This is a follow up question to this SO question where i was having problems in patching Python 3.6. Now that i have managed to patch python and introduce the FIPS_mode() and FIPS_mode_set() in Python, i need to compile it with a custom openssl with fips mode which is located in /usr/local/ssl. Another OpenSSL (system) is also installed by default.
Details: Ubuntu 16.04 LTS
Python: 3.6
OpenSSL: 1.0.2h with FIPS 2.0.12
I run this command on the terminal:
./configure --enable-shared --prefix=/usr/local/python3.6 && make && make install
Python gets compiled successfully but when with i import the ssl module and print the openssl version, it shows me the System's Openssl version which is 1.0.2g. In addition to this, the FIPS_mode() and FIPS_mode_set() methods are not exported because they do not exist in the underlying libcrypto.so and libssl.so.
After some digging i found this article which told me to replace the libcrypto.so and libssl.so shared objects in /lib/x86_64-linux-gnu/. If i replace these with the fips enabled libcrypto.so and libssl.so shared objects then python compiles successfully and shows the correct version and even the FIPS functions are being imported properly but this is causing other applications to misbehave in the system.
Is there a way to compile Python in such a way that it looks for the libcrypto.so and libssl.so shared objects from other locations such as /usr/local/ssl?
Thanks!
Update:
I managed to find a solution for this and have documented it here in case someone else faces this problem as well.
Specify the library path while configure, it seems your expected path is not visible as standard path.
./configure --enable-shared --prefix=/usr/local/python3.6 -L=/usr/local/ssl/lib/ -I/usr/local/ssl/include && make && make install
So that configuration picks from your expected path.