On 23.03.2014 08:07, Nick Coghlan wrote:
- What are the risks associated with allowing OpenSSL to be updated to new feature versions in the Windows and Mac OS X binary installers for maintenance releases? Currently we just upgrade to the appropriate OpenSSL maintenance releases, rather than switching to the latest feature release. In particular, is it possible Windows C extensions may be linking against the Python provided OpenSSL module?
Python's _ssl/_hashlib modules link statically against OpenSSL in Python 2.7, so the OpenSSL DLLs are not exposed to other extensions.
The OpenSSL version used for 2.7.6 is 0.9.8y.
Upgrading to 1.0.0 or 1.0.1 will likely need a few minor tweaks, but not cause general breakage - at least that's my experience with the egenix-pyopenssl distribution.