[Zope] SSL and PGP

Ng Pheng Siong ngps@post1.com
Wed, 30 Aug 2000 23:28:05 +0800


On Wed, Aug 30, 2000 at 11:44:56AM +0200, Philipp Auersperg wrote:
> But modifications to Zope's core 
> components such as Medusa seem risky to me as
> long as Digital Creations don't integrate them into the
> official release, because every update to a new Zope release
> can become a horror trip when the SSL patches clash with 
> the new Zope version.

Hi,

Not quite a horror trip, but yes, eyeballing the stuff all over 
is necessary.

Speaking as the developer of ZServerSSL, use Apache+SSL or 
Roxen+SSL for production. ;-)

ZServerSSL isn't working well with Zope 2.2.1 currently. I haven't
found out if it's due to changes in Zope 2.2.1, bugs introduced 
while evolving M2Crypto, changes in OpenSSL 0.9.5 versus 0.9.4, or 
the much faster CPUs I'm now developing on. Python 2.0 is yet another
variable in the equation. 

For your other requirement, ZSmime (also on my website) generates
S/MIME-signed/encrypted messages. In my HOWTO, I give an example 
of combining ZSmime's dtml-smime tag with dtml-sendmail to send
S/MIME messages. Netscape Messenger handles the S/MIME fine. So 
should Outlook, I imagine.

However, the Zope 2.2 change that Zope's superuser cannot do too
much means GuardedFile (a supporting product) is now probably broken.

I've been busy at work in the past months. I'm only now revisiting
this. Things should be fixed over the next fortnight or so.

Cheers.
-- 
Ng Pheng Siong <ngps@post1.com> * http://www.post1.com/home/ngps