pyOpenSSL

eGenix.com pyOpenSSL Distribution - Python SSL Interface

The eGenix.com pyOpenSSL Distribution is an easy-to-install version of the pyOpenSSL Python interface to OpenSSL with support for Windows, Linux and Mac OS X.
Version: 0.13.0-1.0.0g

Introduction

The eGenix.com pyOpenSSL Distribution includes everything you need to get started with OpenSSL in Python. It comes with an easy to use installer that includes the most recent OpenSSL library versions in pre-compiled form.

pyOpenSSL is an open-source Python add-on that allows writing SSL-aware networking applications as as certificate managment tools. It uses the OpenSSL library as performant and robust SSL engine.

OpenSSL is an open-source implementation of the SSL protocol.

Due to security breaches in OS-level OpenSSL library distributions (e.g. the Debian OpenSSL "fix") and the general problem of old OpenSSL libraries on systems, we have chosen to integrate the most current, unpatched and original versions of the OpenSSL libraries directly with the package - on Windows and all supported Unix platforms as well as Mac OS X.

The current version of OpenSSL shipped with the eGenix.com pyOpenSSL Distribution can always be determined by looking at the second part of the distribution file version number, e.g. 0.8.0_0.9.8j_1 means that we have taken pyOpenSSL 0.8.0, added OpenSSL 0.9.8j and wrapped it up in distribution version 1. In some cases, we patch the included packages to work around problems. Please see the change log for details.

To avoid patent issues, we have excluded the following algorithms from OpenSSL via its config options: IDEA, MDC2 and RC5. We also removed the Kerberos5 support, since it's not needed for SSL-based communication.

Features

  • Easy-to-use interface.
  • Easy Installation.
  • All Inclusive.
  • No External Dependencies: does not need or rely on system OpenSSL libraries.
  • Stable, robust and portable.
  • Supports Python 2.4 - 2.7.
  • Available for Windows, Linux and Mac OS X with both 32- and 64-bit support.
  • Free: to use and redistribute.
  • Open-Source

System Requirements

The binary packages we provide for the various platforms include the pyOpenSSL modules as well as the OpenSSL libraries inside the OpenSSL Python package, so there's no need to download and install OpenSSL libraries separately.

When using Python 2.5 or later, there are no additional requirements. Python 2.4 on Windows also works out of the box with the installers we provide.

If you are using Python 2.4 on Unix, you additionally need the current eGenix.com mx Base Distribution installed (>= version 3.1.0), since this is needed to be able to load the shared OpenSSL libraries directly from the package directory.

Compiling From Source

If you want to build the distribution from source, e.g. to include/exclude patented algorithms, you will need a compiled version of the OpenSSL Toolkit together with header files. We used the following config options for the version included in the distribution:

./config shared no-idea no-mdc2 no-rc5 no-krb5 zlib

After setting the SSL environment variable to the location of your OpenSSL installation and adjusting the version number of the distribution, you can then compile and install the distribution using:

python setup.py install

See the egenix_pyopenssl.py source code for details.

The source distribution includes pre-compiled versions of the OpenSSL libs and header files for Windows - compiled with VC7.1 for Python 2.4 and 2.5 and VC9 for Python 2.6 and 2.7. Please see the openssl-win32/ and openssl-win64/  directories for details and the scripts we used to build those binaries.

License

The eGenix.com pyOpenSSL Distribution itself is made available under the terms & conditions of our eGenix.com Public License Agreement 1.1.0 which is an Open Source license based on the CNRI Python license.

In simple words, you are free to use the software without paying fees or royalties as long as you give proper attribution and keep the license document together with the software. Please see the license document for details and consult a lawyer if you have legal questions.

The eGenix.com pyOpenSSL Distribution includes these third-party products:

Please see our eGenix.com Third-Party License Guide 2.0 for details or check the source code distribution which comes with all licenses and disclaimers.

Documentation

The documentation for pyOpenSSL is available from the pyOpenSSL web-site.

pyOpenSSL Package Documentation

The manual includes a reference of the available programming interfaces. All APIs live in the top-level OpenSSL Python package.

