Change OS X installer builds targeted for 10.10 and above to build

and link with a private copy of OpenSSL, like installers targeted
for 10.5 already do, since Apple has deprecated use of the system
OpenSSL and removed its header files from the Xcode 7 SDK.  Note
that this configuration is not currently used to build any
python.org-supplied installers and that the private copy of
OpenSSL requires its own root certificates.
This commit is contained in:
Ned Deily 2016-02-25 01:01:48 +11:00
parent 020250f91f
commit 59884989f7
1 changed files with 7 additions and 2 deletions

View File

@ -206,7 +206,7 @@ def library_recipes():
LT_10_5 = bool(getDeptargetTuple() < (10, 5))
if getDeptargetTuple() < (10, 6):
if not (10, 5) < getDeptargetTuple() < (10, 10):
# The OpenSSL libs shipped with OS X 10.5 and earlier are
# hopelessly out-of-date and do not include Apple's tie-in to
# the root certificates in the user and system keychains via TEA
@ -226,7 +226,8 @@ def library_recipes():
# now more obvious with cert checking enabled by default in the
# standard library.
#
# For builds with 10.6+ SDKs, continue to use the deprecated but
# For builds with 10.6 through 10.9 SDKs,
# continue to use the deprecated but
# less out-of-date Apple 0.9.8 libs for now. While they are less
# secure than using an up-to-date 1.0.1 version, doing so
# avoids the big problems of forcing users to have to manage
@ -234,6 +235,10 @@ def library_recipes():
# APIs for cert validation from keychains if validation using the
# standard OpenSSL locations (/System/Library/OpenSSL, normally empty)
# fails.
#
# Since Apple removed the header files for the deprecated system
# OpenSSL as of the Xcode 7 release (for OS X 10.10+), we do not
# have much choice but to build our own copy here, too.
result.extend([
dict(