在python 2.7中更新openssl

Question

wondering if someone may please explain how openssl works in python2.7. I'm not sure if python got its own openssl or picks it up from local machine/env?

let me explain: (if I do this in Python)

>>> import ssl
>>> ssl.OPENSSL_VERSION
'OpenSSL 0.9.8x 10 May 2012'

(In terminal)

$ openssl version
OpenSSL 0.9.8x 10 May 2012
$ which openssl 
/usr/bin/openssl

now I updated openssl (downloaded .)

$ cd openssl-1.0.1c
$ ./Configure darwin64-x86_64-cc --prefix=/usr --openssldir=/opt/local/etc/openssl shared
$ make
$ sudo make install

this created separate director(as specified), so I copied it to the old path

cp -f /usr/local/ssl/bin/openssl /usr/bin/openssl

now in terminal openssl version has been updated but not from python!

$ openssl version
OpenSSL 1.0.1c 10 May 2012

I did noticed that .dylib is still pointing to old version, how can I change this?

$ ls -l /usr/lib/*ssl*
-rwxr-xr-x  1 root  wheel  411680 Jul 17  2012 /usr/lib/libssl.0.9.7.dylib
-rwxr-xr-x  1 root  wheel  602800 May 24 03:43 /usr/lib/libssl.0.9.8.dylib
-rwxr-xr-x  1 root  wheel  390908 Sep  9 17:37 /usr/lib/libssl.1.0.0.dylib
lrwxr-xr-x  1 root  wheel      18 Jul 17  2012 /usr/lib/libssl.dylib -> libssl.0.9.8.dylib

Update : I changed the link still got old version at python.

$ ls -l /usr/lib/*ssl*
-rwxr-xr-x  1 root  wheel  411680 Jul 17  2012 /usr/lib/libssl.0.9.7.dylib
-rwxr-xr-x  1 root  wheel  602800 May 24 03:43 /usr/lib/libssl.0.9.8.dylib
-rwxr-xr-x  1 root  wheel  390908 Sep  9 17:37 /usr/lib/libssl.1.0.0.dylib
lrwxr-xr-x  1 root  wheel      18 Sep 11 15:47 /usr/lib/libssl.dylib -> libssl.1.0.0.dylib

Answer 1

Please refer to http://rkulla.blogspot.kr/2014/03/the-path-to-homebrew.html

After upgrading openssl to 1.0.1j by homebrew on MAC, but system python still referred to old version 0.9.8. It turned out the python referred to openssl. So I have installed new python with brewed openssl and finished this issue on Mac, not yet Ubuntu.

On Mac OS X version 10.10 and system python version 2.7.6, my procedure is as follows:

$ brew update

$ brew install openssl

Then you can see openssl version 1.0.1j.

$ brew link openssl --force 

$ brew install python --with-brewed-openssl    

You have to install new python with brewed openssl. Then, you can see /usr/local/Cellar/python/2.7.8_2/bin/python.

$ sudo ln -s /usr/local/Cellar/python/2.7.8_2/bin/python /usr/local/bin/python

Of course, /usr/local/* should be owned by $USER, not root, which is told by Ryan, but I used 'sudo'. And, before this instruction, I didn't have /usr/local/bin/python. After this instruction, you can use python version 2.7.8 not 2.7.6.

Finally, you can see as belows;

$ python --version  
Python 2.7.8

$ python -c "import ssl; print ssl.OPENSSL_VERSION"
OpenSSL 1.0.1j 15 Oct 2014

Till now, I'm working on it on Ubuntu 12.04. If I have a solution for Ubuntu 12.04, then I will update my answer. I hope this procedure help you.

Answer 2

Outdated SSL is a common issue on multiple platforms:

Here's the general approach...

0. Install OpenSSL

• Option I: Install system packages of side-by-side OpenSSL 1.x libs (-dev or -devel) packages.

