On 24.03.2014 13:33, Antoine Pitrou wrote:
Le 24/03/2014 10:10, M.-A. Lemburg a écrit :
On 23.03.2014 08:07, Nick Coghlan wrote:
- What are the risks associated with allowing OpenSSL to be updated to new feature versions in the Windows and Mac OS X binary installers for maintenance releases? Currently we just upgrade to the appropriate OpenSSL maintenance releases, rather than switching to the latest feature release. In particular, is it possible Windows C extensions may be linking against the Python provided OpenSSL module?
Python's _ssl/_hashlib modules link statically against OpenSSL in Python 2.7, so the OpenSSL DLLs are not exposed to other extensions.
I suppose you mean under Windows.
Yes. Should have included that detail in the email :-)
Under Linux (and probably OS X too), the _ssl module is linked dynamically with OpenSSL:
$ ldd build/lib.linux-x86_64-2.7-pydebug/_ssl.so linux-vdso.so.1 => (0x00007fff3f1de000) libssl.so.1.0.0 => /lib/x86_64-linux-gnu/libssl.so.1.0.0 (0x00007fd8853ea000) libcrypto.so.1.0.0 => /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 (0x00007fd885010000) libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007fd884df1000) libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fd884a2b000) libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007fd884827000) /lib64/ld-linux-x86-64.so.2 (0x00007fd885868000)
Right, and it's using the system library, not a private copy - which can be both good and bad depending on how recent the system's library version is.