[Python-Dev] Issue 21671: CVE-2014-0224 OpenSSL upgrade to 1.0.1h on Windows required
Cory Benfield
cory at lukasa.co.uk
Wed Jun 18 09:18:24 CEST 2014
On 17 June 2014 17:41, Yates, Andy (CS Houston, TX) <ayates at hp.com> wrote:
> Is it possible to drop in new OpenSSL versions
> on Windows without rebuilding Python?
If you think this is a problem you're going to have more than once,
you'll want to look hard at whether it's worth using pyOpenSSL
(either the egenix version or the PyCA one[1]) instead, and delivering
binary releases with a bundled copy of OpenSSL. PyOpenSSL from PyCA is
actually considering bundling OpenSSL on Windows anyway[2], so you
might find this problem goes away.
[1] https://github.com/pyca/pyopenssl
[2] https://github.com/pyca/cryptography/issues/1121
More information about the Python-Dev
mailing list