Compiling Python 2.7.12 with non-system Openssl on Centos 5

Question

I'm currently trying to get Python 2.7.12 to compile with Openssl 1.0.2h on a Centos 5 host.

The reason for this is that I need Paramiko 2 to run on this host but that doesn't support the system provided OpenSSL version which is 0.9.8e-fips-rhel5 01 Jul 2008.

I've found some great hints and tips on here but it just doesn't seem to work. I'm now posting this in hope that someone will spot what I've done wrong/is missing.

For the OpenSSL setup I've done the following:

OPENSSL_ROOT="$HOME/.build/openssl-1.0.1e"
cd /tmp
curl http://www.openssl.org/source/openssl-1.0.2h.tar.gz | tar zxvf -
cd openssl-1.0.2.h
mkdir -p "$OPENSSL_ROOT"
./config no-hw --prefix="$OPENSSL_ROOT" --openssldir=...
make install

Then since I don't want to replace the system installed Python with 2.7.12 I've done the following:

First I added /usr/local/lib to /etc/ld.so.conf and ran ldconfig.

After that I've run:

cd /tmp
wget http://python.org/ftp/python/2.7.12/Python-2.7.12.tar.xz
tar xf Python-2.7.12.tar.xz
cd Python-2.7.12
./configure CPPFLAGS="-I$OPENSSL_ROOT/include"  LDFLAGS="-L$OPENSSL_ROOT/lib"  --prefix=/usr/local --enable-unicode=ucs4 --enable-shared
make && make altinstall

This is when I thought I'd have it compiled against the new version of OpenSSL but no, as you can see from the output here:

[root@an-host openssl-1.0.2h]# python2.7 -c "import ssl; print ssl.OPENSSL_VERSION"
OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008

And I'm sure that I'm running the newly compiled version since that is echoed here:

[root@an-host openssl-1.0.2h]# python2.7
Python 2.7.12 (default, Aug  1 2016, 11:46:42) 
[GCC 4.1.2 20080704 (Red Hat 4.1.2-55)] on linux2
Type "help", "copyright", "credits" or "license" for more information.

I have even gone as far as removing openssl-devel with Yum but it still doesn't seem to care/compile against 1.0.2h.

This is driving me slightly mad at the moment so any input/feedback/help is greatly appreciated.

Answer 1

I think I tried to copy too cute solutions and mix and match - tidied up and simplified a bit and got it to work in the end.

This is what I did this time:

Download and install OpenSSL

cd /tmp 
curl http://www.openssl.org/source/openssl-1.0.2h.tar.gz | tar zxvf - 
cd openssl-1.0.2.h 
./config shared --prefix=/usr/local/ 
make && make install

Set up some environment variables

export LDFLAGS="-L/usr/local/lib/"
export LD_LIBRARY_PATH="/usr/local/lib/"
export CPPFLAGS="-I/usr/local/include -I/usr/local/include/openssl"

Download and install Python 2.7.12

wget http://python.org/ftp/python/2.7.12/Python-2.7.12.tar.xz
tar xf Python-2.7.12.tar.xz
cd Python-2.7.12
./configure --prefix=/usr/local/ --enable-unicode=ucs4 --enable-shared
make && make altinstall

And now it works as expected, displaying the newer OpenSSL version.

[root@an-host Python-2.7.12]# python2.7
Python 2.7.12 (default, Aug  1 2016, 14:48:09) 
[GCC 4.1.2 20080704 (Red Hat 4.1.2-55)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import ssl
>>> print ssl.OPENSSL_VERSION
OpenSSL 1.0.2h  3 May 2016

However, it still didn't work as expected. :( Running the program I got the following error from Paramiko:

RuntimeError: You are linking against OpenSSL 0.9.8, which is no longer support by the OpenSSL project. You need to upgrade to a newer version of OpenSSL.

The solution I found was to uninstall and reinstall the Cryptography bits and pieces by running.

pip2.7 uninstall cryptography
pip2.7 install cryptography

After all that - it now works.