Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

pyOpenSSL == 0.13 won't build against newer versions (>= 1.0.2a) of OpenSSL headers / libs

See original GitHub issue

There is a known issue where pyOpenSSL == 0.13 will not build against newer (>= 1.0.2a) versions of OpenSSL.

OpenSSL/crypto/crl.c:6:23: error: static declaration of 'X509_REVOKED_dup' follows non-static declaration
static X509_REVOKED * X509_REVOKED_dup(X509_REVOKED *orig) {
                      ^
/usr/local/opt/openssl/include/openssl/x509.h:751:15: note: previous declaration is here
X509_REVOKED *X509_REVOKED_dup(X509_REVOKED *rev);
              ^
1 error generated.
error: command 'clang' failed with exit status 1

This was because of a change to the x509.h header that declared the X509_REVOKED_dup() function (that appears to have been merged in only after OpenSSL 1.0.1).

I ran into this issue while building Hue on Mac OS Yosemite with an upgraded version of OpenSSL. (I’m putting together a Homebrew package.)

pyOpenSSL >= 0.14 doesn’t have this problem.

Also, patching pyOpenSSL == 0.13 is pretty easy:

diff --git a/desktop/core/ext-py/pyopenssl/OpenSSL/crypto/crl.c b/desktop/core/ext-py/pyopenssl/OpenSSL/crypto/crl.c
index eec5bcb..b2fd681 100644
--- a/desktop/core/ext-py/pyopenssl/OpenSSL/crypto/crl.c
+++ b/desktop/core/ext-py/pyopenssl/OpenSSL/crypto/crl.c
@@ -3,7 +3,7 @@
 #include "crypto.h"


-static X509_REVOKED * X509_REVOKED_dup(X509_REVOKED *orig) {
+X509_REVOKED * X509_REVOKED_dup(X509_REVOKED *orig) {
     X509_REVOKED *dupe = NULL;

     dupe = X509_REVOKED_new();

I’m happy to submit a pull request! I thought I’d check first to see if a pyOpenSSL upgrade is in the works.

Chris Stephens Netflix, Inc

Issue Analytics

  • State:closed
  • Created 8 years ago
  • Comments:5 (2 by maintainers)

github_iconTop GitHub Comments

2reactions
meGAmeS1commented, Dec 7, 2017

Hi, thanks for this hack @c6stephens. Just for the record, in case it helps somebody. Here’s the steps to install pyOpenSSL==0.13 on a recent macOS version:

mkdir build
cd build
pip download pyOpenSSL==0.13
tar xzf pyOpenSSL-0.13.tar.gz
cd pyOpenSSL-0.13

From here you can either apply the patch made by @c6stephens or edit the file manually (for example: vim OpenSSL/crypto/crl.c).

pip install --no-clean .

And voilà. You now have an old pyOpenSSL version working in your python environment!

0reactions
brycepgcommented, Dec 26, 2018

If anyone is looking to automate @meGAmeS1 's fix. Use the following patch:

--- OpenSSL/crypto/crl.c	2018-12-26 12:23:14.275648440 -0500
+++ OpenSSL/crypto/crl2.c	2018-12-26 12:15:16.720820270 -0500
@@ -3,7 +3,7 @@
 #include "crypto.h"
 
 
-static X509_REVOKED * X509_REVOKED_dup(X509_REVOKED *orig) {
+X509_REVOKED * X509_REVOKED_dup(X509_REVOKED *orig) {
     X509_REVOKED *dupe = NULL;
 
     dupe = X509_REVOKED_new();

Save as fix.patch for the following command:

patch OpenSSL/crypto/crl.c fix.patch

To summarize:

pip download pyOpenSSL==0.13
tar xzf pyOpenSSL-0.13.tar.gz
cd pyOpenSSL-0.13
wget https://gist.githubusercontent.com/brycepg/809501ae24e34e9fdb58a7932c12287b/raw/74e0165e73dadab8051a9041bcb8e657705a706b/fix.patch
patch OpenSSL/crypto/crl.c fix.patch
pip install --no-clean .
Read more comments on GitHub >

github_iconTop Results From Across the Web

openssl - easy_install PyOpenSSL error - Stack Overflow
Thus, pyOpenSSL 0.13 will build with OpenSSL 0.9.8f or later, ... Perhaps a newer version of pyOpenSSL will make these bindings optional, ...
Read more >
Issue 34028: Python 3.7.0 wont compile with SSL Support 1.1 ...
h for all versions of OpenSSL 1.1.0. Could not build the ssl module! Python requires an OpenSSL 1.0.2 or 1.1 compatible libssl with ......
Read more >
Untitled
update to version 1.0 * more amttool improvements (network config). - don't strip binaries (bug #269241). - Autorebuild for GCC 4.3 - update...
Read more >
Untitled
New version 1.0.2b1 - author include license text by my request. ... build against and require geany 0.18 - update to new upstream...
Read more >
cyrus-imapd bug fix and enhancement update
Drop bundled version of resolvelib in favor of python38-resolvelib. ... [114-2] - Fix build on aarch64 - Resolves: #2049320 [114-1] - New upstream...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

AttributeError: 'Config' object has no attribute 'get' with HUE 3.9 on CentOS 7.1

Next page

HBase Browser binary row keys support?