Catch up to trunk

22 files changed, 267 insertions, 59 deletions

diff --git a/OpenSSL/crypto/crl.c b/OpenSSL/crypto/crl.c
index bc76f22..eec5bcb 100644
--- a/OpenSSL/crypto/crl.c
+++ b/OpenSSL/crypto/crl.c
@@ -276,12 +276,15 @@ PyTypeObject crypto_CRL_Type = {
 };
 
 int init_crypto_crl(PyObject *module) {
-       if (PyType_Ready(&crypto_CRL_Type) < 0) {
-                  return 0;
-       }
+    if (PyType_Ready(&crypto_CRL_Type) < 0) {
+        return 0;
+    }
 
-       if (PyModule_AddObject(module, "CRL", (PyObject *)&crypto_CRL_Type) != 0) {
-                  return 0;
-       }
-       return 1;
+    /* PyModule_AddObject steals a reference.
+     */
+    Py_INCREF((PyObject *)&crypto_CRL_Type);
+    if (PyModule_AddObject(module, "CRL", (PyObject *)&crypto_CRL_Type) != 0) {
+        return 0;
+    }
+    return 1;
 }
diff --git a/OpenSSL/crypto/crypto.c b/OpenSSL/crypto/crypto.c
index 28b279a..3573a12 100644
--- a/OpenSSL/crypto/crypto.c
+++ b/OpenSSL/crypto/crypto.c
@@ -1,9 +1,10 @@
 /*
  * crypto.c
  *
- * Copyright (C) AB Strakt 2001, All rights reserved
- * Copyright (C) Keyphrene 2004, All rights reserved
- * Copyright (C) Jean-Paul Calderone 2008-2009, All rights reserved
+ * Copyright (C) AB Strakt
+ * Copyright (C) Keyphrene
+ * Copyright (C) Jean-Paul Calderone
+ * See LICENSE for details.
  *
  * Main file of crypto sub module.
  * See the file RATIONALE for a short explanation of why this module was written.
@@ -837,13 +838,21 @@ PyOpenSSL_MODINIT(crypto) {
     crypto_API[crypto_PKCS7_New_NUM]     = (void *)crypto_PKCS7_New;
     crypto_API[crypto_NetscapeSPKI_New_NUM]     = (void *)crypto_NetscapeSPKI_New;
     c_api_object = PyCObject_FromVoidPtr((void *)crypto_API, NULL);
-    if (c_api_object != NULL)
+    if (c_api_object != NULL) {
+        /* PyModule_AddObject steals a reference.
+         */
+        Py_INCREF(c_api_object);
         PyModule_AddObject(module, "_C_API", c_api_object);
+    }
 #endif
 
     crypto_Error = PyErr_NewException("OpenSSL.crypto.Error", NULL, NULL);
     if (crypto_Error == NULL)
         goto error;
+
+    /* PyModule_AddObject steals a reference.
+     */
+    Py_INCREF(crypto_Error);
     if (PyModule_AddObject(module, "Error", crypto_Error) != 0)
         goto error;
 
diff --git a/OpenSSL/crypto/crypto.h b/OpenSSL/crypto/crypto.h
index 947f349..4006e71 100644
--- a/OpenSSL/crypto/crypto.h
+++ b/OpenSSL/crypto/crypto.h
@@ -1,19 +1,32 @@
 /*
  * crypto.h
  *
- * Copyright (C) AB Strakt 2001, All rights reserved
+ * Copyright (C) AB Strakt
+ * See LICENSE for details.
  *
  * Exports from crypto.c.
  * See the file RATIONALE for a short explanation of why this module was written.
  *
  * Reviewed 2001-07-23
  *
- * @(#) $Id: crypto.h,v 1.14 2004/08/09 13:41:25 martin Exp $
  */
 #ifndef PyOpenSSL_CRYPTO_H_
 #define PyOpenSSL_CRYPTO_H_
 
