发表新帖
发表新帖

Updating openssl in python 2.7

前端 未结
关注
6 1284
醉酒成梦
醉酒成梦 2020-11-22 15:17

wondering if someone may please explain how openssl works in python2.7. I\'m not sure if python got its own openssl or picks it up from local machine/env?

let me exp

6条回答
  • 迷失自我
    迷失自我 (楼主)
    2020-11-22 16:11

    Outdated SSL is a common issue on multiple platforms:

    Here's the general approach...

    0. Install OpenSSL

    • Option I: Install system packages of side-by-side OpenSSL 1.x libs (-dev or -devel) packages.

      # FreeBSD

pkg install openssl
OPENSSL_ROOT=/usr/local


# Mac (brew)

brew install openssl # DO NOT DO ANY WEIRD SYMLINK HACKS, ITS KEG-ONLY FOR A REASON!
OPENSSL_ROOT="$(brew --prefix openssl)"

    • Option II: Install OpenSSL from source to a temporary directory

      OPENSSL_ROOT="$HOME/.build/openssl-1.0.1e"

curl http://www.openssl.org/source/openssl-1.0.1e.tar.gz | tar zxvf -
cd openssl-1.0.1e
mkdir -p "$OPENSSL_ROOT"
./config no-hw --prefix="$OPENSSL_ROOT" --openssldir=...
# osx (instead of previous line): ./Configure darwin64-x86_64-cc no-hw --prefix="$OPENSSL_ROOT" --openssldir=...
make install
cd ..
rm -rf openssl-1.0.1e

    1. Building Python from source

    • Option A: Use pyenv:

      export CONFIGURE_OPTS="CPPFLAGS=-I"$OPENSSL_ROOT"/include LDFLAGS=-L"$OPENSSL_ROOT"/lib [your other options here]"
pyenv install 2.7.6

    • Option B: Install Python from source

      ./configure CPPFLAGS="-I$OPENSSL_ROOT/include" LDFLAGS="-L$OPENSSL_ROOT/lib" [your other options here]`
make
# ...
# if compiled openssl was used, it can be safely deleted because python's module ssl links openssl statically.

    Example: FreeBSD 9.2 (skipping make install for demo purposes)

    pkg install openssl curl gmake gdbm sqlite3 readline ncurses
OPENSSL_ROOT=/usr/local
curl http://www.python.org/ftp/python/2.7.6/Python-2.7.6.tar.xz | tar jxvf -
cd Python-2.7.6
./configure CPPFLAGS="-I$OPENSSL_ROOT/include" LDFLAGS="-L$OPENSSL_ROOT/lib" [your other options here]
make
./python -c 'import ssl; print(ssl.OPENSSL_VERSION)' # osx: ./python.exe ...
# prints: OpenSSL 1.0.1e 11 Feb 2013

    Afterwards, temporary openssl libraries are no longer needed b/c the ssl modele with openssl statically into the python executable (verify using otool or readelf).

    0 讨论(0)
 看不清?
提交回复
热议问题