Re: [CentOS] Install OpenSSL 1.1.1 on CentOS Linux release 7.9.2009 (Core).

[Gordon Messmer]

On 11/13/21 09:02, Jonathan Billings wrote:

While you might be able to compile the software with those flags,
you'll not be able to run anything with libraries out of the standard
search path.  And you don't want to add this openssl to the standard
search path, because it will break packaged software.



The openssl11 packages have to put the static libs and headers in an 
alternate location in order to be parallel-installable with the standard 
package, so you need to specify a header and library path when 
compiling.  However, the *runtime* lib has a different soname, so that 
*is* in the standard search path:


https://src.fedoraproject.org/rpms/openssl11/blob/epel7/f/openssl11.spec#_474

So, you will be able to run the resulting binary without any further 
changes, and there's no risk of breaking packaged software.


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Install OpenSSL 1.1.1 on CentOS Linux release 7.9.2009 (Core).

[Jonathan Billings]

On Sat, Nov 13, 2021 at 12:02:24PM -0500, Jonathan Billings wrote:
> You'll want to add to CFLAGS="-Wl,-rpath,/usr/lib64/openssl11", so the
> linker adds the RPATH to the executable.

The alternative is to set $LD_LIBRARY_PATH, of course, but that is
often something that can pollute the environment, so any subshells
will get confused and use your custom openssl and potentially break
software.  It'll get suggested though.

-- 
Jonathan Billings 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Install OpenSSL 1.1.1 on CentOS Linux release 7.9.2009 (Core).

[Jonathan Billings]

On Tue, Nov 09, 2021 at 06:17:32PM -0800, Gordon Messmer wrote:
> On 11/9/21 09:30, Kaushal Shriyan wrote:
> > #*./configure LDFLAGS="-L/usr/lib64/openssl11"*
> 
> 
> I believe that at a minimum, you would need:
> 
> ./configure LDFLAGS="-L/usr/lib64/openssl11"
> CFLAGS="-I/usr/include/openssl11"
> 

While you might be able to compile the software with those flags,
you'll not be able to run anything with libraries out of the standard
search path.  And you don't want to add this openssl to the standard
search path, because it will break packaged software.

You'll want to add to CFLAGS="-Wl,-rpath,/usr/lib64/openssl11", so the
linker adds the RPATH to the executable.

Remember not to use this trick when creating RPMs, because that's
generally frowned on and can make rpmbuild complain.

-- 
Jonathan Billings 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Install OpenSSL 1.1.1 on CentOS Linux release 7.9.2009 (Core).

[Gordon Messmer]

On 11/9/21 09:30, Kaushal Shriyan wrote:

#*./configure LDFLAGS="-L/usr/lib64/openssl11"*



I believe that at a minimum, you would need:

./configure LDFLAGS="-L/usr/lib64/openssl11" 
CFLAGS="-I/usr/include/openssl11"




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Install OpenSSL 1.1.1 on CentOS Linux release 7.9.2009 (Core).

[Steve Meier]

Hi Kaushal,

Am 2021-11-09 18:30, schrieb Kaushal Shriyan:

#
#cd Python-3.10.0
#*./configure LDFLAGS="-L/usr/lib64/openssl11"*
#make altinstall
#  pip3.10 install mysql-connector
WARNING: pip is configured with locations that require TLS/SSL, however 
the

ssl module in Python is not available.


compiling Python with a separate OpenSSL version seems a bit more 
difficult
then it really should be. I have tried some approaches but ran into 
different

errors.

The only workable solution I found was to build OpenSSL 1.1 from 
scratch:


# wget https://www.openssl.org/source/openssl-1.1.1l.tar.gz
# tar xzf openssl-1.1.1l.tar.gz
# cd openssl-1.1.1l
# ./config --prefix=/opt/openssl && make && make install

And then have Python explicitly use that:

# cd Python-3.10.0
# ./configure --with-openssl=/opt/openssl

Afterwards, python3.10 loads the ssl module fine and pip works:

# python3.10 -c "import ssl; print (ssl.OPENSSL_VERSION)"
OpenSSL 1.1.1g FIPS  21 Apr 2020

 pip3.10 install mysql-connector
Collecting mysql-connector
  Downloading mysql-connector-2.2.9.tar.gz (11.9 MB)
 || 11.9 MB 21.4 MB/s
Using legacy 'setup.py install' for mysql-connector, since package 
'wheel' is not installed.

Installing collected packages: mysql-connector
Running setup.py install for mysql-connector ... done
Successfully installed mysql-connector-2.2.9

Kind regards,
  Steve
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Install OpenSSL 1.1.1 on CentOS Linux release 7.9.2009 (Core).

[Anand Buddhdev]

On 09/11/2021 18:30, Kaushal Shriyan wrote:

Kaushal,


#cd Python-3.10.0
#*./configure LDFLAGS="-L/usr/lib64/openssl11"*


You really are making no effort to understand how to compile packages on 
Linux. Steve told you that you might need to use LDFLAGS, but it is not 
the only option you have to set when calling configure. You also need to 
tell configure where the header files are.


