Install python ssl module on linux without recompiling
Solution 1
Is it possible to install the SSL module for python on a linux box that already has OpenSSL installed without recompiling python?
Yes. Python's setup.py
uses the following logic to detect OpenSSL:
search_for_ssl_incs_in = [
'/usr/local/ssl/include',
'/usr/contrib/ssl/include/'
]
ssl_incs = find_file('openssl/ssl.h', inc_dirs,
search_for_ssl_incs_in
ssl_libs = find_library_file(self.compiler, 'ssl',lib_dirs,
['/usr/local/ssl/lib',
'/usr/contrib/ssl/lib/'
] )
if (ssl_incs is not None and
ssl_libs is not None):
exts.append( Extension('_ssl', ['_ssl.c'],
include_dirs = ssl_incs,
library_dirs = ssl_libs,
libraries = ['ssl', 'crypto'],
depends = ['socketmodule.h']), )
The point is Python is not static linking against libssl
and libcrypto
. (Some static linking occurs with cctyes
, but nothing else).
Now, the bad thing is that the project uses system paths before your locally installed paths. For example, the project uses inc_dirs
(system) before search_for_ssl_incs_in
(local). (See more on this below).
After you run configure
, you will have a Modules/Setup
with the following lines commented out:
# Socket module helper for SSL support; you must comment out the other
# socket line above, and possibly edit the SSL variable:
#SSL=/usr/local/ssl
#_ssl _ssl.c \
# -DUSE_SSL -I$(SSL)/include -I$(SSL)/include/openssl \
# -L$(SSL)/lib -lssl -lcrypto
Again, no static linking. (And this assumes the previous version of Python uncommented those lines).
So you should be able to build a binary compatible version of OpenSSL and use LD_LIBRARY_PATH
or LD_PREOLAD
to ensure Python uses your updated version of OpenSSL.
OpenSSL 0.9.7 and 0.9.8 are binary compatible. OpenSSL 1.0.0, 1.0.1 and 1.0.2 are binary compatible. OpenSSL 0.9.8 and 1.0.0 are not binary compatible.
----------
Here's the problem with Python's setup placing system includes before local includes:
export CFLAGS="-I/usr/local/ssl/darwin/include"; export LDFLAGS="-L/usr/local/ssl/darwin/lib"
<edit Setup search_for_ssl_incs_in and search_for_ssl_incs_in>
./configure
<edit Modules/Setup>
make
...
/Users/jww/Python-3.4.2/Modules/_ssl.c:390:9: warning:
'ERR_peek_last_error' is deprecated [-Wdeprecated-declarations]
e = ERR_peek_last_error();
^
/usr/include/openssl/err.h:274:15: note: 'ERR_peek_last_error' declared here
unsigned long ERR_peek_last_error(void) DEPRECATED_IN_MAC_OS_X_VERSION_1...
^
/Users/jww/Python-3.4.2/Modules/_ssl.c:393:15: warning:
'SSL_get_error' is deprecated [-Wdeprecated-declarations]
err = SSL_get_error(obj->ssl, ret);
...
Python used the down level version 0.9.8 version of OpenSSL provided by Apple, and not my recent OpenSSL 1.0.1k. That's despite me (1) exporting them in CFLAGS
and LDFLAGS
; (2) editing Setup
; and (3) editing Modules/Setup
.
And I still have runtime path problems to contend with, so I'll need to use LD_PRELOAD_PATH
, DYNLIB_LIBRARY_PATH
, etc.
Solution 2
NOTE: Python >= 2.6 already has SSL support built-in, there's no need to install ssl
package.
Install package from pypi:
pip install ssl
If you're missing pip
command, install it for your distribution:
RedHat/Centos:
yum install python-pip
Debian/Ubuntu
apt-get install python-pip
Phalse
Updated on July 23, 2022Comments
-
Phalse almost 2 years
Is it possible to install the SSL module for python on a linux box that already has OpenSSL installed without recompiling python? I was hoping it would be as simple as copying over a few files and including them in the library path. Python version is 2.4.3. Thanks!
-
Phalse over 9 yearsThe ubuntu box I am using is not connected to the internet.
-
Phalse over 9 yearsDoesn't this require the source for python? I am trying to do this with no source. You may have explained that, but I misunderstood.
-
VT_Drew over 9 yearsCan you use a usb stick/external drive on the machine? If so just download the .tar.gz file to the usb stick on another machine (that can access the internet) then pop the usb stick into the ubuntu box and do "pip install /home/username/ssl-1.16.tar.gz". Obviously you need to replace /home/username with the path to the file.
-
Phalse over 9 yearspip is not installed on this version of linux, can you do something similar with yum?
-
Hassek about 8 yearsIt looks like there is no other way for python to use ssl without compiling it.
-
jww about 8 years@Hassek - yes and no. If you use a binary compatible OpenSSL 0.9.8, then No, there's no need to recompile Python. However, OpenSSL 0.9.8 is End-of-Life (EOL) and it lack most ECC and TLS 1.2, so you probably want to avoid it. OpenSSL 1.0.2 and 1.1.0 are the way to proceed, and in case, Yes, you must recompile Python. Its easy to recompile once you know where to look for the SSL bits (as shown above).
-
Beldar over 6 yearsThis is useless, this is what happens when you run
pip install ssl
pip is configured with locations that require TLS/SSL, however the ssl module in Python is not available.
Shocker...