 #include <Python.h>
+/* Work around a bug in OpenSSL 1.0.0 which is caused by winsock.h being
+   included (from dtls1.h) too late by the OpenSSL header files, overriding
+   the fixes (in ossl_typ.h) for symbol clashes caused by this OS header
+   file.
+   
+   In order to have those fixes still take effect, we include winsock.h
+   here, prior to including any OpenSSL header files.
+   
+ */
+#ifdef _WIN32
+# include "winsock.h"
+#endif
+
 #include "x509.h"
 #include "x509name.h"
 #include "netscape_spki.h"
@@ -110,7 +123,7 @@ extern void **crypto_API;
     PyObject *crypto_dict, *crypto_api_object; \
     crypto_dict = PyModule_GetDict(crypto_module); \
     crypto_api_object = PyDict_GetItemString(crypto_dict, "_C_API"); \
-    if (PyCObject_Check(crypto_api_object)) { \
+    if (crypto_api_object && PyCObject_Check(crypto_api_object)) { \
       crypto_API = (void **)PyCObject_AsVoidPtr(crypto_api_object); \
     } \
   } \
diff --git a/OpenSSL/crypto/netscape_spki.c b/OpenSSL/crypto/netscape_spki.c
index ff40962..9369d50 100644
--- a/OpenSSL/crypto/netscape_spki.c
+++ b/OpenSSL/crypto/netscape_spki.c
@@ -1,7 +1,8 @@
 /*
  * netscape_spki.c
  *
- * Copyright (C) Tollef Fog Heen 2003
+ * Copyright (C) Tollef Fog Heen
+ * See LICENSE for details.
  *
  * Netscape SPKI handling, thin wrapper
  */
@@ -297,10 +298,16 @@ init_crypto_netscape_spki(PyObject *module) {
         return 0;
     }
 
+    /* PyModule_AddObject steals a reference
+     */
+    Py_INCREF((PyObject *)&crypto_NetscapeSPKI_Type);
     if (PyModule_AddObject(module, "NetscapeSPKI", (PyObject *)&crypto_NetscapeSPKI_Type) != 0) {
         return 0;
     }
 
+    /* PyModule_AddObject steals a reference
+     */
+    Py_INCREF((PyObject *)&crypto_NetscapeSPKI_Type);
     if (PyModule_AddObject(module, "NetscapeSPKIType", (PyObject *)&crypto_NetscapeSPKI_Type) != 0) {
         return 0;
     }
diff --git a/OpenSSL/crypto/netscape_spki.h b/OpenSSL/crypto/netscape_spki.h
index 19389d8..2f07307 100644
--- a/OpenSSL/crypto/netscape_spki.h
+++ b/OpenSSL/crypto/netscape_spki.h
@@ -1,7 +1,8 @@
 /*
  * netscape_spki.h
  *
- * Copyright (C) Tollef Fog Heen 2003, All rights reserved
+ * Copyright (C) Tollef Fog Heen
+ * See LICENSE for details.
  *
  * Handle Netscape SPKI (challenge response) certificate requests.
  *
diff --git a/OpenSSL/crypto/pkcs12.c b/OpenSSL/crypto/pkcs12.c
index 81d6074..a1a5a79 100644
--- a/OpenSSL/crypto/pkcs12.c
+++ b/OpenSSL/crypto/pkcs12.c
@@ -1,7 +1,8 @@
 /*
  * pkcs12.c
  *
- * Copyright (C) AB Strakt 2001, All rights reserved
+ * Copyright (C) AB Strakt
+ * See LICENSE for details.
  *
  * Certificate transport (PKCS12) handling code,
  * mostly thin wrappers around OpenSSL.
@@ -336,15 +337,25 @@ crypto_PKCS12_New(PKCS12 *p12, char *passphrase) {
     }
 
     /* parse the PKCS12 lump */
-    if (p12 && !PKCS12_parse(p12, passphrase, &pkey, &cert, &cacerts)) {
-        /*
-         * If PKCS12_parse fails, and it allocated cacerts, it seems to free
-         * cacerts, but not re-NULL the pointer.  Zounds!  Make sure it is
-         * re-set to NULL here, else we'll have a double-free below.
-         */
-        cacerts = NULL;
-        exception_from_error_queue(crypto_Error);
-        goto error;
+    if (p12) {
+        if (!PKCS12_parse(p12, passphrase, &pkey, &cert, &cacerts)) {
+	    /*
+             * If PKCS12_parse fails, and it allocated cacerts, it seems to
+             * free cacerts, but not re-NULL the pointer.  Zounds!  Make sure
+             * it is re-set to NULL here, else we'll have a double-free below.
+             */
+            cacerts = NULL;
+            exception_from_error_queue(crypto_Error);
+            goto error;
+        } else {
+	  /*
+	   * OpenSSL 1.0.0 sometimes leaves an X509_check_private_key error in
+	   * the queue for no particular reason.  This error isn't interesting
+	   * to anyone outside this function.  It's not even interesting to
+	   * us.  Get rid of it.
+	   */
+	  flush_error_queue();
+	}
     }
 
     if (!(self = PyObject_GC_New(crypto_PKCS12Obj, &crypto_PKCS12_Type))) {
@@ -551,10 +562,16 @@ init_crypto_pkcs12(PyObject *module) {
         return 0;
     }
 
