[Python-Dev] PEP 466 (round 2): Network security enhancements for Python 2.7

M.-A. Lemburg mal at egenix.com
Mon Mar 24 13:39:07 CET 2014 

On 24.03.2014 13:33, Antoine Pitrou wrote:
> Le 24/03/2014 10:10, M.-A. Lemburg a écrit :
>> On 23.03.2014 08:07, Nick Coghlan wrote:
>>> Open Questions
>>> ==============
>>>
>>> * What are the risks associated with allowing OpenSSL to be updated to
>>>    new feature versions in the Windows and Mac OS X binary installers for
>>>    maintenance releases? Currently we just upgrade to the appropriate
>>>    OpenSSL maintenance releases, rather than switching to the latest
>>>    feature release. In particular, is it possible Windows C extensions may
>>>    be linking against the Python provided OpenSSL module?
>>
>> Python's _ssl/_hashlib modules link statically against OpenSSL in
>> Python 2.7, so the OpenSSL DLLs are not exposed to other extensions.
> 
> I suppose you mean under Windows. 

Yes. Should have included that detail in the email :-)

> Under Linux (and probably OS X too), the _ssl module is linked
> dynamically with OpenSSL:
> 
> $ ldd build/lib.linux-x86_64-2.7-pydebug/_ssl.so
>     linux-vdso.so.1 =>  (0x00007fff3f1de000)
>     libssl.so.1.0.0 => /lib/x86_64-linux-gnu/libssl.so.1.0.0 (0x00007fd8853ea000)
>     libcrypto.so.1.0.0 => /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 (0x00007fd885010000)
>     libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007fd884df1000)
>     libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fd884a2b000)
>     libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007fd884827000)
>     /lib64/ld-linux-x86-64.so.2 (0x00007fd885868000)

Right, and it's using the system library, not a private copy - which
can be both good and bad depending on how recent the system's library
version is.

-- 
Marc-Andre Lemburg
eGenix.com

Professional Python Services directly from the Source  (#1, Mar 24 2014)
>>> Python Projects, Consulting and Support ...   http://www.egenix.com/
>>> mxODBC.Zope/Plone.Database.Adapter ...       http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ...        http://python.egenix.com/
________________________________________________________________________
2014-03-29: PythonCamp 2014, Cologne, Germany ...           5 days to go
2014-04-09: PyCon 2014, Montreal, Canada ...               16 days to go
2014-04-29: Python Meeting Duesseldorf ...                 36 days to go

   eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
    D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
           Registered at Amtsgericht Duesseldorf: HRB 46611
               http://www.egenix.com/company/contact/

More information about the Python-Dev mailing list