Building Python 3.7.1 - SSL module failed

Question

Building Python 3.7 from source runs into following error:

Failed to build these modules:
_hashlib              _ssl                                     

Could not build the ssl module!
Python requires an OpenSSL 1.0.2 or 1.1 compatible libssl with X509_VERIFY_PARAM_set1_host().
LibreSSL 2.6.4 and earlier do not provide the necessary APIs, https://github.com/libressl-portable/portable/issues/381

I tried so many workarounds from other stackoverflow-questions, but it doesnt work. I build newest OpenSSL and LibreSSL from source. OpenSSL path is: "/usr/local/ssl" with version OpenSSL 1.0.2p.

./configure --with-openssl=/usr/local/ssl/
(./configure CPPFLAGS="-I/usr/local/ssl/include" LDFLAGS="-L/usr/local/ssl/lib")
make 
make altinstall

My system: Ubuntu 12.04.5 LTS

Any ideas?

Answer 1

I solved it after 3 days only because of this blog. with python 3.7.4 openssl 1.1.0 centOS 6.

here is the summary :

First, some prerequisites:

sudo apt-get install build-essential checkinstall libreadline-gplv2-dev libncursesw5-dev libsqlite3-dev tk-dev libgdbm-dev libc6-dev libbz2-dev

use yum instead of apt-get if using centos linux.

Install ssl 1.0.2 or higher.

    cd /usr/src
    curl https://www.openssl.org/source/openssl-1.0.2o.tar.gz | tar xz
    cd openssl-1.0.2o
    ./config shared --prefix=/usr/local/
    sudo make
    sudo make install

We will need to pass /usr/src/openssl-1.0.2o into the Python configure script.

mkdir lib
cp ./*.{so,so.1.0.0,a,pc} ./lib

Now proceed with installing Python:

    cd /usr/src
    sudo wget https://www.python.org/ftp/python/3.7.0/Python-3.7.0.tgz
    sudo tar xzf Python-3.7.0.tgz
    cd Python-3.7.0
    ./configure --with-openssl=/usr/src/openssl-1.0.2o --enable-optimizations
    sudo make
    sudo make altinstall

To test it out, run python3.7 and input:

import ssl
ssl.OPENSSL_VERSION

Hope it helps!

Answer 2

Compiling openssl

Download your openssl tarball, unzip, and then ensure that the install directory is named openssl.

I placed mine in /usr/local/openssl, so I'll use that in my example.

1. sudo mv openssl-1.0.2u /usr/local/openssl && cd /usr/local/openssl

2. sudo make distclean

3. sudo ./config -fPIC -shared

4. sudo make && sudo install

Now, add the openssl shared library to your PATH.

5. vim ~/.profile Go export LD_LIBRARY_PATH="/usr/local/openssl/lib:$LD_LIBRARY_PATH" :wq

Compiling Python3

The key here is understanding that the path you define with --with-openssl= is where Python looks for /openssl/lib. You need to give Python the parent directory of the openssl directory.

That means that if you set --with-openssl=/usr/local/openssl your make install will fail even though the make logs show that openssl is fine!

--enable-optimizations is irrelevant but recommended - longer make for 10% faster Python code is a good tradeoff.

--prefix= is merely where I'd like python3 to install, if you didn't know.

1. sudo make distclean

Edit your python setup file

2. vim /{yourpythonsource}/Modules/Setup

Uncomment out the following lines and ensure that your SSL variable points to your openssl directory. In mine, it was looking for the directory 'ssl' instead of 'openssl.'

<pre><code># Socket module helper for SSL support; you must comment out the other </code> 

<pre><code># socket line above, and possibly edit the SSL variable: </code>

<code>SSL=/usr/local/openssl
_ssl _ssl.c \
-DUSE_SSL -I$(SSL)/include -I$(SSL)/include/openssl \
-L$(SSL)/lib -lssl -lcrypto</code>

3. sudo ./configure --with-openssl=/usr/local --prefix=/opt/python-3.7.1

4. sudo make && sudo make install

Answer 3

While this might not be the best answer, I will share how I solved this problem.

1. First of all, in my case, OpenSSL did not build correctly, as make test did return errors (and consequently Python gave this error). This was solved by installing a newer version of Perl and then installing OpenSSL again (configure, make, etc).

2. Use this command before using ./configure

   export LD_LIBRARY_PATH=/path/to/openssl/lib:$LD_LIBRARY_PATH

3. At the configure command, include the library:

   LDFLAGS="-L/path/to/openssl/lib" ./configure (all your preferred options) --with-openssl=/path/to/openssl

   as apparently the option for configure does not convey the message to the C compiler which needs it.

Am not sure whether option 2 and 3 are needed simultaneously, but I did so and it worked.

Answer 4

There was NO need to edit Modules/Setup file built python with customed openssl.

I have built python 3.11.0-rc2 under Debian 9 stretch follow the official document:

https://docs.python.org/3/using/unix.html?highlight=openssl#custom-openssl

To use your vendor’s OpenSSL configuration and system trust store, locate the directory with openssl.cnf file or symlink in /etc. On most distribution the file is either in /etc/ssl or /etc/pki/tls. The directory should also contain a cert.pem file and/or a certs directory.

