Determining version of OpenSSL linked against python?

Next Topic
 
classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Determining version of OpenSSL linked against python?

Adam Mercer
Hi

I'm trying to write a script that determines the version of OpenSSL
that python is linked against, using python-2.7 this is easy as I can
use:

    import ssl
    ssl.OPENSSL_VERSION

but unfortunately I need to support python-2.6, from an older script I
used the following:

    import _ssl
    ssl_lib = _ssl.__file__

to get the path to the _ssl.so module and then I parsed the output of
ldd (on linux) to get the path to the OpenSSL library and then parsed
the version from the filename. In other words it's very messy.

I had a little success using this approach but I have recently
received a bug report that this doesn't seem to work on Debian
Squeeze. When I try to query the __file__ attribute of the _ssl module
I get the following error:

>>> import _ssl
>>> _ssl.__file__
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
AttributeError: 'module' object has no attribute '__file__'
>>>

Can anyone offer any suggestions as to what is going wrong with the
above code or offer an alternative way of determining the OpenSSl
version using python-2.6?

Cheers

Adam
--
http://mail.python.org/mailman/listinfo/python-list
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Determining version of OpenSSL linked against python?

Adam Mercer
Hi

Is this possible at all?

Cheers

Adam

On Mon, Jan 23, 2012 at 14:01, Adam Mercer <[hidden email]> wrote:

> Hi
>
> I'm trying to write a script that determines the version of OpenSSL
> that python is linked against, using python-2.7 this is easy as I can
> use:
>
>    import ssl
>    ssl.OPENSSL_VERSION
>
> but unfortunately I need to support python-2.6, from an older script I
> used the following:
>
>    import _ssl
>    ssl_lib = _ssl.__file__
>
> to get the path to the _ssl.so module and then I parsed the output of
> ldd (on linux) to get the path to the OpenSSL library and then parsed
> the version from the filename. In other words it's very messy.
>
> I had a little success using this approach but I have recently
> received a bug report that this doesn't seem to work on Debian
> Squeeze. When I try to query the __file__ attribute of the _ssl module
> I get the following error:
>
>>>> import _ssl
>>>> _ssl.__file__
> Traceback (most recent call last):
>  File "<stdin>", line 1, in <module>
> AttributeError: 'module' object has no attribute '__file__'
>>>>
>
> Can anyone offer any suggestions as to what is going wrong with the
> above code or offer an alternative way of determining the OpenSSl
> version using python-2.6?
>
> Cheers
>
> Adam
--
http://mail.python.org/mailman/listinfo/python-list
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Determining version of OpenSSL linked against python?

Terry Reedy
On 1/25/2012 11:02 AM, Adam Mercer wrote:

> Is this possible at all?

If you are not willing to tell Debian Squeeze users to install 2.7, or
that they cannot run your program, ask the bug reporter to tell you what
version of OpenSSL the system comes with and code it into your program.

Or possibly, depending on what you do with the version info and what the
differences are between versions, replace 'if version ...' constructs
with 'try ... except...' constructs.

> On Mon, Jan 23, 2012 at 14:01, Adam Mercer<[hidden email]>  wrote:
>> Hi
>>
>> I'm trying to write a script that determines the version of OpenSSL
>> that python is linked against, using python-2.7 this is easy as I can
>> use:
>>
>>     import ssl
>>     ssl.OPENSSL_VERSION
>>
>> but unfortunately I need to support python-2.6, from an older script I
>> used the following:
>>
>>     import _ssl
>>     ssl_lib = _ssl.__file__
>>
>> to get the path to the _ssl.so module and then I parsed the output of
>> ldd (on linux) to get the path to the OpenSSL library and then parsed
>> the version from the filename. In other words it's very messy.
>>
>> I had a little success using this approach but I have recently
>> received a bug report that this doesn't seem to work on Debian
>> Squeeze. When I try to query the __file__ attribute of the _ssl module
>> I get the following error:
>>
>>>>> import _ssl
>>>>> _ssl.__file__
>> Traceback (most recent call last):
>>   File "<stdin>", line 1, in<module>
>> AttributeError: 'module' object has no attribute '__file__'
>>>>>
>>
>> Can anyone offer any suggestions as to what is going wrong with the
>> above code or offer an alternative way of determining the OpenSSl
>> version using python-2.6?

--
Terry Jan Reedy

--
http://mail.python.org/mailman/listinfo/python-list
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Determining version of OpenSSL linked against python?

Adam Mercer
On Wed, Jan 25, 2012 at 14:04, Terry Reedy <[hidden email]> wrote:

> If you are not willing to tell Debian Squeeze users to install 2.7, or that
> they cannot run your program, ask the bug reporter to tell you what version
> of OpenSSL the system comes with and code it into your program.

I would like to only support python-2.7 as that would make a few other
things easier but the powers that be think otherwise, I unfortunately
need to target python-2.6.

> Or possibly, depending on what you do with the version info and what the
> differences are between versions, replace 'if version ...' constructs with
> 'try ... except...' constructs.

