Now I understand what's wrong. It's an incompatibility between
SWIG, OpenSSL, and M2Crypto.
OpenSSL was built with OPENSSL_NO_EC defined. That's actually
defined via "opensslconf.h", which includes, based on whether
__i386__ is defined, the file "opensslconf-i386.h". OpenSSL
didn't always work that way; the per-platform include file
thing is new.
M2Crypto uses SWIG. (Usually a mistake, but..) SWIG takes
in various definition files, and generates about 24,000 lines of
C code. (This is just glue code; it's not really doing much.)
One of the the definition files is "_ec.i", which has:
%include <openssl/opensslconf.h>
#if OPENSSL_VERSION_NUMBER < 0x0090800fL || defined(OPENSSL_NO_EC)
#undef OPENSSL_NO_EC
%constant OPENSSL_NO_EC = 1;
#else
%constant OPENSSL_NO_EC = 0;
%{
#include <openssl/bn.h>
... stuff to handle elliptical curve encryption
This looks reasonable. The "%include" brings in the file for
SWIG processing. But, under SWIG's rules, that does NOT bring
in files included from within the file being included.
(Otherwise, SWIG would generate Python interfaces for everything
in them.)
So "OPENSSL_NO_EC" is undefined, which results in compiling the
code for "EC", the elliptical curve stuff removed from Fedora
5 and 6 for patent reasons.
A workaround is to put:
#define OPENSSL_NO_EC
at the beginning of "_ec.i". This turns off elliptical curve
crypto support. M2Crypto will then build.
There's probably a correct way to do this, and get SWIG to properly
obtain the value from the OpenSSL include file, but I don't know
SWIG well enough to do it.
John Nagle
--
http://mail.python.org/mailman/listinfo/python-list
