 int ec_key_write_bio(EC_KEY *key, BIO *f, EVP_CIPHER *cipher, PyObject *pyfunc) {
    int ret;

    Py_INCREF(pyfunc);
+    Py_BEGIN_ALLOW_THREADS
    ret = PEM_write_bio_ECPrivateKey(f, key, cipher, NULL, 0,
        passphrase_callback, (void *)pyfunc);
+    Py_END_ALLOW_THREADS
    Py_DECREF(pyfunc);
    return ret;
 }
 %}

-%threadallow ec_key_write_bio_no_cipher;
 %inline %{
 int ec_key_write_bio_no_cipher(EC_KEY *key, BIO *f, PyObject *pyfunc) {
    int ret;

    Py_INCREF(pyfunc);
+    Py_BEGIN_ALLOW_THREADS
    ret = PEM_write_bio_ECPrivateKey(f, key, NULL, NULL, 0, 
                      passphrase_callback, (void *)pyfunc);
+    Py_END_ALLOW_THREADS
    Py_DECREF(pyfunc);
    return ret;
 }

--- a/SWIG/_engine.i
+++ b/SWIG/_engine.i
@@ -44,6 +44,12 @@ extern ENGINE * ENGINE_by_id(const char *);
 %rename(engine_free) ENGINE_free;
 extern int ENGINE_free(ENGINE *);

+%rename(engine_init) ENGINE_init;
+extern int ENGINE_init(ENGINE *);
+
+%rename(engine_finish) ENGINE_finish;
+extern int ENGINE_finish(ENGINE *);
+
 /*
 * Engine id/name functions
 */
@@ -161,7 +167,7 @@ extern EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
 %inline %{
 static PyObject *_engine_err;

-void engine_init(PyObject *engine_err) {
+void engine_init_error(PyObject *engine_err) {
    Py_INCREF(engine_err);
    _engine_err = engine_err;
 }

--- a/SWIG/_evp.i
+++ b/SWIG/_evp.i
@@ -4,6 +4,9 @@ Copyright (c) 1999 Ng Pheng Siong. All rights reserved.

 Portions Copyright (c) 2004-2007 Open Source Applications Foundation.
 Author: Heikki Toivonen
+
+Copyright (c) 2009-2010 Heikki Toivonen. All rights reserved.
+
 */

 %include <openssl/opensslconf.h>
@@ -180,7 +183,7 @@ PyObject *pkcs5_pbkdf2_hmac_sha1(PyObject *pass,

    PKCS5_PBKDF2_HMAC_SHA1(passbuf, passlen, saltbuf, saltlen, iter,
                           keylen, key);
-    ret = PyString_FromStringAndSize(key, keylen);
+    ret = PyString_FromStringAndSize((char*)key, keylen);
    OPENSSL_cleanse(key, keylen);
    return ret;
 }
@@ -339,7 +342,7 @@ PyObject *bytes_to_key(const EVP_CIPHER *cipher, EVP_MD *md,
    klen = EVP_BytesToKey(cipher, md, (unsigned char *)sbuf, 
        (unsigned char *)dbuf, dlen, iter, 
        key, NULL); /* Since we are not returning IV no need to derive it */
-    ret = PyString_FromStringAndSize(key, klen);
+    ret = PyString_FromStringAndSize((char*)key, klen);
    return ret;
 }

@@ -435,7 +438,7 @@ PyObject *sign_final(EVP_MD_CTX *ctx, EVP_PKEY *pkey) {
        PyErr_SetString(_evp_err, ERR_reason_error_string(ERR_get_error()));
        return NULL;
    }
-    ret = PyString_FromStringAndSize(sigbuf, siglen);
+    ret = PyString_FromStringAndSize((char*)sigbuf, siglen);
    OPENSSL_cleanse(sigbuf, siglen);
    OPENSSL_free(sigbuf);
    return ret;
@@ -463,39 +466,42 @@ int verify_final(EVP_MD_CTX *ctx, PyObject *blob, EVP_PKEY *pkey) {
 }
 %}