+    /* PyModule_AddObject steals a reference.
+     */
+    Py_INCREF((PyObject *)&crypto_PKCS12_Type);
     if (PyModule_AddObject(module, "PKCS12", (PyObject *)&crypto_PKCS12_Type) != 0) {
         return 0;
     }
 
+    /* PyModule_AddObject steals a reference.
+     */
+    Py_INCREF((PyObject *)&crypto_PKCS12_Type);
     if (PyModule_AddObject(module, "PKCS12Type", (PyObject *)&crypto_PKCS12_Type) != 0) {
         return 0;
     }
diff --git a/OpenSSL/crypto/pkcs12.h b/OpenSSL/crypto/pkcs12.h
index 3abfa52..f0de1a8 100644
--- a/OpenSSL/crypto/pkcs12.h
+++ b/OpenSSL/crypto/pkcs12.h
@@ -1,11 +1,11 @@
 /*
  * pkcs12.h
  *
- * Copyright (C) AB Strakt 2001, All rights reserved
+ * Copyright (C) AB Strakt
+ * See LICENSE for details.
  *
  * Export PKCS12 functions and data structure.
  *
- * @(#) $$
  */
 #ifndef PyOpenSSL_crypto_PKCS12_H_
 #define PyOpenSSL_crypto_PKCS12_H_
diff --git a/OpenSSL/crypto/pkcs7.c b/OpenSSL/crypto/pkcs7.c
index fff95e2..1770f7f 100644
--- a/OpenSSL/crypto/pkcs7.c
+++ b/OpenSSL/crypto/pkcs7.c
@@ -1,7 +1,8 @@
 /*
  * pkcs7.c
  *
- * Copyright (C) AB Strakt 2002, All rights reserved
+ * Copyright (C) AB Strakt
+ * See LICENSE for details.
  *
  * PKCS7 handling code, mostly thin wrappers around OpenSSL.
  * See the file RATIONALE for a short explanation of why this module was written.
@@ -203,6 +204,9 @@ init_crypto_pkcs7(PyObject *module) {
         return 0;
     }
 
+    /* PyModule_AddObject steals a reference.
+     */
+    Py_INCREF((PyObject *)&crypto_PKCS7_Type);
     if (PyModule_AddObject(module, "PKCS7Type", (PyObject *)&crypto_PKCS7_Type) != 0) {
         return 0;
     }
diff --git a/OpenSSL/crypto/pkcs7.h b/OpenSSL/crypto/pkcs7.h
index bdbb425..d8453b2 100644
--- a/OpenSSL/crypto/pkcs7.h
+++ b/OpenSSL/crypto/pkcs7.h
@@ -1,12 +1,12 @@
 /*
  * pkcs7.h
  *
- * Copyright (C) AB Strakt 2002, All rights reserved
+ * Copyright (C) AB Strakt
+ * See LICENSE for details.
  *
  * Export pkcs7 functions and data structure.
  * See the file RATIONALE for a short explanation of why this module was written.
  *
- * @(#) $Id: pkcs7.h,v 1.2 2002/09/04 22:24:59 iko Exp $
  */
 #ifndef PyOpenSSL_crypto_PKCS7_H_
 #define PyOpenSSL_crypto_PKCS7_H_
diff --git a/OpenSSL/crypto/pkey.c b/OpenSSL/crypto/pkey.c
index 6494d2a..0a13aa3 100644
--- a/OpenSSL/crypto/pkey.c
+++ b/OpenSSL/crypto/pkey.c
@@ -1,8 +1,9 @@
 /*
  * pkey.c
  *
- * Copyright (C) AB Strakt 2001, All rights reserved
- * Copyright (C) Jean-Paul Calderone 2008, All rights reserved
+ * Copyright (C) AB Strakt
+ * Copyright (C) Jean-Paul Calderone
+ * See LICENSE for details.
  *
  * Public/rivate key handling code, mostly thin wrappers around OpenSSL.
  * See the file RATIONALE for a short explanation of why this module was written.
@@ -251,10 +252,16 @@ init_crypto_pkey(PyObject *module)
         return 0;
     }
 
