Issue 33127: Python 2.7.14 won't build ssl module with Libressl 2.7.0 (original) (raw)

Issue33127

Created on 2018-03-23 19:01 by chdiza, last changed 2022-04-11 14:58 by admin. This issue is now closed.

Pull Requests
URL Status Linked Edit
PR 6210 merged christian.heimes,2018-03-24 14:14
PR 6213 merged miss-islington,2018-03-24 14:41
PR 6214 merged christian.heimes,2018-03-24 14:53
PR 6215 merged christian.heimes,2018-03-24 15:01
PR 10991 closed python-dev,2018-12-06 12:30
PR 10994 merged python-dev,2018-12-06 15:37
Messages (12)
msg314320 - (view) Author: Charles (chdiza) Date: 2018-03-23 19:01
On macOS I could build python 2.7.14 with libressl 2.6.4 without any problems. If I try to build that same version of python with libressl 2.7.0, I get the failure pasted in below. /Users/chdiza/.tmp/tmpdir/python27-20180323-74284-f2auy2/Python-2.7.14/Modules/_ssl.c:141:12: error: static declaration of 'X509_NAME_ENTRY_set' follows non-static declaration static int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne) ^ /usr/local/ssl/include/openssl/x509.h:1139:6: note: previous declaration is here int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne); ^ /Users/chdiza/.tmp/tmpdir/python27-20180323-74284-f2auy2/Python-2.7.14/Modules/_ssl.c:153:25: error: static declaration of 'SSL_CTX_get_default_passwd_cb' follows non-static declaration static pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx) ^ /usr/local/ssl/include/openssl/ssl.h:1368:18: note: previous declaration is here pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx); ^ /Users/chdiza/.tmp/tmpdir/python27-20180323-74284-f2auy2/Python-2.7.14/Modules/_ssl.c:158:14: error: static declaration of 'SSL_CTX_get_default_passwd_cb_userdata' follows non-static declaration static void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx) ^ /usr/local/ssl/include/openssl/ssl.h:1370:7: note: previous declaration is here void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx); ^ /Users/chdiza/.tmp/tmpdir/python27-20180323-74284-f2auy2/Python-2.7.14/Modules/_ssl.c:163:12: error: static declaration of 'X509_OBJECT_get_type' follows non-static declaration static int X509_OBJECT_get_type(X509_OBJECT *x) ^ /usr/local/ssl/include/openssl/x509_vfy.h:428:5: note: previous declaration is here int X509_OBJECT_get_type(const X509_OBJECT *a); ^ /Users/chdiza/.tmp/tmpdir/python27-20180323-74284-f2auy2/Python-2.7.14/Modules/_ssl.c:168:14: error: static declaration of 'X509_OBJECT_get0_X509' follows non-static declaration static X509 *X509_OBJECT_get0_X509(X509_OBJECT *x) ^ /usr/local/ssl/include/openssl/x509_vfy.h:430:7: note: previous declaration is here X509 *X509_OBJECT_get0_X509(const X509_OBJECT *xo); ^ /Users/chdiza/.tmp/tmpdir/python27-20180323-74284-f2auy2/Python-2.7.14/Modules/_ssl.c:173:31: error: static declaration of 'X509_STORE_get0_objects' follows non-static declaration static STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *store) { ^ /usr/local/ssl/include/openssl/x509_vfy.h:438:24: note: previous declaration is here STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *xs); ^ /Users/chdiza/.tmp/tmpdir/python27-20180323-74284-f2auy2/Python-2.7.14/Modules/_ssl.c:177:27: error: static declaration of 'X509_STORE_get0_param' follows non-static declaration static X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *store) ^ /usr/local/ssl/include/openssl/x509_vfy.h:450:20: note: previous declaration is here X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx); ^ 7 errors generated.
msg314321 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2018-03-23 19:54
Thanks for the report. LibreSSL 2.7 introduced OpenSSL 1.1 API methods. I already know about the issue and have a pending fix for it on my disk. I'll push it as soon as 2.7.1 is out. 2.7.0 is a beta release. The latest stable is 2.6.4.
msg314323 - (view) Author: Charles (chdiza) Date: 2018-03-23 20:27
I'm not sure it's a beta release. I think they just forgot to update on their homepage what the latest stable is. Nothing on the releases page or the release notes says it's a beta.
msg314326 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2018-03-23 20:40