-%threadallow pkey_write_pem_no_cipher;
 %inline %{
 int pkey_write_pem_no_cipher(EVP_PKEY *pkey, BIO *f, PyObject *pyfunc) {
    int ret;

    Py_INCREF(pyfunc);
+    Py_BEGIN_ALLOW_THREADS
    ret = PEM_write_bio_PKCS8PrivateKey(f, pkey, NULL, NULL, 0,
            passphrase_callback, (void *)pyfunc);
+    Py_END_ALLOW_THREADS
    Py_DECREF(pyfunc);
    return ret;
 }
 %}

-%threadallow pkey_write_pem;
 %inline %{
 int pkey_write_pem(EVP_PKEY *pkey, BIO *f, EVP_CIPHER *cipher, PyObject *pyfunc) {
    int ret;

    Py_INCREF(pyfunc);
+    Py_BEGIN_ALLOW_THREADS
    ret = PEM_write_bio_PKCS8PrivateKey(f, pkey, cipher, NULL, 0,
            passphrase_callback, (void *)pyfunc);
+    Py_END_ALLOW_THREADS
    Py_DECREF(pyfunc);
    return ret;
 }
 %}

-%threadallow pkey_read_pem;
 %inline %{
 EVP_PKEY *pkey_read_pem(BIO *f, PyObject *pyfunc) {
    EVP_PKEY *pk;

    Py_INCREF(pyfunc);
+    Py_BEGIN_ALLOW_THREADS
    pk = PEM_read_bio_PrivateKey(f, NULL, passphrase_callback, (void *)pyfunc);
+    Py_END_ALLOW_THREADS
    Py_DECREF(pyfunc);
    return pk;
 }
@@ -513,7 +519,7 @@ PyObject *pkey_as_der(EVP_PKEY *pkey) {
        PyErr_SetString(PyExc_ValueError, "EVP_PKEY as DER failed");
        return NULL; 
    }
-    der = PyString_FromStringAndSize(pp, len);
+    der = PyString_FromStringAndSize((char*)pp, len);
    OPENSSL_free(pp);
    return der;
 }

--- a/SWIG/_m2crypto.i
+++ b/SWIG/_m2crypto.i
@@ -3,6 +3,9 @@
 *
 * Portions created by Open Source Applications Foundation (OSAF) are
 * Copyright (C) 2004-2006 OSAF. All Rights Reserved.
+ *
+ * Copyright (c) 2009-2010 Heikki Toivonen. All rights reserved.
+ *
 */

 %module(threads=1) _m2crypto
@@ -38,6 +41,19 @@ static PyObject *ssl_set_tmp_rsa_cb_func;
 #define CONST098
 #endif

+/* Bring in STACK_OF macro definition */
+%include <openssl/safestack.h>
+
+/* Bring in LHASH_OF macro definition */
+/* XXX Can't include lhash.h where LHASH_OF is defined, because it includes
+   XXX stdio.h etc. which we fail to include. So we have to (re)define
+   XXX LHASH_OF here instead.
+%include <openssl/lhash.h>
+*/
+#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+#define LHASH_OF(type) struct lhash_st_##type
+#endif
+
 %include constraints.i
 %include _threads.i
 %include _lib.i

--- a/SWIG/_pkcs7.i
+++ b/SWIG/_pkcs7.i
-/* Copyright (c) 2000 Ng Pheng Siong. All rights reserved. */
+/* Copyright (c) 2000 Ng Pheng Siong. All rights reserved.
+ * Copyright (c) 2009-2010 Heikki Toivonen. All rights reserved.
+*/
 /* $Id$ */

 %{
@@ -12,7 +14,7 @@
 %apply Pointer NONNULL { EVP_CIPHER * };
 %apply Pointer NONNULL { EVP_PKEY * };
 %apply Pointer NONNULL { PKCS7 * };
-%apply Pointer NONNULL { STACK * };
+%apply Pointer NONNULL { STACK_OF(X509) * };
 %apply Pointer NONNULL { X509 * };

