|JustAnotherArchivist 6f0c24ec1b||8 months ago|
|Dockerfile||8 months ago|
|README.md||8 months ago|
|openssl1.1.0-test-certs.patch||8 months ago|
|openssl1.1.0-test-fuzz.patch||8 months ago|
A Docker image for building combinations of CPython and OpenSSL versions
The full build command is as follows:
docker build \ --build-arg PYTHON_VERSION=3.11.1 \ --build-arg PYTHON_SHA256=85879192f2cffd56cb16c092905949ebf3e5e394b7f764723529637901dfb58f \ --build-arg OPENSSL_VERSION=3.0.7 \ --build-arg OPENSSL_SHA256=83049d042a260e696f62406ac5c08bf706fd84383f945cf21bd61e9ed95c396e \ -t python-openssl:py3.11.1-ssl3.0.7 \ .
PYTHON_SHA256 is the SHA-256 hash of that version’s
.tar.xz file. The
OPENSSL_SHA256 is the SHA-256 hash of that version’s
Dockerfile includes the SHA-256 hashes for the most recent versions as of January 2023: OpenSSL 1.0.2u, 1.1.0l, 1.1.1q, 3.0.7 and Python 3.7.16, 3.8.16, 3.9.16, 3.10.9, 3.11.1. For these versions, the corresponding
X_SHA256 argument can be omitted.
The OpenSSL test suite contains some certificates with relatively short expiration date. Trying to build 1.1.0l will fail on testing due to this. See https://github.com/openssl/openssl/issues/15179 and https://github.com/openssl/openssl/issues/18456.
This is fixed by the
openssl1.1.0-test-certs.patch patch. It is taken from https://github.com/openssl/openssl/pull/18446 but with changes in
test/ct_test.c ported for compatibility.
There is further a test which uses a now-removed part of the Perl module
File::Glob. This was patched by https://github.com/openssl/openssl/pull/4040, and an equivalent patch is provided in
OpenSSL in the container is installed under
/usr/local, which is also declared in the
LD_LIBRARY_PATH environment variable. When installing an old OpenSSL version, this may break other tools (such as
curl), which require a newer version. Unset
LD_LIBRARY_PATH if you need to run those.