The homepage is correct. The last stable release is 2.6.4. I know this first hand from a LibreSSL developer.
msg314369 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2018-03-24 14:41
New changeset 4ca0739c9d97ac7cd45499e0d31be68dc659d0e1 by Christian Heimes in branch 'master': bpo-33127: Compatibility patch for LibreSSL 2.7.0 (GH-6210) https://github.com/python/cpython/commit/4ca0739c9d97ac7cd45499e0d31be68dc659d0e1
msg314376 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2018-03-24 17:37
New changeset 42bd62bc87a52538c0fc2134b76df316f30997da by Christian Heimes (Miss Islington (bot)) in branch '3.7': [3.7] bpo-33127: Compatibility patch for LibreSSL 2.7.0 (GH-6210) (GH-6213) https://github.com/python/cpython/commit/42bd62bc87a52538c0fc2134b76df316f30997da
msg314377 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2018-03-24 17:38
New changeset f5befbb0d1526f18eb2b24eabb48c3b761c624a2 by Christian Heimes in branch '3.6': [3.6] bpo-33127: Compatibility patch for LibreSSL 2.7.0 (GH-6210) (GH-6214) https://github.com/python/cpython/commit/f5befbb0d1526f18eb2b24eabb48c3b761c624a2
msg314379 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2018-03-24 18:34
New changeset edd541897b9c28ee0d0f0131746aa5f19665a104 by Christian Heimes in branch '2.7': [2.7] bpo-33127: Compatibility patch for LibreSSL 2.7.0 (GH-6210) (GH-6215) https://github.com/python/cpython/commit/edd541897b9c28ee0d0f0131746aa5f19665a104
msg314380 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2018-03-24 18:40
I have fixed Python 2.7, 3.6, 3.7, and master branch. Thanks for the report!
msg314392 - (view) Author: Charles (chdiza) Date: 2018-03-25 02:41
FYI, the 'cryptography' package from pypi no longer builds after this fix. (I applied the patch to the 2.7.14 source code tarball.) I don't know if that's because of the fix, or because LibreSSL 2.7.X broke 'cryptography' too: clang -fno-strict-aliasing -g -O2 -DNDEBUG -g -fwrapv -O3 -Wall -Wstrict-prototypes -I/opt/slangs/py/include/python2.7 -c build/temp.macosx-10.13-x86_64-2.7/_openssl.c -o build/temp.macosx-10.13-x86_64-2.7/build/temp.macosx-10.13-x86_64-2.7/_openssl.o -Wconversion -Wno-error=sign-conversion build/temp.macosx-10.13-x86_64-2.7/_openssl.c:493:10: fatal error: 'openssl/opensslv.h' file not found #include <openssl/opensslv.h> ^~~~~~~~~~~~~~~~~~~~ 1 error generated. error: command 'clang' failed with exit status 1
msg314399 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2018-03-25 08:58
It's unrelated. PyCA Cryptography doesn't support LibreSSL 2.7 yet, see https://github.com/pyca/cryptography/pull/4168
msg336899 - (view) Author: Larry Hastings (larry) * (Python committer) Date: 2019-03-01 07:36
New changeset 56f8783e3e32ddc0cb84a96711e3861aea9895ac by larryhastings (Alex Viscreanu) in branch '3.5': [3.5] bpo-33127: Compatibility patch for LibreSSL 2.7.0 (GH-6210) (#10994) https://github.com/python/cpython/commit/56f8783e3e32ddc0cb84a96711e3861aea9895ac
History
Date User Action Args
2022-04-11 14:58:58 admin set github: 77308
2019-03-01 07:36:04 larry set nosy: + larrymessages: +
2018-12-06 15:37:46 python-dev set pull_requests: + <pull%5Frequest10235>
2018-12-06 12:30:52 python-dev set pull_requests: + <pull%5Frequest10231>
2018-03-25 08:58:24 christian.heimes set messages: +
2018-03-25 02:41:55 chdiza set messages: +
2018-03-24 18:40:28 christian.heimes set status: open -> closedresolution: fixedmessages: + stage: patch review -> resolved
2018-03-24 18:34:18 christian.heimes set messages: +
2018-03-24 17:38:16 christian.heimes set messages: +
2018-03-24 17:37:56 christian.heimes set messages: +
2018-03-24 15:01:37 christian.heimes set pull_requests: + <pull%5Frequest5960>
2018-03-24 14:53:27 christian.heimes set pull_requests: + <pull%5Frequest5959>
2018-03-24 14:41:47 miss-islington set pull_requests: + <pull%5Frequest5958>
2018-03-24 14:41:39 christian.heimes set messages: +
2018-03-24 14:14:27 christian.heimes set keywords: + patchstage: patch reviewpull_requests: + <pull%5Frequest5955>
2018-03-23 20:40:00 christian.heimes set messages: +
2018-03-23 20:27:25 chdiza set messages: +
2018-03-23 19:54:17 christian.heimes set messages: + versions: + Python 3.6, Python 3.7, Python 3.8
2018-03-23 19:01:38 chdiza create