Building Python with Ssl Support in Non-Standard Location

Building Python with SSL support in non-standard location

You need to edit Modules/Setup.dist to specify the location of OpenSSL if it is not in the standard location. From Getting SSL Support in Python 2.5.1:

If you find yourself on a linux box needing ssl support in python (to
use a client in things like httplib.HTTPSConnection or
imaplib.IMAP4_SSL), then let me save you a couple of hours of hunting
around the web (of course if you have found this then that means
you've done some level hunting already!).

You'll know if you need ssl support compiled into your python
installation if you get the following exception message:
AttributeError: 'module' object has no attribute 'ssl'

In order to make that go away so you can continue happily slinging
python code, you'll need to first make sure you have OpenSSL
installed. By default it is installed from source at: /usr/local/ssl

If that directory doesn't exist, then grab the source package.

Do the standard:

tar zxf openssl-0.9.8g.tar.gz
cd openssl-0.9.8g
./config
make
make install

Then grab the python sources for 2.5.1 and: tar zxf Python-2.5.1.tgz
&& cd Python-2.5.1

Then you need to edit the Modules/Setup.dist:

204:# Socket module helper for SSL support; you must comment out the other
205:# socket line above, and possibly edit the SSL variable:
206:SSL=/usr/local/ssl
207:_ssl _ssl.c \
208:    -DUSE_SSL -I$(SSL)/include -I$(SSL)/include/openssl \
209:    -L$(SSL)/lib -lssl -lcrypto

If you installed OpenSSL in the default locations you can just
uncomment lines 206-209, then:

./configure
make
make install

Then verify your installation with:

python /usr/local/lib/python2.5/test/test_socket_ssl.py
test_rude_shutdown ...
test_basic ...
test_timeout ...

Make sure the changes to Modules/Setup.dist get picked up by cleaning the source root (e.g. make distclean) and run configure and make again.

How do I compile Python 3.4 with custom OpenSSL?

I managed to figure it out after a lot of hair-pulling. It was a bunch of environment variables... I think I might have done a little overkill, but this basically worked:

# OpenSSL 1.0.1g
./config shared --prefix=/my/path --openssldir=/my/path/openssl
make
make install

# Python 3.4
export LDFLAGS="-L/my/path/lib/ -L/my/path/lib64/"
export LD_LIBRARY_PATH="/my/path/lib/:/my/path/lib64/"
export CPPFLAGS="-I/my/path/include -I/my/path/include/openssl"
./configure --prefix=/my/path/
make
make install

Compile Python 3.6 statically with OpenSSL

I'm trying to compile Python 3.6 on Linux statically with OpenSSL.

...

# Socket module helper for SSL support; you must comment out the other
# socket line above, and possibly edit the SSL variable:
SSL=/usr/local/ssl
_ssl _ssl.c \
 -DUSE_SSL -I$(SSL)/include -I$(SSL)/include/openssl \
 -L$(SSL)/lib -lssl -lcrypto

Change -lssl and -lcrypto to -l:libssl.a and -l:libcrypto.a:

SSL=/usr/local/ssl
_ssl _ssl.c \
  -DUSE_SSL -I$(SSL)/include -I$(SSL)/include/openssl \
  -L$(SSL)/lib -l:libssl.a -l:libcrypto.a

You can also use the full path to the archive:

SSL=/usr/local/ssl
_ssl _ssl.c \
  -DUSE_SSL -I$(SSL)/include -I$(SSL)/include/openssl \
  $(SSL)/lib/libssl.a $(SSL)/lib/libcrypto.a

Archives (*.a) are just a collection of object files (*.o), so you can use an archive wherever you use an object file.

Also see -l:filename in the ld(2) man page:

--library=namespec

Add the archive or object file specified by namespec to the list of
files to link. This option may be used any number of times. If
namespec is of the form :filename, ld will search the library path for
a file called filename, otherwise it will search the library path for
a file called libnamespec.a.

If you have other components in /usr/local you are using, then you might want to add -L/usr/local/lib -Wl,-R,/usr/local/lib -Wl,--enable-new-dtags to your LDFLAGS. The new-dtags embeds a RUNPATH (as opposed to RPATH) in the ELF headers. RUNPATH can be overridden with LD_LIBRARY_PATH.

