Is there any option to dynamically link OpenSSL while building? I see an option -with-openssl while configuring, does it link dynamically?
Yes its dynamic linked.
your developer tools will confirm this for you.
Thank you Barry. I have a question, my custom openssl directory had only libssl.a and libcrypto.a files and no .so files. however this option still picked those archives, so is this behavior by default? also what if we had both .so and .a files which would this option pick? In order to only link dynamically do I need to put only .so files in my dir?
What problem are you trying to solve?
You want to build python with a newer openssl?
Are you on a linux system that does not offer the latest python and openssl?
Currently we link OpenSSL statically, we want to move towards dynamic linking. Yes I am trying to link newer version of OpenSSL. But I am on a custom OS so it’s like a wrapper on top of linux. Our directory structure is not exactly like that of linux as these are legacy systems so I wanted to dynamically link OpenSSL instead of statically doing it. Initially I used —with-openssl with only .a files which worked but my doubt is if I have .a and .so files of same openssl version in same folder which will it pick first? Also for dynamic linking do I need to keep only .so in my folder.
checking for openssl/ssl.h in /usr/local… yes
checking whether compiling and linking against OpenSSL works… yes
checking for --with-openssl-rpath… /home/openssldir/lib
checking whether OpenSSL provides required ssl module APIs… no
checking whether OpenSSL provides required hashlib module APIs… no
I have tried to --with-openssl-rpath option as well. to set some context, the openssl in /usr/local is outdated, so I have only added libcrypto.so and libssl.so files to /home/openssldir/lib(these two are the only files present there). do I need to do this differently? do I need to keep openssl source directory in my /home/openssldir/lib?
what I am trying to achieve is whenever we build new openssl, we want to use the new dynamic libraries by just placing new libssl.so and libcrypto.so in appropriate folders(/home/openssldir/lib in my case) without having to recompile python again. Is there a specific directory structure that I need to maintain? ex: do I need to maintain a openssl(which contains all the header files like ssl.h) directory in my /home/openssldir/lib directory or just replacing the .so files is enough to get the job done?
The fedora builds of the ssl module do exactly that.
You could look at there spec file for python and see how they do it.
The .spec file sources are in this repo: Overview - rpms/python3.11 - src.fedoraproject.org
Or you could read the python build sources to see what it expects.
To maintain your OS and App you need to know how this stuff works and be willing to read the sources of the packages, especically in this case how they are built.
Thank you Barry.
The following worked for me,
First create a directory structure such that it has lib and include folders, lib should contain your dll’s and include should contain header files, place this in some folder say openssl, so you dir looks somewhat like this,
openssl-
|->include
|->lib
while building python set ld flags to include lib directory as follows,
path-to-openssl should be replaced by your openssl path,
LDFLAGS = "-L/path-to-openssl/openssl/lib"
then set CPPFLAGS to your include directory,
CPPFLAGS="-I/path-to-openssl/openssl/include"
then you need to set the linker to not to look for standard locations for openssl dll’s first and look for your location first, use -Wl,-rpath option to linker,
then your dynamical linking should be done, next time when you want to update openssl, just include new dll’s in lib folder and new header files in include folder.
Hi Zuhaib,
How did you find the dll and header files to the new directory. you have created.
Have installed pip packages after that.
I need help for Dynamic Linking of openssl 3.0.7 with Python 3.10.10 in FIPS mode
Note this topic is about building for a unix like system bot windows.
Suggest you start a new topic.