[issue17128] OS X system openssl deprecated - installer should build local libssl

[Ned Deily]

Ned Deily added the comment:

After spending some time on this, I'm downgrading this from release blocker status.  First, no one has yet identified any immediate need for openssl 1.0.x features to support possible PyPI enhancements, which was my original concern.  Second, since the openssl build system does not support OS X universal builds or SDKs and is not autoconf-based, it does not fit well into the current OS X installer build process.  I have a working first cut of building the libs but there is more to do.  Third, there is the open issue of how to make root certs available.  Ronald, I'm probably missing something obvious here but I don't see which Apple patch you are referring to.  Can you elaborate?

There is also the issue of government export restrictions that seems to always come up with crypto software.  AFAICT, as of a couple of years ago, there is no longer any restriction on shipping openssl binaries with any encryption algorithm from the US to any other country.  There are still a few well-known patent issue which seem easy to avoid.  But I am not a lawyer.
 
Unless someone objects, I'm going to treat this as a new feature for now and, once ready, we can re-examine backporting.

----------
priority: release blocker -> high
versions:  -Python 2.7, Python 3.2, Python 3.3

_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue17128>
_______________________________________