I am running python 3.9.1 for windows 10 (x64). I have noticed the openssl dll files shipped with python (libcrypto-1_1.dll & libssl-1_1.dll) are only version 18.104.22.168. I would therefore like to replace these with the latest versions. I would be really grateful if someone on the core development team could let me know how openssl is built for python’s x64 windows installers so that I can replicate and update python’s openssl as soon as as security update is released.
I have been able to successfully build openssl 22.214.171.124 in windows 10 following the instructions in the release. I am using Microsoft visual studio 2019 + strawberry perl + nasm. I ran the following config command using the x64 native tools command prompt for vs 2019:
perl Configure VC-WIN64A
I then run the nmake command. This produces the two dlls I need: libcrypto-1_1-x64.dll and libssl-1_1-x64.dll
I renamed both files to remove the “-x64” at the end of the name and then used them to replace the existing dlls in the python installation.
When I try to import the ssl library in python, I get the error:
ImportError: DLL load failed while importing _ssl: The specified module could not be found.
I then built openssl for x86, using the x86 native tools command prompt for vs 2019 and the command:
perl Configure VC-WIN32
I then ran nmake which produced: libcrypto-1_1.dll and libssl-1_1.dll
I replaced the dlls in the python installation with those. When I try and import the ssl library in python I get:
ImportError: DLL load failed while importing _ssl: %1 is not a valid Win32 application.
I am reasonably certain I need the x64 version of the dlls because (1) my python installation is x64 (2) when I used the visual studio dumpbin.exe tool on the python shipped dlls to inspect the headers they say “x64” in them (3) the x64 dlls are a similar size to the ones shipped with python and the x86 versions are smaller.
I was once able to do this following the above steps for an older version of python. That version shipped with openssl 1.1.3 (could be 4) and I built the dlls for 1.1.6 (could be 7) and replaced them and python had no issues. Is it possible that the default configuration scripts have changed over these versions such that the default windows x64 configuration no longer builds openssl in a way that works with python and I therefore need to use custom settings?
I think the info at section 1.3 of this page may be relevant, but if it is I am not sure how to implement that in the openssl build process.