 %rename(pkcs7_new) PKCS7_new;
@@ -54,8 +56,8 @@ void smime_init(PyObject *smime_err) {

 %threadallow pkcs7_encrypt;
 %inline %{
-PKCS7 *pkcs7_encrypt(STACK *stack, BIO *bio, EVP_CIPHER *cipher, int flags) {
-    return PKCS7_encrypt((STACK_OF(X509) *)stack, bio, cipher, flags);
+PKCS7 *pkcs7_encrypt(STACK_OF(X509) *stack, BIO *bio, EVP_CIPHER *cipher, int flags) {
+    return PKCS7_encrypt(stack, bio, cipher, flags);
 }

 PyObject *pkcs7_decrypt(PKCS7 *pkcs7, EVP_PKEY *pkey, X509 *cert, int flags) {
@@ -96,15 +98,14 @@ PKCS7 *pkcs7_sign0(X509 *x509, EVP_PKEY *pkey, BIO *bio, int flags) {

 %threadallow pkcs7_sign1;
 %inline %{
-PKCS7 *pkcs7_sign1(X509 *x509, EVP_PKEY *pkey, STACK *stack, BIO *bio, int flags) {
-    return PKCS7_sign(x509, pkey, (STACK_OF(X509) *)stack, bio, flags);
+PKCS7 *pkcs7_sign1(X509 *x509, EVP_PKEY *pkey, STACK_OF(X509) *stack, BIO *bio, int flags) {
+    return PKCS7_sign(x509, pkey, stack, bio, flags);
 }
 %}

-%threadallow pkcs7_verify1;
 %inline %{
-PyObject *pkcs7_verify1(PKCS7 *pkcs7, STACK *stack, X509_STORE *store, BIO *data, int flags) {
-    int outlen;
+PyObject *pkcs7_verify1(PKCS7 *pkcs7, STACK_OF(X509) *stack, X509_STORE *store, BIO *data, int flags) {
+    int res, outlen;
    char *outbuf;
    BIO *bio;
    PyObject *ret; 
@@ -113,7 +114,10 @@ PyObject *pkcs7_verify1(PKCS7 *pkcs7, STACK *stack, X509_STORE *store, BIO *data
        PyErr_SetString(PyExc_MemoryError, "pkcs7_verify1");
        return NULL;
    }
-    if (!PKCS7_verify(pkcs7, (STACK_OF(X509) *)stack, store, data, bio, flags)) {
+    Py_BEGIN_ALLOW_THREADS
+    res = PKCS7_verify(pkcs7, stack, store, data, bio, flags);
+    Py_END_ALLOW_THREADS
+    if (!res) {
        PyErr_SetString(_pkcs7_err, ERR_reason_error_string(ERR_get_error()));
        BIO_free(bio);
        return NULL;
@@ -131,7 +135,7 @@ PyObject *pkcs7_verify1(PKCS7 *pkcs7, STACK *stack, X509_STORE *store, BIO *data
    return ret;
 }

-PyObject *pkcs7_verify0(PKCS7 *pkcs7, STACK *stack, X509_STORE *store, int flags) {
+PyObject *pkcs7_verify0(PKCS7 *pkcs7, STACK_OF(X509) *stack, X509_STORE *store, int flags) {
    return pkcs7_verify1(pkcs7, stack, store, NULL, flags);
 }
 %}
@@ -229,7 +233,7 @@ int smime_crlf_copy(BIO *in, BIO *out) {
 }

 /* return STACK_OF(X509)* */     
-STACK *pkcs7_get0_signers(PKCS7 *p7, STACK *certs, int flags) {     
+STACK_OF(X509) *pkcs7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags) {     
    return PKCS7_get0_signers(p7, certs, flags);      
 }


