-
Notifications
You must be signed in to change notification settings - Fork 45
Expand file tree
/
Copy pathREADME.txt
More file actions
226 lines (151 loc) · 7.21 KB
/
README.txt
File metadata and controls
226 lines (151 loc) · 7.21 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
# Python OSP Patches
# Known Limitations / Differences
- Can not load DER certificates with ctx.load_verify_locations, as seen in test test_load_verify_cadata
- set cipher lists does not handle AES256/AES128/AESGCM string types for a generic way to add all AES suites
- WOLFSSL_CTX session stats such as number of accept's or hits is not incremented and returns 0
- wolfSSL by default has TLS 1.1 and 1.0 off (seen with test test_options)
# 3.8.5 Patch
This patch is for Python version 3.8.5 which can be downloaded from Python's
webpage here
https://www.python.org/ftp/python/3.8.5/Python-3.8.5.tar.xz
curl -O https://www.python.org/ftp/python/3.8.5/Python-3.8.5.tar.xz
To build wolfSSL for use with Python 3.8.5, see the simple script
build_wolfssl.sh which can be used to build wolfSSL sources, configure,
and compile the library using the current wolfssl master branch code.
build_wolfssl.sh
1. Clones wolfssl/master to directory wolfssl-master
2. Configures and compiles the library
The script uses the below configuration for wolfSSL:
$ cd wolfssl-master
$ ./configure --enable-opensslall --enable-tls13 --enable-tlsx --enable-tlsv10 --enable-postauth --enable-certext --enable-certgen --enable-scrypt --enable-debug CFLAGS="-DHAVE_EX_DATA -DWOLFSSL_ERROR_CODE_OPENSSL -DHAVE_SECRET_CALLBACK -DWOLFSSL_PYTHON -DWOLFSSL_ALT_NAMES -DWOLFSSL_SIGNER_DER_CERT"
$ make check
After compiling wolfSSL, install:
$ sudo make install
To build Python-3.8.5 with wolfSSL enabled:
$ tar xvf Python-3.8.5.tar.xz
$ cd Python-3.8.5
$ patch -p1 < wolfssl-python-3.8.5.patch
$ autoreconf -fi
$ ./configure --with-wolfssl=/usr/local
$ make
If you see an error similar to the following when running make:
*** WARNING: renaming "_ssl" since importing it failed: libwolfssl.so.30:
cannot open shared object file: No such file or directory
You may need to add your wolfSSL installation location to the library
search path and re-run make:
$ export LD_LIBRARY_PATH=/usr/local/lib
$ make
To run all Python-3.8.5 tests:
$ make test
Or, to run a specific test in verbose mode:
$ make test TESTOPTS="-v test_ssl"
Test Notes
-------------------------------------------------------------------------------
test_site:
There is one skipped test:
test_license_exists_at_url (test.test_site.ImportSideEffectTests) ... skipped 'system does not contain necessary certificates'
This is skipped because wolfSSL does not automatically load system root
CA certs like OpenSSL does when the following function is called:
SSL_CTX_set_default_verify_paths()
test_ssl:
- test_unwrap is skipped due to differences in read ahead behavior on
shutdown
- various error message differences accounted for in the tests. for example
"ASN no signer error to confirm failure" in wolfSSL versus
"certificate verify failed" in OpenSSL
- wolfSSL does not support cipher suite rules i.e !NULL
- At the end of the test suite some dangling threads from tests are reported
test_nntplib:
- The following two tests fail without wolfSSL, and as such also fail
with wolfSSL:
test_descriptions
test_description
# 3.8.14 Patch
This patch is for Python version 3.8.14. Follow these steps to download
and build python 3.8.14 with wolfssl enabled. This requires that wolfssl
has been built similarly as for the 3.8.5 patch instructions.
