Linking to brew openssl via python virtualenvwrapper

Question

Running openssl version returns the standard openssl on OS El Capitan, OpenSSL 0.9.8zh in /usr/bin/openssl.

I've installed the latest via brew brew install openssl. Various post/articles recommended manually symlinking to /usr/local/bin/openssl or running brew link --force openssl. Other posts said not to do this, running the latter also gave the following warning.

Warning: Refusing to link: openssl
Linking keg-only openssl means you may end up linking against the insecure,
deprecated system OpenSSL while using the headers from Homebrew's openssl.
Instead, pass the full include/library paths to your compiler e.g.:
  -I/usr/local/opt/openssl/include -L/usr/local/opt/openssl/lib

I'm not sure what that means. :|

Also I managed to symlink successfully to the brew version, so which openssl pointed to /usr/local/bin/openssl instead of the systems /usr/bin/openssl version, which openssl returned the latest version too, but when I opened a python shell, inside and outside of a virtualenv and ran import ssl ssl.OPENSSL_VERSION it returned the system version.

How do I force it to use the brew version in my python code?

What is the question? Als see [Brew refusing to link openssl](http://stackoverflow.com/q/38670295) on Stack Overflow and [Link: don't link /usr/local openssl](https://github.com/Homebrew/brew/commit/b999edb3448793529a) Github commit. — jww, Aug 09 '16 at 20:22
Thanks jww, I've edited question accordingly. I've read over those already, are you suggesting to implement Ben Collins .net solution? `sudo install_name_tool -add_rpath...` Where do I do this in a python environment? — Piet van Leeuwen, Aug 09 '16 at 21:57
Yes, you should always use install names for OpenSSL on OS X systems. I know OpenSSL 1.1.0 uses them, but I don't recall about OpenSSL 1.0.2 and earlier. That's only half the battle, though. The other half is to ensure programs, like Apache, Python and Ruby, compile against and link to the updated OpenSSL. To ensure the correct library at compile time, you have to use `-I` and `-L`. To ensure the runtime linker uses the correct OpenSSL library, the install name is used. — jww, Aug 09 '16 at 22:10

score 2 · Answer 1 · answered Jun 13 '17 at 18:49

I came across this issue when I needed a newer version of openssl than the one that comes with the default version of python installed on my MacOS (I'm running 10.12.5). While running a Django server in a virtual environment I created with virtualenvwrapper, I got the following error:

I checked to see what version of openssl I had linked by running:

$ python -c "import ssl; print ssl.OPENSSL_VERSION"                                                                                                                                                                                                              

OpenSSL 0.9.8zh 14 Jan 2016

Here's what I did to fix the issue:

$ brew update
$ brew install openssl
$ brew install python --with-brewed-openssl # for me this lives in /usr/local/Cellar/python/2.7.13/bin/python

We'll point virtualenvwrapper to use this version of python:

$ mkvirtualenv --python=/usr/local/Cellar/python/2.7.13/bin/python envName

Now let's check the version of openssl under our envname virtual environment:

(envName) $ python -c "import ssl; print ssl.OPENSSL_VERSION"                                                                                                                                                                                                              

OpenSSL 1.0.2l  25 May 2017

Thanks to this and this post for helping me get here.

What if I want the newly created Python (using `virtualenv env` ) to use the new OpenSSL? — Sankalp, Mar 16 '18 at 02:22

score 0 · Accepted Answer · edited May 23 '17 at 12:30

In the end I used brew install python3 --with-brewed-openssl, then ran brew link python3 to symlink it to /usr/local/bin/python3 and then used mkvirtualenv --python=/usr/local/bin/python3 [projectname] to use the brewed python(that uses the brewed openssl), now when I run import ssl ssl.OPENSSL_VERSION within my virtualenv I am pointing to my brewed openssl, and I don't have to touch my system openssl or python. This is a similar issue Updating openssl in python 2.7

score 0 · Answer 3 · answered Nov 18 '16 at 19:40

0

This worked for me

brew install python3 --with-brewed-openssl
brew link --overwrite python3

answered Nov 18 '16 at 19:40

Miguel Mota

20,135
5
45
64

Linking to brew openssl via python virtualenvwrapper

3 Answers3