Outdated SSL is a common issue on multiple platforms:
Here's the general approach...
-
Option I: Install system packages of side-by-side OpenSSL 1.x libs (-dev or -devel) packages.
# FreeBSD pkg install openssl OPENSSL_ROOT=/usr/local # Mac (brew) brew install openssl # DO NOT DO ANY WEIRD SYMLINK HACKS, ITS KEG-ONLY FOR A REASON! OPENSSL_ROOT="$(brew --prefix openssl)" -
Option II: Install OpenSSL from source to a temporary directory
OPENSSL_ROOT="$HOME/.build/openssl-1.0.1e" curl http://www.openssl.org/source/openssl-1.0.1e.tar.gz | tar zxvf - cd openssl-1.0.1e mkdir -p "$OPENSSL_ROOT" ./config no-hw --prefix="$OPENSSL_ROOT" --openssldir=... # osx (instead of previous line): ./Configure darwin64-x86_64-cc no-hw --prefix="$OPENSSL_ROOT" --openssldir=... make install cd .. rm -rf openssl-1.0.1e
-
Option A: Use pyenv:
export CONFIGURE_OPTS="CPPFLAGS=-I"$OPENSSL_ROOT"/include LDFLAGS=-L"$OPENSSL_ROOT"/lib [your other options here]" pyenv install 2.7.6 -
Option B: Install Python from source
./configure CPPFLAGS="-I$OPENSSL_ROOT/include" LDFLAGS="-L$OPENSSL_ROOT/lib" [your other options here]` make # ... # if compiled openssl was used, it can be safely deleted because python's module ssl links openssl statically.
pkg install openssl curl gmake gdbm sqlite3 readline ncurses
OPENSSL_ROOT=/usr/local
curl http://www.python.org/ftp/python/2.7.6/Python-2.7.6.tar.xz | tar jxvf -
cd Python-2.7.6
./configure CPPFLAGS="-I$OPENSSL_ROOT/include" LDFLAGS="-L$OPENSSL_ROOT/lib" [your other options here]
make
./python -c 'import ssl; print(ssl.OPENSSL_VERSION)' # osx: ./python.exe ...
# prints: OpenSSL 1.0.1e 11 Feb 2013
Afterwards, temporary openssl libraries are no longer needed b/c the ssl modele with openssl statically into the python executable (verify using otool or readelf).