+    /* PyModule_AddObject steals a reference.
+     */
+    Py_INCREF((PyObject *)&crypto_PKey_Type);
     if (PyModule_AddObject(module, "PKey", (PyObject *)&crypto_PKey_Type) != 0) {
         return 0;
     }
 
+    /* PyModule_AddObject steals a reference.
+     */
+    Py_INCREF((PyObject *)&crypto_PKey_Type);
     if (PyModule_AddObject(module, "PKeyType", (PyObject *)&crypto_PKey_Type) != 0) {
         return 0;
     }
diff --git a/OpenSSL/crypto/pkey.h b/OpenSSL/crypto/pkey.h
index 3ac7bde..dc5e52e 100644
--- a/OpenSSL/crypto/pkey.h
+++ b/OpenSSL/crypto/pkey.h
@@ -1,13 +1,13 @@
 /*
  * pkey.h
  *
- * Copyright (C) AB Strakt 2001, All rights reserved
- * Copyright (C) Jean-Paul Calderone 2008, All rights reserved
+ * Copyright (C) AB Strakt
+ * Copyright (C) Jean-Paul Calderone
+ * See LICENSE for details.
  *
  * Export pkey functions and data structure.
  * See the file RATIONALE for a short explanation of why this module was written.
  *
- * @(#) $Id: pkey.h,v 1.5 2002/09/04 22:24:59 iko Exp $
  */
 #ifndef PyOpenSSL_crypto_PKEY_H_
 #define PyOpenSSL_crypto_PKEY_H_
diff --git a/OpenSSL/crypto/revoked.c b/OpenSSL/crypto/revoked.c
index e9b1297..93f9946 100644
--- a/OpenSSL/crypto/revoked.c
+++ b/OpenSSL/crypto/revoked.c
@@ -434,6 +434,9 @@ int init_crypto_revoked(PyObject *module) {
         return 0;
     }
 
+    /* PyModule_AddObject steals a reference.
+     */
+    Py_INCREF((PyObject *)&crypto_Revoked_Type);
     if (PyModule_AddObject(module, "Revoked", (PyObject *)&crypto_Revoked_Type) != 0) {
         return 0;
     }
diff --git a/OpenSSL/crypto/x509.c b/OpenSSL/crypto/x509.c
index 9c2448c..0754dec 100644
--- a/OpenSSL/crypto/x509.c
+++ b/OpenSSL/crypto/x509.c
@@ -1,8 +1,9 @@
 /*
  * x509.c
  *
- * Copyright (C) AB Strakt 2001, All rights reserved
- * Copyright (C) Jean-Paul Calderone 2008, All rights reserved
+ * Copyright (C) AB Strakt
+ * Copyright (C) Jean-Paul Calderone
+ * See LICENSE for details.
  *
  * Certificate (X.509) handling code, mostly thin wrappers around OpenSSL.
  * See the file RATIONALE for a short explanation of why this module was written.
@@ -12,6 +13,7 @@
 #include <Python.h>
 #define crypto_MODULE
 #include "crypto.h"
+#include "x509ext.h"
 
 /*
  * X.509 is a standard for digital certificates.  See e.g. the OpenSSL homepage
@@ -299,7 +301,7 @@ crypto_X509_get_pubkey(crypto_X509Obj *self, PyObject *args)
 
     py_pkey = crypto_PKey_New(pkey, 1);
     if (py_pkey != NULL) {
-	py_pkey->only_public = 1;
+        py_pkey->only_public = 1;
     }
     return (PyObject *)py_pkey;
 }
@@ -517,6 +519,34 @@ crypto_X509_gmtime_adj_notAfter(crypto_X509Obj *self, PyObject *args)
     return Py_None;
 }
 
