在 python 2.7 中更新 openssl
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/18752409/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Updating openssl in python 2.7
提问by Peter
wondering if someone may please explain how openssl works in python2.7. I'm not sure if python got its own openssl or picks it up from local machine/env?
想知道是否有人可以解释 openssl 在 python2.7 中的工作原理。我不确定 python 是否有自己的 openssl 或从本地机器/环境中获取它?
let me explain: (if I do this in Python)
让我解释一下:(如果我在 Python 中这样做)
>>> import ssl
>>> ssl.OPENSSL_VERSION
'OpenSSL 0.9.8x 10 May 2012'
(In terminal)
(在终端)
$ openssl version
OpenSSL 0.9.8x 10 May 2012
$ which openssl
/usr/bin/openssl
now I updated openssl (downloaded .)
现在我更新了 openssl(已下载。)
$ cd openssl-1.0.1c
$ ./Configure darwin64-x86_64-cc --prefix=/usr --openssldir=/opt/local/etc/openssl shared
$ make
$ sudo make install
this created separate director(as specified), so I copied it to the old path
这创建了单独的导演(如指定),所以我将其复制到旧路径
cp -f /usr/local/ssl/bin/openssl /usr/bin/openssl
now in terminal openssl version has been updated but not from python!
现在在终端 openssl 版本已经更新,但不是来自 python!
$ openssl version
OpenSSL 1.0.1c 10 May 2012
I did noticed that .dylib is still pointing to old version, how can I change this?
我确实注意到 .dylib 仍然指向旧版本,我该如何更改?
$ ls -l /usr/lib/*ssl*
-rwxr-xr-x 1 root wheel 411680 Jul 17 2012 /usr/lib/libssl.0.9.7.dylib
-rwxr-xr-x 1 root wheel 602800 May 24 03:43 /usr/lib/libssl.0.9.8.dylib
-rwxr-xr-x 1 root wheel 390908 Sep 9 17:37 /usr/lib/libssl.1.0.0.dylib
lrwxr-xr-x 1 root wheel 18 Jul 17 2012 /usr/lib/libssl.dylib -> libssl.0.9.8.dylib
Update: I changed the link still got old version at python.
更新:我更改了链接在 python 上仍然有旧版本。
$ ls -l /usr/lib/*ssl*
-rwxr-xr-x 1 root wheel 411680 Jul 17 2012 /usr/lib/libssl.0.9.7.dylib
-rwxr-xr-x 1 root wheel 602800 May 24 03:43 /usr/lib/libssl.0.9.8.dylib
-rwxr-xr-x 1 root wheel 390908 Sep 9 17:37 /usr/lib/libssl.1.0.0.dylib
lrwxr-xr-x 1 root wheel 18 Sep 11 15:47 /usr/lib/libssl.dylib -> libssl.1.0.0.dylib
回答by Peter
Outdated SSL is a common issue on multiple platforms:
过时的 SSL 是多个平台上的常见问题:
Here's the general approach...
这是一般方法...
0. Install OpenSSL
0.安装OpenSSL
Option I:Install system packages of side-by-side OpenSSL 1.x libs (-dev or -devel) packages.
# FreeBSD pkg install openssl OPENSSL_ROOT=/usr/local # Mac (brew) brew install openssl # DO NOT DO ANY WEIRD SYMLINK HACKS, ITS KEG-ONLY FOR A REASON! OPENSSL_ROOT="$(brew --prefix openssl)"Option II:Install OpenSSL from source to a temporary directory
OPENSSL_ROOT="$HOME/.build/openssl-1.0.1e" curl http://www.openssl.org/source/openssl-1.0.1e.tar.gz | tar zxvf - cd openssl-1.0.1e mkdir -p "$OPENSSL_ROOT" ./config no-hw --prefix="$OPENSSL_ROOT" --openssldir=... # osx (instead of previous line): ./Configure darwin64-x86_64-cc no-hw --prefix="$OPENSSL_ROOT" --openssldir=... make install cd .. rm -rf openssl-1.0.1e
选项 I:安装并行 OpenSSL 1.x 库(-dev 或 -devel)包的系统包。
# FreeBSD pkg install openssl OPENSSL_ROOT=/usr/local # Mac (brew) brew install openssl # DO NOT DO ANY WEIRD SYMLINK HACKS, ITS KEG-ONLY FOR A REASON! OPENSSL_ROOT="$(brew --prefix openssl)"选项二:从源代码安装 OpenSSL 到一个临时目录
OPENSSL_ROOT="$HOME/.build/openssl-1.0.1e" curl http://www.openssl.org/source/openssl-1.0.1e.tar.gz | tar zxvf - cd openssl-1.0.1e mkdir -p "$OPENSSL_ROOT" ./config no-hw --prefix="$OPENSSL_ROOT" --openssldir=... # osx (instead of previous line): ./Configure darwin64-x86_64-cc no-hw --prefix="$OPENSSL_ROOT" --openssldir=... make install cd .. rm -rf openssl-1.0.1e
1. Building Python from source
1.从源代码构建 Python
Option A: Use pyenv:
export CONFIGURE_OPTS="CPPFLAGS=-I"$OPENSSL_ROOT"/include LDFLAGS=-L"$OPENSSL_ROOT"/lib [your other options here]" pyenv install 2.7.6Option B: Install Python from source
./configure CPPFLAGS="-I$OPENSSL_ROOT/include" LDFLAGS="-L$OPENSSL_ROOT/lib" [your other options here]` make # ... # if compiled openssl was used, it can be safely deleted because python's module ssl links openssl statically.
