Christian Heimes <[email protected]> added the comment:
GH-24989 adds -Wl,--exclude-libs just for libssl.a and libcrypto.a IFF support
for -Wl,--exclude-libs,ALL is detected by configure. This puts the symbols from
the OpenSSL archive files into the LOCAL segment of ELF binaries. The PR does
not set -Wl,--exclude-libs,ALL because I like to keep behavior the same as with
3.9.
When OpenSSL is locally build with "no-shared -fPIC", then Python automatically
builds a partially static-linked _ssl and _hashlib extension modules that do
not pollute the global namespace:
$ ./config \
--prefix=/home/heimes/dev/python/multissl/openssl/1.1.1j-static \
--openssldir=/etc/pki/tls \
no-shared -fPIC
...
$ ./configure
--with-openssl=/home/heimes/dev/python/multissl/openssl/1.1.1j-static
$ make
$ ldd build/lib.linux-x86_64-3.10/_ssl.cpython-310-x86_64-linux-gnu.so
linux-vdso.so.1 (0x00007fff8dbbc000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fa5a533d000)
libc.so.6 => /lib64/libc.so.6 (0x00007fa5a5172000)
/lib64/ld-linux-x86-64.so.2 (0x00007fa5a56ac000)
$ readelf -Ws build/lib.linux-x86_64-3.10/_ssl.cpython-310-x86_64-linux-gnu.so
| grep SSL_CTX_new
5617: 0000000000072a90 1133 FUNC LOCAL DEFAULT 11 SSL_CTX_new
I deliberately did not update documentation with instructions for static
linking. Static linking of OpenSSL has security and compatibility implications.
I don't want to officially support it and deal with bug reports.
-Wl,--exclude-libs just enables sane partial static-linking.
----------
_______________________________________
Python tracker <[email protected]>
<https://bugs.python.org/issue43466>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
