How do I compile Python 3.4 with custom OpenSSL?
Question:
I have my own OpenSSL installation in a non-standard location (/my/path for the sake of this example) and I want Python 3.4 to build against that when I compile it against source. What I tried is this (directories abbreviated)
CPPFLAGS="-I/my/path/include -I/my/path/include/openssl" ./configure --prefix=/my/path/
I also tried with C_INCLUDE_PATH and colon separated paths.
Then, I run make and get this:
building '_ssl' extension
gcc -pthread -fPIC -fno-strict-aliasing -DNDEBUG -g -fwrapv -O3 -Wall -Wstrict-prototypes -I./Include -I. -IInclude -I/my/path/include -I/my/path/include/openssl -I/usr/local/include -I/my/path/Python-3.4.0/Include -I/my/path/Python-3.4.0 -c /my/path/Python-3.4.0/Modules/_ssl.c -o build/temp.linux-x86_64-3.4/my/path/Python-3.4.0/Modules/_ssl.o
gcc -pthread -shared build/temp.linux-x86_64-3.4/my/path/Python-3.4.0/Modules/_ssl.o -L/my/path/lib -L/usr/local/lib -lssl -lcrypto -o build/lib.linux-x86_64-3.4/_ssl.cpython-34m.so
*** WARNING: renaming "_ssl" since importing it failed: build/lib.linux-x86_64-3.4/_ssl.cpython-34m.so: undefined symbol: SSL_get0_next_proto_negotiated
It’s looking for SSL_get0_next_proto_negotiated, but that’s most certainly defined:
$ grep SSL_get0_next_proto_negotiated /my/path/include/openssl/*
/my/path/include/openssl/ssl.h:void SSL_get0_next_proto_negotiated(const SSL *s,
I’m not sure what I’m doing wrong, any ideas?
Answers:
I managed to figure it out after a lot of hair-pulling. It was a bunch of environment variables… I think I might have done a little overkill, but this basically worked:
# OpenSSL 1.0.1g
./config shared --prefix=/my/path --openssldir=/my/path/openssl
make
make install
# Python 3.4
export LDFLAGS="-L/my/path/lib/ -L/my/path/lib64/"
export LD_LIBRARY_PATH="/my/path/lib/:/my/path/lib64/"
export CPPFLAGS="-I/my/path/include -I/my/path/include/openssl"
./configure --prefix=/my/path/
make
make install
This is how I solved it in 3.4. It is applicable for 2.7 and 3.4. The important is –with-ssl config argument in the ./configure:
wget https://www.python.org/ftp/python/3.4.3/Python-3.4.3.tgz
tar -xf Python-3.4.3.tgz
cd Python-3.4.3/
sudo yum install gcc
./configure --with-ssl
make && make install
# If you like to live dangerously since this will overwrite default python executable
make && make altinstall
# Safer because you access your new Python using python3.4
Thanks @ScottFrazer for his answer. Saved me a lot of troubles.
Here is a script I used in ubuntu to compile python with the latest openssl 1.0.2g.
# new openssl install
curl https://www.openssl.org/source/openssl-1.0.2g.tar.gz | tar xz && cd openssl-1.0.2g && ./config shared --prefix=/usr/local/ && make && make install
# Python install script
export LDFLAGS="-L/usr/local/lib/"
export LD_LIBRARY_PATH="/usr/local/lib/"
export CPPFLAGS="-I/usr/local/include -I/usr/local/include/openssl"
apt-get update
apt-get install build-essential checkinstall -y
apt-get install libreadline-gplv2-dev libncursesw5-dev libssl-dev libsqlite3-dev tk-dev libgdbm-dev libc6-dev libbz2-dev -y
cd /home/web/
wget https://www.python.org/ftp/python/2.7.11/Python-2.7.11.tgz | tar xzf Python-2.7.11.tgz && cd Python-2.7.11
./configure --prefix=/usr/local/
make altinstall
Notice, the install is an altinstall which means it will not override the default python on ubuntu. To verify the installation was successful:
/usr/local/bin/python2.7
>>> import ssl
>>> ssl.OPENSSL_VERSION
'OpenSSL 1.0.2g 1 Mar 2016'
I have my own OpenSSL installation in a non-standard location (/my/path for the sake of this example) and I want Python 3.4 to build against that when I compile it against source. What I tried is this (directories abbreviated)
CPPFLAGS="-I/my/path/include -I/my/path/include/openssl" ./configure --prefix=/my/path/
I also tried with C_INCLUDE_PATH and colon separated paths.
