The eGenix.com pyOpenSSL Distribution includes everything you need to get started with OpenSSL in Python. It comes with an easy to use installer that includes the most recent OpenSSL library versions in pre-compiled form.
pyOpenSSL is an open-source Python add-on that allows writing SSL-aware networking applications as as certificate managment tools. It uses the OpenSSL library as performant and robust SSL engine.
OpenSSL is an open-source implementation of the SSL protocol.
Due to security breaches in OS-level OpenSSL library distributions (e.g. the Debian OpenSSL "fix") and the general problem of old OpenSSL libraries on systems, we have chosen to integrate the most current, unpatched and original versions of the OpenSSL libraries directly with the package - on Windows and all supported Unix platforms as well as Mac OS X.
The current version of OpenSSL shipped with the eGenix.com pyOpenSSL Distribution can always be determined by looking at the second part of the distribution file version number, e.g. 0.8.0_0.9.8j_1 means that we have taken pyOpenSSL 0.8.0, added OpenSSL 0.9.8j and wrapped it up in distribution version 1. In some cases, we patch the included packages to work around problems. Please see the change log for details.
To avoid patent issues, we have excluded the following algorithms from OpenSSL via its config options: IDEA, MDC2 and RC5. We also removed the Kerberos5 support, since it's not needed for SSL-based communication.
The binary packages we provide for the various platforms include the pyOpenSSL modules as well as the OpenSSL libraries inside the OpenSSL Python package, so there's no need to download and install OpenSSL libraries separately.
When using Python 2.5 or later, there are no additional requirements. Python 2.4 on Windows also works out of the box with the installers we provide.
If you are using Python 2.4 on Unix, you additionally need the current eGenix.com mx Base Distribution installed (>= version 3.1.0), since this is needed to be able to load the shared OpenSSL libraries directly from the package directory.
If you want to build the distribution from source, e.g. to include/exclude patented algorithms, you will need a compiled version of the OpenSSL Toolkit together with header files. We used the following config options for the version included in the distribution:
./config shared no-idea no-mdc2 no-rc5 no-krb5 zlib
After setting the SSL environment variable to the location of your OpenSSL installation and adjusting the version number of the distribution, you can then compile and install the distribution using:
python setup.py install
See the egenix_pyopenssl.py source code for details.
The source distribution includes pre-compiled versions of the OpenSSL libs and header files for Windows - compiled with VC7.1 for Python 2.4 and 2.5 and VC9 for Python 2.6 and 2.7. Please see the openssl-win32/ and openssl-win64/ directories for details and the scripts we used to build those binaries.
The eGenix.com pyOpenSSL Distribution itself is made available under the terms & conditions of our eGenix.com Public License Agreement 1.1.0 which is an Open Source license based on the CNRI Python license.
In simple words, you are free to use the software without paying fees or royalties as long as you give proper attribution and keep the license document together with the software. Please see the license document for details and consult a lawyer if you have legal questions.
The eGenix.com pyOpenSSL Distribution includes these third-party products:
Please see our eGenix.com Third-Party License Guide 2.0 for details or check the source code distribution which comes with all licenses and disclaimers.
The documentation for pyOpenSSL is available from the pyOpenSSL web-site.
pyOpenSSL Package Documentation
The manual includes a reference of the available programming interfaces. All APIs live in the top-level OpenSSL Python package.
There is a little known detail about the underlying OpenSSL engine that can cause problems in multi-threaded applications:
OpenSSL does not support sharing connections between threads. If you do, you are likely going to cause OpenSSL and thus pyOpenSSL to get into an unstable state which could result in anything from lost data to corrupted data and in some situations even lead to segfaults.
We provide downloads for the following platforms.
Please note:
If you need distribution archives for platforms not mentioned here, please contact support@egenix.com for details. It is very likely that we can find a way to help you.
On Unix it is important to know whether you need to download a distribution for a narrow Unicode build of Python (UCS2) or a wide version (UCS4).
Most Unixes ship with wide Python builds these days (including RedHat and SuSE). In order to make sure, please run the following command which will tell you what kind of Python installation you have:
python -c "import sys;print(sys.maxunicode<66000)and'UCS2'or'UCS4'"
If you get errors such as "unresolved symbol PyUnicodeUCS2_AsEncodedString" when trying to load an extension from the distribution, you have likely installed an archive for a wrong Unicode version.
Installation using the Windows installers is straight forward: just double-click on the installer EXE or MSI file and follow the instructions.