+
+static char crypto_X509_get_signature_algorithm_doc[] = "\n\
+Retrieve the signature algorithm used in the certificate\n\
+\n\
+@return: A byte string giving the name of the signature algorithm used in\n\
+         the certificate.\n\
+@raise ValueError: If the signature algorithm is undefined.\n\
+";
+
+static PyObject *
+crypto_X509_get_signature_algorithm(crypto_X509Obj *self, PyObject *args) {
+    ASN1_OBJECT *alg;
+    int nid;
+
+    if (!PyArg_ParseTuple(args, ":get_signature_algorithm")) {
+        return NULL;
+    }
+
+    alg = self->x509->cert_info->signature->algorithm;
+    nid = OBJ_obj2nid(alg);
+    if (nid == NID_undef) {
+        PyErr_SetString(PyExc_ValueError, "Undefined signature algorithm");
+        return NULL;
+    }
+    return PyBytes_FromString(OBJ_nid2ln(nid));
+}
+
+
 static char crypto_X509_sign_doc[] = "\n\
 Sign the certificate using the supplied key and digest\n\
 \n\
@@ -684,6 +714,52 @@ crypto_X509_add_extensions(crypto_X509Obj *self, PyObject *args)
     return Py_None;
 }
 
+static char crypto_X509_get_extension_count_doc[] = "\n\
+Get the number of extensions on the certificate.\n\
+\n\
+@return: Number of extensions as a Python integer\n\
+";
+
+static PyObject *
+crypto_X509_get_extension_count(crypto_X509Obj *self, PyObject *args) {
+    if (!PyArg_ParseTuple(args, ":get_extension_count")) {
+        return NULL;
+    }
+
+    return PyLong_FromLong((long)X509_get_ext_count(self->x509));
+}
+
+static char crypto_X509_get_extension_doc[] = "\n\
+Get a specific extension of the certificate by index.\n\
+\n\
+@param index: The index of the extension to retrieve.\n\
+@return: The X509Extension object at the specified index.\n\
+";
+
+static PyObject *
+crypto_X509_get_extension(crypto_X509Obj *self, PyObject *args) {
+    crypto_X509ExtensionObj *extobj;
+    int loc;
+    X509_EXTENSION *ext;
+
+    if (!PyArg_ParseTuple(args, "i:get_extension", &loc)) {
+        return NULL;
+    }
+
+    /* will return NULL if loc is outside the range of extensions,
+       not registered as an error*/
+    ext = X509_get_ext(self->x509, loc);
+    if (!ext) {
+        PyErr_SetString(PyExc_IndexError, "extension index out of bounds");
+        return NULL; /* Should be reported as an IndexError ? */
+    }
+
+    extobj = PyObject_New(crypto_X509ExtensionObj, &crypto_X509Extension_Type);
+    extobj->x509_extension = X509_EXTENSION_dup(ext);
+
+    return (PyObject*)extobj;
+}
+
 /*
  * ADD_METHOD(name) expands to a correct PyMethodDef declaration
  *   {  'name', (PyCFunction)crypto_X509_name, METH_VARARGS }
@@ -709,11 +785,14 @@ static PyMethodDef crypto_X509_methods[] =
     ADD_METHOD(set_notAfter),
     ADD_METHOD(gmtime_adj_notBefore),
     ADD_METHOD(gmtime_adj_notAfter),
+    ADD_METHOD(get_signature_algorithm),
     ADD_METHOD(sign),
     ADD_METHOD(has_expired),
     ADD_METHOD(subject_name_hash),
     ADD_METHOD(digest),
     ADD_METHOD(add_extensions),
+    ADD_METHOD(get_extension),
+    ADD_METHOD(get_extension_count),
     { NULL, NULL }
 };
 #undef ADD_METHOD
@@ -833,10 +912,14 @@ init_crypto_x509(PyObject *module)
         return 0;
     }
 
+    /* PyModule_AddObject steals a reference.
+     */
+    Py_INCREF((PyObject *)&crypto_X509_Type);
     if (PyModule_AddObject(module, "X509", (PyObject *)&crypto_X509_Type) != 0) {
         return 0;
     }
 
