在FreeBSD上使用旧python版本(2.7.3)的SSL
[英]SSL with old python version (2.7.3) on FreeBSD
问题描述
I installed an old version of Python (2.7.3) from source into a directory (not as the system's default python) to be able to occasionally run an old application. 
我从源代码安装了旧版本的Python(2.7.3)到目录(不是系统的默认python)中,以便偶尔运行旧的应用程序。 I'd like to configure this environment with pip or easy_install, this doesn't work though as SSL is required and I can't build this version with ssl. 我想使用pip或easy_install配置此环境,但是由于需要SSL并且我无法使用ssl构建此版本,因此无法使用。 The build works but I get the message 构建工作,但我得到消息
Failed to build these modules:
_ctypes _hashlib _ssl
OpenSSL is installed (it's a FreeBSD machine). 已安装OpenSSL(它是FreeBSD机器)。 Building Python 2.7.15 from source works and these modules get installed. 从源代码构建Python 2.7.15,并安装了这些模块。
My guess is that 2.7.3 might need an older version of OpenSSL (I have 1.1.1a-freebsd installed). 我的猜测是2.7.3可能需要旧版本的OpenSSL(我安装了1.1.1a-freebsd)。
How can I build this Python version with SSL enabled? 如何在启用SSL的情况下构建此Python版本? (I managed to install setuptools but I cannot use them without SSL) (我设法安装了setuptools,但没有SSL我将无法使用它们)
2 个解决方案
解决方案1
1 2019-04-12 18:29:10
Patches for Python 2.7 to build with newer OpenSSL: 使用更新的OpenSSL构建的Python 2.7修补程序:
--- Modules/_ssl.c.orig 2018-03-05 01:25:37.803984781 +0300
+++ Modules/_ssl.c 2018-03-05 01:25:04.499198913 +0300
@@ -300,8 +300,10 @@
PySSL_BEGIN_ALLOW_THREADS
if (proto_version == PY_SSL_VERSION_TLS1)
self->ctx = SSL_CTX_new(TLSv1_method()); /* Set up context */
+#ifndef OPENSSL_NO_SSL3
else if (proto_version == PY_SSL_VERSION_SSL3)
self->ctx = SSL_CTX_new(SSLv3_method()); /* Set up context */
+#endif
#ifndef OPENSSL_NO_SSL2
else if (proto_version == PY_SSL_VERSION_SSL2)
self->ctx = SSL_CTX_new(SSLv2_method()); /* Set up context */
--- Lib/ssl.py.orig 2017-09-19 10:32:02.000000000 +0300
+++ Lib/ssl.py 2018-03-05 01:38:26.358119752 +0300
@@ -91,14 +91,13 @@
SSL_ERROR_INVALID_ERROR_CODE,
)
from _ssl import HAS_SNI, HAS_ECDH, HAS_NPN
-from _ssl import (PROTOCOL_SSLv3, PROTOCOL_SSLv23,
+from _ssl import (PROTOCOL_SSLv23,
PROTOCOL_TLSv1)
from _ssl import _OPENSSL_API_VERSION
_PROTOCOL_NAMES = {
PROTOCOL_TLSv1: "TLSv1",
PROTOCOL_SSLv23: "SSLv23",
- PROTOCOL_SSLv3: "SSLv3",
}
try:
from _ssl import PROTOCOL_SSLv2
@@ -664,7 +663,7 @@
d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)]
return base64.decodebytes(d.encode('ASCII', 'strict'))
-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None):
+def get_server_certificate(addr, ssl_version=PROTOCOL_TLSv1, ca_certs=None):
"""Retrieve the certificate from the server at the specified address,
and return it as a PEM-encoded string.
If 'ca_certs' is specified, validate the server cert against it.
I compiled Python 2.7.10 with OpenSSL 1.1.0j under Debian 9. 我在Debian 9下使用OpenSSL 1.1.0j编译了Python 2.7.10。
解决方案2
0 2019-04-12 06:58:42
Both python27 and python36 can be installed from the ports and packages (see below incl. the dependencies). python27和python36均可从端口和软件包安装(请参见下文,包括相关性)。 I think the problem comes from mixing pip with freebsd ports and packages. 我认为问题来自将pip与freebsd端口和软件包混合在一起。 Try clean installation and "pkg install python27 python36". 尝试全新安装和“ pkg install python27 python36”。
# pkg info | grep python
py27-asn1crypto-0.22.0 ASN.1 library with a focus on performance and a
pythonic API
py27-requests-toolbelt-0.8.0 Utility belt for advanced users of python-requests
py36-asn1crypto-0.22.0 ASN.1 library with a focus on performance and a
pythonic API
py36-requests-toolbelt-0.8.0 Utility belt for advanced users of python-requests
python27-2.7.16 Interpreted object-oriented programming language
python36-3.6.8_1 Interpreted object-oriented programming language
# pkg info -dx python27
python27-2.7.16:
openssl-1.0.2r,1
readline-7.0.5
libffi-3.2.1_3
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.