Dynamic Linking of openssl 3.0.7 with Python 3.10.10 in FIPS mode

I am using my official docker alpine image where it contains openssl version 3.0.7 which was compiled to be on FIPS mode.

Now i want to make python 3.10/3.11 also in FIPS mode

I followed the below steps to make python in FIPS mode but it did not worked out

   "wget https://www.python.org/ftp/python/3.10.10/Python-3.10.10.tgz && tar -xvf Python-3.10.10.tgz",
        "cd Python-3.10.10",
        "export LD_LIBRARY_PATH=/usr/local/lib/:/usr/local/lib64/",
        "export OPENSSL_FIPS=1",
        "./configure --enable-shared --with-openssl-rpath=auto --with-ssl-default-suites=openssl",
        "make && make install",
        "python3 -m ensurepip --upgrade",
        "pip3 install --trusted-host pypi.org --trusted-host pypi.python.org --trusted-host=files.pythonhosted.org  --upgrade pip setuptools",
        "pip3 install --trusted-host pypi.org --trusted-host pypi.python.org --trusted-host=files.pythonhosted.org  wheel awscli retry requests datadog rich boto3 stomper websocket-client InquirerPy"

I am seeing the logs

checking for openssl/ssl.h in /usr/local/bin/openssl… no
checking whether compiling and linking against OpenSSL works… no
**checking for --with-openssl-rpath… **
checking whether OpenSSL provides required APIs… no
checking for --with-ssl-default-suites… python
checking for --with-builtin-hashlib-hashes… md5,sha1,sha256,sha512,sha3,blake2
checking for --with-experimental-isolated-subinterpreters… no

When openssl headers and .so are not in the expected directories you will need to add options to ./configure to tell the build where they are.

I guess your OpenSSL libs are not in standard library paths, you need to add the path where your OpenSSL libs are to —with-openssl option, like Barry mentioned. Check where your libssl.so and libcrypto.so are present , if they are not there then you need to build them yourself. I used two options while dynamically linking,

—with-openssl set to directory that contains header files and dlls, let’s say directory structure is as follows,

—>Include/openssl —> header files
—>lib —> dlls

I set —with-openssl to dlopenssl and —with-openssl-rpath to dlopenssl/lib(these are not complete paths, you need to set complete ones in your case).