On my system OpenSSL 1.1.0 is configured with no RIPEMD160 support.
$ egrep '^OPT' /var/db/ports/security_openssl-devel/options | sort
OPTIONS_FILE_SET+=ASM
OPTIONS_FILE_SET+=DH
OPTIONS_FILE_SET+=EC
OPTIONS_FILE_SET+=MAN3
OPTIONS_FILE_SET+=SHARED
OPTIONS_FILE_SET+=SSE2
OPTIONS_FILE_SET+=THREADS
OPTIONS_FILE_SET+=TLS1
OPTIONS_FILE_SET+=TLS1_1
OPTIONS_FILE_UNSET+=ASYNC
OPTIONS_FILE_UNSET+=IDEA
OPTIONS_FILE_UNSET+=JPAKE
OPTIONS_FILE_UNSET+=MD2
OPTIONS_FILE_UNSET+=MD4
OPTIONS_FILE_UNSET+=MDC2
OPTIONS_FILE_UNSET+=NEXTPROTONEG
OPTIONS_FILE_UNSET+=RC2
OPTIONS_FILE_UNSET+=RC4
OPTIONS_FILE_UNSET+=RC5
OPTIONS_FILE_UNSET+=RFC3779
OPTIONS_FILE_UNSET+=RMD160
OPTIONS_FILE_UNSET+=SCTP
OPTIONS_FILE_UNSET+=SSL3
OPTIONS_FILE_UNSET+=ZLIB
This results in a non-working M2Crypto build, which compiles and
with a warning about a missing prototype, installs, but fails to
load with an unresolved symbol.
The solution was to change SWIG/_evp.i, to take compile-time algorithm
disablement into account. For me, just the below was sufficient:
#ifndef OPENSSL_NO_RMD160
%rename(ripemd160) EVP_ripemd160;
extern const EVP_MD *EVP_ripemd160(void);
#endif
M2Crypto really should not be using the direct EVP algorithm
accessors, rather it should be using EVP_get_digestbyname(3).
--
Viktor.
_______________________________________________
freebsd-python@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-python
To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"
