This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author christian.heimes
Recipients barry, christian.heimes, gregory.p.smith, pablogsal
Date 2021-03-10.23:14:03
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1615418043.46.0.229114131093.issue43466@roundup.psfhosted.org>
In-reply-to
Content
Python's configure script has the option --with-openssl. It sets a path to a custom OpenSSL installation. Internally it provides OPENSSL_INCLUDES, OPENSSL_LIBS, and OPENSSL_LDFLAGS. The setup.py script turns the variables into include_dirs, library_dirs, and libraries arguments for _ssl and _hashlib extension modules.

However neither --with-openssl nor setup.py sets a custom runtime library path (rpath). This makes it confusing and hard for users to use a custom OpenSSL installation. They need to know that a) they have to take care of rpath on the first place, and b) how to set an rpath at compile or runtime. Without an rpath, the dynamic linker either fails to locate libssl/libcrypto or load system-provided shared libraries. Ticket bpo-34028 contains examples of user issues.

I propose to include a new option to make it easier for users to use a custom build of OpenSSL:

--with-openssl-rpath=<DIR|auto|no>

no (default): don't set an rpath
auto: auto-detect rpath from OPENSSL_LDFLAGS (--with-openssl or pkg-config)
DIR: set a custom rpath

The option will only affect the rpath of _ssl and _hashlib modules. The default value "no" is fully backwards compatible with 3.9 and earlier.
History
Date User Action Args
2021-03-10 23:14:03christian.heimessetrecipients: + christian.heimes, barry, gregory.p.smith, pablogsal
2021-03-10 23:14:03christian.heimessetmessageid: <1615418043.46.0.229114131093.issue43466@roundup.psfhosted.org>
2021-03-10 23:14:03christian.heimeslinkissue43466 messages
2021-03-10 23:14:03christian.heimescreate