Compiling CPython with a custom OpenSSL

A quick how-to


Overview

I recently went through a small amount of hassle trying to get Python 3.5 (dev) compiled with OpenSSL 1.0.2, which introduces support for ALPN. I figured it’d be a good idea to post a small how-to in the event someone else finds it useful (or more likely, I forget what I did).

This how-to is aimed at OSX users, but should be mostly transferrable to other supported platforms. At the time I ran through this exercise, homebrew didn’t yet have OpenSSL 1.0.2 available yet. Therefore, this how-to builds OpenSSL from source. Since I went through this, homebrew have added support for it, so you should be able to swap out all OpenSSL repo cloning and compiling steps in favor of the super easy

brew install openssl

OpenSSL

Clone the OpenSSL repo:

git clone git@github.com:openssl/openssl.git
git checkout OpenSSL_1_0_2

Configure and compile OpenSSL (the following Configure line is specific to 64 bit OSX):

./Configure darwin64-x86_64-cc enable-ec_nistp_64_gcc_128 no-ssl2 no-ssl3 no-comp --openssldir=/usr/local/ssl/macos-x86_64
make
make test
make install

CPython configuration

Open Modules/Setup and grep for “SSL=”, replace that with OpenSSL directory:

# Socket module helper for socket(2)
_socket socketmodule.c
# Socket module helper for SSL support; you must comment out the other
# socket line above, and possibly edit the SSL variable:
SSL=/usr/local/ssl/macos-x86_64
_ssl _ssl.c \
-DUSE_SSL -I$(SSL)/include -I$(SSL)/include/openssl \
-L$(SSL)/lib -lssl -lcrypto

Compile CPython:

./configure
make

Verify that you have the expected version of OpenSSL and that ALPN is enabled:

—- p/cpython » ./python
Python 3.5.0a0 (default:53e94a687570+, Jan 27 2015, 10:32:35)
[GCC 4.2.1 Compatible Apple LLVM 6.0 (clang-600.0.56)] on darwin
Type “help”, “copyright”, “credits” or “license” for more information.
>>> import ssl
>>> ssl.OPENSSL_VERSION
‘OpenSSL 1.0.2 22 Jan 2015'
>>> ssl.HAS_ALPN
True

Done.

One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.