选项 A:使用pyenv:
export CONFIGURE_OPTS="CPPFLAGS=-I"$OPENSSL_ROOT"/include LDFLAGS=-L"$OPENSSL_ROOT"/lib [your other options here]" pyenv install 2.7.6选项 B:从源代码安装 Python
./configure CPPFLAGS="-I$OPENSSL_ROOT/include" LDFLAGS="-L$OPENSSL_ROOT/lib" [your other options here]` make # ... # if compiled openssl was used, it can be safely deleted because python's module ssl links openssl statically.
Example: FreeBSD 9.2 (skipping make installfor demo purposes)
示例:FreeBSD 9.2(make install出于演示目的而跳过)
pkg install openssl curl gmake gdbm sqlite3 readline ncurses
OPENSSL_ROOT=/usr/local
curl http://www.python.org/ftp/python/2.7.6/Python-2.7.6.tar.xz | tar jxvf -
cd Python-2.7.6
./configure CPPFLAGS="-I$OPENSSL_ROOT/include" LDFLAGS="-L$OPENSSL_ROOT/lib" [your other options here]
make
./python -c 'import ssl; print(ssl.OPENSSL_VERSION)' # osx: ./python.exe ...
# prints: OpenSSL 1.0.1e 11 Feb 2013
Afterwards, temporary openssl libraries are no longer needed b/c the ssl modele with openssl statically into the python executable (verify using otoolor readelf).
之后,不再需要临时的 openssl 库 b/c 将带有 openssl 的 ssl 模型静态地放入 python 可执行文件中(使用otool或验证readelf)。
回答by user2434741
Please refer to http://rkulla.blogspot.kr/2014/03/the-path-to-homebrew.html
请参考http://rkulla.blogspot.kr/2014/03/the-path-to-homebrew.html
After upgrading openssl to 1.0.1j by homebrew on MAC, but system python still referred to old version 0.9.8. It turned out the python referred to openssl. So I have installed new python with brewed openssl and finished this issue on Mac, not yet Ubuntu.
在 MAC 上通过 homebrew 将 openssl 升级到 1.0.1j 后,但系统 python 仍然指的是旧版本 0.9.8。原来python指的是openssl。所以我用 brewed openssl 安装了新的 python 并在 Mac 上完成了这个问题,还不是 Ubuntu。
On Mac OS X version 10.10 and system python version 2.7.6, my procedure is as follows:
在 Mac OS X 版本 10.10 和系统 python 版本 2.7.6 上,我的程序如下:
$ brew update
$ brew install openssl
Then you can see openssl version 1.0.1j.
然后就可以看到openssl 1.0.1j版本了。
$ brew link openssl --force
$ brew install python --with-brewed-openssl
You have to install new python with brewed openssl. Then, you can see /usr/local/Cellar/python/2.7.8_2/bin/python.
您必须使用 brewed openssl 安装新的 python。然后,你可以看到/usr/local/Cellar/python/2.7.8_2/bin/python。
$ sudo ln -s /usr/local/Cellar/python/2.7.8_2/bin/python /usr/local/bin/python
$ sudo ln -s /usr/local/Cellar/python/2.7.8_2/bin/python /usr/local/bin/python
Of course, /usr/local/* should be owned by $USER, not root, which is told by Ryan, but I used 'sudo'. And, before this instruction, I didn't have /usr/local/bin/python. After this instruction, you can use python version 2.7.8 not 2.7.6.
当然, /usr/local/* 应该由 $USER 拥有,而不是由 Ryan 告诉的 root 拥有,但我使用了 'sudo'。而且,在此指令之前,我没有 /usr/local/bin/python。在此说明之后,您可以使用 python 版本 2.7.8 而不是 2.7.6。
Finally, you can see as belows;
最后,您可以看到如下内容;
$ python --version
Python 2.7.8
$ python -c "import ssl; print ssl.OPENSSL_VERSION"
OpenSSL 1.0.1j 15 Oct 2014
Till now, I'm working on it on Ubuntu 12.04. If I have a solution for Ubuntu 12.04, then I will update my answer. I hope this procedure help you.