Additional Information

There is a little known detail about the underlying OpenSSL engine that can cause problems in multi-threaded applications:

OpenSSL does not support sharing connections between threads. If you do, you are likely going to cause OpenSSL and thus pyOpenSSL to get into an unstable state which could result in anything from lost data to corrupted data and in some situations even lead to segfaults.

Download

We provide downloads for the following platforms.

Please note:

  1. First, please identify which Python version you have installed and whether you need a UCS2 or UCS4 build (see below for how this can be done). We have setup the default selections below to what you normally need for the platform's default Python installations.
  2. If you are using Python 2.4 on Unix, you also need to install the current eGenix.com mx Base Distribution (>= version 3.1.0). This is not needed for Python 2.5 or later versions.
  3. Since the eGenix.com pyOpenSSL Distribution contains cryptographic code, you will be asked to confirm to comply to the German and EU export regulations (which are based on of the Wassenaar Arrangement). Please make sure that downloading and using cryptography is legal in your country.
  4. After successful download, please head on to the installation instructions below.
IMPORTANT NOTICE:
By downloading, installing or using the eGenix.com pyOpenSSL Distribution, you agree to the terms and conditions set forth in the eGenix.com Public License Agreement 1.1.0 as well as the pyOpenSSL and OpenSSL license (see our eGenix.com Third-Party License Guide 1.0).

Windows (x86 - 32-bit):

Please always download the correct installer for your Python version, otherwise you won't be able to install the packages

For instructions on how to install the prebuilt distributions, please see the installation section below.

Windows (x64 - 64-bit):

Please always download the correct installer for your Python version, otherwise you won't be able to install the packages

For instructions on how to install the prebuilt distributions, please see the installation section below.

Linux (i686 - 32-bit):

For instructions on how to install these prebuilt distributions, please see the installation section below.

Linux (x86_64 - 64-bit):

For instructions on how to install these prebuilt distributions, please see the installation section below.

Mac OS X 10.4 and 10.5 (PPC + Intel x86 - Universal Binaries):

You will need the UCS2 version of the distribution if you plan to use it with the Python version shipped with Mac OS X.

Note: Even though the files for Python 2.4 are named "...Power_Macintosh..." or "...ppc...", they still contain universal binaries. The name is due to a bug in distutils for Python 2.4.

For instructions on how to install these prebuilt distributions, please see the installation section below.

Mac OS X 10.6 and later (Intel x64):

You will need the UCS2 version of the distribution if you plan to use it with the Python version shipped with Mac OS X.

For instructions on how to install these prebuilt distributions, please see the installation section below.

Source Code:

For instructions on how to install from source code, please see the installation section below.

Other Platforms:

If you need distribution archives for platforms not mentioned here, please contact support@egenix.com for details. It is very likely that we can find a way to help you.

Python Unicode Version (UCS2 vs. UCS4)

On Unix it is important to know whether you need to download a distribution for a narrow Unicode build of Python (UCS2) or a wide version (UCS4).

Most Unixes ship with wide Python builds these days (including RedHat and SuSE). In order to make sure, please run the following command which will tell you what kind of Python installation you have:

python -c "import sys;print(sys.maxunicode<66000)and'UCS2'or'UCS4'"

If you get errors such as "unresolved symbol PyUnicodeUCS2_AsEncodedString" when trying to load an extension from the distribution, you have likely installed an archive for a wrong Unicode version.

Installation

Windows Installer

Installation using the Windows installers is straight forward: just double-click on the installer EXE or MSI file and follow the instructions.

Both installers register the distribution with the Windows software registry, so you can easily uninstall the distribution should you require to do so.

With the new MSI installer you also have the option to run the installer without the GUI or to integrate it into an automatic installation process. Please see the MSI installer documentation on the Python web-site for details.

To uninstall the distribution, please use the standard Windows software registry.

Prebuilt Distribution Installation

To reduce the number of binaries that we have to create for each release, we have adapted a new generic distribution format that works on all Python platforms: the Prebuilt Distribution Format.

Technically, this format is a standard Python distutils distribution, but with only the build/ directory and without the source tree.

System-wide Installation

In order to install such a distribution, please follow these instructions:

  1. Download and unzip the archive into a temporary directory
  2. Change into the distribution directory
  3. Run the following command using the Python interpreter with which you intend to work (this could be the default one, or an application specific one depending on your needs):
    sudo python setup.py install
    On Windows and some other platforms that don't have sudo, please run the above without sudo as administrator or root.

