Building M2Crypto on Windows

Here’s another installment in what seems to be turning into a series of compilation instructions for Windows of libraries that were born and raised on Linux.

Python has only the most basic support for secure SSL and HTTPS and if you know anything about how SSL works, you’ll know that support doesn’t provide enough security. I’ll leave the discussion of SSL, TLS, HTTPS and other related protocols and technologies to people who actually know something about it (any good links I should put here?), but the following quote from the Python documentation should put even the uninitiated on their toes:

class HTTPSConnection(host[, port, key_file, cert_file])

A subclass of HTTPConnection that uses SSL for communication with secure servers. Default port is 443. key_file is the name of a PEM formatted file that contains your private key. cert_file is a PEM formatted certificate chain file.

Warning: This does not do any certificate verification!

The red color is mine, but the warning is there (at least in Python 2.4.4 – I’ve been a bit slow to adopt 2.5 yet, but I don’t think it has changed).

What that means is that although you might think you’re using a secure connection when you’re using HTTPSConnection you really aren’t. At least not as secure as you thought. Although all the data transferred between you and the server will be encrypted, you won’t actually know you’re talking to the right server and wil be vulnerable to the man-in-the-middle attack.

But fear not, because M2Crypto comes to the rescue. M2Crypto is a Python library based on the well known OpenSSL library which does all the right cryptographic magic in all the right ways. M2Crypto has a compatible HTTPSConnection class that should work as a drop-in replacement of the one in httplib and actually authenticate the server correctly.

Now that we’ve got all this unimportant stuff out of the way, lets get our hands a dirty with building the library on Windows.

Tools you’ll need

Here are the programs you’ll need installed before you dig in:

  1. Python 2.4 or later – might work with earlier versions, but I haven’t tested it with anything but Python 2.4.4.
  2. Microsoft Visual Studio 2003 – this is the version that Python 2.4/2.5 is built with and this is the version you need to build M2Crypto. I don’t think any other (including 2005) will work.
  3. ActivePerl 5.8.7 – that’s the version I used, but I guess any reasonable Perl will do.
  4. Command prompt – you don’t need to install it, but you’re going to be using it a lot so you’d best be familiar with it.

Building OpenSSL for Windows

The first thing we’ll need to do is build us a fresh OpenSSL DLL.

  1. Download the latest OpenSSL source package from http://www.openssl.org/source/.
  2. Unzip and untar the package somewhere and open a command prompt there.
  3. > perl Configure VC-WIN32 –prefix=c:/openssl
  4. > ms\do_masm
  5. > nmake -f ms\ntdll.mak
  6. > nmake -f ms\ntdll.mak install

If something doesn’t work, refer to the INSTALL.W32 file in  the OpenSSL source package. I followed the intructions there to the letter and they worked.

Building M2Crypto for Windows

M2Crypto uses a tool called SWIG to help write the Python code that wraps the OpenSSL library that is written in C, so we’ll have to download and install it.

Let’s go.

  1. Download the latest SWIG Windows binaries from http://www.swig.org/download.html .
  2. Unzip and untar the SWIG package to some directory and add that directory to your PATH.
  3. Download the latest M2Crypto sources from http://chandlerproject.org/bin/view/Projects/MeTooCrypto.
  4. Unzip and untar the M2Crypto source somewhere and open a command prompt there.
  5. > python setup.py build_ext –openssl c:/openssl
  6. > python setup.py bdist_wininst

That last command will create a nice M2Crypto-0.18.win32-py2.4.exe file in the dist subdirectory which you can run to install M2Crypto in the Python site-packages directory.

To test your build, run python and do import M2Crypto. If you get an error that says ‘ImportError: DLL load failed with error code 182′, it’s because the M2Crypto library can’t find the OpenSSL DLLs. You’ll need to place the libeay32.dll and ssleay32.dll files somewhere python can find them. The directory in which your script resides is a good bet.

8 Comments on “Building M2Crypto on Windows”


By Mike Lowe. September 28th, 2007 at 21:29

From the looks of it, a lot of the things that make m2crypto attractive will be included in the ssl module in python 2.6. http://svn.python.org/view/*checkout*/python/trunk/Doc/library/ssl.rst

By gooli. October 1st, 2007 at 00:31

It does seem that way. Thanks for the info!