Then, I run make and get this:
building '_ssl' extension
gcc -pthread -fPIC -fno-strict-aliasing -DNDEBUG -g -fwrapv -O3 -Wall -Wstrict-prototypes -I./Include -I. -IInclude -I/my/path/include -I/my/path/include/openssl -I/usr/local/include -I/my/path/Python-3.4.0/Include -I/my/path/Python-3.4.0 -c /my/path/Python-3.4.0/Modules/_ssl.c -o build/temp.linux-x86_64-3.4/my/path/Python-3.4.0/Modules/_ssl.o
gcc -pthread -shared build/temp.linux-x86_64-3.4/my/path/Python-3.4.0/Modules/_ssl.o -L/my/path/lib -L/usr/local/lib -lssl -lcrypto -o build/lib.linux-x86_64-3.4/_ssl.cpython-34m.so
*** WARNING: renaming "_ssl" since importing it failed: build/lib.linux-x86_64-3.4/_ssl.cpython-34m.so: undefined symbol: SSL_get0_next_proto_negotiated
It’s looking for SSL_get0_next_proto_negotiated, but that’s most certainly defined:
$ grep SSL_get0_next_proto_negotiated /my/path/include/openssl/*
/my/path/include/openssl/ssl.h:void SSL_get0_next_proto_negotiated(const SSL *s,
I’m not sure what I’m doing wrong, any ideas?
I managed to figure it out after a lot of hair-pulling. It was a bunch of environment variables… I think I might have done a little overkill, but this basically worked:
# OpenSSL 1.0.1g
./config shared --prefix=/my/path --openssldir=/my/path/openssl
make
make install
# Python 3.4
export LDFLAGS="-L/my/path/lib/ -L/my/path/lib64/"
export LD_LIBRARY_PATH="/my/path/lib/:/my/path/lib64/"
export CPPFLAGS="-I/my/path/include -I/my/path/include/openssl"
./configure --prefix=/my/path/
make
make install
This is how I solved it in 3.4. It is applicable for 2.7 and 3.4. The important is –with-ssl config argument in the ./configure:
wget https://www.python.org/ftp/python/3.4.3/Python-3.4.3.tgz
tar -xf Python-3.4.3.tgz
cd Python-3.4.3/
sudo yum install gcc
./configure --with-ssl
make && make install
# If you like to live dangerously since this will overwrite default python executable
make && make altinstall
# Safer because you access your new Python using python3.4
Thanks @ScottFrazer for his answer. Saved me a lot of troubles.
Here is a script I used in ubuntu to compile python with the latest openssl 1.0.2g.
# new openssl install
curl https://www.openssl.org/source/openssl-1.0.2g.tar.gz | tar xz && cd openssl-1.0.2g && ./config shared --prefix=/usr/local/ && make && make install
# Python install script
export LDFLAGS="-L/usr/local/lib/"
export LD_LIBRARY_PATH="/usr/local/lib/"
export CPPFLAGS="-I/usr/local/include -I/usr/local/include/openssl"
apt-get update
apt-get install build-essential checkinstall -y
apt-get install libreadline-gplv2-dev libncursesw5-dev libssl-dev libsqlite3-dev tk-dev libgdbm-dev libc6-dev libbz2-dev -y
cd /home/web/
wget https://www.python.org/ftp/python/2.7.11/Python-2.7.11.tgz | tar xzf Python-2.7.11.tgz && cd Python-2.7.11
./configure --prefix=/usr/local/
make altinstall
Notice, the install is an altinstall which means it will not override the default python on ubuntu. To verify the installation was successful:
/usr/local/bin/python2.7
>>> import ssl
>>> ssl.OPENSSL_VERSION
'OpenSSL 1.0.2g 1 Mar 2016'