+    Py_INCREF((PyObject *)&crypto_X509_Type);
     if (PyModule_AddObject(module, "X509Type", (PyObject *)&crypto_X509_Type) != 0) {
         return 0;
     }
diff --git a/OpenSSL/crypto/x509.h b/OpenSSL/crypto/x509.h
index 43e41eb..f6cd190 100644
--- a/OpenSSL/crypto/x509.h
+++ b/OpenSSL/crypto/x509.h
@@ -1,14 +1,14 @@
 /*
  * x509.h
  *
- * Copyright (C) AB Strakt 2001, All rights reserved
+ * Copyright (C) AB Strakt
+ * See LICENSE for details.
  *
  * Export x509 functions and data structure.
  * See the file RATIONALE for a short explanation of why this module was written.
  *
  * Reviewed 2001-07-23
  *
- * @(#) $Id: x509.h,v 1.9 2002/09/04 22:24:59 iko Exp $
  */
 #ifndef PyOpenSSL_crypto_X509_H_
 #define PyOpenSSL_crypto_X509_H_
diff --git a/OpenSSL/crypto/x509ext.c b/OpenSSL/crypto/x509ext.c
index d629732..adbe084 100644
--- a/OpenSSL/crypto/x509ext.c
+++ b/OpenSSL/crypto/x509ext.c
@@ -1,12 +1,12 @@
 /*
  * x509ext.c
  *
- * Copyright (C) Jean-Paul Calderone 2008, All rights reserved
+ * Copyright (C) Jean-Paul Calderone
+ * See LICENSE for details.
  *
  * Export X.509 extension functions and data structures.
  * See the file RATIONALE for a short explanation of why this module was written.
  *
- * @(#) $Id: x509ext.c,v 1.1 2002/07/09 13:34:46 martin Exp $
  */
 
 #include <Python.h>
@@ -51,6 +51,26 @@ crypto_X509Extension_get_short_name(crypto_X509ExtensionObj *self, PyObject *arg
 }
 
 
+static char crypto_X509Extension_get_data_doc[] = "\n\
+Returns the data of the X509Extension\n\
+\n\
+@return: A C{str} giving the X509Extension's ASN.1 encoded data.\n\
+";
+
+static PyObject *
+crypto_X509Extension_get_data(crypto_X509ExtensionObj *self, PyObject *args) {
+    ASN1_OCTET_STRING *data;
+    PyObject *result;
+
+    if (!PyArg_ParseTuple(args, ":get_data")) {
+        return NULL;
+    }
+
+    data = X509_EXTENSION_get_data(self->x509_extension);
+    result = PyBytes_FromStringAndSize((const char*)data->data, data->length);
+    return result;
+}
+
 /*
  * ADD_METHOD(name) expands to a correct PyMethodDef declaration
  *   {  'name', (PyCFunction)crypto_X509Extension_name, METH_VARARGS }
@@ -62,6 +82,7 @@ static PyMethodDef crypto_X509Extension_methods[] =
 {
     ADD_METHOD(get_critical),
     ADD_METHOD(get_short_name),
+    ADD_METHOD(get_data),
     { NULL, NULL }
 };
 #undef ADD_METHOD
@@ -295,11 +316,17 @@ init_crypto_x509extension(PyObject *module)
         return 0;
     }
 
+    /* PyModule_AddObject steals a reference.
+     */
+    Py_INCREF((PyObject *)&crypto_X509Extension_Type);
     if (PyModule_AddObject(module, "X509Extension",
                            (PyObject *)&crypto_X509Extension_Type) != 0) {
         return 0;
     }
 
