Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Python 2.7.14 won't build ssl module with Libressl 2.7.0 #77308

Closed
chdiza mannequin opened this issue Mar 23, 2018 · 12 comments
Closed

Python 2.7.14 won't build ssl module with Libressl 2.7.0 #77308

chdiza mannequin opened this issue Mar 23, 2018 · 12 comments
Assignees
@tiran
Labels
3.7 (EOL) end of life 3.8 only security fixes build The build process and cross-build topic-SSL

Comments

@chdiza
Copy link
Mannequin

chdiza mannequin commented Mar 23, 2018

BPO 33127
Nosy @larryhastings, @tiran, @chdiza
PRs
  • bpo-33127: Compatibility patch for LibreSSL 2.7.0 #6210
  • [3.7] bpo-33127: Compatibility patch for LibreSSL 2.7.0 (GH-6210) #6213
  • [3.6] bpo-33127: Compatibility patch for LibreSSL 2.7.0 (GH-6210) #6214
  • [2.7] bpo-33127: Compatibility patch for LibreSSL 2.7.0 (GH-6210) #6215
  • [3.5] bpo-33127: Compatibility patch for LibreSSL 2.7.0 (GH-6210) #10991
  • [3.5] bpo-33127: Compatibility patch for LibreSSL 2.7.0 (GH-6210) #10994
    		•

    Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = 'https://github.com/tiran'
closed_at = <Date 2018-03-24.18:40:28.010>
created_at = <Date 2018-03-23.19:01:38.953>
labels = ['expert-SSL', '3.8', 'build', '3.7']
title = "Python 2.7.14 won't build ssl module with Libressl 2.7.0"
updated_at = <Date 2019-03-01.07:36:04.050>
user = 'https://github.com/chdiza'

    bugs.python.org fields:

    activity = <Date 2019-03-01.07:36:04.050>
actor = 'larry'
assignee = 'christian.heimes'
closed = True
closed_date = <Date 2018-03-24.18:40:28.010>
closer = 'christian.heimes'
components = ['SSL']
creation = <Date 2018-03-23.19:01:38.953>
creator = 'chdiza'
dependencies = []
files = []
hgrepos = []
issue_num = 33127
keywords = ['patch']
message_count = 12.0
messages = ['314320', '314321', '314323', '314326', '314369', '314376', '314377', '314379', '314380', '314392', '314399', '336899']
nosy_count = 3.0
nosy_names = ['larry', 'christian.heimes', 'chdiza']
pr_nums = ['6210', '6213', '6214', '6215', '10991', '10994']
priority = 'normal'
resolution = 'fixed'
stage = 'resolved'
status = 'closed'
superseder = None
type = 'compile error'
url = 'https://bugs.python.org/issue33127'
versions = ['Python 2.7', 'Python 3.6', 'Python 3.7', 'Python 3.8']
    @chdiza
    Copy link
    Mannequin Author

    chdiza mannequin commented Mar 23, 2018

    On macOS I could build python 2.7.14 with libressl 2.6.4 without any problems.

    If I try to build that same version of python with libressl 2.7.0, I get the failure pasted in below.

    /Users/chdiza/.tmp/tmpdir/python27-20180323-74284-f2auy2/Python-2.7.14/Modules/_ssl.c:141:12: error: static declaration of 'X509_NAME_ENTRY_set' follows non-static declaration
static int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne)
           ^
/usr/local/ssl/include/openssl/x509.h:1139:6: note: previous declaration is here
int             X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne);
                ^
/Users/chdiza/.tmp/tmpdir/python27-20180323-74284-f2auy2/Python-2.7.14/Modules/_ssl.c:153:25: error: static declaration of 'SSL_CTX_get_default_passwd_cb' follows non-static declaration
static pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx)
                        ^
/usr/local/ssl/include/openssl/ssl.h:1368:18: note: previous declaration is here
pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx);
                 ^
/Users/chdiza/.tmp/tmpdir/python27-20180323-74284-f2auy2/Python-2.7.14/Modules/_ssl.c:158:14: error: static declaration of 'SSL_CTX_get_default_passwd_cb_userdata' follows non-static declaration
static void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx)
             ^
/usr/local/ssl/include/openssl/ssl.h:1370:7: note: previous declaration is here
void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx);
      ^
/Users/chdiza/.tmp/tmpdir/python27-20180323-74284-f2auy2/Python-2.7.14/Modules/_ssl.c:163:12: error: static declaration of 'X509_OBJECT_get_type' follows non-static declaration
static int X509_OBJECT_get_type(X509_OBJECT *x)
           ^
/usr/local/ssl/include/openssl/x509_vfy.h:428:5: note: previous declaration is here
int X509_OBJECT_get_type(const X509_OBJECT *a);
    ^
/Users/chdiza/.tmp/tmpdir/python27-20180323-74284-f2auy2/Python-2.7.14/Modules/_ssl.c:168:14: error: static declaration of 'X509_OBJECT_get0_X509' follows non-static declaration
static X509 *X509_OBJECT_get0_X509(X509_OBJECT *x)
             ^
/usr/local/ssl/include/openssl/x509_vfy.h:430:7: note: previous declaration is here
X509 *X509_OBJECT_get0_X509(const X509_OBJECT *xo);
      ^
/Users/chdiza/.tmp/tmpdir/python27-20180323-74284-f2auy2/Python-2.7.14/Modules/_ssl.c:173:31: error: static declaration of 'X509_STORE_get0_objects' follows non-static declaration
static STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *store) {
                              ^
/usr/local/ssl/include/openssl/x509_vfy.h:438:24: note: previous declaration is here
STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *xs);
                       ^
/Users/chdiza/.tmp/tmpdir/python27-20180323-74284-f2auy2/Python-2.7.14/Modules/_ssl.c:177:27: error: static declaration of 'X509_STORE_get0_param' follows non-static declaration
static X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *store)
                          ^
/usr/local/ssl/include/openssl/x509_vfy.h:450:20: note: previous declaration is here
X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx);
                   ^
7 errors generated.

