Sublime Forum

SSL and ST2: Possible solution?

#1

I’m working on few plugins and I want to use modules with SSL support, like PyGitHub. I’ve encountered a problem: _ssl not bundled with ST2 linux packages.

That’s… sounds somehow reasonable. But I need it. I want to use it w/o any dirty hacks, like wbond does.

So, let’s talk logically(I’m not sure about this word, English isn’t my native language, I’m sorry):
We have application(ST2) with bundled copy of python2.6.6. For Linux, it built to be universal for all systems.

But why we can’t bundle _ssl.so with libopenssl.so, it compiled with? Why we can’t compile _ssl with libopenssl static library? Oh we need libcrypt too, but why we can’t bundle it too?

0 Likes

#2

Okay, I’ve done some researches. Some theory:
Basically, OpenSSL is a library libssl and crypto - libcrypto. But we need just a libssl. And, the most interesting thing, it depends on basic things.
I want to use PyGithub, so i need to make it able to use HTTPSConnection httplib class. To use it, it needs _ssl module. _ssl module, in Linux, is a _ssl.so, module, compiled with shared library libssl.
So, the goal is to compile _ssl.so with static libssl. Here we go:

  1. Download Python 2.6.6(as SublimeText2 uses) & untar
  2. Download OpenSSL. I want to use latest - 1.0.1c & untar
  3. cd srctmp/openssl && ./config --prefix=/home/deoteo/srctmp/local/ --openssldir=/home/deoteo/srctmp/local/openssl -fPIC
  4. make -j5 (nah, it uses just 2) && make test && make install
  5. cd srctmp/python && ./configure --prefix=/home/rhgp/srctmp/local/ --enable-unicode=ucs4 //yea, python from st2 compiled with unicode_wide
  6. Modify Setup in python/Modules to use needed openssl
  7. make -j5
  8. make install

Something like this. And now I got python 2.6.6, similar to bundled with ST2. But with latest OpenSSL support.
Some proofs:

[quote]>>> import ssl

ssl
<module ‘ssl’ from ‘/home/deoteo/Dropbox/tools/st2curr/lib/python26.zip/ssl.pyo’>

ssl._ssl
<module ‘_ssl’ from ‘./_ssl.so’>

import github
github
<module ‘github’ from ‘./github/init.pyc’>

g = github.Github(“iorlas”, “supermegapassword321”).get_user().get_repos()
list(g)
<httplib.HTTPSConnection instance at 0x3a8b6c8> api.github.com /user/repos
<github.Repository.Repository object at 0x3a8a710>, <github.Repository.Repository object at 0x3b74710>, <github.Repository.Repository object at 0x3b74890>, <github.Repository.Repository object at 0x3b74a10>, <github.Repository.Repository object at 0x3b74b90>, <github.Repository.Repository object at 0x3b74cd0>, <github.Repository.Repository object at 0x3b74e50>, <github.Repository.Repository object at 0x3b74fd0>, <github.Repository.Repository object at 0x3b7b190>, <github.Repository.Repository object at 0x3b7b310>, <github.Repository.Repository object at 0x3b7b490>, <github.Repository.Repository object at 0x3b7b610>, <github.Repository.Repository object at 0x3b7b790>, <github.Repository.Repository object at 0x3b7b910>][/quote]

So, maybe it is possible to build few _ssl.so and another libraries for common systems and distribute it with ST2?

0 Likes

#3

In terms of statically compiling libssl, I believe that can not be legally done without re-licensing all of Sublime Text and Python as LGPL since openssl is licensed at LGPL. However, if you dynamically link LGPL code, the license does not require the calling code to be be licensed as LGPL.

I did the work of getting _ssl.so for linux working for the SFTP package. I have offered the _ssl.so modules and python to properly import them to other people writing open source software. See sublimetext.userecho.com/topic/5 … ent_165820 for some more details of where to find it.

I know one user added it to their project, but just because you have the _ssl module, does not mean httplib will automatically be able to request https URLs because the HTTPS functionality of httplib is enabled when httplib is first imported. I think they did some work trying to remove the httplib module and re-import it, but I don’t know if they ever got it working. I am only using it for ftplib, and I have a custom version of that anyway to fix lots of bugs, so I did not have to deal with removing and re-importing it.

Package Control gets around this by using curl or wget on linux. There is even a whole bunch of code to handle proxies properly and verify SSL certificates. However, it sounds like the library you are using is bound to using httplib.

0 Likes