Christian Heimes <li...@cheimes.de> added the comment:
Since this is a request for a new feature, I'm bumping versions to 3.9 and newer. There is no need to add more configure flags to build Python with a custom OpenSSL installation. It's sufficient to build OpenSSL as a shared library and run Python's configure with --with-openssl=/path/to/installed/openssl. Then it's just a matter to configure libdl to load the correct libraries, e.g. with a custom rpath. I like to use LD_RUN_PATH to add an rpath to the ELF header of the _ssl and _hashlib module's shared library. Or you can use Tools/ssl/multissl.py to automate this. This approach works fine on RHEL 6: wget https://www.openssl.org/source/openssl-1.0.2t.tar.gz tar -xzf openssl-1.0.2t.tar.gz pushd openssl-1.0.2t ./config --openssldir=/etc/pki/tls --prefix=/tmp/102t shared make make install popd wget https://www.python.org/ftp/python/3.7.5/Python-3.7.5.tgz tar -xzf Python-3.7.5.tgz pushd Python-3.7.5 export LD_RUN_PATH=/tmp/102t/lib ./configure --with-openssl=/tmp/102t/ -C unset LD_RUN_PATH ldd build/lib.linux-x86_64-3.7/_ssl.cpython-37m-x86_64-linux-gnu.so linux-vdso.so.1 => (0x00007ffcefbb7000) libssl.so.1.0.0 => /tmp/102t/lib/libssl.so.1.0.0 (0x00007f4c586a7000) libcrypto.so.1.0.0 => /tmp/102t/lib/libcrypto.so.1.0.0 (0x00007f4c5826a000) libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f4c58047000) libc.so.6 => /lib64/libc.so.6 (0x00007f4c57cb3000) libdl.so.2 => /lib64/libdl.so.2 (0x00007f4c57aae000) /lib64/ld-linux-x86-64.so.2 (0x00005639623f7000) ./python Python 3.7.5 (default, Nov 15 2019, 04:19:28) [GCC 4.4.7 20120313 (Red Hat 4.4.7-23)] on linux Type "help", "copyright", "credits" or "license" for more information. >>> import ssl >>> ssl.OPENSSL_VERSION 'OpenSSL 1.0.2t 10 Sep 2019' I'm opposing this PR because it's an unnecessary extension that increases our testing, documentation and support burden. We would have to maintain the feature for at least 5 to 10 years and ensure that it keeps working on all operating systems (also BSD, macOS, AIX, ...) and future versions of OpenSSL. ---------- versions: -Python 3.7, Python 3.8 _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue38794> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
