Bug report

TL;DR: See #121992 (comment) for a workaround.

Bug description:

I've got a server running Ubuntu 20.04 that I needed to upgrade OpenSSL on.

I downloaded the source for OpenSSL 3.0.8 and configured it as so:

./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl share

Then, I did a make and make install.

I next reloaded the ldconfig by:

echo "/usr/local/ssl/lib64" > /etc/ld.so.conf.d/openssl.conf
ldconfig -v

Great, that worked. The system is now using OpenSSL 3.0.8, but I need Python to use that version too, so I downloaded the source for Python-3.12.4 and configured it like so:

./configure --enable-optimizations --with-openssl=/usr/local/ssl --with-ensurepip=install --with-openssl-rpath=/usr/local/ssl/lib64/

Make results in:

[ERROR] _hashlib failed to import: /root/Downloads/Python-3.12.4/build/lib.linux-x86_64-3.12/_[hashlib.cpython-312-x86_64-linux-gnu.so](http://hashlib.cpython-312-x86_64-linux-gnu.so/): undefined symbol: EVP_MD_get_type
[ERROR] _ssl failed to import: /root/Downloads/Python-3.12.4/build/lib.linux-x86_64-3.12/_[ssl.cpython-312-x86_64-linux-gnu.so](http://ssl.cpython-312-x86_64-linux-gnu.so/): undefined symbol: SSL_get1_peer_certificate

To fix it, I had to edit the makefile:

nano Makefile

Change

OPENSSL_LDFLAGS=-L/usr/local/ssl/lib

To:

OPENSSL_LDFLAGS=-L/usr/local/ssl/lib64

TLDR Summary:

Is there a way the ./config script can set OPENSSL_LDFLAGS properly for newer versions of OpenSSL which use lib64 folder rather than lib?

CPython versions tested on:

3.10, 3.12

Operating systems tested on:

Linux