[issue46863] Python 3.10 OpenSSL Configuration Issues

2022-03-02 Thread Adam
Adam added the comment: Many thanks Christian, that resolved the issue! I really appreciate your efforts here. -- ___ Python tracker ___

[issue46863] Python 3.10 OpenSSL Configuration Issues

2022-03-02 Thread Christian Heimes
Christian Heimes added the comment: pyenv uses default value for ./configure --with-ssl-default-suites. You have to use --with-ssl-default-suites=openssl so your build uses the system's crypto policy correctly. -- ___ Python tracker

[issue46863] Python 3.10 OpenSSL Configuration Issues

2022-03-01 Thread Adam
Adam added the comment: Many thanks Christian, see the attached for the output of the commands on Python 3.9.10 and 3.10.2, along with a diff removing version numbers and memory addresses. I've run the commands on the Ubuntu distribution, we can also run the same for the Centos VM, if

[issue46863] Python 3.10 OpenSSL Configuration Issues

2022-03-01 Thread Christian Heimes
Christian Heimes added the comment: Could you please provide the outputs of the following commands: python3 -c "import _ssl; print(_ssl.__file__)" ldd $(python3.10 -c "import _ssl; print(_ssl.__file__)") strace -e openat python3.10 -c "from urllib.request import urlopen;

[issue46863] Python 3.10 OpenSSL Configuration Issues

2022-02-28 Thread Adam
Adam added the comment: Update, the Pyenv team confirmed that they do not install OpenSSL in linux, its only installed for MacOS, and it should be built using the system OpenSSL within Linux. We're investigating further to attempt to debug the issue. Interestingly the OpenSSL build flags

[issue46863] Python 3.10 OpenSSL Configuration Issues

2022-02-26 Thread Adam
Adam added the comment: Yes agreed, it may well be a Pyenv issue. Interestingly we can demonstrate that the global OpenSSL crypto policies is respected with the 3.9.10 version, through adjusting the policy. The ssl error occurs with the default policy setting and is resolved with the legacy

[issue46863] Python 3.10 OpenSSL Configuration Issues

2022-02-26 Thread Christian Heimes
Christian Heimes added the comment: This is a pyenv issue, not a Python issue. Custom builds of OpenSSL typically do not and cannot use global settings like crypto policies. They are missing distro downstream patches and use different config files. --

[issue46863] Python 3.10 OpenSSL Configuration Issues

2022-02-26 Thread Adam
-build https://www.openssl.org/news/openssl-1.1.1-notes.html -- ___ Python tracker <https://bugs.python.org/issue46863> ___ ___ Python-bugs-list mailing list Unsub

[issue46863] Python 3.10 OpenSSL Configuration Issues

2022-02-26 Thread Adam
Adam added the comment: Thanks for the quick reply. On both Ubuntu and Centos, I’m installing Python using Pyenv, testing with 3.9.10 and 3.10.2. Pyenv provides a verbose install flag, I can rebuild the Python versions and review the build commands, if helpful? I’m testing with clean Linux

[issue46863] Python 3.10 OpenSSL Configuration Issues

2022-02-26 Thread Christian Heimes
Christian Heimes added the comment: How did you build Python 3.10? Neither CentOS 8 nor Ubuntu 20.04 come with Python 3.10. Does your build of Python use system's OpenSSL build? -- assignee: christian.heimes -> ___ Python tracker <

[issue46863] Python 3.10 OpenSSL Configuration Issues

2022-02-25 Thread Adam Pinckard
c -- assignee: christian.heimes components: SSL messages: 414072 nosy: adam, christian.heimes priority: normal severity: normal status: open title: Python 3.10 OpenSSL Configuration Issues type: behavior versions: Python 3.10 __

Python and OpenSSL FIPS module

2016-01-06 Thread security veteran
Hi, I was wondering does anyone have successful experiences integrating OpenSSL FIPS modules with Python 2.x? Is there any catch we need to be careful about in integrating Python with OpenSSL FIPS modules? Thanks. -- https://mail.python.org/mailman/listinfo/python-list

Re: python and openSSL

2009-09-10 Thread Luca Bel
I had already installed and tested M2Crypto. My problem is that with this library I've not found a way to replicate the operation that I can made with openssl. As you can see, here: openssl smime -decrypt -verify -inform DER -in ReadmeDiKe.pdf.p7m -noverify -out ReadmeDike.pdf No certificate is

python and openSSL

2009-09-09 Thread Luca Bel
Hi all. I need a trick to do something like this: openssl smime -decrypt -verify -inform DER -in ReadmeDiKe.pdf.p7m -noverify -out ReadmeDike.pdf To unwrap a p7m file and read his content. I know that I could use somthing like: import os os.system('openssl ') but i would use a python

Re: python and openSSL

2009-09-09 Thread exarkun
On 9 Sep, 01:30 pm, luca...@gmail.com wrote: Hi all. I need a trick to do something like this: openssl smime -decrypt -verify -inform DER -in ReadmeDiKe.pdf.p7m -noverify -out ReadmeDike.pdf To unwrap a p7m file and read his content. I know that I could use somthing like: import os