Build problems with very recent Python and OpenSSL
Closed this issue · 8 comments
tarnh commented
With very recent software (gcc 9, python 3.8) I'm getting a build failure:
building 'nassl._nassl_legacy' extension
gcc -pthread -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O3 -Wall -march=x86-64 -mtune=generic -O3 -pipe -fno-plt -march=x86-64 -mtune=generic -O3 -pipe -fno-plt -march=x86-64 -mtune=generic -O3 -pipe -fno-plt -march=native -mtune=native -O3 -pipe -fstack-protector-strong -fno-plt -D_FORTIFY_SOURCE=2 -fPIC -DLEGACY_OPENSSL=1 -I./nassl/deps/openssl-OpenSSL_1_0_2e/include -Inassl/_nassl -I/usr/include/python3.8 -c nassl/_nassl/nassl.c -o build/temp.linux-x86_64-3.8/nassl/_nassl/nassl.o -Wall
gcc -pthread -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O3 -Wall -march=x86-64 -mtune=generic -O3 -pipe -fno-plt -march=x86-64 -mtune=generic -O3 -pipe -fno-plt -march=x86-64 -mtune=generic -O3 -pipe -fno-plt -march=native -mtune=native -O3 -pipe -fstack-protector-strong -fno-plt -D_FORTIFY_SOURCE=2 -fPIC -DLEGACY_OPENSSL=1 -I./nassl/deps/openssl-OpenSSL_1_0_2e/include -Inassl/_nassl -I/usr/include/python3.8 -c nassl/_nassl/nassl_SSL_CTX.c -o build/temp.linux-x86_64-3.8/nassl/_nassl/nassl_SSL_CTX.o -Wall
nassl/_nassl/nassl_SSL_CTX.c: In function 'nassl_SSL_CTX_new':
nassl/_nassl/nassl_SSL_CTX.c:61:25: warning: implicit declaration of function 'SSLv2_method'; did you mean 'SSLv23_method'? [-Wimplicit-function-declaration]
61 | sslCtx = SSL_CTX_new(SSLv2_method());
| ^~~~~~~~~~~~
| SSLv23_method
nassl/_nassl/nassl_SSL_CTX.c:61:25: warning: passing argument 1 of 'SSL_CTX_new' makes pointer from integer without a cast [-Wint-conversion]
61 | sslCtx = SSL_CTX_new(SSLv2_method());
| ^~~~~~~~~~~~~~
| |
| int
In file included from nassl/_nassl/nassl_SSL_CTX.c:4:
/usr/include/openssl/ssl.h:1503:17: note: expected 'const SSL_METHOD *' {aka 'const struct ssl_method_st *'} but argument is of type 'int'
1503 | __owur SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
| ^~~~~~~~~~~
nassl/_nassl/nassl_SSL_CTX.c:70:25: warning: implicit declaration of function 'SSLv3_method'; did you mean 'SSLv23_method'? [-Wimplicit-function-declaration]
70 | sslCtx = SSL_CTX_new(SSLv3_method());
| ^~~~~~~~~~~~
| SSLv23_method
nassl/_nassl/nassl_SSL_CTX.c:70:25: warning: passing argument 1 of 'SSL_CTX_new' makes pointer from integer without a cast [-Wint-conversion]
70 | sslCtx = SSL_CTX_new(SSLv3_method());
| ^~~~~~~~~~~~~~
| |
| int
In file included from nassl/_nassl/nassl_SSL_CTX.c:4:
/usr/include/openssl/ssl.h:1503:17: note: expected 'const SSL_METHOD *' {aka 'const struct ssl_method_st *'} but argument is of type 'int'
1503 | __owur SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
| ^~~~~~~~~~~
nassl/_nassl/nassl_SSL_CTX.c:78:4: warning: 'TLSv1_method' is deprecated [-Wdeprecated-declarations]
78 | sslCtx = SSL_CTX_new(TLSv1_method());
| ^~~~~~
In file included from /usr/include/openssl/e_os2.h:13,
from /usr/include/openssl/ssl.h:15,
from nassl/_nassl/nassl_SSL_CTX.c:4:
/usr/include/openssl/ssl.h:1877:1: note: declared here
1877 | DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_method(void)) /* TLSv1.0 */
| ^~~~~~~~~~~~~~~~~~
nassl/_nassl/nassl_SSL_CTX.c:81:4: warning: 'TLSv1_1_method' is deprecated [-Wdeprecated-declarations]
81 | sslCtx = SSL_CTX_new(TLSv1_1_method());
| ^~~~~~
In file included from /usr/include/openssl/e_os2.h:13,
from /usr/include/openssl/ssl.h:15,
from nassl/_nassl/nassl_SSL_CTX.c:4:
/usr/include/openssl/ssl.h:1883:1: note: declared here
1883 | DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_method(void)) /* TLSv1.1 */
| ^~~~~~~~~~~~~~~~~~
nassl/_nassl/nassl_SSL_CTX.c:84:4: warning: 'TLSv1_2_method' is deprecated [-Wdeprecated-declarations]
84 | sslCtx = SSL_CTX_new(TLSv1_2_method());
| ^~~~~~
In file included from /usr/include/openssl/e_os2.h:13,
from /usr/include/openssl/ssl.h:15,
from nassl/_nassl/nassl_SSL_CTX.c:4:
/usr/include/openssl/ssl.h:1889:1: note: declared here
1889 | DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_method(void)) /* TLSv1.2 */
| ^~~~~~~~~~~~~~~~~~
In file included from /usr/include/string.h:494,
from /usr/include/python3.8/Python.h:30,
from nassl/_nassl/nassl_SSL_CTX.c:2:
In function 'strncpy',
inlined from 'pem_passwd_cb' at nassl/_nassl/nassl_SSL_CTX.c:260:5,
inlined from 'pem_passwd_cb' at nassl/_nassl/nassl_SSL_CTX.c:238:12:
/usr/include/bits/string_fortified.h:106:10: warning: '__builtin_strncpy' specified bound depends on the length of the source argument [-Wstringop-overflow=]
