[Python-Dev] openSSL and windows binaries - license

Gregory P. Smith greg at electricrain.com
Wed Aug 9 00:07:48 CEST 2006 

On Tue, Aug 08, 2006 at 04:54:44PM -0400, Jim Jewett wrote:
> On 8/8/06, "Martin v. L?wis" <martin at v.loewis.de> wrote:
> > Jim Jewett schrieb:
> > > The OpenSSL library implements some algorithms that are patented.  The
> > > source code should be fine to (re)distribute, but but there may be a
> > > slight legal risk with distributing a binary.
> 
> > I don't want to change the build process in that way (i.e. dropping a
> > feature) just before a release.
> 
> OK, but this does argue against making the fast version available by
> default on windows.  :{

disabling/enabling a cipher in openssl that isn't commonly used and
isn't even directly exposed via any API to a python user hardly sounds
like dropping a feature to me.  it'll make your _ssl.pyd smaller if
anything at all.  (any sane SSL connection will negotiate AES or 3DES
as its cipher; IDEA isn't required)

If the release manager declares, "absolutely no changes to the windows
build process!"  Then clearly none of the changes I submitted will
make it in and neither would removing any hint of IDEA in 2.5 as
they're both too late.

> The 2.5c1 windows binary does not ship with _hashlib, so IDEA is only
> available if someone else has compiled it.

IDEA is a cipher not a hash algorithm.  it won't appear in _hashlib.
the code is probably already linked and present in _ssl.pyd even if
the ssl protocol itself doesn't allow that as a cipher.

> But for a binary release, I think that IDEA should be added to the
> Configure exclude.
> http://svn.python.org/view/external/openssl-0.9.8a/Configure
> 
>     # All of the following is disabled by default (RC5 was enabled
> before 0.9.8):
> 
>     my %disabled = ( # "what"         => "comment"
>                  "gmp"		  => "default",
> +                 "idea"		  => "default",
>                  "mdc2"           => "default",
>                  "rc5"            => "default",
>                  "shared"         => "default",
>                  "zlib"           => "default",
>                  "zlib-dynamic"   => "default"
>                );

yeah i'd just do that if you're worried about the code being in the
binary causing a problem.

More information about the Python-Dev mailing list