11 ottobre 2018
Se compilando Python 3.7 con SSL abilitato, ottenete questa serie di errori,

gcc -pthread -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O3 -Wall -std=c99 -Wextra -Wno-unused-result -Wno-unused-parameter -Wno-missing-field-initializers -Werror=implicit-function-declaration -I. -I./Include -DUSE_SSL -I/usr/include -I/usr/include/openssl -c ./Modules/_ssl.c -o Modules/_ssl.o ./Modules/_ssl.c: In function _ssl_configure_hostname:
./Modules/_ssl.c:853:9: error: implicit declaration of function SSL_get0_param [-Werror=implicit-function-declaration]
X509_VERIFY_PARAM *param = SSL_get0_param(self->ssl);
^
./Modules/_ssl.c:853:36: warning: initialization makes pointer from integer without a cast [enabled by default]
X509_VERIFY_PARAM *param = SSL_get0_param(self->ssl);
^
./Modules/_ssl.c:855:13: error: implicit declaration of function X509_VERIFY_PARAM_set1_host [-Werror=implicit-function-declaration]
if (!X509_VERIFY_PARAM_set1_host(param, server_hostname,
^
./Modules/_ssl.c:861:13: error: implicit declaration of function X509_VERIFY_PARAM_set1_ip [-Werror=implicit-function-declaration]
if (!X509_VERIFY_PARAM_set1_ip(param, ASN1_STRING_data(ip),
^
./Modules/_ssl.c: In function _ssl__SSLContext_impl:
./Modules/_ssl.c:2947:23: error: X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS undeclared (first use in this function)
self->hostflags = X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS;
^
./Modules/_ssl.c:2947:23: note: each undeclared identifier is reported only once for each function it appears in
./Modules/_ssl.c:3052:5: error: implicit declaration of function SSL_CTX_get0_param [-Werror=implicit-function-declaration]
params = SSL_CTX_get0_param(self->ctx);
^
./Modules/_ssl.c:3052:12: warning: assignment makes pointer from integer without a cast [enabled by default]
params = SSL_CTX_get0_param(self->ctx);
^
./Modules/_ssl.c:3058:5: error: implicit declaration of function X509_VERIFY_PARAM_set_hostflags [-Werror=implicit-function-declaration]
X509_VERIFY_PARAM_set_hostflags(params, self->hostflags);
^
./Modules/_ssl.c: In function get_verify_flags:
./Modules/_ssl.c:3348:11: warning: assignment makes pointer from integer without a cast [enabled by default]
param = SSL_CTX_get0_param(self->ctx);


è sufficiente installare openssl 1.0.2 da sorgente (./config shared ; make; make install), quindi editare il file python 'Modules/Setup.dist' alla sezione SSL con queste stringhe,

SSL=/usr/local/ssl
_ssl _ssl.c \
-DUSE_SSL -I$(SSL)/include -I$(SSL)/include/openssl \
-L$(SSL)/lib64 -L$(SSL)/lib64/openssl -lssl -lcrypto

(per precauzione verificare se libffi è installato)
yum install -y libffi-devel

Per includere il controllo X509_VERIFY_PARAM_set1_host, compilare python con:
./configure --with-openssl=/usr/local/ssl/

Altre informazioni del perchè Python 3.7 utilizza openssl 1.0.2 sono riportate qui,

https://github.com/libressl-portable/portable/issues/381

back