Updating openssl in python 2.7

Please refer to http://rkulla.blogspot.kr/2014/03/the-path-to-homebrew.html

After upgrading openssl to 1.0.1j by homebrew on MAC, but system python still referred to old version 0.9.8. It turned out the python referred to openssl. So I have installed new python with brewed openssl and finished this issue on Mac, not yet Ubuntu.

On Mac OS X version 10.10 and system python version 2.7.6, my procedure is as follows:

$ brew update$ brew install openssl

Then you can see openssl version 1.0.1j.

$ brew link openssl --force $ brew install python --with-brewed-openssl    

You have to install new python with brewed openssl. Then, you can see /usr/local/Cellar/python/2.7.8_2/bin/python.

$ sudo ln -s /usr/local/Cellar/python/2.7.8_2/bin/python /usr/local/bin/python

Of course, /usr/local/* should be owned by $USER, not root, which is told by Ryan, but I used 'sudo'. And, before this instruction, I didn't have /usr/local/bin/python. After this instruction, you can use python version 2.7.8 not 2.7.6.

Finally, you can see as belows;

$ python --version  Python 2.7.8$ python -c "import ssl; print ssl.OPENSSL_VERSION"OpenSSL 1.0.1j 15 Oct 2014

Till now, I'm working on it on Ubuntu 12.04. If I have a solution for Ubuntu 12.04, then I will update my answer. I hope this procedure help you.

Outdated SSL is a common issue on multiple platforms:

Here's the general approach...

0. Install OpenSSL

• Option I: Install system packages of side-by-side OpenSSL 1.x libs (-dev or -devel) packages.

  # FreeBSDpkg install opensslOPENSSL_ROOT=/usr/local# Mac (brew)brew install openssl # DO NOT DO ANY WEIRD SYMLINK HACKS, ITS KEG-ONLY FOR A REASON!OPENSSL_ROOT="$(brew --prefix openssl)"

• Option II: Install OpenSSL from source to a temporary directory

  OPENSSL_ROOT="$HOME/.build/openssl-1.0.1e"curl http://www.openssl.org/source/openssl-1.0.1e.tar.gz | tar zxvf -cd openssl-1.0.1emkdir -p "$OPENSSL_ROOT"./config no-hw --prefix="$OPENSSL_ROOT" --openssldir=...# osx (instead of previous line): ./Configure darwin64-x86_64-cc no-hw --prefix="$OPENSSL_ROOT" --openssldir=...make installcd ..rm -rf openssl-1.0.1e

1. Building Python from source

• Option A: Use pyenv:

  export CONFIGURE_OPTS="CPPFLAGS=-I"$OPENSSL_ROOT"/include LDFLAGS=-L"$OPENSSL_ROOT"/lib [your other options here]"pyenv install 2.7.6

• Option B: Install Python from source

  ./configure CPPFLAGS="-I$OPENSSL_ROOT/include" LDFLAGS="-L$OPENSSL_ROOT/lib" [your other options here]`make# ...# if compiled openssl was used, it can be safely deleted because python's module ssl links openssl statically.

Example: FreeBSD 9.2 (skipping make install for demo purposes)

pkg install openssl curl gmake gdbm sqlite3 readline ncursesOPENSSL_ROOT=/usr/localcurl http://www.python.org/ftp/python/2.7.6/Python-2.7.6.tar.xz | tar jxvf -cd Python-2.7.6./configure CPPFLAGS="-I$OPENSSL_ROOT/include" LDFLAGS="-L$OPENSSL_ROOT/lib" [your other options here]make./python -c 'import ssl; print(ssl.OPENSSL_VERSION)' # osx: ./python.exe ...# prints: OpenSSL 1.0.1e 11 Feb 2013

Afterwards, temporary openssl libraries are no longer needed b/c the ssl modele with openssl statically into the python executable (verify using otool or readelf).

This could be because of an outdated version of Python.

After running python -c "import ssl; print ssl.OPENSSL_VERSION" on Python 2.7.1, I saw that I had this outdated version: OpenSSL 0.9.7l 28 Sep 2006.

It seems as though my version of Python depended on a deprecated version of OpenSSL, as indicated bythis forum:

For the upcoming Python 2.7.9 release (planned for early December), I intend to have the Pythons in the python.org OS X installers use their own versions of OpenSSL and thus no longer depend on the now-deprecated system OpenSSL.

I updated to Python 2.7.9 and the issue was immediately fixed. Now, after running python -c "import ssl; print ssl.OPENSSL_VERSION", I get OpenSSL 0.9.8za 5 Jun 2014.