Both installers register the distribution with the Windows software registry, so you can easily uninstall the distribution should you require to do so.
With the new MSI installer you also have the option to run the installer without the GUI or to integrate it into an automatic installation process. Please see the MSI installer documentation on the Python web-site for details.
To uninstall the distribution, please use the standard Windows software registry.
To reduce the number of binaries that we have to create for each release, we have adapted a new generic distribution format that works on all Python platforms: the Prebuilt Distribution Format.
Technically, this format is a standard Python distutils distribution, but with only the build/
directory and without the source tree.
In order to install such a distribution, please follow these instructions:
sudo python setup.py installOn Windows and some other platforms that don't have
sudo
, please run the above without sudo
as administrator or root. The distribution will then be installed into the standard directory
for Python extensions of your Python installation (usually the site-packages/
subdirectory of the Python standard library directory).
To uninstall, follow the same steps as above, but use the command uninstall
instead:
sudo python setup.py uninstall
You will need to be able to sudo on the target machine or know the
root password for the above to work. If you don't have permission to
install packages as root, you can still install the distribution into a
local directory, e.g. ~/lib/python
by using the following installation command:
python setup.py install --home=/home/user/
This will install the distribution into the directory /home/user/lib/python/
.
In order to have Python see this directory and make it useable for
import, you have to adjust the PYTHONPATH environment variable to
include this directory, e.g.
export PYTHONPATH=/home/user/lib/python
To see all the possible installation options, run the install script using the help options:
python setup.py install --help
To uninstall, follow the same steps as above, but use the command uninstall
instead:
sudo python setup.py uninstall --home=/home/user/
If you prefer to use easy_install or another egg-file based installer such as zc.buildout for your Python packages, you can also download the egg distributions we make available for the package and install those.
The egg archives we provide are made available through two PyPI-style indexes which the egg tools setuptools/easy_install/pip/zc.buildout can access to automatically download and install the right egg archive.
IMPORTANT NOTICE:
Since the eGenix.com pyOpenSSL Distribution contains cryptographic code, you will need to comply to the German and EU export regulations for such code (which are based on of the Wassenaar Arrangement). Please make sure that downloading and using cryptography is legal in your country.
By downloading the egg distributions for the eGenix.com pyOpenSSL
Distribution you confirm that you have read, understood and agree to
comply to the terms outlined on our crypto download page.
There are two indexes, one for Python UCS2 builds (these include Windows builds):
http://downloads.egenix.com/python/index/ucs2/
and one for Python UCS4 builds:
http://downloads.egenix.com/python/index/ucs4/
If you are using a Python UCS2 build, then you can install the egg archives using this command:
easy_install -i http://downloads.egenix.com/python/index/ucs2/ \
egenix-pyopenssl
For UCS4 builds, please use this command:
easy_install -i http://downloads.egenix.com/python/index/ucs4/ \The command line parameters for other tools such as pip are similar. Please consult their documentation for details.
egenix-pyopenssl
In order to install an egg distribution with easy_install, please follow these instructions:
sudo easy_install ./<distribution>.eggOn Windows and some other platforms that don't have
sudo
, please run the above without sudo
as administrator or root. The distribution will then be installed into the standard directory
for Python extensions of your Python installation (usually the site-packages/
subdirectory of the Python standard library directory).
Please consult the easy_install documentation for details on how to uninstall egg files.
To install from source, please unzip the source archive and then run the following command in the distribution directory:
sudo python setup.py install
Please make sure that you are using the Python binary for which you want to install the distribution. The installer will then automatically choose the correct path for the installation.
If you don't have root permissions on the target machine, you can
use the same approach as for the prebuilt distribution outlined above
for a user installation in the /home/user/lib/python
directory:
python setup.py install --home=/home/user/
Please remember to setup the PYTHONPATH to include the /home/user/lib/python
directory:
export PYTHONPATH=/home/user/lib/python
Otherwise, Python won't see the new installation and thus won't be able to import it.
To uninstall, follow the same steps as above, but use the command uninstall
instead of install
.
eGenix offers these support options:
Professional level support for this product as well as all other eGenix products and Python itself is available directly from the developers at eGenix.com.
eGenix.com offers professional consulting services for all questions and tasks around this product, including customized modifications, help with integration and on-site problem solving. Please contact sales@egenix.com for details.
In order for our users to keep in touch and be able to help themselves, we have created the egenix-users user mailing list.
Please see the change log for details regarding changes to the distribution between releases.
Older versions of eGenix pyOpenSSL, which are still available:
This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com). This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)