Failed to build 0.13 on CentOS 5/RHEL 5/OS X 10.6.8

This is a problem with the new SNI support, which was added in 0.9.8f. I guess it should be conditionally provided so that the build keeps working on older versions of OpenSSL. I don't have a good environment set up to be able to easily test against specific versions of OpenSSL, so it may take me some time to address this.

Also, 0.9.8e is over 4 years old and has numerous known security issues, so if it's not being carefully patched to address those, it's not a good idea to be using it anyway.

In our environment, I found it easier to install pyOpenSSL 0.12 than upgrade openssl from 0.9.8e to 0.9.8f to get 0.13 to work.

 /opt/python-2.5.5/bin/easy_install http://pypi.python.org/packages/source/p/pyOpenSSL/pyOpenSSL-0.12.tar.gz

HTH and cheers!
Aleksey

FWIW, CentOS5 is based on RHEL 5 and the latter is still supported: https://en.wikipedia.org/wiki/Rhel So I would expect that patches for all known security issues in OpenSSL 0.9.8e are available in RHEL. I don't know if they've all been properly adopted by CentOS.

Attached is an untested patch to fix compilation on Centos 5. Does this look like an appropriate fix?

I have no way to test this fix, either as a one time event or on a continuous basis (as is the proper way to test software). Can someone provide Centos 5 testing for the pyOpenSSL project?

What is necessary for performing pyOpenSSL testing? I might be able to configure a Jenkins instance to build pyOpenSSL on a Centos 5 system.

I'm seeing something very similar on OS X:

    gcc-4.0 -isysroot /Developer/SDKs/MacOSX10.4u.sdk -fno-strict-aliasing -fno-common -dynamic -DNDEBUG -g -O3 -arch i386 -I/Library/Frameworks/Python.framework/Versions/2.6/include/python2.6 -c OpenSSL/ssl/connection.c -o build/temp.macosx-10.3-i386-2.6/OpenSSL/ssl/connection.o
    OpenSSL/ssl/connection.c: In function 'ssl_Connection_get_servername':
    OpenSSL/ssl/connection.c:313: error: 'TLSEXT_NAMETYPE_host_name' undeclared (first use in this function)
    OpenSSL/ssl/connection.c:313: error: (Each undeclared identifier is reported only once
    OpenSSL/ssl/connection.c:313: error: for each function it appears in.)
    OpenSSL/ssl/connection.c:320: warning: assignment makes pointer from integer without a cast
    error: command 'gcc-4.0' failed with exit status 1

And my system openssl version:

lantea:~ jerith$ /usr/bin/openssl version
OpenSSL 0.9.8r 8 Feb 2011

For now, I'm just using 0.12 instead.

This is OS X 10.6.8 build 10K549, in case that matters.

Philip's fix works for me on CentOS 5.6:

[keshav@jambu src]$ cat /etc/redhat-release
CentOS release 5.6 (Final)
[keshav@jambu src]$ python -V
Python 2.4.3
[keshav@jambu src]$ grep "#define OPENSSL_VERSION_TEXT" /usr/include/openssl/opensslv.h
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008"
#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8e-rhel5 01 Jul 2008"
[keshav@jambu src]$ tar xf pyOpenSSL-0.13.tar.gz
[keshav@jambu src]$ cd pyOpenSSL-0.13
[keshav@jambu pyOpenSSL-0.13]$ wget https://launchpadlibrarian.net/89536825/pyOpenSSL-0.13.centos5.patch &> /dev/null
[keshav@jambu pyOpenSSL-0.13]$ patch -p1 < pyOpenSSL-0.13.centos5.patch
patching file OpenSSL/ssl/connection.c
patching file OpenSSL/ssl/context.c
[keshav@jambu pyOpenSSL-0.13]$ ./setup.py build
/usr/lib64/python2.4/distutils/dist.py:236: UserWarning: Unknown distribution option: 'zip_safe'
  warnings.warn(msg)
running build
running build_py
creating build
creating build/lib.linux-x86_64-2.4
creating build/lib.linux-x86_64-2.4/OpenSSL
copying OpenSSL/__init__.py -> build/lib.linux-x86_64-2.4/OpenSSL
copying OpenSSL/tsafe.py -> build/lib.linux-x86_64-2.4/OpenSSL
copying OpenSSL/version.py -> build/lib.linux-x86_64-2.4/OpenSSL
creating build/lib.linux-x86_64-2.4/OpenSSL/test
copying OpenSSL/test/__init__.py -> build/lib.linux-x86_64-2.4/OpenSSL/test
copying OpenSSL/test/util.py -> build/lib.linux-x86_64-2.4/OpenSSL/test
copying OpenSSL/test/test_crypto.py -> build/lib.linux-x86_64-2.4/OpenSSL/test
copying OpenSSL/test/test_rand.py -> build/lib.linux-x86_64-2.4/OpenSSL/test
copying OpenSSL/test/test_ssl.py -> build/lib.linux-x86_64-2.4/OpenSSL/test
running build_ext
building 'OpenSSL.crypto' extension
creating build/temp.linux-x86_64-2.4
creating build/temp.linux-x86_64-2.4/OpenSSL
creating build/temp.linux-x86_64-2.4/OpenSSL/crypto
gcc -pthread -fno-strict-aliasing -DNDEBUG -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -D_GNU_SOURCE -fPIC -fPIC -I/usr/include/python2.4 -c OpenSSL/crypto/crypto.c -o build/temp.linux-x86_64-2.4/OpenSSL/crypto/crypto.o
gcc -pthread -fno-strict-aliasing -DNDEBUG -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -D_GNU_SOURCE -fPIC -fPIC -I/usr/include/python2.4 -c OpenSSL/crypto/x509.c -o build/temp.linux-x86_64-2.4/OpenSSL/crypto/x509.o
gcc -pthread -fno-strict-aliasing -DNDEBUG -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -D_GNU_SOURCE -fPIC -fPIC -I/usr/include/python2.4 -c OpenSSL/crypto/x509name.c -o build/temp.linux-x86_64-2.4/OpenSSL/crypto/x509name.o
gcc -pthread -fno-strict-aliasing -DNDEBUG -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -D_GNU_SOURCE -fPIC -fPIC -I/usr/include/python2.4 -c OpenSSL/crypto/pkey.c -o build/temp.linux-x86_64-2.4/OpenSSL/crypto/pkey.o
gcc -pthread -fno-strict-aliasing -DNDEBUG -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -D_GNU_SOURCE -fPIC -fPI...