[Python-Dev] PEP 466 (round 2): Network security enhancements for Python 2.7

Antoine Pitrou solipsis at pitrou.net
Mon Mar 24 13:33:00 CET 2014


Le 24/03/2014 10:10, M.-A. Lemburg a écrit :
> On 23.03.2014 08:07, Nick Coghlan wrote:
>> Open Questions
>> ==============
>>
>> * What are the risks associated with allowing OpenSSL to be updated to
>>    new feature versions in the Windows and Mac OS X binary installers for
>>    maintenance releases? Currently we just upgrade to the appropriate
>>    OpenSSL maintenance releases, rather than switching to the latest
>>    feature release. In particular, is it possible Windows C extensions may
>>    be linking against the Python provided OpenSSL module?
>
> Python's _ssl/_hashlib modules link statically against OpenSSL in
> Python 2.7, so the OpenSSL DLLs are not exposed to other extensions.

I suppose you mean under Windows. Under Linux (and probably OS X too), 
the _ssl module is linked dynamically with OpenSSL:

$ ldd build/lib.linux-x86_64-2.7-pydebug/_ssl.so
	linux-vdso.so.1 =>  (0x00007fff3f1de000)
	libssl.so.1.0.0 => /lib/x86_64-linux-gnu/libssl.so.1.0.0 
(0x00007fd8853ea000)
	libcrypto.so.1.0.0 => /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 
(0x00007fd885010000)
	libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 
(0x00007fd884df1000)
	libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fd884a2b000)
	libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007fd884827000)
	/lib64/ld-linux-x86-64.so.2 (0x00007fd885868000)

Regards

Antoine.




More information about the Python-Dev mailing list