Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Verify OpenSSL APIs in configure script #89699

Closed
tiran opened this issue Oct 20, 2021 · 6 comments
Closed

Verify OpenSSL APIs in configure script #89699

tiran opened this issue Oct 20, 2021 · 6 comments
Assignees
@tiran
Labels
3.10 only security fixes 3.11 only security fixes build The build process and cross-build topic-SSL type-feature A feature request or enhancement

Comments

@tiran
Copy link
Member

tiran commented Oct 20, 2021

BPO 45536
Nosy @tiran, @miss-islington
PRs
  • bpo-45536: Check OpenSSL APIs in configure (GH-29088) #29088
  • [3.10] bpo-45536: Check OpenSSL APIs in configure (GH-29088) #29099
    		•

    Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = 'https://github.com/tiran'
closed_at = <Date 2021-10-20.15:47:53.583>
created_at = <Date 2021-10-20.10:40:24.871>
labels = ['expert-SSL', 'type-feature', '3.10', 'build', '3.11']
title = 'Verify OpenSSL APIs in configure script'
updated_at = <Date 2021-10-20.15:47:53.582>
user = 'https://github.com/tiran'

    bugs.python.org fields:

    activity = <Date 2021-10-20.15:47:53.582>
actor = 'christian.heimes'
assignee = 'christian.heimes'
closed = True
closed_date = <Date 2021-10-20.15:47:53.583>
closer = 'christian.heimes'
components = ['Build', 'SSL']
creation = <Date 2021-10-20.10:40:24.871>
creator = 'christian.heimes'
dependencies = []
files = []
hgrepos = []
issue_num = 45536
keywords = ['patch']
message_count = 4.0
messages = ['404422', '404425', '404474', '404477']
nosy_count = 2.0
nosy_names = ['christian.heimes', 'miss-islington']
pr_nums = ['29088', '29099']
priority = 'normal'
resolution = 'fixed'
stage = 'resolved'
status = 'closed'
superseder = None
type = 'enhancement'
url = 'https://bugs.python.org/issue45536'
versions = ['Python 3.10', 'Python 3.11']
    @tiran
    Copy link
    Member Author

    tiran commented Oct 20, 2021

    In thread [1] Robin Becker requested to check for working OpenSSL in configure script. With reasonable effort it is possible to probe for basic APIs such as minimum SSL and EVP interface.

    [1] https://mail.python.org/archives/list/python-dev@python.org/thread/IIFABHN7DOTCXMRQ72SLJSU4VDWRM2HB/

    @tiran tiran added 3.10 only security fixes 3.11 only security fixes labels Oct 20, 2021
    @tiran tiran self-assigned this Oct 20, 2021
    @tiran tiran added build The build process and cross-build 3.11 only security fixes topic-SSL labels Oct 20, 2021
    @tiran tiran self-assigned this Oct 20, 2021
    @tiran tiran added type-feature A feature request or enhancement build The build process and cross-build topic-SSL labels Oct 20, 2021
    @tiran
    Copy link
    Member Author

    tiran commented Oct 20, 2021

    Example output:

    $ ./configure
checking whether compiling and linking against OpenSSL works... yes
checking for --with-openssl-rpath... 
checking whether OpenSSL provides required APIs... yes

$ ./configure --with-openssl=/home/heimes/dev/python/multissl/openssl/3.0.0
checking for openssl/ssl.h in /home/heimes/dev/python/multissl/openssl/3.0.0... yes
checking whether compiling and linking against OpenSSL works... yes
checking for --with-openssl-rpath... 
checking whether OpenSSL provides required APIs... yes

$ ./configure --with-openssl=/home/heimes/dev/python/multissl/openssl/1.0.2u
checking for openssl/ssl.h in /home/heimes/dev/python/multissl/openssl/1.0.2u... yes
checking whether compiling and linking against OpenSSL works... yes
checking for --with-openssl-rpath... 
checking whether OpenSSL provides required APIs... no

    @tiran
    Copy link
    Member Author

    tiran commented Oct 20, 2021

    New changeset 81520fe by Christian Heimes in branch 'main':
    bpo-45536: Check OpenSSL APIs in configure (GH-29088)
    81520fe

    @miss-islington
    Copy link
    Contributor

    New changeset 5537b9f by Miss Islington (bot) in branch '3.10':
    bpo-45536: Check OpenSSL APIs in configure (GH-29088)
    5537b9f

    @tiran tiran closed this as completed Oct 20, 2021
    @tiran tiran closed this as completed Oct 20, 2021
    @ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
    @in-fke
    Copy link

    in-fke commented Apr 26, 2022

    Fails with OpenSSL 3.0.2 ?

    checking for openssl/ssl.h in /opt/openssl-3.0.2... yes
checking whether compiling and linking against OpenSSL works... yes
checking for --with-openssl-rpath...
checking whether OpenSSL provides required APIs... no
checking for --with-ssl-default-suites... python
checking for --with-builtin-hashlib-hashes... md5,sha1,sha256,sha512,sha3,blake2
checking for --with-experimental-isolated-subinterpreters... no
checking for --with-static-libpython... yes
checking for --disable-test-modules... no

    @in-fke
    Copy link

    in-fke commented Apr 26, 2022

    Same machine, with OpenSSL 1.1.1n

    checking for openssl/ssl.h in /opt/openssl-1.1.1n... yes
checking whether compiling and linking against OpenSSL works... yes
checking for --with-openssl-rpath...
checking whether OpenSSL provides required APIs... yes
checking for --with-ssl-default-suites... python

    I'm probably missing something obvious, that Python requires OpenSSL 1.1.1

    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Assignees

    @tiran tiran

    Labels
    3.10 only security fixes 3.11 only security fixes build The build process and cross-build topic-SSL type-feature A feature request or enhancement
    Projects
    None yet
    Milestone
    No milestone
    Development

    No branches or pull requests
    3 participants
    @tiran @miss-islington @in-fke