[New-bugs-announce] [issue20981] ssl doesn't build anymore with old OpenSSL versions

STINNER Victor report at bugs.python.org
Wed Mar 19 17:38:41 CET 2014 

New submission from STINNER Victor:

In Modules/_ssl.c, I see:
---
#if OPENSSL_VERSION_NUMBER < 0x10001000L                   
    dps = X509_get_ext_d2i(certificate, NID_crl_distribution_points,
                           NULL, NULL);
#else                            
    /* Calls x509v3_cache_extensions and sets up crldp */ 
    X509_check_ca(certificate);                     
    dps = certificate->crldp;
#endif   
---

But later X509_check_ca() is used without checking for OpenSSL versions: in cert_store_stats() and get_ca_certs().

As as result, the _ssl cannot be compiled on our FreeBSD 6.4 buildbot anymore.

http://buildbot.python.org/all/builders/x86%20FreeBSD%206.4%203.x/builds/4590/steps/test/logs/stdio

building '_ssl' extension
gcc -pthread -fPIC -fno-strict-aliasing -g -O0 -Wall -Wstrict-prototypes -I./Include -I. -IInclude -I/usr/local/include -I/usr/home/db3l/buildarea/3.x.bolen-freebsd/build/Include -I/usr/home/db3l/buildarea/3.x.bolen-freebsd/build -c /usr/home/db3l/buildarea/3.x.bolen-freebsd/build/Modules/_ssl.c -o build/temp.freebsd-6.4-RELEASE-i386-3.4-pydebug/usr/home/db3l/buildarea/3.x.bolen-freebsd/build/Modules/_ssl.o
/usr/home/db3l/buildarea/3.x.bolen-freebsd/build/Modules/_ssl.c: In function `_get_peer_alt_names':
/usr/home/db3l/buildarea/3.x.bolen-freebsd/build/Modules/_ssl.c:818: warning: passing arg 2 of `ASN1_item_d2i' from incompatible pointer type
/usr/home/db3l/buildarea/3.x.bolen-freebsd/build/Modules/_ssl.c:823: warning: passing arg 2 of pointer to function from incompatible pointer type
/usr/home/db3l/buildarea/3.x.bolen-freebsd/build/Modules/_ssl.c: In function `PySSL_cipher':
/usr/home/db3l/buildarea/3.x.bolen-freebsd/build/Modules/_ssl.c:1374: warning: passing arg 1 of `SSL_CIPHER_get_name' discards qualifiers from pointer target type
/usr/home/db3l/buildarea/3.x.bolen-freebsd/build/Modules/_ssl.c:1384: warning: passing arg 1 of `SSL_CIPHER_get_version' discards qualifiers from pointer target type
/usr/home/db3l/buildarea/3.x.bolen-freebsd/build/Modules/_ssl.c:1394: warning: passing arg 1 of `SSL_CIPHER_get_bits' discards qualifiers from pointer target type
/usr/home/db3l/buildarea/3.x.bolen-freebsd/build/Modules/_ssl.c: In function `cert_store_stats':
/usr/home/db3l/buildarea/3.x.bolen-freebsd/build/Modules/_ssl.c:3045: warning: implicit declaration of function `X509_check_ca'
gcc -pthread -shared build/temp.freebsd-6.4-RELEASE-i386-3.4-pydebug/usr/home/db3l/buildarea/3.x.bolen-freebsd/build/Modules/_ssl.o -L/usr/local/lib -lssl -lcrypto -o build/lib.freebsd-6.4-RELEASE-i386-3.4-pydebug/_ssl.so
*** WARNING: renaming "_ssl" since importing it failed: build/lib.freebsd-6.4-RELEASE-i386-3.4-pydebug/_ssl.so: Undefined symbol "X509_check_ca"
building '_multiprocessing' extension
gcc -pthread -fPIC -fno-strict-aliasing -g -O0 -Wall -Wstrict-prototypes -IModules/_multiprocessing -I./Include -I. -IInclude -I/usr/local/include -I/usr/home/db3l/buildarea/3.x.bolen-freebsd/build/Include -I/usr/home/db3l/buildarea/3.x.bolen-freebsd/build -c /usr/home/db3l/buildarea/3.x.bolen-freebsd/build/Modules/_multiprocessing/multiprocessing.c -o build/temp.freebsd-6.4-RELEASE-i386-3.4-pydebug/usr/home/db3l/buildarea/3.x.bolen-freebsd/build/Modules/_multiprocessing/multiprocessing.o
gcc -pthread -shared build/temp.freebsd-6.4-RELEASE-i386-3.4-pydebug/usr/home/db3l/buildarea/3.x.bolen-freebsd/build/Modules/_multiprocessing/multiprocessing.o -L/usr/local/lib -o build/lib.freebsd-6.4-RELEASE-i386-3.4-pydebug/_multiprocessing.so
*** WARNING: renaming "_multiprocessing" since importing it failed: build/lib.freebsd-6.4-RELEASE-i386-3.4-pydebug/_multiprocessing.so: Undefined symbol "_PyMp_sem_unlink"

Python build finished successfully!
The necessary bits to build these optional modules were not found:
spwd                                                           
To find the necessary bits, look in setup.py in detect_modules() for the module's name.


Failed to build these modules:
_multiprocessing      _ssl

----------
messages: 214110
nosy: christian.heimes, haypo, pitrou
priority: normal
severity: normal
status: open
title: ssl doesn't build anymore with old OpenSSL versions
versions: Python 3.4, Python 3.5

_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue20981>
_______________________________________

More information about the New-bugs-announce mailing list