How to compile python with modified OpenSSL (with russian GOST support)?

Question

I am trying to force python 2.7 works with modified openssl library. I need to support russian GOST ciphers. So I configurated OpenSSL like this

./config shared zlib enable-rfc3779 --prefix=/my/path/

and installed it (make depend, make, make test, make install). openssl.conf contains

openssl_conf = openssl_def
[openssl_def]
engines = engine_section
[engine_section]
gost = gost_section
[gost_section]
engine_id = gost
default_algorithms = ALL

After that command /my/path/bin/openssl ciphers | tr ":" "\n" | grep GOST returns

GOST2001-GOST89-GOST89
GOST94-GOST89-GOST89

and openssl s_client -connect test.domain.ru:443 connected succesfully and I can send GET requests (standart OpenSSL doesn't work with this site in this way). After that I tried to compile python with that openssl lib: I uncomment and changed SSL variable in Modules/Setup.dist to /my/path and related lines under it and also changed ssl_incs and ssl_libs variable in setup.py. I have installed python to my home folder and running scripts form that folder. But when I run script like that

import urllib2
print(urllib2.urlopen('https://test.domain.ru/').read())

I still got error

urllib2.URLError: <urlopen error [Errno 1] _ssl.c:501: error:140920F8:SSL routines:SSL3_GET_SERVER_HELLO:unknown cipher returned>

What should I do to force python use new OpenSSL (gost engine) and may be there is any simple way to do that?

OS: Linux Mint 17 x64

Answer 1

Try to rebuild _ssl.pyd with some changes in Modules/_ssl.c. 1) add #include after lines

#include <openssl/x509.h>
#include <openssl/err.h>
#include <openssl/rand.h>

2) add OPENSSL_config(NULL); before lines

SSL_library_init();
SSL_load_error_strings();

inside init_ssl function.