106 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
nassl/_nassl/nassl_SSL_CTX.c: In function 'pem_passwd_cb':
nassl/_nassl/nassl_SSL_CTX.c:253:20: note: length computed here
253 | passwordSize = strlen(passwordBuf) + 1;
| ^~~~~~~~~~~~~~~~~~~
gcc -pthread -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O3 -Wall -march=x86-64 -mtune=generic -O3 -pipe -fno-plt -march=x86-64 -mtune=generic -O3 -pipe -fno-plt -march=x86-64 -mtune=generic -O3 -pipe -fno-plt -march=native -mtune=native -O3 -pipe -fstack-protector-strong -fno-plt -D_FORTIFY_SOURCE=2 -fPIC -DLEGACY_OPENSSL=1 -I./nassl/deps/openssl-OpenSSL_1_0_2e/include -Inassl/_nassl -I/usr/include/python3.8 -c nassl/_nassl/nassl_SSL.c -o build/temp.linux-x86_64-3.8/nassl/_nassl/nassl_SSL.o -Wall
nassl/_nassl/nassl_SSL.c: In function 'nassl_SSL_get_available_compression_methods':
nassl/_nassl/nassl_SSL.c:323:53: error: dereferencing pointer to incomplete type 'SSL_COMP' {aka 'const struct ssl_comp_st'}
323 | methodPyString = PyUnicode_FromString(method->name);
| ^~
nassl/_nassl/nassl_SSL.c: In function 'get_tmp_new_cipher':
nassl/_nassl/nassl_SSL.c:462:39: error: dereferencing pointer to incomplete type 'SSL' {aka 'struct ssl_st'}
462 | if (self->ssl == NULL || self->ssl->s3 == NULL)
| ^~
nassl/_nassl/nassl_SSL.c: In function 'nassl_SSL_get_dh_info':
nassl/_nassl/nassl_SSL.c:837:21: error: dereferencing pointer to incomplete type 'EVP_PKEY' {aka 'struct evp_pkey_st'}
837 | DH *dh = key->pkey.dh;
| ^~
nassl/_nassl/nassl_SSL.c:838:15: error: dereferencing pointer to incomplete type 'DH' {aka 'struct dh_st'}
838 | p = dh->p;
| ^~
nassl/_nassl/nassl_SSL.c: In function 'get_tmp_new_cipher':
nassl/_nassl/nassl_SSL.c:470:1: warning: control reaches end of non-void function [-Wreturn-type]
470 | }
| ^
error: command 'gcc' failed with exit status 1
ahinrichs commented
Had the same problems doing a "naiv" pip install .
If I follow the steps from build_linux_wheels.sh it works. So e.g.:
git clone https://github.com/nabla-c0d3/nassl /tmp/nassl
cd /tmp/nassl
vim Pipfile # change python_version to 3.8
pipenv install --dev
pipenv run invoke build.zlib
pipenv run invoke build.modern-openssl
pipenv run invoke build.legacy-openssl
pip install --target /some/path/ .tarnh commented
Oh great. How do I translate it? My naive tries don't work:
python setup.py build.zlib
python setup.py build --zlib
ahinrichs commented
I did not know anything about pipenv until yesterday. So I can't tell what exactly it does and how to circumvent it. I installed it (python-pipenv on arch based linux) and used it together with system pip as shown.
nabla-c0d3 commented
This is explained in the README https://github.com/nabla-c0d3/nassl#dev-environment
jayvdb commented
That doesnt fix it.
e.g. I am trying to package this for openSUSE, and getting the same
gcc -pthread -Wno-unused-result -Wsign-compare -DNDEBUG -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -g -DOPENSSL_LOAD_CONF -fwrapv -fno-semantic-interposition -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -g -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -g -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -g -fPIC -DLEGACY_OPENSSL=1 -I/home/abuild/rpmbuild/BUILD/nassl-3.0.0/deps/openssl-OpenSSL_1_0_2e/include -Inassl/_nassl -I/usr/include/python3.8 -c nassl/_nassl/nassl_SSL.c -o build/temp.linux-x86_64-3.8/nassl/_nassl/nassl_SSL.o -Wall
[ 47s] nassl/_nassl/nassl_SSL.c: In function ‘nassl_SSL_get_available_compression_methods’:
[ 47s] nassl/_nassl/nassl_SSL.c:323:53: error: invalid use of incomplete typedef ‘SSL_COMP’ {aka ‘const struct ssl_comp_st’}
[ 47s] 323 | methodPyString = PyUnicode_FromString(method->name);
[ 47s] | ^~
[ 47s] nassl/_nassl/nassl_SSL.c: In function ‘get_tmp_new_cipher’:
[ 47s] nassl/_nassl/nassl_SSL.c:462:39: error: invalid use of incomplete typedef ‘SSL’ {aka ‘struct ssl_st’}I needed to remove the mention of LEGACY_OPENSSL from setup.py
nabla-c0d3 commented
Building this package is tricky - any reason why you need to build it instead of just installing via pip?
jayvdb commented
It is a dependency of other packages. I like my system to be stable, with packages tested with all of their dependencies as they are installed on my system. Also faster.
nabla-c0d3 commented
Makes sense but then you're kind of on your own... I have no way nor time to reproduce these build errors unless they happen in the Travis build.