Compiling CPython with a custom OpenSSL
A quick how-to
I recently went through a small amount of hassle trying to get Python 3.5 (dev) compiled with OpenSSL 1.0.2, which introduces support for ALPN. I figured it’d be a good idea to post a small how-to in the event someone else finds it useful (or more likely, I forget what I did).
This how-to is aimed at OSX users, but should be mostly transferrable to other supported platforms. At the time I ran through this exercise, homebrew didn’t yet have OpenSSL 1.0.2 available yet. Therefore, this how-to builds OpenSSL from source. Since I went through this, homebrew have added support for it, so you should be able to swap out all OpenSSL repo cloning and compiling steps in favor of the super easy
brew install openssl
Clone the OpenSSL repo:
git clone email@example.com:openssl/openssl.git
git checkout OpenSSL_1_0_2
Configure and compile OpenSSL (the following Configure line is specific to 64 bit OSX):
./Configure darwin64-x86_64-cc enable-ec_nistp_64_gcc_128 no-ssl2 no-ssl3 no-comp --openssldir=/usr/local/ssl/macos-x86_64
Open Modules/Setup and grep for “SSL=”, replace that with OpenSSL directory:
# Socket module helper for socket(2)
# Socket module helper for SSL support; you must comment out the other
# socket line above, and possibly edit the SSL variable:
_ssl _ssl.c \
-DUSE_SSL -I$(SSL)/include -I$(SSL)/include/openssl \
-L$(SSL)/lib -lssl -lcrypto
Verify that you have the expected version of OpenSSL and that ALPN is enabled:
—- p/cpython » ./python
Python 3.5.0a0 (default:53e94a687570+, Jan 27 2015, 10:32:35)
[GCC 4.2.1 Compatible Apple LLVM 6.0 (clang-600.0.56)] on darwin
Type “help”, “copyright”, “credits” or “license” for more information.
>>> import ssl
‘OpenSSL 1.0.2 22 Jan 2015'