pyOpenSSL == 0.13 won't build against newer versions (>= 1.0.2a) of OpenSSL headers / libs

[c6stephens]

There is a known issue where pyOpenSSL == 0.13 will not build against newer (>= 1.0.2a) versions of OpenSSL.

OpenSSL/crypto/crl.c:6:23: error: static declaration of 'X509_REVOKED_dup' follows non-static declaration
static X509_REVOKED * X509_REVOKED_dup(X509_REVOKED *orig) {
                      ^
/usr/local/opt/openssl/include/openssl/x509.h:751:15: note: previous declaration is here
X509_REVOKED *X509_REVOKED_dup(X509_REVOKED *rev);
              ^
1 error generated.
error: command 'clang' failed with exit status 1

This was because of a change to the x509.h header that declared the X509_REVOKED_dup() function (that appears to have been merged in only after OpenSSL 1.0.1).

I ran into this issue while building Hue on Mac OS Yosemite with an upgraded version of OpenSSL. (I'm putting together a Homebrew package.)

pyOpenSSL >= 0.14 doesn't have this problem.

Also, patching pyOpenSSL == 0.13 is pretty easy:

diff --git a/desktop/core/ext-py/pyopenssl/OpenSSL/crypto/crl.c b/desktop/core/ext-py/pyopenssl/OpenSSL/crypto/crl.c
index eec5bcb..b2fd681 100644
--- a/desktop/core/ext-py/pyopenssl/OpenSSL/crypto/crl.c
+++ b/desktop/core/ext-py/pyopenssl/OpenSSL/crypto/crl.c
@@ -3,7 +3,7 @@
 #include "crypto.h"


-static X509_REVOKED * X509_REVOKED_dup(X509_REVOKED *orig) {
+X509_REVOKED * X509_REVOKED_dup(X509_REVOKED *orig) {
     X509_REVOKED *dupe = NULL;

     dupe = X509_REVOKED_new();

I'm happy to submit a pull request! I thought I'd check first to see if a pyOpenSSL upgrade is in the works.

Chris Stephens
Netflix, Inc

[romainr]

Good to know!

I assume it will still compile with < OpenSSL 1.0.2a?

@erickt tried to upgrade it recently to 0.13.1 and got some issues and went back to 0.13: https://issues.cloudera.org/browse/HUE-2814

I would say patching pyOpenSSL now is probably the best/quickest until we up to 0.14 or more!

[c6stephens]

With this change (the "static" modifier on "X509_REVOKED_dup()" removed), pyopenssl builds fine for me against OpenSSL 0.9.8y.

Submitting a pull request now.

[emhacker]

Thx...

[meGAmeS1]

Hi, thanks for this hack @c6stephens. Just for the record, in case it helps somebody. Here's the steps to install pyOpenSSL==0.13 on a recent macOS version:

mkdir build
cd build
pip download pyOpenSSL==0.13
tar xzf pyOpenSSL-0.13.tar.gz
cd pyOpenSSL-0.13

From here you can either apply the patch made by @c6stephens or edit the file manually (for example: vim OpenSSL/crypto/crl.c).

pip install --no-clean .

And voilà. You now have an old pyOpenSSL version working in your python environment!

[brycepg]

If anyone is looking to automate @meGAmeS1 's fix. Use the following patch:

--- OpenSSL/crypto/crl.c	2018-12-26 12:23:14.275648440 -0500
+++ OpenSSL/crypto/crl2.c	2018-12-26 12:15:16.720820270 -0500
@@ -3,7 +3,7 @@
 #include "crypto.h"
 
 
-static X509_REVOKED * X509_REVOKED_dup(X509_REVOKED *orig) {
+X509_REVOKED * X509_REVOKED_dup(X509_REVOKED *orig) {
     X509_REVOKED *dupe = NULL;
 
     dupe = X509_REVOKED_new();

Save as fix.patch for the following command:

patch OpenSSL/crypto/crl.c fix.patch

To summarize:

pip download pyOpenSSL==0.13
tar xzf pyOpenSSL-0.13.tar.gz
cd pyOpenSSL-0.13
wget https://gist.githubusercontent.com/brycepg/809501ae24e34e9fdb58a7932c12287b/raw/74e0165e73dadab8051a9041bcb8e657705a706b/fix.patch
patch OpenSSL/crypto/crl.c fix.patch
pip install --no-clean .