    @chdiza chdiza mannequin assigned tiran Mar 23, 2018
    @chdiza chdiza mannequin added topic-SSL build The build process and cross-build labels Mar 23, 2018
    @tiran
    Copy link
    Member

    tiran commented Mar 23, 2018

    Thanks for the report. LibreSSL 2.7 introduced OpenSSL 1.1 API methods. I already know about the issue and have a pending fix for it on my disk. I'll push it as soon as 2.7.1 is out.

    2.7.0 is a beta release. The latest stable is 2.6.4.

    @tiran tiran added 3.7 (EOL) end of life 3.8 only security fixes labels Mar 23, 2018
    @chdiza
    Copy link
    Mannequin Author

    chdiza mannequin commented Mar 23, 2018

    I'm not sure it's a beta release. I think they just forgot to update on their homepage what the latest stable is.

    Nothing on the releases page or the release notes says it's a beta.

    @tiran
    Copy link
    Member

    tiran commented Mar 23, 2018

    The homepage is correct. The last stable release is 2.6.4. I know this first hand from a LibreSSL developer.

    @tiran
    Copy link
    Member

    tiran commented Mar 24, 2018

    New changeset 4ca0739 by Christian Heimes in branch 'master':
    bpo-33127: Compatibility patch for LibreSSL 2.7.0 (GH-6210)
    4ca0739

    @tiran
    Copy link
    Member

    tiran commented Mar 24, 2018

    New changeset 42bd62b by Christian Heimes (Miss Islington (bot)) in branch '3.7':
    [3.7] bpo-33127: Compatibility patch for LibreSSL 2.7.0 (GH-6210) (GH-6213)
    42bd62b

    @tiran
    Copy link
    Member

    tiran commented Mar 24, 2018

    New changeset f5befbb by Christian Heimes in branch '3.6':
    [3.6] bpo-33127: Compatibility patch for LibreSSL 2.7.0 (GH-6210) (GH-6214)
    f5befbb

    @tiran
    Copy link
    Member

    tiran commented Mar 24, 2018

    New changeset edd5418 by Christian Heimes in branch '2.7':
    [2.7] bpo-33127: Compatibility patch for LibreSSL 2.7.0 (GH-6210) (GH-6215)
    edd5418

    @tiran
    Copy link
    Member

    tiran commented Mar 24, 2018

    I have fixed Python 2.7, 3.6, 3.7, and master branch. Thanks for the report!

    @tiran tiran closed this as completed Mar 24, 2018
    @chdiza
    Copy link
    Mannequin Author

    chdiza mannequin commented Mar 25, 2018

    FYI, the 'cryptography' package from pypi no longer builds after this fix. (I applied the patch to the 2.7.14 source code tarball.) I don't know if that's because of the fix, or because LibreSSL 2.7.X broke 'cryptography' too:

    clang -fno-strict-aliasing -g -O2 -DNDEBUG -g -fwrapv -O3 -Wall -Wstrict-prototypes -I/opt/slangs/py/include/python2.7 -c build/temp.macosx-10.13-x86_64-2.7/_openssl.c -o build/temp.macosx-10.13-x86_64-2.7/build/temp.macosx-10.13-x86_64-2.7/_openssl.o -Wconversion -Wno-error=sign-conversion
    build/temp.macosx-10.13-x86_64-2.7/_openssl.c:493:10: fatal error: 'openssl/opensslv.h' file not found
    #include <openssl/opensslv.h>
             ^~~~~~~~~~~~~~~~~~~~
    1 error generated.
    error: command 'clang' failed with exit status 1

    @tiran
    Copy link
    Member

    tiran commented Mar 25, 2018

    It's unrelated. PyCA Cryptography doesn't support LibreSSL 2.7 yet, see pyca/cryptography#4168

    @larryhastings
    Copy link
    Contributor

    New changeset 56f8783 by larryhastings (Alex Viscreanu) in branch '3.5':
    [3.5] bpo-33127: Compatibility patch for LibreSSL 2.7.0 (GH-6210) (bpo-10994)
    56f8783

    @ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Assignees

    @tiran tiran

    Labels
    3.7 (EOL) end of life 3.8 only security fixes build The build process and cross-build topic-SSL
    Projects
    None yet
    Milestone
    No milestone
    Development

    No branches or pull requests
    2 participants
    @tiran @larryhastings