[Python-Dev] Python 3.7: Require OpenSSL >=1.0.2 / LibreSSL >= 2.5.3

Christian Heimes christian at python.org
Sun Jan 14 07:01:02 EST 2018


On 2018-01-14 11:17, Antoine Pitrou wrote:
> On Sat, 13 Jan 2018 23:45:07 +0100
> Christian Heimes <christian at python.org> wrote:
>> On 2018-01-13 21:02, Brett Cannon wrote:
>>> +1 from me as well for the improved security.  
>>
>> Thanks, Brett!
>>
>> How should we handle CPython's Travis CI tests? The 14.04 boxes have
>> OpenSSL 1.0.1. To the best of my knowledge, Travis doesn't offer 16.04.
>> We could either move to container-based testing with a 16.04 container,
>> which would give us 1.0.2 Or we could compile our own copy of OpenSSL
>> with my multissl builder and use some rpath magic.
> 
> I don't think you need some rpath magic, just set LD_LIBRARY_PATH to
> the right value.

I prefer LD_RUN_PATH because it adds rpath to the ELF header of shared
libraries and binaries.

https://github.com/python/cpython/pull/5180

Christian



More information about the Python-Dev mailing list