easy_install PyOpenSSL error

Question

Any idea about what cause the error below ?

I use Linux centos with openssl-devel.i386 0.9.8e-12.el5_5.7

$ easy_install PyOpenSSL
Searching for PyOpenSSL
Reading http://pypi.python.org/simple/PyOpenSSL/
Reading http://launchpad.net/pyopenssl
Reading http://pyopenssl.sourceforge.net/
Best match: pyOpenSSL 0.13
Downloading http://pypi.python.org/packages/source/p/pyOpenSSL/pyOpenSSL-0.13.tar.gz#md5=767bca18a71178ca353dff9e10941929
Processing pyOpenSSL-0.13.tar.gz
Running pyOpenSSL-0.13/setup.py -q bdist_egg --dist-dir /tmp/easy_install-0Dunib/pyOpenSSL-0.13/egg-dist-tmp-aV6OCC
warning: no previously-included files matching '*.pyc' found anywhere in distribution
OpenSSL/ssl/connection.c: In function ‘ssl_Connection_set_context’:
OpenSSL/ssl/connection.c:289: warning: implicit declaration of function ‘SSL_set_SSL_CTX’
OpenSSL/ssl/connection.c: In function ‘ssl_Connection_get_servername’:
OpenSSL/ssl/connection.c:313: error: ‘TLSEXT_NAMETYPE_host_name’ undeclared (first use in this function)
OpenSSL/ssl/connection.c:313: error: (Each undeclared identifier is reported only once
OpenSSL/ssl/connection.c:313: error: for each function it appears in.)
OpenSSL/ssl/connection.c:320: warning: implicit declaration of function ‘SSL_get_servername’
OpenSSL/ssl/connection.c:320: warning: assignment makes pointer from integer without a cast
OpenSSL/ssl/connection.c: In function ‘ssl_Connection_set_tlsext_host_name’:
OpenSSL/ssl/connection.c:346: warning: implicit declaration of function ‘SSL_set_tlsext_host_name’
error: Setup script exited with error: command 'gcc' failed with exit status 1

Answer 1

In order to install it under virtualenv, you should first install the required packages. On ubuntu:

sudo apt-get install python-dev libffi-dev libssl-dev

Then you can just type:

pip install pyopenssl

Answer 2

pyOpenSSL 0.13 introduced support for the (S)erver (N)ame (I)ndication TLS extension. This extension allows clients to tell the server what hostname they expect to be talking to, allowing the server to select a suitable certificate to present.

Support for SNI was introduced in OpenSSL 0.9.8f. Thus, pyOpenSSL 0.13 will build with OpenSSL 0.9.8f or later, but not OpenSSL 0.9.8e or earlier, where the APIs it expects to be wrapping do not exist.

Perhaps a newer version of pyOpenSSL will make these bindings optional, restoring support for OpenSSL 0.9.8e and earlier. However, similarly, a newer version of OpenSSL will also work with pyOpenSSL 0.13.

The pyOpenSSL project issues pre-releases. Widespread testing of pre-releases can help avoid cases like this one. I recommend that anyone relying on pyOpenSSL subscribe to the (very low traffic) pyOpenSSL user list (or on SourceForge) and do what testing you can when a pre-release comes out, before the release is finalized.