如何使用自定义OpenSSL编译Python 3.4?
我在一个不常见的位置安装了自己的OpenSSL(为了方便,这里用/my/path来举例),我希望在编译Python 3.4的时候,让它使用这个OpenSSL。为此,我尝试了以下操作(目录名称简化了):
CPPFLAGS="-I/my/path/include -I/my/path/include/openssl" ./configure --prefix=/my/path/
我还尝试过使用C_INCLUDE_PATH和用冒号分隔的路径。
然后,我运行了make,结果出现了这个:
building '_ssl' extension
gcc -pthread -fPIC -fno-strict-aliasing -DNDEBUG -g -fwrapv -O3 -Wall -Wstrict-prototypes -I./Include -I. -IInclude -I/my/path/include -I/my/path/include/openssl -I/usr/local/include -I/my/path/Python-3.4.0/Include -I/my/path/Python-3.4.0 -c /my/path/Python-3.4.0/Modules/_ssl.c -o build/temp.linux-x86_64-3.4/my/path/Python-3.4.0/Modules/_ssl.o
gcc -pthread -shared build/temp.linux-x86_64-3.4/my/path/Python-3.4.0/Modules/_ssl.o -L/my/path/lib -L/usr/local/lib -lssl -lcrypto -o build/lib.linux-x86_64-3.4/_ssl.cpython-34m.so
*** WARNING: renaming "_ssl" since importing it failed: build/lib.linux-x86_64-3.4/_ssl.cpython-34m.so: undefined symbol: SSL_get0_next_proto_negotiated
它在寻找SSL_get0_next_proto_negotiated,但这个函数肯定是有定义的:
$ grep SSL_get0_next_proto_negotiated /my/path/include/openssl/*
/my/path/include/openssl/ssl.h:void SSL_get0_next_proto_negotiated(const SSL *s,
我不太确定自己哪里出错了,有什么建议吗?
3 个回答
5
这是我在3.4版本中解决这个问题的方法。这种方法也适用于2.7和3.4版本。关键在于在./configure命令中使用--with-ssl这个配置参数:
wget https://www.python.org/ftp/python/3.4.3/Python-3.4.3.tgz
tar -xf Python-3.4.3.tgz
cd Python-3.4.3/
sudo yum install gcc
./configure --with-ssl
make && make install
# If you like to live dangerously since this will overwrite default python executable
make && make altinstall
# Safer because you access your new Python using python3.4
17
感谢@ScottFrazer的回答,帮我省了很多麻烦。
这是我在ubuntu上用来编译最新版本的 openssl 1.0.2g 的脚本。
# new openssl install
curl https://www.openssl.org/source/openssl-1.0.2g.tar.gz | tar xz && cd openssl-1.0.2g && ./config shared --prefix=/usr/local/ && make && make install
# Python install script
export LDFLAGS="-L/usr/local/lib/"
export LD_LIBRARY_PATH="/usr/local/lib/"
export CPPFLAGS="-I/usr/local/include -I/usr/local/include/openssl"
apt-get update
apt-get install build-essential checkinstall -y
apt-get install libreadline-gplv2-dev libncursesw5-dev libssl-dev libsqlite3-dev tk-dev libgdbm-dev libc6-dev libbz2-dev -y
cd /home/web/
wget https://www.python.org/ftp/python/2.7.11/Python-2.7.11.tgz | tar xzf Python-2.7.11.tgz && cd Python-2.7.11
./configure --prefix=/usr/local/
make altinstall
请注意,这里的安装是 altinstall,这意味着它不会覆盖ubuntu上默认的python。要确认安装是否成功:
/usr/local/bin/python2.7
>>> import ssl
>>> ssl.OPENSSL_VERSION
'OpenSSL 1.0.2g 1 Mar 2016'
52
我花了很多时间才搞明白这个问题,真是让人抓狂。其实问题出在一些环境变量上……我觉得我可能做得有点过头了,但这个方法基本上是有效的:
# OpenSSL 1.0.1g
./config shared --prefix=/my/path --openssldir=/my/path/openssl
make
make install
# Python 3.4
export LDFLAGS="-L/my/path/lib/ -L/my/path/lib64/"
export LD_LIBRARY_PATH="/my/path/lib/:/my/path/lib64/"
export CPPFLAGS="-I/my/path/include -I/my/path/include/openssl"
./configure --prefix=/my/path/
make
make install