openssl seems to be installed on the rhel9 server, but I am not able to find the shared dynamic library libsslxxxx.so anywhere on the host. The command “openssl version” gives back - 3.0.7 and in the OPENSSL_LIBRARY path, I only see certs,openssl.cnf file. Does this mean, I need to download openssl packages separately to the host to make Python 3.12.1 work with openssl?
Is there any other way we can make Python to use default openssl from the host itself? Whats the recommended way ?
It would help if you gave a bit more detail. Are you building your own copy of Python? If so, did you install openssl-devel? Those contain the bits are needed to link to the system openssl, which as you’ve confirmed, is already present.
Thanks for the reply Mats. yes I made sure openssl-devel is already installed.
openssl-devel.i686 1:3.0.7-24.el9
I am trying to build my own copy of python using 3.12.1 version as Redhat 9.x host has default - python 3.9. I noticed it has openssl , but I believe its compiled in FIPS mode, so can not find the openssl headers files or .so dynamic shared files under /etc/pki/ssl. So i am not how to build python 3.12.1 so that it can link to openssl from the host’s default installation (.Configure in build process expects to give openssl directory which usually has those files).
So I tried to have custom openssl installation by downloading the source for same openssl 3.0.7 and followed the openssl build using the link : 2. Using Python on Unix platforms — Python 3.12.2 documentation
Now whats the recommended CPPFLAGS /LDFLAGS or ./Configure … options for building Python 3.12.1 ? I had tried with --enable-shared option along with linking custom openssl lib64 path to LDFLAGS. But urllib3 v2.x does not seem to work still with it.
I am not sure whether openssl 3.x ever work with python 3.12.1 or should I be downgrading to openssl 1.1.1 ? Also whats the best compatible versions which work well for cryptography + urllib3 for python 3.12.1? I highly appreciate the suggestions. thank you.
You are build a 32 bit version of python? Implied by the i686 package.
If you are building 64 bit that is the wrong openssl-devel package.
Sorry, I copied the wrong one -
Its actually 64 bit only
“Package openssl-devel-1:3.0.7-24.el9.x86_64 is already installed.”
FYI this is what .so etc are installed at run-time for openssl:
$ rpm -ql openssl-libs
/etc/pki/tls
/etc/pki/tls/certs
/etc/pki/tls/ct_log_list.cnf
/etc/pki/tls/misc
/etc/pki/tls/openssl.cnf
/etc/pki/tls/private
/usr/lib/.build-id
/usr/lib/.build-id/05
/usr/lib/.build-id/05/e146f768ba84db9bb98072b23a5da430150ba5
/usr/lib/.build-id/13
/usr/lib/.build-id/13/c7164be5dafd3b96e51d020cff818cff813008
/usr/lib/.build-id/27
/usr/lib/.build-id/27/b996c9db36185bb420712a873da93b2d5f7c6f
/usr/lib/.build-id/69
/usr/lib/.build-id/69/bf74272778dc6f194fbd71ac2a42c18ff6c05e
/usr/lib/.build-id/81
/usr/lib/.build-id/81/a884b8db1ef6e3936cd7e93c42b8a024c6f9f6
/usr/lib/.build-id/9b
/usr/lib/.build-id/9b/91053ef16f398860c88926915449d28db99a8e
/usr/lib/.build-id/a1
/usr/lib/.build-id/a1/0c958b1fe3694b46e8f4c1ff80dc6513c8885c
/usr/lib/.build-id/aa
/usr/lib/.build-id/aa/687f1678e11dd22440b06f311de7b2369c9783
/usr/lib64/engines-3
/usr/lib64/engines-3/afalg.so
/usr/lib64/engines-3/capi.so
/usr/lib64/engines-3/loader_attic.so
/usr/lib64/engines-3/padlock.so
/usr/lib64/libcrypto.so.3
/usr/lib64/libcrypto.so.3.1.1
/usr/lib64/libssl.so.3
/usr/lib64/libssl.so.3.1.1
/usr/lib64/ossl-modules
/usr/lib64/ossl-modules/fips.so
/usr/lib64/ossl-modules/legacy.so
/usr/share/licenses/openssl-libs
/usr/share/licenses/openssl-libs/LICENSE.txt
If you have built your own openssl its likely that it installed into /usr/local not /usr.
Thanks for that info. I do see libssl.so.3 / libssl.so.3.0.7 etc files under /usr/lib64 (similar to what you pasted for 3.1.1). But when I add /usr/lib64 to LD_LIBRARY_PATH , python still did not work for openssl. Also i noticed the size of these files are different than the files which I built as custom by downloading the source from openssl.org - possibly those .so files have newly added additional LDFLAGS (folders) ? When I built custom openssl package, it worked fine with python.
I am trying to figure out what I might have missed to make existing openssl installation work with python 3.12.1.
Have you looked at the pkgconfig files for openssl for what must be on the link line?
$ rpm -ql openssl-devel |grep pc
/usr/lib64/pkgconfig/libcrypto.pc
/usr/lib64/pkgconfig/libssl.pc
/usr/lib64/pkgconfig/openssl.pc
Oh and what I do when back porting to RHEL start with the Fedora SRPM, in this case python source RPM. Doubt it will just build, but it will have a working %build section that you can see how Fedota builds python.