Home Download Buy Blog Forum Support

SSL and ST2: Possible solution?

SSL and ST2: Possible solution?

Postby deoteo on Sat Dec 29, 2012 1:59 pm

I'm working on few plugins and I want to use modules with SSL support, like PyGitHub. I've encountered a problem: _ssl not bundled with ST2 linux packages.
I spoke with Jon about this and he said that he had to remove it for Linux builds because of issues with different people who either didn't have openssl or a different version, etc.

That's... sounds somehow reasonable. But I need it. I want to use it w/o any dirty hacks, like wbond does.

So, let's talk logically(I'm not sure about this word, English isn't my native language, I'm sorry):
We have application(ST2) with bundled copy of python2.6.6. For Linux, it built to be universal for all systems.

But why we can't bundle _ssl.so with libopenssl.so, it compiled with? Why we can't compile _ssl with libopenssl static library? Oh we need libcrypt too, but why we can't bundle it too?
deoteo
 
Posts: 2
Joined: Sat Dec 29, 2012 12:21 pm

Re: SSL and ST2: Possible solution?

Postby deoteo on Sat Dec 29, 2012 8:10 pm

Okay, I've done some researches. Some theory:
Basically, OpenSSL is a library libssl and crypto - libcrypto. But we need just a libssl. And, the most interesting thing, it depends on basic things.
I want to use PyGithub, so i need to make it able to use HTTPSConnection httplib class. To use it, it needs _ssl module. _ssl module, in Linux, is a _ssl.so, module, compiled with shared library libssl.
So, the goal is to compile _ssl.so with static libssl. Here we go:
    1. Download Python 2.6.6(as SublimeText2 uses) & untar
    2. Download OpenSSL. I want to use latest - 1.0.1c & untar
    3. cd srctmp/openssl && ./config --prefix=/home/deoteo/srctmp/local/ --openssldir=/home/deoteo/srctmp/local/openssl -fPIC
    4. make -j5 (nah, it uses just 2) && make test && make install
    5. cd srctmp/python && ./configure --prefix=/home/rhgp/srctmp/local/ --enable-unicode=ucs4 //yea, python from st2 compiled with unicode_wide
    6. Modify Setup in python/Modules to use needed openssl
    7. make -j5
    8. make install
Something like this. And now I got python 2.6.6, similar to bundled with ST2. But with latest OpenSSL support.
Some proofs:
>>> import ssl
>>> ssl
<module 'ssl' from '/home/deoteo/Dropbox/tools/st2curr/lib/python26.zip/ssl.pyo'>
>>> ssl._ssl
<module '_ssl' from './_ssl.so'>
>>> import github
>>> github
<module 'github' from './github/__init__.pyc'>
>>> g = github.Github("iorlas", "supermegapassword321").get_user().get_repos()
>>> list(g)
<httplib.HTTPSConnection instance at 0x3a8b6c8> api.github.com /user/repos
[<github.Repository.Repository object at 0x3a8a710>, <github.Repository.Repository object at 0x3b74710>, <github.Repository.Repository object at 0x3b74890>, <github.Repository.Repository object at 0x3b74a10>, <github.Repository.Repository object at 0x3b74b90>, <github.Repository.Repository object at 0x3b74cd0>, <github.Repository.Repository object at 0x3b74e50>, <github.Repository.Repository object at 0x3b74fd0>, <github.Repository.Repository object at 0x3b7b190>, <github.Repository.Repository object at 0x3b7b310>, <github.Repository.Repository object at 0x3b7b490>, <github.Repository.Repository object at 0x3b7b610>, <github.Repository.Repository object at 0x3b7b790>, <github.Repository.Repository object at 0x3b7b910>]


So, maybe it is possible to build few _ssl.so and another libraries for common systems and distribute it with ST2?
deoteo
 
Posts: 2
Joined: Sat Dec 29, 2012 12:21 pm

Re: SSL and ST2: Possible solution?

Postby wbond on Wed Jan 02, 2013 1:33 am

In terms of statically compiling libssl, I believe that can not be legally done without re-licensing all of Sublime Text and Python as LGPL since openssl is licensed at LGPL. However, if you dynamically link LGPL code, the license does not require the calling code to be be licensed as LGPL.

I did the work of getting _ssl.so for linux working for the SFTP package. I have offered the _ssl.so modules and python to properly import them to other people writing open source software. See http://sublimetext.userecho.com/topic/5 ... ent_165820 for some more details of where to find it.

I know one user added it to their project, but just because you have the _ssl module, does not mean httplib will automatically be able to request https URLs because the HTTPS functionality of httplib is enabled when httplib is first imported. I think they did some work trying to remove the httplib module and re-import it, but I don't know if they ever got it working. I am only using it for ftplib, and I have a custom version of that anyway to fix lots of bugs, so I did not have to deal with removing and re-importing it.

Package Control gets around this by using curl or wget on linux. There is even a whole bunch of code to handle proxies properly and verify SSL certificates. However, it sounds like the library you are using is bound to using httplib.
wbond
 
Posts: 528
Joined: Mon Feb 28, 2011 5:33 am


Return to Plugin Development

Who is online

Users browsing this forum: No registered users and 12 guests