--- a/SWIG/_rand.i
+++ b/SWIG/_rand.i
 /* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
-/* Copyright (c) 1999-2004 Ng Pheng Siong. All rights reserved. */
+/* Copyright (c) 1999-2004 Ng Pheng Siong. All rights reserved.
+ * Copyright (c) 2009-2010 Heikki Toivonen. All rights reserved.
+*/
 /* $Id$ */

 %module _rand
@@ -87,7 +89,7 @@ PyObject *rand_pseudo_bytes(int n) {
        Py_INCREF(Py_None);
        return Py_None;
    } else {
-        PyTuple_SET_ITEM(tuple, 0, PyString_FromStringAndSize(blob, n));
+        PyTuple_SET_ITEM(tuple, 0, PyString_FromStringAndSize((char*)blob, n));
        PyMem_Free(blob);
        PyTuple_SET_ITEM(tuple, 1, PyInt_FromLong((long)ret));
        return tuple;

--- a/SWIG/_rsa.i
+++ b/SWIG/_rsa.i
@@ -48,39 +48,42 @@ void rsa_init(PyObject *rsa_err) {
 }
 %}

-%threadallow rsa_read_key;
 %inline %{
 RSA *rsa_read_key(BIO *f, PyObject *pyfunc) {
    RSA *rsa;

    Py_INCREF(pyfunc);
+    Py_BEGIN_ALLOW_THREADS
    rsa = PEM_read_bio_RSAPrivateKey(f, NULL, passphrase_callback, (void *)pyfunc);
+    Py_END_ALLOW_THREADS
    Py_DECREF(pyfunc);
    return rsa;
 }
 %}

-%threadallow rsa_write_key;
 %inline %{
 int rsa_write_key(RSA *rsa, BIO *f, EVP_CIPHER *cipher, PyObject *pyfunc) {
    int ret;

    Py_INCREF(pyfunc);
+    Py_BEGIN_ALLOW_THREADS
    ret = PEM_write_bio_RSAPrivateKey(f, rsa, cipher, NULL, 0,
        passphrase_callback, (void *)pyfunc);
+    Py_END_ALLOW_THREADS
    Py_DECREF(pyfunc);
    return ret;
 }
 %}

-%threadallow rsa_write_key_no_cipher;
 %inline %{
 int rsa_write_key_no_cipher(RSA *rsa, BIO *f, PyObject *pyfunc) {
    int ret;

    Py_INCREF(pyfunc);
+    Py_BEGIN_ALLOW_THREADS
    ret = PEM_write_bio_RSAPrivateKey(f, rsa, NULL, NULL, 0, 
                      passphrase_callback, (void *)pyfunc);
+    Py_END_ALLOW_THREADS
    Py_DECREF(pyfunc);
    return ret;
 }
@@ -291,6 +294,7 @@ PyObject *rsa_private_decrypt(RSA *rsa, PyObject *from, int padding) {
    return ret;
 }

+#if OPENSSL_VERSION_NUMBER >= 0x0090708fL
 PyObject *rsa_padding_add_pkcs1_pss(RSA *rsa, PyObject *digest, EVP_MD *hash, int salt_length) {
    const void *dbuf;
    unsigned char *tbuf;
@@ -347,6 +351,7 @@ int rsa_verify_pkcs1_pss(RSA *rsa, PyObject *digest, PyObject *signature, EVP_MD

    return ret;
 }
+#endif

 PyObject *rsa_sign(RSA *rsa, PyObject *py_digest_string, int method_type) {
    int digest_len = 0;

--- a/SWIG/_ssl.i
+++ b/SWIG/_ssl.i
@@ -3,6 +3,9 @@
 /*
 ** Portions created by Open Source Applications Foundation (OSAF) are
 ** Copyright (C) 2004-2005 OSAF. All Rights Reserved.
+**
+** Copyright (c) 2009-2010 Heikki Toivonen. All rights reserved.
+**
 */
 /* $Id$ */