Instead of examining the output of "configure --help" or using google, 
you're just asking to be spoon-fed all the solutions. Try to help 
yourself by doing some google searching and reading.


Anand
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Install OpenSSL 1.1.1 on CentOS Linux release 7.9.2009 (Core).

[Kaushal Shriyan]

On Tue, Nov 9, 2021 at 9:26 PM Steve Meier  wrote:

> Hello Kaushal,
>
> the EPEL repository has OpenSSL 1.1 packages available:
>
> # yum install epel-release
> # yum install openssl11 openssl11-libs openssl11-devel
>
> If you want to compile software with OpenSSL 1.1 instead of 1.0
> you may have to set the proper path or environment variables
> such as LDFLAGS.
>
> Hope this helps.
>
> Kind regards,
>Steve
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos


Hi Steve,

I have installed openssl11 package. I still face the same issue.

# cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)
# whereis openssl
openssl: /usr/bin/openssl /usr/lib64/openssl /usr/include/openssl
/usr/share/man/man1/openssl.1ssl.gz
# whereis openssl11
openssl11: /usr/bin/openssl11 /usr/lib64/openssl11 /usr/include/openssl11
/usr/share/man/man1/openssl11.1.gz
#
# rpm -qa | grep epel
epel-release-7-14.noarch
# rpm -qa | grep openssl
openssl11-1.1.1g-3.el7.x86_64
openssl-libs-1.0.2k-22.el7_9.x86_64
openssl-devel-1.0.2k-22.el7_9.x86_64
openssl11-libs-1.1.1g-3.el7.x86_64
openssl11-devel-1.1.1g-3.el7.x86_64
openssl-1.0.2k-22.el7_9.x86_64
#
#cd Python-3.10.0
#*./configure LDFLAGS="-L/usr/lib64/openssl11"*
#make altinstall
#  pip3.10 install mysql-connector
WARNING: pip is configured with locations that require TLS/SSL, however the
ssl module in Python is not available.
WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None,
status=None)) after connection broken by 'SSLError("Can't connect to HTTPS
URL because the SSL module is not available.")': /simple/mysql-connector/
WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None,
status=None)) after connection broken by 'SSLError("Can't connect to HTTPS
URL because the SSL module is not available.")': /simple/mysql-connector/
WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None,
status=None)) after connection broken by 'SSLError("Can't connect to HTTPS
URL because the SSL module is not available.")': /simple/mysql-connector/
WARNING: Retrying (Retry(total=1, connect=None, read=None, redirect=None,
status=None)) after connection broken by 'SSLError("Can't connect to HTTPS
URL because the SSL module is not available.")': /simple/mysql-connector/
WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None,
status=None)) after connection broken by 'SSLError("Can't connect to HTTPS
URL because the SSL module is not available.")': /simple/mysql-connector/
Could not fetch URL https://pypi.org/simple/mysql-connector/: There was a
problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org',
port=443): Max retries exceeded with url: /simple/mysql-connector/ (Caused
by SSLError("Can't connect to HTTPS URL because the SSL module is not
available.")) - skipping
ERROR: Could not find a version that satisfies the requirement
mysql-connector (from versions: none)
ERROR: No matching distribution found for mysql-connector
WARNING: You are using pip version 21.2.3; however, version 21.3.1 is
available.
You should consider upgrading via the '/usr/local/bin/python3.10 -m pip
install --upgrade pip' command.

# /usr/local/bin/python3.10 -m pip install --upgrade pip
WARNING: pip is configured with locations that require TLS/SSL, however the
ssl module in Python is not available.
Requirement already satisfied: pip in
/usr/local/lib/python3.10/site-packages (21.2.3)
WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None,
status=None)) after connection broken by 'SSLError("Can't connect to HTTPS
URL because the SSL module is not available.")': /simple/pip/
WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None,
status=None)) after connection broken by 'SSLError("Can't connect to HTTPS
URL because the SSL module is not available.")': /simple/pip/
WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None,
status=None)) after connection broken by 'SSLError("Can't connect to HTTPS
URL because the SSL module is not available.")': /simple/pip/
WARNING: Retrying (Retry(total=1, connect=None, read=None, redirect=None,
status=None)) after connection broken by 'SSLError("Can't connect to HTTPS
URL because the SSL module is not available.")': /simple/pip/
WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None,
status=None)) after connection broken by 'SSLError("Can't connect to HTTPS
URL because the SSL module is not available.")': /simple/pip/
Could not fetch URL https://pypi.org/simple/pip/: There was a problem
confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org',
port=443): Max retries exceeded with url: /simple/pip/ (Caused by
SSLError("Can't connect to HTTPS URL because the SSL module is not
available.")) - skipping
WARNING: Running pip as the 'root' user can result in broken permissions
and conflicting behaviour with the system package manager. It is

Re: [CentOS] Install OpenSSL 1.1.1 on CentOS Linux release 7.9.2009 (Core).