$ find /etc/ -name openssl.cnf -printf "%h\n"
/etc/ssl

Download, build, and install OpenSSL. Make sure you use install_sw and NOT install. The install_sw target does NOT override openssl.cnf.

$ curl -O https://www.openssl.org/source/openssl-VERSION.tar.gz
$ tar xzf openssl-VERSION
$ pushd openssl-VERSION
$ ./config \
--prefix=/usr/local/custom-openssl \
--libdir=lib \
--openssldir=/etc/ssl
$ make -j1 depend
$ make -j8
$ make install_sw
$ popd

Build Python with custom OpenSSL (see the configure --with-openssl and --with-openssl-rpath options)

$ pushd python-3.x.x
$ ./configure -C \
--with-openssl=/usr/local/custom-openssl \
--with-openssl-rpath=auto \
--prefix=/usr/local/python-3.x.x
$ make -j8
$ make altinstall

ssl module check OK after installed :

# /usr/local/python-3.11.0-rc2/bin/python3.11 -c 'import ssl; print(ssl.OPENSSL_VERSION)'
OpenSSL 1.1.1q  5 Jul 2022

Answer 5

I ran into this problem with LMDE 5 (running Debian Bullseye) compiling Python 3.10.4. It was fixed by doing:

sudo apt-get install libssl-dev

Answer 6

Edit setup.py

Find the following lines:

        system_lib_dirs = ['/lib64', '/usr/lib64', '/lib', '/usr/lib']
    system_include_dirs = ['/usr/include']

...and place each folder at the beginning of its respective list.

---

In my case I had to add: /usr/local/lib and /usr/local/include:

        system_lib_dirs = ['/usr/local/lib', '/lib64', '/usr/lib64', '/lib', '/usr/lib']
    system_include_dirs = ['/usr/local/include', '/usr/include']

Finally: make distclean && ./configure

You may want to ensure that export LD_LIBRARY_PATH=/usr/local/lib:$LD_LIBRARY_PATH (or what have you) is added to the very end of /etc/profile and reboot, as well.

Answer 7

On CentOS / Linux 2 if you install openssl using

sudo yum install -y openssl-devel

then the library is installed to /usr/local/lib64, and you can configure Python as follows:

./configure --enable-shared --with-openssl=/usr/local/lib64

there are step-by-step instructions here: How to Install Latest (2020) Django to AWS EC2 Linux 2 Instance and Serve w/ Apache Hello World

Answer 8

Met same issue, looks configure of Python3 can't work well.

If you have installed the latest openssl, make sure the path of OPENSSL_LDFLAGS is correct in Makefile, below is my env case

OPENSSL_LDFLAGS=-L/usr/local/lib64

Answer 9

Execute till download python (3.10.4 is what i tried) from the link below https://computingforgeeks.com/install-latest-python-on-centos-linux/

Upgrade openssl as documented in https://cloudwafer.com/blog/installing-openssl-on-centos-7/

modify $python_home/Modules/Setup
Update the OPENSSL location and uncomment the below lines
--------------------------------------------
OPENSSL=/usr/local/ssl
_ssl _ssl.c \
    -I$(OPENSSL)/include -L$(OPENSSL)/lib \
    -lssl -lcrypto

--------------------------------------------

Continue the installation steps from https://computingforgeeks.com/install-latest-python-on-centos-linux/

Hope it helps somebody.. fyi: I was installing this on a centos7 ec2 instance as a part of installing ansible.

Answer 10

after make and make install openssl, as you can justopenssl version, edit python configure sudo ./configure --with-openssl-rpath=auto --enable-optimizations, and then make and make install python

Answer 11

how i managed to fix it for python 3.11.4: Centos7

first install openssl:

sudo yum -y groupinstall "Development Tools"
wget https://www.openssl.org/source/openssl-3.0.9.tar.gz
tar xvf openssl-3.0.9.tar.gz
cd openssl-3.0.9/
./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl
make -j $(nproc)
sudo make install
sudo ldconfig
sudo tee /etc/profile.d/openssl.sh<<EOF
export PATH=/usr/local/openssl/bin:\$PATH
export LD_LIBRARY_PATH=/usr/local/openssl/lib:\$LD_LIBRARY_PATH
EOF
source /etc/profile.d/openssl.sh

next install python:

wget https://www.python.org/ftp/python/3.11.4/Python-3.11.4.tgz
tar xvf Python-3.11.4.tgz
cd Python-3.11*/
LDFLAGS="${LDFLAGS} -Wl,-rpath=/usr/local/openssl/lib" ./configure --with-openssl=/usr/local/openssl 
make
sudo make altinstall

Answer 12

Here is a solution on Mac OS X / Homebrew:

brew reinstall openssl
brew unlink openssl && brew link openssl --force  # careful!
export LDFLAGS="-L/usr/local/opt/openssl/lib"
export CPPFLAGS="-I/usr/local/opt/openssl/include"
echo 'export PATH="/usr/local/opt/openssl/bin:$PATH"' >> ~/.bash_profile

Then download your python tarball and do this:

tar xvf Python-3.7.2.tar
cd Python-3.7.2
  ./configure CPPFLAGS="-I/usr/local/opt/openssl/include" LDFLAGS="-L/usr/local/opt/openssl/lib" --prefix=$PWD/Python-3.7.2/mybuild --enable-optimizations

More detai:

https://devguide.python.org/setup/#macos-and-os-x