My code already has a try... except block that tries the
ssl.OPENSSL_VERSION approach first but I wanted to have a fallback
method that works with python-2.6. Looks like I may need to hardcode
certain things.

Cheers

Adam
--
http://mail.python.org/mailman/listinfo/python-list
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Determining version of OpenSSL linked against python?

Nick Dokos
Adam Mercer <[hidden email]> wrote:

> On Wed, Jan 25, 2012 at 14:04, Terry Reedy <[hidden email]> wrote:
>
> > If you are not willing to tell Debian Squeeze users to install 2.7, or that
> > they cannot run your program, ask the bug reporter to tell you what version
> > of OpenSSL the system comes with and code it into your program.
>
> I would like to only support python-2.7 as that would make a few other
> things easier but the powers that be think otherwise, I unfortunately
> need to target python-2.6.
>
> > Or possibly, depending on what you do with the version info and what the
> > differences are between versions, replace 'if version ...' constructs with
> > 'try ... except...' constructs.
>
> My code already has a try... except block that tries the
> ssl.OPENSSL_VERSION approach first but I wanted to have a fallback
> method that works with python-2.6. Looks like I may need to hardcode
> certain things.
>

One other possibility is to parse the output of ssh -V:

,----
| $ ssh -V
| OpenSSH_5.8p1 Debian-1ubuntu3, OpenSSL 0.9.8o 01 Jun 2010
| $ python
| Python 2.7.1+ (r271:86832, Apr 11 2011, 18:13:53)
| [GCC 4.5.2] on linux2
| Type "help", "copyright", "credits" or "license" for more information.
| >>> import ssl
| >>> ssl.OPENSSL_VERSION
| 'OpenSSL 0.9.8o 01 Jun 2010'
| >>>
`----

This assumes that ssh and python would use the same version of openssl:
not guaranteed, but seems like a "reasonable" assumption to me.

Nick


--
http://mail.python.org/mailman/listinfo/python-list
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Determining version of OpenSSL linked against python?

Adam Mercer
On Wed, Jan 25, 2012 at 14:56, Nick Dokos <[hidden email]> wrote:

> One other possibility is to parse the output of ssh -V:
>
> ,----
> | $ ssh -V
> | OpenSSH_5.8p1 Debian-1ubuntu3, OpenSSL 0.9.8o 01 Jun 2010
> | $ python
> | Python 2.7.1+ (r271:86832, Apr 11 2011, 18:13:53)
> | [GCC 4.5.2] on linux2
> | Type "help", "copyright", "credits" or "license" for more information.
> | >>> import ssl
> | >>> ssl.OPENSSL_VERSION
> | 'OpenSSL 0.9.8o 01 Jun 2010'
> | >>>
> `----
>
> This assumes that ssh and python would use the same version of openssl:
> not guaranteed, but seems like a "reasonable" assumption to me.

Hmm, I like that idea. Thanks for the suggestion.

Cheers

Adam
--
http://mail.python.org/mailman/listinfo/python-list
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Determining version of OpenSSL linked against python?

Anssi Saari
In reply to this post by Adam Mercer
Adam Mercer <[hidden email]> writes:

> Can anyone offer any suggestions as to what is going wrong with the
> above code or offer an alternative way of determining the OpenSSl
> version using python-2.6?

I suppose you could use ctypes to load the library and call SSLeay()
which returns the OpenSSL version number as a C long.

Like this:

from ctypes import *
libssl = cdll.LoadLibrary("libssl.so")
openssl_version = libssl.SSLeay()
print "%.9X" % openssl_version

This gives me 0009080FF which corresponds to 0.9.8o release which is
what I have installed in Debian Squeeze.

--
http://mail.python.org/mailman/listinfo/python-list
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Determining version of OpenSSL linked against python?

Adam Mercer
On Wed, Jan 25, 2012 at 15:21, Anssi Saari <[hidden email]> wrote:

> I suppose you could use ctypes to load the library and call SSLeay()
> which returns the OpenSSL version number as a C long.
>
> Like this:
>
> from ctypes import *
> libssl = cdll.LoadLibrary("libssl.so")
> openssl_version = libssl.SSLeay()
> print "%.9X" % openssl_version
>
> This gives me 0009080FF which corresponds to 0.9.8o release which is
> what I have installed in Debian Squeeze.

Thanks, that looks useful.

Cheers

Adam
--
http://mail.python.org/mailman/listinfo/python-list
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Determining version of OpenSSL linked against python?

svalleru
This post has NOT been accepted by the mailing list yet.
In reply to this post by Adam Mercer
AFAIK, there is no version variable for python2.6 ssl module but here a tip:

Look for libeat32.dll (usually under Python2.6.1/Lib/site-packages), grep for 'OpenSSL'
and you will see something like the following which will have the version string:
-----
:
SSLv3 part of OpenSSL 0.9.8d 28 Sep 2006
:


cheers
Loading...