Here’s another installment in what seems to be turning into a series of compilation instructions for Windows of libraries that were born and raised on Linux.
Python has only the most basic support for secure SSL and HTTPS and if you know anything about how SSL works, you’ll know that support doesn’t provide enough security. I’ll leave the discussion of SSL, TLS, HTTPS and other related protocols and technologies to people who actually know something about it (any good links I should put here?), but the following quote from the Python documentation should put even the uninitiated on their toes:
class HTTPSConnection(host[, port, key_file, cert_file])
A subclass of HTTPConnection that uses SSL for communication with secure servers. Default port is
443. key_file is the name of a PEM formatted file that contains your private key. cert_file is a PEM formatted certificate chain file.
Warning: This does not do any certificate verification!
The red color is mine, but the warning is there (at least in Python 2.4.4 – I’ve been a bit slow to adopt 2.5 yet, but I don’t think it has changed).
What that means is that although you might think you’re using a secure connection when you’re using HTTPSConnection you really aren’t. At least not as secure as you thought. Although all the data transferred between you and the server will be encrypted, you won’t actually know you’re talking to the right server and wil be vulnerable to the man-in-the-middle attack.
But fear not, because M2Crypto comes to the rescue. M2Crypto is a Python library based on the well known OpenSSL library which does all the right cryptographic magic in all the right ways. M2Crypto has a compatible HTTPSConnection class that should work as a drop-in replacement of the one in httplib and actually authenticate the server correctly.
Now that we’ve got all this unimportant stuff out of the way, lets get our hands a dirty with building the library on Windows.
Tools you’ll need
Here are the programs you’ll need installed before you dig in:
- Python 2.4 or later – might work with earlier versions, but I haven’t tested it with anything but Python 2.4.4.
- Microsoft Visual Studio 2003 – this is the version that Python 2.4/2.5 is built with and this is the version you need to build M2Crypto. I don’t think any other (including 2005) will work.
- ActivePerl 5.8.7 – that’s the version I used, but I guess any reasonable Perl will do.
- Command prompt – you don’t need to install it, but you’re going to be using it a lot so you’d best be familiar with it.
Building OpenSSL for Windows
The first thing we’ll need to do is build us a fresh OpenSSL DLL.
- Download the latest OpenSSL source package from http://www.openssl.org/source/.
- Unzip and untar the package somewhere and open a command prompt there.
- > perl Configure VC-WIN32 –prefix=c:/openssl
- > ms\do_masm
- > nmake -f ms\ntdll.mak
- > nmake -f ms\ntdll.mak install
If something doesn’t work, refer to the INSTALL.W32 file in the OpenSSL source package. I followed the intructions there to the letter and they worked.
Building M2Crypto for Windows
M2Crypto uses a tool called SWIG to help write the Python code that wraps the OpenSSL library that is written in C, so we’ll have to download and install it.
- Download the latest SWIG Windows binaries from http://www.swig.org/download.html .
- Unzip and untar the SWIG package to some directory and add that directory to your PATH.
- Download the latest M2Crypto sources from http://chandlerproject.org/bin/view/Projects/MeTooCrypto.
- Unzip and untar the M2Crypto source somewhere and open a command prompt there.
- > python setup.py build_ext –openssl c:/openssl
- > python setup.py bdist_wininst
That last command will create a nice M2Crypto-0.18.win32-py2.4.exe file in the dist subdirectory which you can run to install M2Crypto in the Python site-packages directory.
To test your build, run python and do import M2Crypto. If you get an error that says ‘ImportError: DLL load failed with error code 182′, it’s because the M2Crypto library can’t find the OpenSSL DLLs. You’ll need to place the libeay32.dll and ssleay32.dll files somewhere python can find them. The directory in which your script resides is a good bet.