468,113 Members | 2,139 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 468,113 developers. It's quick & easy.

More M2Crypto build problems

Trying to build M2Crypto on a dedicated server running Red Hat Fedora Core 6.
I'm trying to do this right, without manual patching.

The error message I'm getting during build is:

python setup.py build
swig -python -I/usr/include -o SWIG/_m2crypto_wrap.c SWIG/_m2crypto.i
/usr/include/openssl/opensslconf.h:27: Error: CPP #error ""This openssl-devel
package does not work your architecture?"". Use the -cpperraswarn option to
continue swig processing.
error: command 'swig' failed with exit status 1

We went through this before, but last time, the versions of OpenSSL and
of SWIG on the system were old, and I was running on a shared server
and couldn't update it. Eventually, M2Crypto was hammered
into working, but it was ugly. It was necessary to patch "setup.py" as

< target_cpu_str = '-D__i386__' # PATCH - assume Intel target. OpenSSL build
needs this.
< swig_opts = [swig_opts_str,target_cpu_str]
swig_opts = [swig_opts_str]
The problem is that the include file in OpenSSL assumes that some
system ID, like __i386__, is defined, which GCC does, but SWIG
does not. It might be considered a bug in SWIG.

This time, everything on the dedicated server has been updated with Yum,
so it ought to just work.

Yum says:
Installed Packages
openssl.i686 0.9.8a-5.4 installed
openssl-devel.i386 0.9.8a-5.4 installed
python.i386 2.4.3-9.FC5 installed
swig.i386 1.3.31-0.fc5 installed
Available Packages
openssl.i386 0.9.8a-5.4 updates
All of those are later than the ones required for M2Crypto, so the system
should be current.
But it doesn't.

Also reported as a SWIG bug, as #1676049.

John Nagle
Mar 7 '07 #1
2 4894
Still more M2Crypto build problems:

In M2Crypto's file "SWIG/_ec.i", there's this:

#if OPENSSL_VERSION_NUMBER < 0x0090800fL || defined(OPENSSL_NO_EC)
%constant OPENSSL_NO_EC = 1;
%constant OPENSSL_NO_EC = 0;

#include <openssl/bn.h>
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/x509.h>
#include <openssl/ecdsa.h>
#include <openssl/ecdh.h>

There's the assumption here that versions of OpenSSL greater than 0.9.08???
contain elliptical curve cryptography support. There's
also the assumption that "ecdsa.h" is present; it is included
unconditionally, and definitions from it are used later.

Unfortunately, the ones that ship with Fedora Core 5 and 6 do not have it:


Updating with "yum" doesn't help. Apparently there are patent problems
with the algorithm, and Red Hat pulled that code. See


I'm trying to get M2Crypto to build without elliptical cryptography, but
it's not working

John Nagle

"Python. Embrace the pain".
Mar 7 '07 #2
Now I understand what's wrong. It's an incompatibility between
SWIG, OpenSSL, and M2Crypto.

OpenSSL was built with OPENSSL_NO_EC defined. That's actually
defined via "opensslconf.h", which includes, based on whether
__i386__ is defined, the file "opensslconf-i386.h". OpenSSL
didn't always work that way; the per-platform include file
thing is new.

M2Crypto uses SWIG. (Usually a mistake, but..) SWIG takes
in various definition files, and generates about 24,000 lines of
C code. (This is just glue code; it's not really doing much.)
One of the the definition files is "_ec.i", which has:

%include <openssl/opensslconf.h>
#if OPENSSL_VERSION_NUMBER < 0x0090800fL || defined(OPENSSL_NO_EC)
%constant OPENSSL_NO_EC = 1;
%constant OPENSSL_NO_EC = 0;

#include <openssl/bn.h>
.... stuff to handle elliptical curve encryption

This looks reasonable. The "%include" brings in the file for
SWIG processing. But, under SWIG's rules, that does NOT bring
in files included from within the file being included.
(Otherwise, SWIG would generate Python interfaces for everything
in them.)

So "OPENSSL_NO_EC" is undefined, which results in compiling the
code for "EC", the elliptical curve stuff removed from Fedora
5 and 6 for patent reasons.

A workaround is to put:


at the beginning of "_ec.i". This turns off elliptical curve
crypto support. M2Crypto will then build.

There's probably a correct way to do this, and get SWIG to properly
obtain the value from the OpenSSL include file, but I don't know
SWIG well enough to do it.

John Nagle
Mar 8 '07 #3

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

7 posts views Thread by Carl Waldbieser | last post: by
5 posts views Thread by jsmilan | last post: by
2 posts views Thread by Elbert Lev | last post: by
reply views Thread by Thomas G. Apostolou | last post: by
2 posts views Thread by John Nagle | last post: by
8 posts views Thread by John Nagle | last post: by
5 posts views Thread by John Nagle | last post: by
7 posts views Thread by John Nagle | last post: by
3 posts views Thread by didacticone | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.