到现在为止,我正在 Ubuntu 12.04 上工作。如果我有 Ubuntu 12.04 的解决方案,那么我会更新我的答案。我希望这个程序对你有帮助。
回答by aralar
This could be because of an outdated version of Python.
这可能是因为 Python 版本过时。
After running python -c "import ssl; print ssl.OPENSSL_VERSION"on Python 2.7.1, I saw that I had this outdated version: OpenSSL 0.9.7l 28 Sep 2006.
在python -c "import ssl; print ssl.OPENSSL_VERSION"Python 2.7.1 上运行后,我看到我有这个过时的版本:OpenSSL 0.9.7l 28 Sep 2006.
It seems as though my version of Python depended on a deprecated version of OpenSSL, as indicated by this forum:
如本论坛所示,我的 Python 版本似乎依赖于已弃用的 OpenSSL 版本 :
For the upcoming Python 2.7.9 release (planned for early December), I intend to have the Pythons in the python.org OS X installers use their own versions of OpenSSL and thus no longer depend on the now-deprecated system OpenSSL.
对于即将发布的 Python 2.7.9 版本(计划于 12 月初发布),我打算让 python.org OS X 安装程序中的 Python 使用它们自己的 OpenSSL 版本,因此不再依赖于现已弃用的系统 OpenSSL。
I updated to Python 2.7.9 and the issue was immediately fixed. Now, after running python -c "import ssl; print ssl.OPENSSL_VERSION", I get OpenSSL 0.9.8za 5 Jun 2014.
我更新到 Python 2.7.9,问题立即得到解决。现在,运行后python -c "import ssl; print ssl.OPENSSL_VERSION",我得到OpenSSL 0.9.8za 5 Jun 2014.
回答by Paul Kenjora
SOLVED NO HACKS, none of the above worked for me. I ended up taking a simpler and uncomplicated approach....
没有解决任何黑客问题,以上都不适合我。我最终采取了一种更简单和简单的方法......
- Install python 2.7.13 from the official site, it actually installs as the default python, automatically upgrading the old python system wide ( yes! ).
- 从官方网站安装python 2.7.13,它实际上安装为默认python,自动升级旧的python系统(是的!)。
https://www.python.org/downloads/mac-osx/
https://www.python.org/downloads/mac-osx/
- Upgrade openssl after the python install. Updating it for system python ( yes! ).
- 安装 python 后升级 openssl。为系统 python 更新它(是的!)。
sudo pip install --upgrade pyOpenSSL
sudo pip install --upgrade pyOpenSSL
- You will have to re-install all your python modules ( because you replaced python ), I strongly recommend using pip. After a few minutes of pip installs my default OSX python was upgraded, I had openssl upgraded, and I had all my modules ( including django running ).
- 您将不得不重新安装所有 python 模块(因为您替换了 python ),我强烈建议使用 pip。pip 安装几分钟后,我的默认 OSX python 升级了,我升级了 openssl,并且我拥有了所有模块(包括 django running )。
回答by bkinnell
The following worked for me. I was already able to update OpenSSL from 0.9.8zh to a 1.0.2o version, but python never accessed the newer version until found this suggestion to use pyenv to reinstall python (with 2.7.10, the version I wanted).
以下对我有用。我已经能够将 OpenSSL 从 0.9.8zh 更新到 1.0.2o 版本,但是 python 从未访问过较新版本,直到发现使用 pyenv 重新安装 python 的建议(使用 2.7.10,我想要的版本)。
brew update
brew install pyenv
echo 'eval "$(pyenv init -)"' >> .bashrc
source .bashrc
pyenv install 2.7.10
pyenv global 2.7.10
and then to check...
然后检查...
python --version
Python 2.7.10
python -c 'import ssl; print ssl.OPENSSL_VERSION'
OpenSSL 1.0.2o 27 Mar 2018
I did have to reinstall python packages of course.
我当然必须重新安装 python 包。
回答by KeelyD
I think python has recognized that this is an issue: https://www.python.org/downloads/release/python-2715/
我认为 python 已经认识到这是一个问题:https: //www.python.org/downloads/release/python-2715/
Note
Attention macOS users: as of 2.7.15, all python.org macOS installers ship with a builtin copy of OpenSSL. Additionally, there is a new additional installer variant for macOS 10.9+ that includes a built-in version of Tcl/Tk 8.6. See the installer README for more information.
笔记
macOS 用户注意:从 2.7.15 开始,所有 python.org macOS 安装程序都附带 OpenSSL 的内置副本。此外,还有一个适用于 macOS 10.9+ 的新附加安装程序变体,其中包括一个内置版本的 Tcl/Tk 8.6。有关更多信息,请参阅安装程序自述文件。
Simply installing 2.7.15 fixed my OpenSSL issues.
只需安装 2.7.15 即可修复我的 OpenSSL 问题。
