Re: [Python-Dev] Python 2.6 and 3.0 ...and applink.c?
Hi Barry,
A question.... Do you know if OpenSSL's applink.c will be included in
the Windows builds? If so, and I hope it is, great!
If not, I'd like to encourage its inclusion. Doing so will permit
Python to be used with OpenSSL 0.9.8x on Windows platforms without a
user trying to find somebody with the right compiler to rebuild a Python
for him/her. This is needed for M2Crypto, or any other OpenSSL wrapper
for that matter. A lot more can be said here, but in the interest of
brevity... ;-)
applink.c is perhaps two dozen links and some error codes, and is benign
for those not calling these APIs. applink.c may be found in
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Larry, On Feb 25, 2008, at 5:20 PM, Bugbee, Larry wrote:
A question.... Do you know if OpenSSL's applink.c will be included in the Windows builds? If so, and I hope it is, great!
Honestly, I have no idea! I don't have any Windows machines so really have no way of testing this either. Maybe one of the other Windows gurus on this list can answer the question. - -Barry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) iQCVAwUBR8NFB3EjvBPtnXfVAQKZ1wP8Dv1aMdcbLM2NqpbWDdZLoeL7+91zVfTk VvyQzm4JkTjQtSVs/2ngHPjoIW3fNp6frQAwaf3pWICdyMj1OUXe/dRdhNaOwb44 guv5kIHtJmty3BHLJWUlFEC0IheWLRJuJhu0dz95E8jc21hEES7wVxg8jAwPcLqV 3TbscCqD+UI= =6qOy -----END PGP SIGNATURE-----
On Mon, Feb 25, 2008 at 2:20 PM, Bugbee, Larry
Hi Barry,
A question.... Do you know if OpenSSL's applink.c will be included in the Windows builds? If so, and I hope it is, great!
If not, I'd like to encourage its inclusion.
The best way to encourage its inclusion is with a patch. :-) n
Bugbee, Larry wrote:
Hi Barry,
A question.... Do you know if OpenSSL's applink.c will be included in the Windows builds? If so, and I hope it is, great!
If not, I'd like to encourage its inclusion. Doing so will permit Python to be used with OpenSSL 0.9.8x on Windows platforms without a user trying to find somebody with the right compiler to rebuild a Python for him/her. This is needed for M2Crypto, or any other OpenSSL wrapper for that matter. A lot more can be said here, but in the interest of brevity... ;-)
I don't understand how applink is going to help you. The SSL libs are statically linked into the _ssl extension DLL. Christian
I don't understand how applink is going to help you. The SSL libs are statically linked > into the _ssl extension DLL.
I personally have not used _ssl but on quick inspection I don't see any of the crypto algorithms implemented, AES, ECDSA, etc. What if we want to encrypt or sign content using OpenSSL? We'd import M2Crypto but when we go to load the key we'll get an OPENSSL_Applink error. Likewise for OpenSSL with xmlsec. Larry
I don't understand how applink is going to help you. The SSL libs are statically linked > into the _ssl extension DLL.
I personally have not used _ssl but on quick inspection I don't see any of the crypto algorithms implemented, AES, ECDSA, etc. What if we want to encrypt or sign content using OpenSSL? We'd import M2Crypto but when we go to load the key we'll get an OPENSSL_Applink error. Likewise for OpenSSL with xmlsec. Larry PS: This problem applies to vanilla builds of Python on Windows only when Microsoft tools and libraries are used to build Python. It does not apply to cygwin or mingw where gcc is used. Likewise, it does not apply to other platforms, only Windows.
I personally have not used _ssl but on quick inspection I don't see any of the crypto algorithms implemented, AES, ECDSA, etc. What if we want to encrypt or sign content using OpenSSL?
