classification
Title: Python 2.7.14 won't build ssl module with Libressl 2.7.0
Type: compile error Stage: resolved
Components: SSL Versions: Python 3.8, Python 3.7, Python 3.6, Python 2.7
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: christian.heimes Nosy List: chdiza, christian.heimes, larry
Priority: normal Keywords: patch

Created on 2018-03-23 19:01 by chdiza, last changed 2019-03-01 07:36 by larry. This issue is now closed.

Pull Requests
URL Status Linked Edit
PR 6210 merged christian.heimes, 2018-03-24 14:14
PR 6213 merged miss-islington, 2018-03-24 14:41
PR 6214 merged christian.heimes, 2018-03-24 14:53
PR 6215 merged christian.heimes, 2018-03-24 15:01
PR 10991 closed python-dev, 2018-12-06 12:30
PR 10994 merged python-dev, 2018-12-06 15:37
Messages (12)
msg314320 - (view) Author: Charles (chdiza) Date: 2018-03-23 19:01
On macOS I could build python 2.7.14 with libressl 2.6.4 without any problems.

If I try to build that same version of python with libressl 2.7.0, I get the failure pasted in below.

/Users/chdiza/.tmp/tmpdir/python27-20180323-74284-f2auy2/Python-2.7.14/Modules/_ssl.c:141:12: error: static declaration of 'X509_NAME_ENTRY_set' follows non-static declaration
static int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne)
           ^
/usr/local/ssl/include/openssl/x509.h:1139:6: note: previous declaration is here
int             X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne);
                ^
/Users/chdiza/.tmp/tmpdir/python27-20180323-74284-f2auy2/Python-2.7.14/Modules/_ssl.c:153:25: error: static declaration of 'SSL_CTX_get_default_passwd_cb' follows non-static declaration
static pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx)
                        ^
/usr/local/ssl/include/openssl/ssl.h:1368:18: note: previous declaration is here
pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx);
                 ^
/Users/chdiza/.tmp/tmpdir/python27-20180323-74284-f2auy2/Python-2.7.14/Modules/_ssl.c:158:14: error: static declaration of 'SSL_CTX_get_default_passwd_cb_userdata' follows non-static declaration
static void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx)
             ^
/usr/local/ssl/include/openssl/ssl.h:1370:7: note: previous declaration is here
void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx);
      ^
/Users/chdiza/.tmp/tmpdir/python27-20180323-74284-f2auy2/Python-2.7.14/Modules/_ssl.c:163:12: error: static declaration of 'X509_OBJECT_get_type' follows non-static declaration
static int X509_OBJECT_get_type(X509_OBJECT *x)
           ^
/usr/local/ssl/include/openssl/x509_vfy.h:428:5: note: previous declaration is here
int X509_OBJECT_get_type(const X509_OBJECT *a);
    ^
/Users/chdiza/.tmp/tmpdir/python27-20180323-74284-f2auy2/Python-2.7.14/Modules/_ssl.c:168:14: error: static declaration of 'X509_OBJECT_get0_X509' follows non-static declaration
static X509 *X509_OBJECT_get0_X509(X509_OBJECT *x)
             ^
/usr/local/ssl/include/openssl/x509_vfy.h:430:7: note: previous declaration is here
X509 *X509_OBJECT_get0_X509(const X509_OBJECT *xo);
      ^
/Users/chdiza/.tmp/tmpdir/python27-20180323-74284-f2auy2/Python-2.7.14/Modules/_ssl.c:173:31: error: static declaration of 'X509_STORE_get0_objects' follows non-static declaration
static STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *store) {
                              ^
/usr/local/ssl/include/openssl/x509_vfy.h:438:24: note: previous declaration is here
STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *xs);
                       ^
/Users/chdiza/.tmp/tmpdir/python27-20180323-74284-f2auy2/Python-2.7.14/Modules/_ssl.c:177:27: error: static declaration of 'X509_STORE_get0_param' follows non-static declaration
static X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *store)
                          ^
/usr/local/ssl/include/openssl/x509_vfy.h:450:20: note: previous declaration is here
X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx);
                   ^
7 errors generated.
msg314321 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2018-03-23 19:54
Thanks for the report. LibreSSL 2.7 introduced OpenSSL 1.1 API methods. I already know about the issue and have a pending fix for it on my disk. I'll push it as soon as 2.7.1 is out.

2.7.0 is a beta release. The latest stable is 2.6.4.
msg314323 - (view) Author: Charles (chdiza) Date: 2018-03-23 20:27
I'm not sure it's a beta release.  I think they just forgot to update on their homepage what the latest stable is.