By Barry Burns. December 15th, 2007 at 23:38

Building m2crypto in Windows with free tools

1. Download & install MinGW from http://www.mingw.org.
2. Download the swigwin distribution from http://www.swig.org and unzip it to a directory (c:\mingw\swig might not be a bad one)
3. Download & install OpenSSL: http://www.slproweb.com/products/Win32OpenSSL.html
4. Copy the OpenSSL include files (c:\openssl\include) to the Python include directory (c:\pythonXY\include)
5. Copy the OpenSSL libraries (C:\OpenSSL\lib\MinGW) to the MinGW library directory (c:\pythonXY\libs)
6. Rename ssleay32.a and libeay32.a to libssleay32.a and liblibeay32.a respectively.
7. path c:\mingw\bin;c:\mingw\swig;%path%
8. setup.py build -c mingw32 bdist_wininst

By Chris DeMattio. July 21st, 2008 at 18:26

If building using openssl.0.9.8h and Visual Studio 2003, you may encounter the following error:

_m2crypto_wrap.c
c:\openSSL\include\openssl\x509.h(207) : error C2059: syntax error : ‘type’
c:\openSSL\include\openssl\x509.h(929) : error C2059: syntax error : ‘type’
c:\openSSL\include\openssl\x509.h(929) : error C2143: syntax error : missing ‘)’ before ‘(’
c:\openSSL\include\openssl\x509.h(929) : error C2143: syntax error : missing ‘)’ before ‘(’
c:\openSSL\include\openssl\x509.h(929) : error C2091: function returns function
c:\openSSL\include\openssl\x509.h(929) : error C2091: function returns function
c:\openSSL\include\openssl\x509.h(929) : error C2143: syntax error : missing ‘{’ before ‘constant’
c:\openSSL\include\openssl\x509.h(929) : error C2059: syntax error : ”
c:\openSSL\include\openssl\x509.h(929) : error C2059: syntax error : ‘)’
c:\openSSL\include\openssl\x509.h(929) : error C2059: syntax error : ‘)’
c:\openSSL\include\openssl\x509.h(929) : error C2059: syntax error : ‘type’
SWIG\_m2crypto_wrap.c(5861) : warning C4113: ‘void (__cdecl *)()’ differs in parameter lists from ‘v
oid (__cdecl *)(void *)’
error: command ‘”C:\Program Files\Microsoft Visual Studio .NET 2003\Vc7\bin\cl.exe”‘ failed with exit status 2

This is a known issue with OpenSSL. See http://rt.openssl.org/Ticket/Display.html?id=1700&user=guest&pass=guest for information.

By Heikki Toivonen. August 14th, 2008 at 09:24

Python 2.6 will indeed include improvements in the stdlib SSL handling. However, it claims to have full support for server side SSL operations, and client operations are still something you would probably want to use something else, like M2Crypto, for.

As I was reading through the Python 2.6 documentation it also struck me that it seems SSLv2 will be supported out of the box, and there does not seem to be a way to turn that off. As far as I know the only way to write code that works with SSLv3 and all versions of TLS is to use the misleading SSLv23 mode, but you should then really turn off SSLv2 as well.

By Yu Xue. August 20th, 2009 at 09:34

Hi,

When I use python setup.py build_ext -openssl c:/openssl command, there is always an error:

invalid command name ‘c:/openssl’

and in c:\ there is no dir called openssl, but has a C:\usr\local\ssl\bin which includes libeay32.dll, ssleay32.dll and openssl.exe. However, when I try to replace c:/openssl with C:\usr\local\ssl\bin\openssl, there is still that errro.

Could you please help me?
Thank you!

By Chris. March 8th, 2010 at 07:31

Thanks for the instructions.

I built M2Crypto-0.20.2.win32-py2.6.exe and posted it online for those who don’t want to go through the process.
https://docs.google.com/leaf?id=0B6vFP5gh9yybZmE0MWNiYTUtMmM0NS00OGQ1LWIzYzctYTNlNTJkZjE5MWMy&hl=en

It’s built against OpenSSL 0.9.8g, so grab those binaries.

By Domingo Aguiler. October 1st, 2010 at 04:38

Is there a win32 binary for python 2.7?