I get a compiled binary, but it isn't statically linked to OpenSSL.

The way to check is to use ldd with the paths you use at runtime. For example, here is from a local OpenSSL build on Fedora:

$ ldd /usr/local/bin/openssl
    linux-vdso.so.1 (0x00007fff3cde6000)
    libssl.so.1.0.0 => /usr/local/lib64/libssl.so.1.0.0 (0x00007f043dc4e000)
    libcrypto.so.1.0.0 => /usr/local/lib64/libcrypto.so.1.0.0 (0x00007f043d9df000)
    libdl.so.2 => /lib64/libdl.so.2 (0x00007f043d9c0000)
    libc.so.6 => /lib64/libc.so.6 (0x00007f043d7fa000)
    /lib64/ld-linux-x86-64.so.2 (0x00007f043dcc0000)

Here are a couple of related questions, but it does not look like they cover static linking with Python.

  • Building Python with SSL support in non-standard location
  • How do I compile Python 3.4 with custom OpenSSL?

And to be clear, config.log has the error but you did not show the relevant portion from it:

checking whether the C compiler works... no
configure: error: in `/task/cpython':
configure: error: C compiler cannot create executables
See `config.log' for more details

Static OpenSSL may (or may not) fix the problem.

how to include ssl with python build on MacOS

Just open setup.py and find method detect_modules(). It has some lines like (2.7.11 for me):

    # Detect SSL support for the socket module (via _ssl)
    search_for_ssl_incs_in = [
                          '/usr/local/ssl/include',
                          '/usr/contrib/ssl/include/'
                         ]
    ssl_incs = find_file('openssl/ssl.h', inc_dirs,
                         search_for_ssl_incs_in
                         )
    if ssl_incs is not None:
        krb5_h = find_file('krb5.h', inc_dirs,
                           ['/usr/kerberos/include'])
        if krb5_h:
            ssl_incs += krb5_h
    ssl_libs = find_library_file(self.compiler, 'ssl',lib_dirs,
                                 ['/usr/local/ssl/lib',
                                  '/usr/contrib/ssl/lib/'
                                 ] )

    if (ssl_incs is not None and
        ssl_libs is not None):
        exts.append( Extension('_ssl', ['_ssl.c'],
                               include_dirs = ssl_incs,
                               library_dirs = ssl_libs,
                               libraries = ['ssl', 'crypto'],
                               depends = ['socketmodule.h']), )
    else:
        missing.append('_ssl')

So it seems that you need SSL and Kerberos. Kerberos comes installed with Mac. So You need to install openssl. You can do it with brew:

brew install openssl

openssl headers could be installed in a path different than Python will search. So issue

locate ssl.h

and add the path to search_for_ssl_incs_in. For example for me it is:

/usr/local/Cellar/openssl/1.0.2d_1/include/openssl/ssl.h

So I should add /usr/local/Cellar/openssl/1.0.2d_1/include/ to search_for_ssl_incs_in.

Don't forget that these are for Python 2.7.11. But the process should be same.

Hope that helps.


Related Topics

Is Python's Sorted() Function Guaranteed to Be Stable

Check If Any Alert Exists Using Selenium with Python

How to Build a Recursive Function in Python

Scrapy Crawl Urls in Order

Does Python Optimize Modules When They Are Imported Multiple Times

Expire a View-Cache in Django

What Is the Performance Impact of Non-Unique Indexes in Pandas

Find All Combinations of a List of Numbers with a Given Sum

Stream Large Binary Files with Urllib2 to File

What's the Best Way to Return Multiple Values from a Function

Splitting a String into Words and Punctuation

Handling Backreferences to Capturing Groups in Re.Sub Replacement Pattern

How to Copy a Class

How to Capture Multiple Camera Streams with Opencv

Dll Load Failed Error When Importing Cv2

Pandas Column Access W/Column Names Containing Spaces

How to Map Numeric Data into Categories/Bins in Pandas Dataframe

Tkinter Adding Line Number to Text Widget


Leave a reply



Submit