+    /* PyModule_AddObject steals a reference.
+     */
+    Py_INCREF((PyObject *)&crypto_X509Extension_Type);
     if (PyModule_AddObject(module, "X509ExtensionType",
                            (PyObject *)&crypto_X509Extension_Type) != 0) {
         return 0;
diff --git a/OpenSSL/crypto/x509ext.h b/OpenSSL/crypto/x509ext.h
index 6ce7f68..3ddc716 100644
--- a/OpenSSL/crypto/x509ext.h
+++ b/OpenSSL/crypto/x509ext.h
@@ -1,12 +1,12 @@
 /*
  * x509ext.h
  *
- * Copyright (C) Awanim 2002, All rights reserved
+ * Copyright (C) Awanim
+ * See LICENSE for details.
  *
  * Export X.509 extension functions and data structures.
  * See the file RATIONALE for a short explanation of why this module was written.
  *
- * @(#) $Id: x509ext.h,v 1.2 2002/09/04 22:24:59 iko Exp $
  */
 #ifndef PyOpenSSL_crypto_X509EXTENSION_H_
 #define PyOpenSSL_crypto_X509EXTENSION_H_
diff --git a/OpenSSL/crypto/x509name.c b/OpenSSL/crypto/x509name.c
index e10c5a5..a62c957 100644
--- a/OpenSSL/crypto/x509name.c
+++ b/OpenSSL/crypto/x509name.c
@@ -1,8 +1,9 @@
 /*
  * x509name.c
  *
- * Copyright (C) AB Strakt 2001, All rights reserved
- * Copyright (C) Jean-Paul Calderone 2008-2009, All rights reserved
+ * Copyright (C) AB Strakt
+ * Copyright (C) Jean-Paul Calderone
+ * See LICENSE for details.
  *
  * X.509 Name handling, mostly thin wrapping.
  * See the file RATIONALE for a short explanation of why this module was written.
@@ -194,14 +195,30 @@ crypto_X509Name_getattro(crypto_X509NameObj *self, PyObject *nameobj)
  *            value - The value to set
  */
 static int
-crypto_X509Name_setattr(crypto_X509NameObj *self, char *name, PyObject *value)
+crypto_X509Name_setattro(crypto_X509NameObj *self, PyObject *nameobj, PyObject *value)
 {
     int nid;
     int result;
     char *buffer;
+    char *name;
+
+    if (!PyBytes_CheckExact(nameobj) && !PyUnicode_CheckExact(nameobj)) {
+        PyErr_Format(PyExc_TypeError,
+                     "attribute name must be string, not '%.200s'",
+                     Py_TYPE(nameobj)->tp_name);
+        return -1;
+    }
+
+#ifdef PY3
+    name = PyBytes_AsString(PyUnicode_AsASCIIString(nameobj));
+#else
+    name = PyBytes_AsString(nameobj);
+#endif
 
     if ((nid = OBJ_txt2nid(name)) == NID_undef)
     {
+        /* Just like the case in the getattr function */
+        flush_error_queue();
         PyErr_SetString(PyExc_AttributeError, "No such attribute");
         return -1;
     }
@@ -474,7 +491,7 @@ PyTypeObject crypto_X509Name_Type = {
     (destructor)crypto_X509Name_dealloc,
     NULL, /* print */
     NULL, /* getattr */
-    (setattrfunc)crypto_X509Name_setattr,
+    NULL, /* setattr */
     NULL, /* reserved */
     (reprfunc)crypto_X509Name_repr,
     NULL, /* as_number */
@@ -484,7 +501,7 @@ PyTypeObject crypto_X509Name_Type = {
     NULL, /* call */
     NULL, /* str */
     (getattrofunc)crypto_X509Name_getattro, /* getattro */
-    NULL, /* setattro */
+    (setattrofunc)crypto_X509Name_setattro, /* setattro */
     NULL, /* as_buffer */
     Py_TPFLAGS_DEFAULT | Py_TPFLAGS_HAVE_GC, /* tp_flags */
     crypto_X509Name_doc, /* tp_doc */
@@ -520,10 +537,16 @@ init_crypto_x509name(PyObject *module)
         return 0;
     }
 
+    /* PyModule_AddObject steals a reference.
+     */
+    Py_INCREF((PyObject *)&crypto_X509Name_Type);
     if (PyModule_AddObject(module, "X509Name", (PyObject *)&crypto_X509Name_Type) != 0) {
         return 0;
     }
 