@@ -17,13 +20,17 @@
 %apply Pointer NONNULL { SSL_CTX * };
 %apply Pointer NONNULL { SSL * };
 %apply Pointer NONNULL { SSL_CIPHER * };
-%apply Pointer NONNULL { STACK * };
+%apply Pointer NONNULL { STACK_OF(SSL_CIPHER) * };
+%apply Pointer NONNULL { STACK_OF(X509) * };
 %apply Pointer NONNULL { BIO * };
 %apply Pointer NONNULL { DH * };
 %apply Pointer NONNULL { RSA * };
 %apply Pointer NONNULL { EVP_PKEY *};
 %apply Pointer NONNULL { PyObject *pyfunc };

+%rename(ssl_get_ciphers) SSL_get_ciphers;
+extern STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl);
+
 %rename(ssl_get_version) SSL_get_version;
 extern const char *SSL_get_version(CONST SSL *);
 %rename(ssl_get_error) SSL_get_error;
@@ -668,28 +675,24 @@ int ssl_cipher_get_bits(SSL_CIPHER *c) {
    return SSL_CIPHER_get_bits(c, NULL);
 }

-STACK *ssl_get_ciphers(SSL *ssl) {
-    return (STACK *)SSL_get_ciphers(ssl);
-}
-
-int sk_ssl_cipher_num(STACK *stack) {
-    return sk_num(stack);
+int sk_ssl_cipher_num(STACK_OF(SSL_CIPHER) *stack) {
+    return sk_SSL_CIPHER_num(stack);
 }

-SSL_CIPHER *sk_ssl_cipher_value(STACK *stack, int idx) {
-    return (SSL_CIPHER *)sk_value(stack, idx);
+SSL_CIPHER *sk_ssl_cipher_value(STACK_OF(SSL_CIPHER) *stack, int idx) {
+    return sk_SSL_CIPHER_value(stack, idx);
 }

-STACK *ssl_get_peer_cert_chain(SSL *ssl) {
-    return (STACK *)SSL_get_peer_cert_chain(ssl);
+STACK_OF(X509) *ssl_get_peer_cert_chain(SSL *ssl) {
+    return SSL_get_peer_cert_chain(ssl);
 }

-int sk_x509_num(STACK *stack) {
-    return sk_num(stack);
+int sk_x509_num(STACK_OF(X509) *stack) {
+    return sk_X509_num(stack);
 }

-X509 *sk_x509_value(STACK *stack, int idx) {
-    return (X509 *)sk_value(stack, idx);
+X509 *sk_x509_value(STACK_OF(X509) *stack, int idx) {
+    return sk_X509_value(stack, idx);
 }
 %}


--- a/SWIG/_util.i
+++ b/SWIG/_util.i
-/* Copyright (c) 1999-2002 Ng Pheng Siong. All rights reserved. */
+/* Copyright (c) 1999-2002 Ng Pheng Siong. All rights reserved.
+ * Copyright (c) 2009-2010 Heikki Toivonen. All rights reserved.
+*/
 /* $Id$ */

 %{
@@ -48,7 +50,7 @@ PyObject *util_string_to_hex(PyObject *blob) {
        PyErr_SetString(_util_err, ERR_reason_error_string(ERR_get_error()));
        return NULL;
    }
-    obj = PyString_FromStringAndSize(ret, len);
+    obj = PyString_FromStringAndSize((char*)ret, len);
    OPENSSL_free(ret);
    return obj;
 }

--- a/SWIG/_x509.i
+++ b/SWIG/_x509.i
@@ -3,6 +3,9 @@
 /*
 ** Portions created by Open Source Applications Foundation (OSAF) are
 ** Copyright (C) 2004-2005 OSAF. All Rights Reserved.
+**
+** Copyright (c) 2009-2010 Heikki Toivonen. All rights reserved.
+**
 */
 /* $Id$   */