Note, you may need to update your LD_LIBRARY_PATH first:
$ export LD_LIBRARY_PATH=/usr/local/lib
$ wget https://www.python.org/ftp/python/3.8.14/Python-3.8.14.tar.xz
$ tar xvf Python-3.8.14.tar.xz
$ cd Python-3.8.14
$ patch -p1 < ../wolfssl-python-3.8.14.patch
$ ./configure --with-wolfssl=/usr/local
$ make
Run the ssl tests with:
$ make test TESTOPTS="-v test_ssl"
# 3.12 Patches
These patches are for the Python versions 3.12.6, 3.12.9 and 3.12.11, which can
be downloaded from
https://www.python.org/ftp/python/3.12.6/Python-3.12.6.tar.xz
https://www.python.org/ftp/python/3.12.9/Python-3.12.9.tar.xz
https://www.python.org/ftp/python/3.12.11/Python-3.12.11.tar.xz
To build wolfSSL for use with one of these versions, see the simple script
build_wolfssl_py312.sh which can be used to build wolfSSL sources, configure,
and compile the library using the current wolfssl master branch code.
build_wolfssl_py312.sh is identical to build_wolfssl.sh, aside from some
variations in the configuration options. In particular, it uses the following
configuration for wolfSSL:
$ cd wolfssl-master
$ ./configure --enable-opensslall --enable-tls13 --enable-tlsx --enable-tlsv10 --enable-postauth --enable-certext --enable-certgen --enable-scrypt --enable-sessioncerts --enable-crl CFLAGS="-DHAVE_EX_DATA -DWOLFSSL_ERROR_CODE_OPENSSL -DHAVE_SECRET_CALLBACK -DWOLFSSL_PYTHON -DWOLFSSL_ALT_NAMES -DWOLFSSL_SIGNER_DER_CERT -DNO_INT128"
$ make check
After compiling wolfSSL, install:
$ sudo make install
To build Python-3.12.6 with wolfSSL enabled:
$ tar xvf Python-3.12.6.tar.xz
$ cd Python-3.12.6
$ patch -p1 < wolfssl-python-3.12.6.patch
$ autoreconf -fi
$ ./configure --with-wolfssl=/usr/local
$ make
To build Python-3.12.9 with wolfSSL enabled:
$ tar xvf Python-3.12.9.tar.xz
$ cd Python-3.12.9
$ patch -p1 < wolfssl-python-3.12.9.patch
$ autoreconf -fi
$ ./configure --with-wolfssl=/usr/local
$ make
To build Python-3.12.11 with wolfSSL enabled:
$ tar xvf Python-3.12.11.tar.xz
$ cd Python-3.12.11
$ patch -p1 < wolfssl-python-3.12.11.patch
$ autoreconf -fi
$ ./configure --with-wolfssl=/usr/local
$ make
If you see an error similar to the following when running make:
*** WARNING: renaming "_ssl" since importing it failed: libwolfssl.so.30:
cannot open shared object file: No such file or directory
You may need to add your wolfSSL installation location to the library
search path and re-run make:
$ export LD_LIBRARY_PATH=/usr/local/lib
$ make
To run all Python tests:
$ make test
Or, to run a specific test in verbose mode:
$ make test TESTOPTS="-v test_ssl"
# 3.13.7 Patch
This patch is for Python 3.13.7, which can be downloaded from
https://www.python.org/ftp/python/3.13.7/Python-3.13.7.tar.xz
To build wolfSSL for use with one of these versions, see the simple script
build_wolfssl_py313.sh which can be used to build wolfSSL sources, configure,
and compile the library using the current wolfssl master branch code.
build_wolfssl_py313.sh is identical to build_wolfssl.sh, aside from some
variations in the configuration options. In particular, it uses the following
configuration for wolfSSL:
$ cd wolfssl-master
$ ./configure --enable-opensslall --enable-tls13 --enable-tlsx --enable-tlsv10 --enable-postauth --enable-certext --enable-certgen --enable-scrypt --enable-sessioncerts --enable-crl --enable-psk CFLAGS="-DHAVE_EX_DATA -DWOLFSSL_ERROR_CODE_OPENSSL -DHAVE_SECRET_CALLBACK -DWOLFSSL_PYTHON -DWOLFSSL_ALT_NAMES -DWOLFSSL_SIGNER_DER_CERT -DNO_INT128"
$ make check
After compiling wolfSSL, install:
$ sudo make install
To build Python-3.13.7 with wolfSSL enabled follow the instructions below.
$ tar xvf Python-3.13.7.tar.xz
$ cd Python-3.13.7
$ patch -p1 < wolfssl-python-3.13.7.patch
$ autoreconf -fi
$ ./configure --with-wolfssl=/usr/local
$ make
If make fails with a shared object error, you may need to update your
LD_LIBRARY_PATH first:
$ export LD_LIBRARY_PATH=/usr/local/lib
Run the ssl tests with:
$ make test TESTOPTS="-v test_ssl"