How to compile python with modified OpenSSL (with Russian support)?
I am trying to get python 2.7 to work with a modified openssl library. I need to support Russian GOST ciphers. So I configured OpenSSL like this
./config shared zlib enable-rfc3779 --prefix=/my/path/
and install it (make make, make, make test, make install). openssl.conf contains
openssl_conf = openssl_def
[openssl_def]
engines = engine_section
[engine_section]
gost = gost_section
[gost_section]
engine_id = gost
default_algorithms = ALL
After this command /my/path/bin/openssl ciphers | tr ":" "\n" | grep GOST
returns
GOST2001-GOST89-GOST89 GOST94-GOST89-GOST89
and openssl s_client -connect test.domain.ru:443
connected successfully and I can send GET requests (standard OpenSSL doesn't work with this site this way). After that I tried to compile the python with the openssl lib: I uncommented and changed the SSL variable in the Modules / Setup.dist on /my/path
and related to line it, as well as the changed variable ssl_incs
and ssl_libs
in setup.py. I have installed python in my home folder and the running scripts form this folder. But when I run the script like
import urllib2
print(urllib2.urlopen('https://test.domain.ru/').read())
I still had the error
urllib2.URLError: <urlopen error [Errno 1] _ssl.c:501: error:140920F8:SSL routines:SSL3_GET_SERVER_HELLO:unknown cipher returned>
What should I do to get python to use the new OpenSSL (gost engine) and maybe some easy way to do it?
OS: Linux Mint 17 x64
source to share
Try rebuilding _ssl.pyd with some changes in Modules /_ssl.c. 1) add #include after lines
#include <openssl/x509.h>
#include <openssl/err.h>
#include <openssl/rand.h>
2) add OPENSSL_config (NULL); before the lines
SSL_library_init(); SSL_load_error_strings();
inside the init_ssl function.
source to share