@@ -148,8 +151,15 @@ extern int X509_NAME_add_entry_by_NID(X509_NAME *, int, int, unsigned char *, in
 extern int X509_NAME_print_ex(BIO *, X509_NAME *, int, unsigned long);
 %rename(x509_name_print_ex_fp) X509_NAME_print_ex_fp;
 extern int X509_NAME_print_ex_fp(FILE *, X509_NAME *, int, unsigned long);
+
+#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+%rename(x509_name_hash) X509_NAME_hash_old;
+extern unsigned long X509_NAME_hash_old(X509_NAME *);
+#else
 %rename(x509_name_hash) X509_NAME_hash;
 extern unsigned long X509_NAME_hash(X509_NAME *);
+#endif
+
 %rename(x509_name_get_index_by_nid) X509_NAME_get_index_by_NID;
 extern int X509_NAME_get_index_by_NID(X509_NAME *, int, int);

@@ -171,7 +181,7 @@ extern ASN1_STRING *X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *);
    if (PyString_Check($input)) {
        Py_ssize_t len;

-        $1 = PyString_AsString($input); 
+        $1 = (unsigned char *)PyString_AsString($input); 
        len = PyString_Size($input);
        if (len > INT_MAX) {
            PyErr_SetString(PyExc_ValueError, "object too large");
@@ -184,7 +194,7 @@ extern ASN1_STRING *X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *);
    }
 }
 %rename(x509_name_entry_set_data) X509_NAME_ENTRY_set_data;
-extern int X509_NAME_ENTRY_set_data( X509_NAME_ENTRY *, int, CONST unsigned char *, int);
+extern int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *, int, CONST unsigned char *, int);
 %typemap(in) (CONST unsigned char *, int);

 %rename(x509_req_new) X509_REQ_new;
@@ -230,7 +240,7 @@ extern int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *);
 %rename(x509_store_ctx_free) X509_STORE_CTX_free;
 extern void X509_STORE_CTX_free(X509_STORE_CTX *);
 %rename(x509_store_ctx_get1_chain) X509_STORE_CTX_get1_chain;
-extern STACK *X509_STORE_CTX_get1_chain(X509_STORE_CTX *);
+extern STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *);

 %rename(x509_extension_get_critical) X509_EXTENSION_get_critical;
 extern int X509_EXTENSION_get_critical(X509_EXTENSION *);
@@ -348,7 +358,7 @@ PyObject *i2d_x509(X509 *x)
        PyErr_SetString(_x509_err, ERR_reason_error_string(ERR_get_error()));
    }
    else {     
-        ret = PyString_FromStringAndSize(buf, len);
+        ret = PyString_FromStringAndSize((char*)buf, len);
        OPENSSL_free(buf);
    }
    return ret;
@@ -435,12 +445,12 @@ PyObject *x509_name_by_nid(X509_NAME *name, int nid) {
 }

 int x509_name_set_by_nid(X509_NAME *name, int nid, PyObject *obj) {
-    return X509_NAME_add_entry_by_NID(name, nid, MBSTRING_ASC, PyString_AsString(obj), -1, -1, 0);
+    return X509_NAME_add_entry_by_NID(name, nid, MBSTRING_ASC, (unsigned char *)PyString_AsString(obj), -1, -1, 0);
 }

 /* x509_name_add_entry_by_txt */
 int x509_name_add_entry_by_txt(X509_NAME *name, char *field, int type, char *bytes, int len, int loc, int set) {
-    return X509_NAME_add_entry_by_txt(name, field, type, bytes, len, loc, set);
+    return X509_NAME_add_entry_by_txt(name, field, type, (unsigned char *)bytes, len, loc, set);
 }

 PyObject *x509_name_get_der(X509_NAME *name)
@@ -450,23 +460,23 @@ PyObject *x509_name_get_der(X509_NAME *name)
 }

 /* sk_X509_new_null() is a macro returning "STACK_OF(X509) *". */
-STACK *sk_x509_new_null(void) {
-    return (STACK *)sk_X509_new_null();
+STACK_OF(X509) *sk_x509_new_null(void) {
+    return sk_X509_new_null();
 }

