Determining version of OpenSSL linked against python?

[Nick Dokos]

Adam Mercer <ramercer at gmail.com> wrote:

> On Wed, Jan 25, 2012 at 14:04, Terry Reedy <tjreedy at udel.edu> wrote:
> 
> > If you are not willing to tell Debian Squeeze users to install 2.7, or that
> > they cannot run your program, ask the bug reporter to tell you what version
> > of OpenSSL the system comes with and code it into your program.
> 
> I would like to only support python-2.7 as that would make a few other
> things easier but the powers that be think otherwise, I unfortunately
> need to target python-2.6.
> 
> > Or possibly, depending on what you do with the version info and what the
> > differences are between versions, replace 'if version ...' constructs with
> > 'try ... except...' constructs.
> 
> My code already has a try... except block that tries the
> ssl.OPENSSL_VERSION approach first but I wanted to have a fallback
> method that works with python-2.6. Looks like I may need to hardcode
> certain things.
> 

One other possibility is to parse the output of ssh -V:

,----
| $ ssh -V
| OpenSSH_5.8p1 Debian-1ubuntu3, OpenSSL 0.9.8o 01 Jun 2010
| $ python
| Python 2.7.1+ (r271:86832, Apr 11 2011, 18:13:53) 
| [GCC 4.5.2] on linux2
| Type "help", "copyright", "credits" or "license" for more information.
| >>> import ssl
| >>> ssl.OPENSSL_VERSION
| 'OpenSSL 0.9.8o 01 Jun 2010'
| >>> 
`----

This assumes that ssh and python would use the same version of openssl:
not guaranteed, but seems like a "reasonable" assumption to me.

Nick