Monday, May 19, 2008

Compiling Python 2.5 with SSL support

If you compile Python 2.5.x from source, you need to jump through some hoops so that SSL support is enabled. Googling around, I found Patrick Altman's excellent blog post talking about this very issue.

In my case, I needed to enable SSL support for Python 2.5.2 on CentOS 5.1. I already had the openssl development libraries installed:

# yum list installed | grep ssl
mod_ssl.i386 1:2.2.3-11.el5_1.cento installed
openssl.i686 0.9.8b-8.3.el5_0.2 installed
openssl-devel.i386 0.9.8b-8.3.el5_0.2 installed

Here's what I did next, following Patrick's post:

1) edited Modules/Setup.dist from the Python 2.5.2 source distribution and made sure the correct lines were put back in (they were commented out by default):

_socket socketmodule.c

# Socket module helper for SSL support; you must comment out the other
# socket line above, and possibly edit the SSL variable:
#SSL=/usr/local/ssl
_ssl _ssl.c \
-DUSE_SSL -I$(SSL)/include -I$(SSL)/include/openssl \
-L$(SSL)/lib -lssl -lcrypto

2) ran ./configure; make; make install

3) verified that I can access socket.ssl:

# python2.5
Python 2.5.2 (r252:60911, May 19 2008, 14:23:27)
[GCC 4.1.2 20070626 (Red Hat 4.1.2-14)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import socket
>>> socket.ssl
function ssl at 0xb7ef410c>

That's it. Not sure why it's so non-intuitive though.

8 comments:

Anonymous said...

I found a way to check for SSL support in Python that is a little more intuitive than having the shell spit back the memory address of the ssl function.

After importing socket, call hasattr(socket, "ssl"). If you get a True response, SSL is enabled. (via Morlock HQ)

Anonymous said...

Can you give simple step by step on how to confirm python has ssl support?

Thank you

Anonymous said...

The detailed walk-thru is in the link in the comment above, or here: http://morlockhq.blogspot.com/2008/05/python-tip-checking-to-see-if-your.html

Anonymous said...

Hello all,

You can run the following to test SSL..

$ python /usr/lib/python2.x/test/test_socket_ssl.py

Output:

test_rude_shutdown ...
test_basic ...
test_timeout ...

Anonymous said...

Grig,
Thanks for the blog post, I had to follow these directions for the exact same clients qa box.

Chris

Anonymous said...

Grig,

Thanks for the post again! Same client, new box.

-Bribot

Grig Gheorghiu said...

On Ubuntu, one needs to install libssl-dev before configuring the Python source.

Dave said...

Worked like a charm on 2.7!

Modifying EC2 security groups via AWS Lambda functions

One task that comes up again and again is adding, removing or updating source CIDR blocks in various security groups in an EC2 infrastructur...