 /* sk_X509_free() is a macro. */
-void sk_x509_free(STACK *stack) {
-    sk_X509_free((STACK_OF(X509) *)stack);
+void sk_x509_free(STACK_OF(X509) *stack) {
+    sk_X509_free(stack);
 }

 /* sk_X509_push() is a macro. */
-int sk_x509_push(STACK *stack, X509 *x509) {
-    return sk_X509_push((STACK_OF(X509) *)stack, x509);
+int sk_x509_push(STACK_OF(X509) *stack, X509 *x509) {
+    return sk_X509_push(stack, x509);
 }

 /* sk_X509_pop() is a macro. */
-X509 *sk_x509_pop(STACK *stack) {
-    return sk_X509_pop((STACK_OF(X509) *)stack);
+X509 *sk_x509_pop(STACK_OF(X509) *stack) {
+    return sk_X509_pop(stack);
 }

 int x509_store_load_locations(X509_STORE *store, const char *file) {
@@ -493,21 +503,29 @@ int x509_req_set_version(X509_REQ *x, long version) {
    return X509_REQ_set_version(x, version);
 }

-int x509_req_add_extensions(X509_REQ *req, STACK *exts) {
-    return X509_REQ_add_extensions(req, (STACK_OF(X509_EXTENSION) *)exts);
+int x509_req_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts) {
+    return X509_REQ_add_extensions(req, exts);
 }

-X509_NAME_ENTRY *x509_name_entry_create_by_txt( X509_NAME_ENTRY **ne, char *field, int type, char *bytes, int len) {
-    return X509_NAME_ENTRY_create_by_txt( ne, field, type, bytes, len);
+X509_NAME_ENTRY *x509_name_entry_create_by_txt(X509_NAME_ENTRY **ne, char *field, int type, char *bytes, int len) {
+    return X509_NAME_ENTRY_create_by_txt( ne, field, type, (unsigned char *)bytes, len);
 }

-LHASH * 
-x509v3_lhash(){ 
-       return lh_new(NULL,NULL);
+#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+LHASH_OF(CONF_VALUE) 
+#else
+LHASH
+#endif
+*x509v3_lhash() { 
+    return lh_new(NULL, NULL); /* Should probably be lh_CONF_VALUE_new but won't compile. */
 }

 X509V3_CTX *
-x509v3_set_conf_lhash(LHASH * lhash){
+#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+x509v3_set_conf_lhash(LHASH_OF(CONF_VALUE) * lhash) {
+#else
+x509v3_set_conf_lhash(LHASH                * lhash) {
+#endif
      X509V3_CTX * ctx;
      if (!(ctx=(X509V3_CTX *)PyMem_Malloc(sizeof(X509V3_CTX)))) {
          PyErr_SetString(PyExc_MemoryError, "x509v3_set_conf_lhash");
@@ -517,11 +535,20 @@ x509v3_set_conf_lhash(LHASH * lhash){
      return ctx;
 }

-X509_EXTENSION *x509v3_ext_conf(LHASH *conf, X509V3_CTX *ctx, char *name, char *value) {
+X509_EXTENSION *
+#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+x509v3_ext_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, char *name, char *value) {
+#else
+x509v3_ext_conf(LHASH                *conf, X509V3_CTX *ctx, char *name, char *value) {
+#endif
      X509_EXTENSION * ext = NULL;
      ext = X509V3_EXT_conf(conf, ctx, name, value); 
      PyMem_Free(ctx); 
+#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+      lh_CONF_VALUE_free(conf);
+#else
      lh_free(conf);
+#endif
      return ext;
 }

@@ -543,33 +570,33 @@ PyObject *x509_extension_get_name(X509_EXTENSION *ext) {
 }

 /* sk_X509_EXTENSION_new_null is a macro. */
-STACK *sk_x509_extension_new_null(void) {
-    return (STACK *)sk_X509_EXTENSION_new_null();
+STACK_OF(X509_EXTENSION) *sk_x509_extension_new_null(void) {
+    return sk_X509_EXTENSION_new_null();
 }

