blob: 99b327d9f49f412aee66fe04aa473758aeb37f63 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
.. hazmat::
OpenSSL Backend
===============
These are `CFFI`_ bindings to the `OpenSSL`_ C library.
.. data:: cryptography.hazmat.backends.openssl.backend
This is the exposed API for the OpenSSL bindings. It has two public
attributes:
.. attribute:: ffi
This is a :class:`cffi.FFI` instance. It can be used to allocate and
otherwise manipulate OpenSSL structures.
.. attribute:: lib
This is a ``cffi`` library. It can be used to call OpenSSL functions,
and access constants.
Using your own OpenSSL on Linux
-------------------------------
Python links to OpenSSL for its own purposes and this can sometimes cause
problems when you wish to use a different version of OpenSSL with cryptography.
If you want to use cryptography with your own build of OpenSSL you will need to
make sure that the build is configured correctly so that your version of
OpenSSL doesn't conflict with Python's.
The options you need to add allow the linker to identify every symbol correctly
even when multiple versions of the library are linked into the same program. If
you are using your distribution's source packages these will probably be
patched in for you already, otherwise you'll need to use options something like
this when configuring OpenSSL::
./config -Wl,--version-script=openssl.ld -Wl,-Bsymbolic-functions -fPIC shared
You'll also need to generate your own ``openssl.ld`` file. For example::
OPENSSL_1.0.1F_CUSTOM {
global:
*;
};
You should replace the version string on the first line as appropriate for your
build.
.. _`CFFI`: https://cffi.readthedocs.org/
.. _`OpenSSL`: https://www.openssl.org/
|