[Simon Matter]

> Hello Kaushal,
>
> the EPEL repository has OpenSSL 1.1 packages available:
>
> # yum install epel-release
> # yum install openssl11 openssl11-libs openssl11-devel
>
> If you want to compile software with OpenSSL 1.1 instead of 1.0
> you may have to set the proper path or environment variables
> such as LDFLAGS.
>
> Hope this helps.
>

OTOH, my first question would be why he wants to install Python 3.10? If
another Python 3.x version would work, it should be possible to install it
from EPEL, no?

That way the whole mess of building and installing Python from source
would be avoided.

Regards,
Simon

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Install OpenSSL 1.1.1 on CentOS Linux release 7.9.2009 (Core).

[Steve Meier]

Hello Kaushal,

the EPEL repository has OpenSSL 1.1 packages available:

# yum install epel-release
# yum install openssl11 openssl11-libs openssl11-devel

If you want to compile software with OpenSSL 1.1 instead of 1.0
you may have to set the proper path or environment variables
such as LDFLAGS.

Hope this helps.

Kind regards,
  Steve
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Install OpenSSL 1.1.1 on CentOS Linux release 7.9.2009 (Core).

[Kaushal Shriyan]

Hi,

I have downloaded Python 3.10.0 on CentOS Linux release 7.9.2009 (Core). I
have the below openssl and mariadb package installed on CentOS 7.9

# rpm -qa | grep openssl
openssl-libs-1.0.2k-22.el7_9.x86_64
openssl-devel-1.0.2k-22.el7_9.x86_64
openssl-1.0.2k-22.el7_9.x86_64

#rpm -qa | grep mariadb
mariadb-libs-5.5.68-1.el7.x86_64
mariadb-5.5.68-1.el7.x86_64
mariadb-server-5.5.68-1.el7.x86_64
mariadb-devel-5.5.68-1.el7.x86_64
#
#mysql -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 2
Server version: 5.5.68-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input
statement.

MariaDB [(none)]> Bye
#

#wget https://www.python.org/ftp/python/3.10.0/Python-3.10.0.tgz
#tar xzf Python-3.10.0.tgz
#cd Python-3.10.0
#./configure --enable-optimizations
#make altinstall

# python3.10
Python 3.10.0 (default, Nov  6 2021, 14:56:25) [GCC 4.8.5 20150623 (Red Hat
4.8.5-44)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import mysql.connector
Traceback (most recent call last):
  File "", line 1, in 
ModuleNotFoundError: No module named 'mysql'
>>>

#cat demo_mysql_test.py
import mysql.connector
# python3.10 demo_mysql_test.py
Traceback (most recent call last):
  File "/root/demo_mysql_test.py", line 1, in 
import mysql.connector
ModuleNotFoundError: No module named 'mysql'
#

# pip3.10 install mysql-connector-python
WARNING: pip is configured with locations that require TLS/SSL, however the
ssl module in Python is not available.
WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None,
status=None)) after connection broken by 'SSLError("Can't connect to HTTPS
URL because the SSL module is not available.")':
/simple/mysql-connector-python/
WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None,
status=None)) after connection broken by 'SSLError("Can't connect to HTTPS
URL because the SSL module is not available.")':
/simple/mysql-connector-python/
WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None,
status=None)) after connection broken by 'SSLError("Can't connect to HTTPS
URL because the SSL module is not available.")':
/simple/mysql-connector-python/
WARNING: Retrying (Retry(total=1, connect=None, read=None, redirect=None,
status=None)) after connection broken by 'SSLError("Can't connect to HTTPS
URL because the SSL module is not available.")':
/simple/mysql-connector-python/
WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None,
status=None)) after connection broken by 'SSLError("Can't connect to HTTPS
URL because the SSL module is not available.")':
/simple/mysql-connector-python/
Could not fetch URL https://pypi.org/simple/mysql-connector-python/: There
was a problem confirming the ssl certificate: HTTPSConnectionPool(host='
pypi.org', port=443): Max retries exceeded with url:
/simple/mysql-connector-python/ (Caused by SSLError("Can't connect to HTTPS
URL because the SSL module is not available.")) - skipping
ERROR: Could not find a version that satisfies the requirement
mysql-connector-python (from versions: none)
ERROR: No matching distribution found for mysql-connector-python
WARNING: You are using pip version 21.2.3; however, version 21.3.1 is
available.
You should consider upgrading via the '/usr/local/bin/python3.10 -m pip
install --upgrade pip' command.

As of Python 3.10, OpenSSL 1.1.1 or newer is required:
https://www.python.org/dev/peps/pep-0644/ Please guide me in installing
OpenSSL version 1.1.1

Thanks in advance and I look forward to hearing from you.

Best Regards,

Kaushal
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos