| Alex Gaynor | af82d5e | 2013-10-29 17:07:24 -0700 | [diff] [blame] | 1 | .. hazmat:: |
| Alex Gaynor | 0f7f781 | 2013-09-30 10:52:36 -0700 | [diff] [blame] | 2 | |
| Alex Gaynor | 8f42fe4 | 2013-12-24 13:15:52 -0800 | [diff] [blame] | 3 | OpenSSL Backend |
| 4 | =============== |
| Donald Stufft | e51fb93 | 2013-10-27 17:26:17 -0400 | [diff] [blame] | 5 | |
| Alex Gaynor | 6d02e2d | 2013-09-30 10:37:22 -0700 | [diff] [blame] | 6 | These are `CFFI`_ bindings to the `OpenSSL`_ C library. |
| 7 | |
| Alex Gaynor | f8796b1 | 2013-12-13 20:28:55 -0800 | [diff] [blame] | 8 | .. data:: cryptography.hazmat.backends.openssl.backend |
| Alex Gaynor | 6d02e2d | 2013-09-30 10:37:22 -0700 | [diff] [blame] | 9 | |
| Paul Kehrer | 2c4873f | 2013-10-22 20:19:38 -0500 | [diff] [blame] | 10 | This is the exposed API for the OpenSSL bindings. It has two public |
| Alex Gaynor | 6d02e2d | 2013-09-30 10:37:22 -0700 | [diff] [blame] | 11 | attributes: |
| 12 | |
| 13 | .. attribute:: ffi |
| 14 | |
| 15 | This is a :class:`cffi.FFI` instance. It can be used to allocate and |
| 16 | otherwise manipulate OpenSSL structures. |
| 17 | |
| 18 | .. attribute:: lib |
| 19 | |
| 20 | This is a ``cffi`` library. It can be used to call OpenSSL functions, |
| 21 | and access constants. |
| 22 | |
| 23 | |
| Alex Stapleton | e68d73e | 2013-12-31 14:00:38 +0000 | [diff] [blame] | 24 | Using your own OpenSSL on Linux |
| 25 | ------------------------------- |
| 26 | |
| 27 | Python links to OpenSSL for its own purposes and this can sometimes cause |
| 28 | problems when you wish to use a different version of OpenSSL with cryptography. |
| 29 | If you want to use cryptography with your own build of OpenSSL you will need to |
| 30 | make sure that the build is configured correctly so that your version of |
| 31 | OpenSSL doesn't conflict with Python's. |
| 32 | |
| 33 | The options you need to add allow the linker to identify every symbol correctly |
| 34 | even when multiple versions of the library are linked into the same program. If |
| 35 | you are using your distribution's source packages these will probably be |
| 36 | patched in for you already, otherwise you'll need to use options something like |
| 37 | this when configuring OpenSSL:: |
| 38 | |
| 39 | ./config -Wl,--version-script=openssl.ld -Wl,-Bsymbolic-functions -fPIC shared |
| 40 | |
| 41 | You'll also need to generate your own ``openssl.ld`` file. For example:: |
| 42 | |
| 43 | OPENSSL_1.0.1F_CUSTOM { |
| 44 | global: |
| 45 | *; |
| 46 | }; |
| 47 | |
| 48 | You should replace the version string on the first line as appropriate for your |
| 49 | build. |
| 50 | |
| Alex Gaynor | ae9dc8b | 2013-12-12 10:13:32 -0800 | [diff] [blame] | 51 | .. _`CFFI`: https://cffi.readthedocs.org/ |
| Alex Gaynor | 6d02e2d | 2013-09-30 10:37:22 -0700 | [diff] [blame] | 52 | .. _`OpenSSL`: https://www.openssl.org/ |