aboutsummaryrefslogtreecommitdiffstats
path: root/docs/hazmat/backends/openssl.rst
diff options
context:
space:
mode:
Diffstat (limited to 'docs/hazmat/backends/openssl.rst')
-rw-r--r--docs/hazmat/backends/openssl.rst34
1 files changed, 24 insertions, 10 deletions
diff --git a/docs/hazmat/backends/openssl.rst b/docs/hazmat/backends/openssl.rst
index 5e51c75e..404573a3 100644
--- a/docs/hazmat/backends/openssl.rst
+++ b/docs/hazmat/backends/openssl.rst
@@ -3,23 +3,37 @@
OpenSSL Backend
===============
-These are `CFFI`_ bindings to the `OpenSSL`_ C library.
+The `OpenSSL`_ C library.
.. data:: cryptography.hazmat.backends.openssl.backend
- This is the exposed API for the OpenSSL bindings. It has two public
- attributes:
+ This is the exposed API for the OpenSSL backend. It has no public attributes.
- .. attribute:: ffi
+Using your own OpenSSL on Linux
+-------------------------------
- This is a :class:`cffi.FFI` instance. It can be used to allocate and
- otherwise manipulate OpenSSL structures.
+Python links to OpenSSL for its own purposes and this can sometimes cause
+problems when you wish to use a different version of OpenSSL with cryptography.
+If you want to use cryptography with your own build of OpenSSL you will need to
+make sure that the build is configured correctly so that your version of
+OpenSSL doesn't conflict with Python's.
- .. attribute:: lib
+The options you need to add allow the linker to identify every symbol correctly
+even when multiple versions of the library are linked into the same program. If
+you are using your distribution's source packages these will probably be
+patched in for you already, otherwise you'll need to use options something like
+this when configuring OpenSSL::
- This is a ``cffi`` library. It can be used to call OpenSSL functions,
- and access constants.
+ ./config -Wl,--version-script=openssl.ld -Wl,-Bsymbolic-functions -fPIC shared
+You'll also need to generate your own ``openssl.ld`` file. For example::
+
+ OPENSSL_1.0.1F_CUSTOM {
+ global:
+ *;
+ };
+
+You should replace the version string on the first line as appropriate for your
+build.
-.. _`CFFI`: https://cffi.readthedocs.org/
.. _`OpenSSL`: https://www.openssl.org/
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-08 06:12:27 +0000