Nothing on the releases page or the release notes says it's a beta.
msg314326 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2018-03-23 20:40
The homepage is correct. The last stable release is 2.6.4. I know this first hand from a LibreSSL developer.
msg314369 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2018-03-24 14:41
New changeset 4ca0739c9d97ac7cd45499e0d31be68dc659d0e1 by Christian Heimes in branch 'master':
bpo-33127: Compatibility patch for LibreSSL 2.7.0 (GH-6210)
https://github.com/python/cpython/commit/4ca0739c9d97ac7cd45499e0d31be68dc659d0e1
msg314376 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2018-03-24 17:37
New changeset 42bd62bc87a52538c0fc2134b76df316f30997da by Christian Heimes (Miss Islington (bot)) in branch '3.7':
[3.7] bpo-33127: Compatibility patch for LibreSSL 2.7.0 (GH-6210) (GH-6213)
https://github.com/python/cpython/commit/42bd62bc87a52538c0fc2134b76df316f30997da
msg314377 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2018-03-24 17:38
New changeset f5befbb0d1526f18eb2b24eabb48c3b761c624a2 by Christian Heimes in branch '3.6':
[3.6] bpo-33127: Compatibility patch for LibreSSL 2.7.0 (GH-6210) (GH-6214)
https://github.com/python/cpython/commit/f5befbb0d1526f18eb2b24eabb48c3b761c624a2
msg314379 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2018-03-24 18:34
New changeset edd541897b9c28ee0d0f0131746aa5f19665a104 by Christian Heimes in branch '2.7':
[2.7] bpo-33127: Compatibility patch for LibreSSL 2.7.0 (GH-6210) (GH-6215)
https://github.com/python/cpython/commit/edd541897b9c28ee0d0f0131746aa5f19665a104
msg314380 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2018-03-24 18:40
I have fixed Python 2.7, 3.6, 3.7, and master branch. Thanks for the report!
msg314392 - (view) Author: Charles (chdiza) Date: 2018-03-25 02:41
FYI, the 'cryptography' package from pypi no longer builds after this fix.  (I applied the patch to the 2.7.14 source code tarball.)  I don't know if that's because of the fix, or because LibreSSL 2.7.X broke 'cryptography' too:

clang -fno-strict-aliasing -g -O2 -DNDEBUG -g -fwrapv -O3 -Wall -Wstrict-prototypes -I/opt/slangs/py/include/python2.7 -c build/temp.macosx-10.13-x86_64-2.7/_openssl.c -o build/temp.macosx-10.13-x86_64-2.7/build/temp.macosx-10.13-x86_64-2.7/_openssl.o -Wconversion -Wno-error=sign-conversion
    build/temp.macosx-10.13-x86_64-2.7/_openssl.c:493:10: fatal error: 'openssl/opensslv.h' file not found
    #include <openssl/opensslv.h>
             ^~~~~~~~~~~~~~~~~~~~
    1 error generated.
    error: command 'clang' failed with exit status 1
msg314399 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2018-03-25 08:58
It's unrelated. PyCA Cryptography doesn't support LibreSSL 2.7 yet, see https://github.com/pyca/cryptography/pull/4168
msg336899 - (view) Author: Larry Hastings (larry) * (Python committer) Date: 2019-03-01 07:36
New changeset 56f8783e3e32ddc0cb84a96711e3861aea9895ac by larryhastings (Alex Viscreanu) in branch '3.5':
[3.5] bpo-33127: Compatibility patch for LibreSSL 2.7.0 (GH-6210) (#10994)
https://github.com/python/cpython/commit/56f8783e3e32ddc0cb84a96711e3861aea9895ac
History
Date User Action Args
2019-03-01 07:36:04larrysetnosy: + larry
messages: + msg336899
2018-12-06 15:37:46python-devsetpull_requests: + pull_request10235
2018-12-06 12:30:52python-devsetpull_requests: + pull_request10231
2018-03-25 08:58:24christian.heimessetmessages: + msg314399
2018-03-25 02:41:55chdizasetmessages: + msg314392
2018-03-24 18:40:28christian.heimessetstatus: open -> closed
resolution: fixed
messages: + msg314380

stage: patch review -> resolved
2018-03-24 18:34:18christian.heimessetmessages: + msg314379
2018-03-24 17:38:16christian.heimessetmessages: + msg314377
2018-03-24 17:37:56christian.heimessetmessages: + msg314376
2018-03-24 15:01:37christian.heimessetpull_requests: + pull_request5960
2018-03-24 14:53:27christian.heimessetpull_requests: + pull_request5959
2018-03-24 14:41:47miss-islingtonsetpull_requests: + pull_request5958
2018-03-24 14:41:39christian.heimessetmessages: + msg314369
2018-03-24 14:14:27christian.heimessetkeywords: + patch
stage: patch review
pull_requests: + pull_request5955
2018-03-23 20:40:00christian.heimessetmessages: + msg314326
2018-03-23 20:27:25chdizasetmessages: + msg314323
2018-03-23 19:54:17christian.heimessetmessages: + msg314321
versions: + Python 3.6, Python 3.7, Python 3.8
2018-03-23 19:01:38chdizacreate