+    /* PyModule_AddObject steals a reference.
+     */
+    Py_INCREF((PyObject *)&crypto_X509Name_Type);
     if (PyModule_AddObject(module, "X509NameType", (PyObject *)&crypto_X509Name_Type) != 0) {
         return 0;
     }
diff --git a/OpenSSL/crypto/x509name.h b/OpenSSL/crypto/x509name.h
index 362ce35..bfc7628 100644
--- a/OpenSSL/crypto/x509name.h
+++ b/OpenSSL/crypto/x509name.h
@@ -1,14 +1,14 @@
 /*
  * x509name.h
  *
- * Copyright (C) AB Strakt 2001, All rights reserved
+ * Copyright (C) AB Strakt
+ * See LICENSE for details.
  *
  * Export X.509 name functions and data structures.
  * See the file RATIONALE for a short explanation of why this module was written.
  *
  * Reviewed 2001-07-23
  *
- * @(#) $Id: x509name.h,v 1.8 2002/09/04 22:24:59 iko Exp $
  */
 #ifndef PyOpenSSL_crypto_X509NAME_H_
 #define PyOpenSSL_crypto_X509NAME_H_
diff --git a/OpenSSL/crypto/x509req.c b/OpenSSL/crypto/x509req.c
index 23c0218..a2d1f11 100644
--- a/OpenSSL/crypto/x509req.c
+++ b/OpenSSL/crypto/x509req.c
@@ -1,8 +1,9 @@
 /*
  * x509req.c
  *
- * Copyright (C) AB Strakt 2001, All rights reserved
- * Copyright (C) Jean-Paul Calderone 2008, All rights reserved
+ * Copyright (C) AB Strakt
+ * Copyright (C) Jean-Paul Calderone
+ * See LICENSE for details.
  *
  * X.509 Request handling, mostly thin wrapping.
  * See the file RATIONALE for a short explanation of why this module was written.
@@ -412,10 +413,16 @@ init_crypto_x509req(PyObject *module)
         return 0;
     }
 
+    /* PyModule_AddObject steals a reference.
+     */
+    Py_INCREF((PyObject *)&crypto_X509Req_Type);
     if (PyModule_AddObject(module, "X509Req", (PyObject *)&crypto_X509Req_Type) != 0) {
         return 0;
     }
 
+    /* PyModule_AddObject steals a reference.
+     */
+    Py_INCREF((PyObject *)&crypto_X509Req_Type);
     if (PyModule_AddObject(module, "X509ReqType", (PyObject *)&crypto_X509Req_Type) != 0) {
         return 0;
     }
diff --git a/OpenSSL/crypto/x509req.h b/OpenSSL/crypto/x509req.h
index db8043c..5fe0524 100644
--- a/OpenSSL/crypto/x509req.h
+++ b/OpenSSL/crypto/x509req.h
@@ -1,12 +1,12 @@
 /*
  * x509req.h
  *
- * Copyright (C) AB Strakt 2001, All rights reserved
+ * Copyright (C) AB Strakt
+ * See LICENSE for details.
  *
  * Export X509 request functions and data structures.
  * See the file RATIONALE for a short explanation of why this module was written.
  *
- * @(#) $Id: x509req.h,v 1.6 2002/09/04 22:24:59 iko Exp $
  */
 #ifndef PyOpenSSL_SSL_X509REQ_H_
 #define PyOpenSSL_SSL_X509REQ_H_
diff --git a/OpenSSL/crypto/x509store.c b/OpenSSL/crypto/x509store.c
index 30ae508..bf22756 100644
--- a/OpenSSL/crypto/x509store.c
+++ b/OpenSSL/crypto/x509store.c
@@ -1,7 +1,8 @@
 /*
  * x509store.c
  *
- * Copyright (C) AB Strakt 2001, All rights reserved
+ * Copyright (C) AB Strakt
+ * See LICENSE for details.
  *
  * X.509 Store handling, mostly thin wrapping.
  * See the file RATIONALE for a short explanation of why this module was written.
@@ -137,6 +138,9 @@ init_crypto_x509store(PyObject *module)
         return 0;
     }
 
+    /* PyModule_AddObject steals a reference.
+     */
+    Py_INCREF((PyObject *)&crypto_X509Store_Type);
     if (PyModule_AddObject(module, "X509StoreType", (PyObject *)&crypto_X509Store_Type) != 0) {
         return 0;
     }
diff --git a/OpenSSL/crypto/x509store.h b/OpenSSL/crypto/x509store.h
index 9ed5073..de3531d 100644
--- a/OpenSSL/crypto/x509store.h
+++ b/OpenSSL/crypto/x509store.h
@@ -1,12 +1,12 @@
 /*
  * x509store.h
  *
- * Copyright (C) AB Strakt 2001, All rights reserved
+ * Copyright (C) AB Strakt
+ * See LICENSE for details.
  *
  * Export X509 store functions and data structures.
  * See the file RATIONALE for a short explanation of why this module was written.
  *
- * @(#) $Id: x509store.h,v 1.4 2002/09/04 22:24:59 iko Exp $
  */
 #ifndef PyOpenSSL_SSL_X509STORE_H_
 #define PyOpenSSL_SSL_X509STORE_H_