Hi,
I believe that as of 0.11, pyOpenSSL has started supporting the
verification of signatures. I am working on a project which was
started by someone else using M2Crypto. M2Crypto is really painful to
include on platforms such as Heroku as it requires the use of SWIG.
Consequently I am trying to remove the dependency on M2Crypto and
replace with pyOpenSSL which is easy to install via Pip, and doesn't
require custom buildpacks and more which SWIG-related things do.
The link to the original code is
[here](https://github.com/pyroven/django-pyroven) and requires a
reasonably significant refactoring, as it falls a long way from 12
Factor App ideals. However, I wanted to know whether I was on the
right track for replacing the M2Crypto functions, which at present
consist:
key = cert.get_pubkey() # Cert is an M2Crypto X509 object
key = key.get_rsa()
ret = key.verify(hashed, self.sig)
if ret != 1:
# Cert invalid ... etc.
I tried to replace this with:
crypto.verify(cert, self.sig, hashed, 'sha1') # cert X509 object from
crypto.load_certificate()
Which I had assumed was roughly equivalent to the above, but I wonder
whether I got the wrong end of the stick having read through the
source as to what crypto.verify was actually doing.
At the present time I end up with the Exception:
[('rsa routines', 'RSA_verify', 'bad signature')]
Which is difficult to tell whether the code is right and the
hash/verification is correctly failing, or whether I'm actually doing
something which is fundamentally incorrect.