I suggested adding a class which gives you access to those. I think it's a good idea, and that serious use of SSL will require signing eventually. If you'd like to submit an RFE, particularly an RFE with a patch which includes a test case, that would move things along smartly. Bill
Bill Janssen wrote: [snip] Do you have an opinion on the initial proposal of applink.c? The proposal does neither seem harmful nor problematic but I also don't see how it is going to help the op. Christian
Bill Janssen wrote: [snip]
Do you have an opinion on the initial proposal of applink.c? The proposal does neither seem harmful nor problematic but I also don't see how it is going to help the op.
Christian
I know nothing about it -- it's a Windows thing. But reading the note at http://www.openssl.org/support/faq.html, I can see why Windows developers might like to have it: ``Note that debug and release libraries are NOT interchangeable. If you built OpenSSL with /MD your application must use /MD and cannot use /MDd. ``As per 0.9.8 the above limitation is eliminated for .DLLs. OpenSSL .DLLs compiled with some specific run-time option [we insist on the default /MD] can be deployed with application compiled with different option or even different compiler. But there is a catch! Instead of re-compiling OpenSSL toolkit, as you would have to with prior versions, you have to compile small C snippet with compiler and/or options of your choice. The snippet gets installed as <install-root>/include/openssl/applink.c and should be either added to your application project or simply #include-d in one [and only one] of your application source files. Failure to link this shim module into your application manifests itself as fatal "no OPENSSL_Applink" run-time error. An explicit reminder is due that in this situation [mixing compiler options] it is as important to add CRYPTO_malloc_init prior first call to OpenSSL.'' Bill
Do you have an opinion on the initial proposal of applink.c? The proposal does neither seem harmful nor problematic but I also don't see how it is going to help the op.
The specific change isn't going to help. What could help is the inclusion of applink.c into dl_nt.c. This is not about somehow exposing SSL routines to other libraries, but about exposing CRT stuff to openssl, specifically stdin/stdout/stderr, fprintf, fgets, fwrite, fsetmod, feof, ferror, clearerr, fileno, _open, _read, _write, _lseek, _close. Actually, re-reading OpenSSL, adding it to python.exe (and probably pythonw.exe) would help: They do GetModuleHandle(NULL) (which is the handle to the executable), then GetProcAddress for OPENSSL_Applink. So I think it's harmless and could help, except for the maintenance burden of having to update our local copy of applink.c every time OpenSSL adds a new slot to their applink table (which they should rarely do). Of course, the entire approach breaks in cases where Python gets embedded: if, e.g., IIS loads the Python interpreter as a COM scripting host, it would be the IIS executable which would have to include applink.c :-) As IIS doesn't, extension modules that link with their own OpenSSL will continue to produce a warning about the missing applink when they run in the context of a COM server (or some other Python embedding). Regards, Martin
I won't pretend to know where the *best* place to put the include is, but python.c was suggested to me some time ago. Just so you know, we tried putting the include in some C code that is part of M2Crypto and it did not work because, as we discovered, the applink table needs to be part of main(). Extending that thought... If somebody wanted to somehow embed python is part of the same process in their program as with perhaps IIS, I submit it would not be part of main() and therefore benign. Now, I would like very much to be in a position to experiment with all the combinations and prepare a patch that worked, but I do not have the requisite Microsoft toolset. I primarily work with gcc under OSX, Linux, cygwin/mingw. This last raises a curiosity question. Is there a reason why Python.exe cannot be built using gcc instead of Visual Studio? Would not requiring the same VS version cause a problem in the field if someone were to receive an extension but had their Python built using a different version of VS? It seems building everything with gcc would get around the problem of having to match VS versions. ...or are we dependent on some specific Microsoft library? I dunno, I gotta ask. Larry -----Original Message----- From: "Martin v. Löwis" [mailto:martin@v.loewis.de] Sent: Tuesday, February 26, 2008 1:10 PM To: Christian Heimes Cc: Bill Janssen; Bugbee, Larry; python-dev@python.org Subject: Re: [Python-Dev] Python 2.6 and 3.0 ...and applink.c?
Do you have an opinion on the initial proposal of applink.c? The proposal does neither seem harmful nor problematic but I also don't see how it is going to help the op.
