1 引言
在引入import时,报错
python3.9
Python 3.9.0 (default, Nov 19 2024, 22:16:59)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-44)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import ssl
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/local/lib/python3.9/ssl.py", line 98, in <module>
import _ssl # if we can't import it, let the error propagate
ModuleNotFoundError: No module named '_ssl'
找不到 _ssl 模块。
因openssl 1.0.1存在安全问题,python从3.7版本开始要求依赖openssl 1.0.2以上或libressl。在Python的安装编译过程中,会报错如下:
Could not build the ssl module!
Python requires an OpenSSL 1.0.2 or 1.1 compatible libssl with X509_VERIFY_PARAM_set1_host().
LibreSSL 2.6.4 and earlier do not provide the necessary APIs, https://github.com/libressl-portable/portable/issues/381
python3.7及以上建议使用libressl代替openssl,我们这里通过源码编译安装libressl。
2 卸载openssl老版本
openssl version
输出
LibreSSL 2.7.4
如果不是 3.0.2 的版本,则将旧版本去除。
whereis openssl
输出
openssl: /usr/bin/openssl /usr/lib64/openssl /usr/local/bin/openssl /usr/include/openssl /usr/share/man/man1/openssl.1ssl.gz
将已有的目录重命名:
mv /usr/bin/openssl /usr/bin/openssl.bak
mv /usr/local/bin/openssl /usr/local/bin/openssl.bak
mv /usr/include/openssl /usr/include/openssl.bak
如果是通过yum安装的,则用 yum remove命令删除。
yum install list | grep ssl
yum remove ssl-a ssl-b
3 源码安装libressl-3.0.2
下载安装包
wget https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.0.2.tar.gz
# 解压缩
tar -zxvf libressl-3.0.2.tar.gz -C ./
# 进入目录并进行配置
cd libressl-3.0.2/
./configure --prefix=/usr/local/libressl
# 编译安装
sudo make install
输出
make[3]: Leaving directory `/home/work/k8s/libressl-3.0.2/man'
make[2]: Leaving directory `/home/work/k8s/libressl-3.0.2/man'
make[1]: Leaving directory `/home/work/k8s/libressl-3.0.2/man'
make[1]: Entering directory `/home/work/k8s/libressl-3.0.2'
make[2]: Entering directory `/home/work/k8s/libressl-3.0.2'
make[2]: Nothing to be done for `install-exec-am'.
/usr/bin/mkdir -p '/usr/local/lib/pkgconfig'
/usr/bin/install -c -m 644 libcrypto.pc libssl.pc libtls.pc openssl.pc '/usr/local/lib/pkgconfig'
make[2]: Leaving directory `/home/work/k8s/libressl-3.0.2'
make[1]: Leaving directory `/home/work/k8s/libressl-3.0.2'
创建软链接
ln -s /usr/local/libressl/bin/openssl /usr/bin/openssl
ln -s /usr/local/libressl/include/openssl /usr/include/openssl
echo /usr/local/libressl/lib >> /etc/ld.so.conf.d/libressl-3.0.2.conf
查看是否配置成功
ldconfig -v | grep 'usr/local/libressl'
输出
ldconfig: Can't stat /libx32: No such file or directory
ldconfig: Path `/usr/lib' given more than once
ldconfig: Path `/usr/lib64' given more than once
ldconfig: Can't stat /usr/libx32: No such file or directory
/usr/local/libressl/lib:
看到最后一行有就可以了。
验证是否安装完成
openssl version
输出
LibreSSL 3.0.2
4 重新编译安装Python3.9
修改配置
cd Python-3.9.0
vi Modules/Setup
# 找到SSL的配置,在后面添加以下内容:
SSL=/usr/local/libressl
_ssl _ssl.c \
-DUSE_SSL -I$(SSL)/include -I$(SSL)/include/openssl \
-L$(SSL)/lib -lssl -lcrypto
编译安装
./configure
make
make install
中间会输出
# 安装成功
Python build finished successfully!
The necessary bits to build these optional modules were not found:
_bz2 _curses _curses_panel
_dbm _gdbm _lzma
_sqlite3 _tkinter _uuid
readline
To find the necessary bits, look in setup.py in detect_modules() for the module's name.
The following modules found by detect_modules() in setup.py, have been
built by the Makefile instead, as configured by the Setup files:
_abc _ssl atexit
pwd time
Failed to build these modules:
_ctypes
running build_scripts
...
可以看到,这里只有 _ctypes 模块安装失败。没有报 ssl 模块安装失败。
5 测试
python3.9
Python 3.9.0 (default, Dec 16 2024, 21:29:24)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-44)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import ssl
>>>
没有报错,说明ssl模块可以使用。
至此,我们解决了Python3.9 的 ssl 模块找不到问题。
6 其他
如果使用过程中,报以下错误:
/usr/local/lib/python3.9/site-packages/urllib3/__init__.py:35:
NotOpenSSLWarning: urllib3 v2 only supports OpenSSL 1.1.1+,
currently the 'ssl' module is compiled with 'LibreSSL 3.0.2'.
See: https://github.com/urllib3/urllib3/issues/3020
warnings.warn(
.
.
.
可以执行以下语句解决:
pip install urllib3==1.26.6
