A Docker image for building combinations of CPython and OpenSSL versions # Building The full build command is as follows: docker build \ --build-arg PYTHON_VERSION=3.11.1 \ --build-arg PYTHON_SHA256=85879192f2cffd56cb16c092905949ebf3e5e394b7f764723529637901dfb58f \ --build-arg OPENSSL_VERSION=3.0.7 \ --build-arg OPENSSL_SHA256=83049d042a260e696f62406ac5c08bf706fd84383f945cf21bd61e9ed95c396e \ -t python-openssl:py3.11.1-ssl3.0.7 \ . The `PYTHON_SHA256` is the SHA-256 hash of that version's `.tar.xz` file. The `OPENSSL_SHA256` is the SHA-256 hash of that version's `.tar.gz` file. The `Dockerfile` includes the SHA-256 hashes for the most recent versions as of January 2023: OpenSSL 1.0.2u, 1.1.0l, 1.1.1q, 3.0.7 and Python 3.7.16, 3.8.16, 3.9.16, 3.10.9, 3.11.1. For these versions, the corresponding `X_SHA256` argument can be omitted. # Compatibility * Python 3.7 added support for OpenSSL 1.1.1. * Python 3.10 dropped support for OpenSSL 1.0.2 and 1.1.0 and added support for OpenSSL 3.0. # Tested combinations * Python 3.8.16 with OpenSSL 1.0.2u, 1.1.0l, and 1.1.1q * Python 3.9.16 with OpenSSL 1.0.2u, 1.1.0l, and 1.1.1q * Python 3.10.9 with OpenSSL 1.1.1q and 3.0.7 * Python 3.11.1 with OpenSSL 1.1.1q and 3.0.7 # OpenSSL 1.1.0 bugs The OpenSSL test suite contains some certificates with relatively short expiration date. Trying to build 1.1.0l will fail on testing due to this. See and . This is fixed by the `openssl1.1.0-test-certs.patch` patch. It is taken from but with changes in `test/ct_test.c` ported for compatibility. There is further a test which uses a now-removed part of the Perl module `File::Glob`. This was patched by , and an equivalent patch is provided in `openssl1.1.0-test-fuzz.patch`. # Using non-Python in the container OpenSSL in the container is installed under `/usr/local`, which is also declared in the `LD_LIBRARY_PATH` environment variable. When installing an old OpenSSL version, this may break other tools (such as `curl`), which require a newer version. Unset `LD_LIBRARY_PATH` if you need to run those.