The specific change isn't going to help. What could help is the inclusion of applink.c into dl_nt.c. This is not about somehow exposing SSL routines to other libraries, but about exposing CRT stuff to openssl, specifically stdin/stdout/stderr, fprintf, fgets, fwrite, fsetmod, feof, ferror, clearerr, fileno, _open, _read, _write, _lseek, _close. Actually, re-reading OpenSSL, adding it to python.exe (and probably pythonw.exe) would help: They do GetModuleHandle(NULL) (which is the handle to the executable), then GetProcAddress for OPENSSL_Applink. So I think it's harmless and could help, except for the maintenance burden of having to update our local copy of applink.c every time OpenSSL adds a new slot to their applink table (which they should rarely do). Of course, the entire approach breaks in cases where Python gets embedded: if, e.g., IIS loads the Python interpreter as a COM scripting host, it would be the IIS executable which would have to include applink.c :-) As IIS doesn't, extension modules that link with their own OpenSSL will continue to produce a warning about the missing applink when they run in the context of a COM server (or some other Python embedding). Regards, Martin
Bugbee, Larry wrote:
Is there a reason why Python.exe cannot be built using gcc instead of Visual Studio?
It seems building everything with gcc would get around the problem of having to match VS versions.
As I understand it, the problem isn't the compiler so much as the stdio library being used. As long as there is no single standard C library used by everyone for all Windows applications, the problem will exist in one form or another whichever compiler is used. If the standard Python were build with gcc using the GNU libc, everyone would be required to compile extensions against *that* library instead. If it were compiled with gcc but using one of the Microsoft libraries, the same situation would exist as before. The entire mess is all Microsoft's fault for not picking one version of libc and sticking to it. -- Greg Ewing, Computer Science Dept, +--------------------------------------+ University of Canterbury, | Carpe post meridiem! | Christchurch, New Zealand | (I'm not a morning person.) | greg.ewing@canterbury.ac.nz +--------------------------------------+
I appreciate the gesture but... At this juncture I'd prefer to see OpenSSL access to crypto APIs remain an external library like M2Crypto, at least until the Python community is willing to do a full implementation of all OpenSSL APIs. ...and maintain it. Larry -----Original Message----- From: Bill Janssen [mailto:janssen@parc.com] Sent: Tuesday, February 26, 2008 10:14 AM To: Bugbee, Larry Cc: Christian Heimes; python-dev@python.org Subject: Re: [Python-Dev] Python 2.6 and 3.0 ...and applink.c?
I personally have not used _ssl but on quick inspection I don't see any of the crypto algorithms implemented, AES, ECDSA, etc. What if we
want to encrypt or sign content using OpenSSL?
I suggested adding a class which gives you access to those. I think it's a good idea, and that serious use of SSL will require signing eventually. If you'd like to submit an RFE, particularly an RFE with a patch which includes a test case, that would move things along smartly. Bill
If not, I'd like to encourage its inclusion. Doing so will permit Python to be used with OpenSSL 0.9.8x on Windows platforms without a user trying to find somebody with the right compiler to rebuild a Python for him/her. This is needed for M2Crypto, or any other OpenSSL wrapper for that matter. A lot more can be said here, but in the interest of brevity... ;-)
applink.c is perhaps two dozen links and some error codes, and is benign for those not calling these APIs. applink.c may be found in
/ms and the one line include stmt that would be added to <py-src>/Modules/python.c is: #include " /applink.c" That's it.
As others said: please post a patch. I do believe that this it's *not* that. Including it in python.c does not help the least. Including it in pythonxy.dll may help. However, somebody would have to produce a patch, and a test case, and verify that the problem occurs without the patch, and is solved with the patch. Regards, Martin
participants (7)
-
"Martin v. Löwis" -
Barry Warsaw -
Bill Janssen -
Bugbee, Larry -
Christian Heimes -
Greg Ewing -
Neal Norwitz