In the beginning, I only wanted to update a Pip package. But I might as well relate that here, just for posterity.
So, the pip package gave me a Python error, because Centos only shipped with Python 2.7. I told myself 'OK, let's build Python 3.11, easy peasy', but it all went down from here.
It compiled mostly OK, but after that trying to use pip3.11 threw an SSL error, the famous:
pip is configured with locations that require TLS/SSL, however the ssl module in Python is not available.
Collecting <package>
Could not fetch URL https://pypi.python.org/simple/<package>/: There was a problem confirming the ssl certificate: Can't connect to HTTPS URL because the SSL module is not available. - skipping
Could not find a version that satisfies the requirement <package> (from versions: )
No matching distribution found for <package>
OK, let's update OpenSSL then! I grabbed the openssl-3.1.1.tar.gz package from GitHub, configured and compiled it... And Python still didn't grab the SSL libs. I tried with and without --enable-optimizations, with and without --with-openssl=/usr/, to no avail.
So, what worked?
Well, first, uninstalling that openssl 3.1.1. Then, installing the EPEL (Extra Packages for Entreprise Linux), and from there install the openssl11 and openssl11-devel (At last I had working SSL libs available).
I don't know if that helped, but I also followed the instructions here to upgrade GCC, working with the more up-to-date devtoolset-11 :
sudo yum install centos-release-scl
sudo yum install devtoolset-11-gcc*
source /opt/rh/devtoolset-11/enable
Now, the BIG thing: you have to tell Python where your SSL libs and packages are. So the full command that worked and finally got all the SSL libs detected was:
./configure --with-openssl='/usr/' --with-ssl-default-suites=openssl CFLAGS="-I/usr/include/openssl11" LDFLAGS="-L/usr/lib64/openssl11 -lssl -lcrypto" --with-openssl-rpath=auto
(You can check for these with pkg-config --cflags openssl11 and pkg-config --libs openssl11.)
The SSL output from the ./configure command:
checking for openssl/ssl.h in /usr/... yes
checking for --with-openssl-rpath... auto
checking whether OpenSSL provides required ssl module APIs... yes
checking for --with-ssl-default-suites... openssl
checking for stdlib extension module _ssl... yes
Finally, in the Python directory:
sudo make clean && sudo make altinstall
In order to keep the original Python installation.
You can then choose to load your new python binary as default by linking /usr/local/bin/python3.11 as /usr/local/bin/python, and adding /usr/local/bin first in your $PATH.
