DEVHIDE
Login Or Sign up

Issues with building Python 3.9.2 from source with OpenSSL 3.0.8

287 Views Asked by At

I have been trying to build FIPS version of Python 3.9.2. on debian. I have gathered that FIPS certified version of OpenSSL is required and chose 3.0.8 as OpenSSL 1 has reached EOL. I have updated openssl to this version by building from source in order to configure it to build fips module as well. Afterwards I have tried building python from source but ran into an issue during make:

*** WARNING: renaming "_ssl" since importing it failed: build/lib.linux-x86_64-3.9/_ssl.cpython-39-x86_64-linux-gnu.so: undefined symbol: SSL_get1_peer_certificate
*** WARNING: renaming "_hashlib" since importing it failed: build/lib.linux-x86_64-3.9/_hashlib.cpython-39-x86_64-linux-gnu.so: undefined symbol: EVP_MD_get_type

Python build finished successfully!
The necessary bits to build these optional modules were not found:
_dbm                  _gdbm                                    
To find the necessary bits, look in setup.py in detect_modules() for the module's name.


The following modules found by detect_modules() in setup.py, have been
built by the Makefile instead, as configured by the Setup files:
_abc                  atexit                pwd                
time                                                           


Following modules built successfully but were removed because they could not be imported:
_hashlib              _ssl                                     


Could not build the ssl module!
Python requires an OpenSSL 1.0.2 or 1.1 compatible libssl with X509_VERIFY_PARAM_set1_host().
LibreSSL 2.6.4 and earlier do not provide the necessary APIs, https://github.com/libressl-portable/portable/issues/381

I have built OpenSSL 3.0.8 from source:

./Configure enable-fips
make
make install

Afterwards I ran into an issue with openssl version not returning correct version so I've ran ldconfig /usr/local/lib64 which resolved an issue and openssl version now correctly returns OpenSSL 3.0.8 7 Feb 2023 (Library: OpenSSL 3.0.8 7 Feb 2023)

Install location of openssl is in /usr/local/ssl

Then I download python source code and ran:

./configure --enable-optimizations
make

That's when I run into the issue described above. Continuing with installation make install will build python, but it's unable to import ssl:

>>> import ssl
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/lib/python3.9/ssl.py", line 98, in <module>
    import _ssl             # if we can't import it, let the error propagate
ModuleNotFoundError: No module named '_ssl'

I have tried configuring the build with --with-openssl flag as is described in https://docs.python.org/3/using/unix.html?highlight=openssl#custom-openssl but this has not fixed the issue.

Running echo $LD_LIBRARY_PATH returns nothing.

python ssl openssl python-3.9 fips
Original Q&A
0

There are 0 best solutions below

Related Questions in PYTHON

Related Questions in SSL

Related Questions in OPENSSL

Related Questions in PYTHON-3.9

Related Questions in FIPS

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs

Popular Questions

.

Copyright © 2021 Jogjafile Inc.