 /* sk_X509_EXTENSION_free() is a macro. */
-void sk_x509_extension_free(STACK *stack) {
-    sk_X509_EXTENSION_free((STACK_OF(X509_EXTENSION) *)stack);
+void sk_x509_extension_free(STACK_OF(X509_EXTENSION) *stack) {
+    sk_X509_EXTENSION_free(stack);
 }

 /* sk_X509_EXTENSION_push() is a macro. */
-int sk_x509_extension_push(STACK *stack, X509_EXTENSION *x509_ext) {
-    return sk_X509_EXTENSION_push((STACK_OF(X509_EXTENSION) *)stack, x509_ext);
+int sk_x509_extension_push(STACK_OF(X509_EXTENSION) *stack, X509_EXTENSION *x509_ext) {
+    return sk_X509_EXTENSION_push(stack, x509_ext);
 }

 /* sk_X509_EXTENSION_pop() is a macro. */
-X509_EXTENSION *sk_x509_extension_pop(STACK *stack) {
-    return sk_X509_EXTENSION_pop((STACK_OF(X509_EXTENSION) *)stack);
+X509_EXTENSION *sk_x509_extension_pop(STACK_OF(X509_EXTENSION) *stack) {
+    return sk_X509_EXTENSION_pop(stack);
 }

 /* sk_X509_EXTENSION_num() is a macro. */
-int sk_x509_extension_num(STACK *stack) {
-    return sk_X509_EXTENSION_num((STACK_OF(X509_EXTENSION) *)stack);
+int sk_x509_extension_num(STACK_OF(X509_EXTENSION) *stack) {
+    return sk_X509_EXTENSION_num(stack);
 }

 /* sk_X509_EXTENSION_value() is a macro. */
-X509_EXTENSION *sk_x509_extension_value(STACK *stack, int i) {
-    return sk_X509_EXTENSION_value((STACK_OF(X509_EXTENSION) *)stack, i);
+X509_EXTENSION *sk_x509_extension_value(STACK_OF(X509_EXTENSION) *stack, int i) {
+    return sk_X509_EXTENSION_value(stack, i);
 }

 /* X509_STORE_CTX_get_app_data is a macro. */
@@ -590,7 +617,7 @@ Used in the wrapping of ASN1_seq_unpack and ASN1_seq_pack functions.
 #define I2DTYPE int (*)()
 #endif   

-STACK *
+STACK_OF(X509) *
 make_stack_from_der_sequence(PyObject * pyEncodedString){
    STACK_OF(X509) *certs;
    Py_ssize_t encoded_string_len;
@@ -606,7 +633,7 @@ make_stack_from_der_sequence(PyObject * pyEncodedString){
        return NULL;
    }

-    certs = ASN1_seq_unpack((unsigned char *)encoded_string, encoded_string_len, (D2ITYPE)d2i_X509, (void(*)())X509_free ); 
+    certs = ASN1_seq_unpack_X509((unsigned char *)encoded_string, encoded_string_len, d2i_X509, X509_free ); 
    if (!certs) {
       PyErr_SetString(_x509_err, ERR_reason_error_string(ERR_get_error()));
       return NULL;
@@ -616,13 +643,13 @@ make_stack_from_der_sequence(PyObject * pyEncodedString){
 }

 PyObject *
-get_der_encoding_stack(STACK * stack){
+get_der_encoding_stack(STACK_OF(X509) *stack){
    PyObject * encodedString;
    
    unsigned char * encoding;
    int len; 
    
-    encoding = ASN1_seq_pack((STACK_OF(X509)*) stack, (I2DTYPE)i2d_X509, NULL, &len); 
+    encoding = ASN1_seq_pack_X509(stack, i2d_X509, NULL, &len); 
    if (!encoding) {
       PyErr_SetString(_x509_err, ERR_reason_error_string(ERR_get_error()));
       return NULL;