This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author Lukas.Vacek
Recipients Lukas.Vacek, christian.heimes
Date 2019-11-14.12:30:12
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1573734613.61.0.712380405287.issue38794@roundup.psfhosted.org>
In-reply-to
Content
Since 3.7 python depends on OpenSSL>=1.0.2 - this makes it hard to compile Python with SSL on older (yet still vendor supported) linux distributions.

It's easy to compile CPython even on old distributions like RHEL5, RHEL6, Ubuntu14.04 etc. except for ssl module.

Let's add an option to compile SSL staticly (--with-openssl-static) to make it easy to compile Python with SSL on systems with OpenSSL<1.0.2 as you usually don't want to install newer openssl as system libary nor mess with rpath/set LD_LIBRARY_PATH every time you run python.

When --with-openssl-static is not passed to ./configure everything should behave like before.

Installing CPython including ssl on system as old as RHEL5 with this option would be as easy as (after installing required build dependencies from rhel5 repositories and libffi(-devel) libraries):

wget https://www.openssl.org/source/openssl-1.0.2t.tar.gz
tar xf openssl-1.0.2t.tar.gz
cd openssl-1.0.2t
./config --openssldir=/etc/pki/tls -fPIC
make

wget https://www.python.org/ftp/python/3.7.5/Python-3.7.5.tgz
tar xf Python-3.7.5.tgz
cd Python-3.7.5
./configure --with-openssl-static=path_to_just_compiled_ssl --prefix=prefix_path
make
make install
History
Date User Action Args
2019-11-14 12:30:13Lukas.Vaceksetrecipients: + Lukas.Vacek, christian.heimes
2019-11-14 12:30:13Lukas.Vaceksetmessageid: <1573734613.61.0.712380405287.issue38794@roundup.psfhosted.org>
2019-11-14 12:30:13Lukas.Vaceklinkissue38794 messages
2019-11-14 12:30:12Lukas.Vacekcreate