使用 OpenSSL 3.0.8 从源代码构建 Python 3.9.2 的问题

问题描述 投票:0回答:1

我一直在尝试构建 Python 3.9.2 的 FIPS 版本。在 debian 上。我发现需要 OpenSSL 的 FIPS 认证版本,并选择 3.0.8,因为 OpenSSL 1 已达到 EOL。我已通过从源代码构建将 openssl 更新到此版本,以便将其配置为构建 fips 模块。之后我尝试从源代码构建 python,但在

make
期间遇到了问题:

*** WARNING: renaming "_ssl" since importing it failed: build/lib.linux-x86_64-3.9/_ssl.cpython-39-x86_64-linux-gnu.so: undefined symbol: SSL_get1_peer_certificate
*** WARNING: renaming "_hashlib" since importing it failed: build/lib.linux-x86_64-3.9/_hashlib.cpython-39-x86_64-linux-gnu.so: undefined symbol: EVP_MD_get_type

Python build finished successfully!
The necessary bits to build these optional modules were not found:
_dbm                  _gdbm                                    
To find the necessary bits, look in setup.py in detect_modules() for the module's name.


The following modules found by detect_modules() in setup.py, have been
built by the Makefile instead, as configured by the Setup files:
_abc                  atexit                pwd                
time                                                           


Following modules built successfully but were removed because they could not be imported:
_hashlib              _ssl                                     


Could not build the ssl module!
Python requires an OpenSSL 1.0.2 or 1.1 compatible libssl with X509_VERIFY_PARAM_set1_host().
LibreSSL 2.6.4 and earlier do not provide the necessary APIs, https://github.com/libressl-portable/portable/issues/381

我已经从源代码构建了 OpenSSL 3.0.8:

./Configure enable-fips
make
make install

后来我遇到了 

openssl version
未返回正确版本的问题,因此我运行了 
ldconfig /usr/local/lib64
解决了问题,并且 
openssl version
现在正确返回 
OpenSSL 3.0.8 7 Feb 2023 (Library: OpenSSL 3.0.8 7 Feb 2023)

openssl的安装位置在/usr/local/ssl

然后我下载了python源代码并运行:

./configure --enable-optimizations
make

就在那时我遇到了上述问题。继续安装

make install
将构建python,但无法导入ssl:

>>> import ssl
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/lib/python3.9/ssl.py", line 98, in <module>
    import _ssl             # if we can't import it, let the error propagate
ModuleNotFoundError: No module named '_ssl'

我尝试使用 --with-openssl 标志配置构建,如 https://docs.python.org/3/using/unix.html?highlight=openssl#custom-openssl 中所述,但这尚未修复问题。

运行

echo $LD_LIBRARY_PATH
不会返回任何内容。

python ssl openssl python-3.9 fips
1个回答
0
投票

编辑 makefile:

nano Makefile

改变

OPENSSL_LDFLAGS=-L/usr/local/ssl/lib

致:

OPENSSL_LDFLAGS=-L/usr/local/ssl/lib64

在您的情况下,基于使用默认编译选项,将您的行设置为:

OPENSSL_LDFLAGS=-L/usr/local/lib64

然后运行make。 现在应该可以工作了。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.