Message356666
Since this is a request for a new feature, I'm bumping versions to 3.9 and newer.
There is no need to add more configure flags to build Python with a custom OpenSSL installation. It's sufficient to build OpenSSL as a shared library and run Python's configure with --with-openssl=/path/to/installed/openssl. Then it's just a matter to configure libdl to load the correct libraries, e.g. with a custom rpath. I like to use LD_RUN_PATH to add an rpath to the ELF header of the _ssl and _hashlib module's shared library. Or you can use Tools/ssl/multissl.py to automate this.
This approach works fine on RHEL 6:
wget https://www.openssl.org/source/openssl-1.0.2t.tar.gz
tar -xzf openssl-1.0.2t.tar.gz
pushd openssl-1.0.2t
./config --openssldir=/etc/pki/tls --prefix=/tmp/102t shared
make
make install
popd
wget https://www.python.org/ftp/python/3.7.5/Python-3.7.5.tgz
tar -xzf Python-3.7.5.tgz
pushd Python-3.7.5
export LD_RUN_PATH=/tmp/102t/lib
./configure --with-openssl=/tmp/102t/ -C
unset LD_RUN_PATH
ldd build/lib.linux-x86_64-3.7/_ssl.cpython-37m-x86_64-linux-gnu.so
linux-vdso.so.1 => (0x00007ffcefbb7000)
libssl.so.1.0.0 => /tmp/102t/lib/libssl.so.1.0.0 (0x00007f4c586a7000)
libcrypto.so.1.0.0 => /tmp/102t/lib/libcrypto.so.1.0.0 (0x00007f4c5826a000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f4c58047000)
libc.so.6 => /lib64/libc.so.6 (0x00007f4c57cb3000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007f4c57aae000)
/lib64/ld-linux-x86-64.so.2 (0x00005639623f7000)
./python
Python 3.7.5 (default, Nov 15 2019, 04:19:28)
[GCC 4.4.7 20120313 (Red Hat 4.4.7-23)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import ssl
>>> ssl.OPENSSL_VERSION
'OpenSSL 1.0.2t 10 Sep 2019'
I'm opposing this PR because it's an unnecessary extension that increases our testing, documentation and support burden. We would have to maintain the feature for at least 5 to 10 years and ensure that it keeps working on all operating systems (also BSD, macOS, AIX, ...) and future versions of OpenSSL. |
|
Date |
User |
Action |
Args |
2019-11-15 09:33:51 | christian.heimes | set | recipients:
+ christian.heimes, Lukas.Vacek |
2019-11-15 09:33:51 | christian.heimes | set | messageid: <1573810431.77.0.961441864378.issue38794@roundup.psfhosted.org> |
2019-11-15 09:33:51 | christian.heimes | link | issue38794 messages |
2019-11-15 09:33:51 | christian.heimes | create | |
|