The distribution will then be installed into the standard directory for Python extensions of your Python installation (usually the site-packages/ subdirectory of the Python standard library directory).

To uninstall, follow the same steps as above, but use the command uninstall instead:

sudo python setup.py uninstall

User Installation

You will need to be able to sudo on the target machine or know the root password for the above to work. If you don't have permission to install packages as root, you can still install the distribution into a local directory, e.g. ~/lib/python by using the following installation command:

python setup.py install --home=/home/user/

This will install the distribution into the directory /home/user/lib/python/. In order to have Python see this directory and make it useable for import, you have to adjust the PYTHONPATH environment variable to include this directory, e.g.

export PYTHONPATH=/home/user/lib/python 

To see all the possible installation options, run the install script using the help options:

python setup.py install --help

To uninstall, follow the same steps as above, but use the command uninstall instead:

sudo python setup.py uninstall --home=/home/user/

Egg Distribution Installation

If you prefer to use easy_install or another egg-file based installer such as zc.buildout for your Python packages, you can also download the egg distributions we make available for the package and install those.

Automatic Download

The egg archives we provide are made available through two PyPI-style indexes which the egg tools setuptools/easy_install/pip/zc.buildout can access to automatically download and install the right egg archive.

IMPORTANT NOTICE:
Since the eGenix.com pyOpenSSL Distribution contains cryptographic code, you will need to comply to the German and EU export regulations for such code (which are based on of the Wassenaar Arrangement). Please make sure that downloading and using cryptography is legal in your country.

By downloading the egg distributions for the eGenix.com pyOpenSSL Distribution you confirm that you have read, understood and agree to comply to the terms outlined on our crypto download page.

There are two indexes, one for Python UCS2 builds (these include Windows builds):

http://downloads.egenix.com/python/index/ucs2/

and one for Python UCS4 builds:

http://downloads.egenix.com/python/index/ucs4/

If you are using a Python UCS2 build, then you can install the egg archives using this command:

easy_install -i http://downloads.egenix.com/python/index/ucs2/ \ 
egenix-pyopenssl

For UCS4 builds, please use this command:

easy_install -i http://downloads.egenix.com/python/index/ucs4/ \ 
egenix-pyopenssl
The command line parameters for other tools such as pip are similar. Please consult their documentation for details.

Manual Installation

In order to install an egg distribution with easy_install, please follow these instructions:

  1. Download the egg file into a temporary directory
  2. Change into the temporary directory
  3. Run the following command using the Python interpreter with which you intend to work (this could be the default one, or an application specific one depending on your needs):
    sudo easy_install ./<distribution>.egg
    On Windows and some other platforms that don't have sudo, please run the above without sudo as administrator or root.

The distribution will then be installed into the standard directory for Python extensions of your Python installation (usually the site-packages/ subdirectory of the Python standard library directory).

Please consult the easy_install documentation for details on how to uninstall egg files.

Source Code Installation

To install from source, please unzip the source archive and then run the following command in the distribution directory:

sudo python setup.py install

Please make sure that you are using the Python binary for which you want to install the distribution. The installer will then automatically choose the correct path for the installation.

If you don't have root permissions on the target machine, you can use the same approach as for the prebuilt distribution outlined above for a user installation in the /home/user/lib/python directory:

python setup.py install --home=/home/user/

Please remember to setup the PYTHONPATH to include the /home/user/lib/python directory:

export PYTHONPATH=/home/user/lib/python 

Otherwise, Python won't see the new installation and thus won't be able to import it.

To uninstall, follow the same steps as above, but use the command uninstall instead of install.

Support

eGenix offers these support options:

Commercial Support

Professional level support for this product as well as all other eGenix products and Python itself is available directly from the developers at eGenix.com.

Consulting

eGenix.com offers professional consulting services for all questions and tasks around this product, including customized modifications, help with integration and on-site problem solving. Please contact sales@egenix.com for details.

Free User Support

In order for our users to keep in touch and be able to help themselves, we have created the egenix-users user mailing list.

History & Changes

Please see the change log for details regarding changes to the distribution between releases.

Older versions of eGenix pyOpenSSL, which are still available:

Notices

This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com). This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)