   # FreeBSD pkg install openssl OPENSSL_ROOT=/usr/local # Mac (brew) brew install openssl # DO NOT DO ANY WEIRD SYMLINK HACKS, ITS KEG-ONLY FOR A REASON! OPENSSL_ROOT="$(brew --prefix openssl)" 

• Option II: Install OpenSSL from source to a temporary directory

   OPENSSL_ROOT="$HOME/.build/openssl-1.0.1e" curl http://www.openssl.org/source/openssl-1.0.1e.tar.gz | tar zxvf - cd openssl-1.0.1e mkdir -p "$OPENSSL_ROOT" ./config no-hw --prefix="$OPENSSL_ROOT" --openssldir=... # osx (instead of previous line): ./Configure darwin64-x86_64-cc no-hw --prefix="$OPENSSL_ROOT" --openssldir=... make install cd .. rm -rf openssl-1.0.1e 

1. Building Python from source

• Option A : Use pyenv :

   export CONFIGURE_OPTS="CPPFLAGS=-I"$OPENSSL_ROOT"/include LDFLAGS=-L"$OPENSSL_ROOT"/lib [your other options here]" pyenv install 2.7.6 

• Option B : Install Python from source

   ./configure CPPFLAGS="-I$OPENSSL_ROOT/include" LDFLAGS="-L$OPENSSL_ROOT/lib" [your other options here]` make # ... # if compiled openssl was used, it can be safely deleted because python's module ssl links openssl statically. 

Example: FreeBSD 9.2 (skipping make install for demo purposes)

pkg install openssl curl gmake gdbm sqlite3 readline ncurses
OPENSSL_ROOT=/usr/local
curl http://www.python.org/ftp/python/2.7.6/Python-2.7.6.tar.xz | tar jxvf -
cd Python-2.7.6
./configure CPPFLAGS="-I$OPENSSL_ROOT/include" LDFLAGS="-L$OPENSSL_ROOT/lib" [your other options here]
make
./python -c 'import ssl; print(ssl.OPENSSL_VERSION)' # osx: ./python.exe ...
# prints: OpenSSL 1.0.1e 11 Feb 2013

Afterwards, temporary openssl libraries are no longer needed b/c the ssl modele with openssl statically into the python executable (verify using otool or readelf ).

Answer 3

This could be because of an outdated version of Python.

After running python -c "import ssl; print ssl.OPENSSL_VERSION" on Python 2.7.1, I saw that I had this outdated version: OpenSSL 0.9.7l 28 Sep 2006 .

It seems as though my version of Python depended on a deprecated version of OpenSSL, as indicated by this forum :

For the upcoming Python 2.7.9 release (planned for early December), I intend to have the Pythons in the python.org OS X installers use their own versions of OpenSSL and thus no longer depend on the now-deprecated system OpenSSL.

I updated to Python 2.7.9 and the issue was immediately fixed. Now, after running python -c "import ssl; print ssl.OPENSSL_VERSION" , I get OpenSSL 0.9.8za 5 Jun 2014 .

Answer 4

The following worked for me. I was already able to update OpenSSL from 0.9.8zh to a 1.0.2o version, but python never accessed the newer version until found this suggestion to use pyenv to reinstall python (with 2.7.10, the version I wanted).

brew update
brew install pyenv

echo 'eval "$(pyenv init -)"' >> .bashrc
source .bashrc

pyenv install 2.7.10
pyenv global 2.7.10

and then to check...

python --version
Python 2.7.10

python -c 'import ssl; print ssl.OPENSSL_VERSION'
OpenSSL 1.0.2o  27 Mar 2018

I did have to reinstall python packages of course.

Source: https://github.com/ianunruh/hvac/issues/75

Answer 5

I think python has recognized that this is an issue: https://www.python.org/downloads/release/python-2715/

Note

Attention macOS users: as of 2.7.15, all python.org macOS installers ship with a builtin copy of OpenSSL. Additionally, there is a new additional installer variant for macOS 10.9+ that includes a built-in version of Tcl/Tk 8.6. See the installer README for more information.

Simply installing 2.7.15 fixed my OpenSSL issues.

Answer 6

SOLVED NO HACKS, none of the above worked for me. I ended up taking a simpler and uncomplicated approach....

1. Install python 2.7.13 from the official site, it actually installs as the default python, automatically upgrading the old python system wide ( yes! ).

https://www.python.org/downloads/mac-osx/

2. Upgrade openssl after the python install. Updating it for system python ( yes! ).

sudo pip install --upgrade pyOpenSSL

3. You will have to re-install all your python modules ( because you replaced python ), I strongly recommend using pip. After a few minutes of pip installs my default OSX python was upgraded, I had openssl upgraded, and I had all my modules ( including django running ).