#2005 closed defect (fixed)

'from OpenSSL import crypto' gives undefined symbol: SSLv2_method

Reported by: daira Owned by: daira
Priority: normal Milestone: 1.10.1
Component: packaging Version: 1.10.0
Keywords: pyOpenSSL openitp-packaging eggs Cc: srl@…, srl@…
Launchpad Bug:

Description

AF saw the following problem while trying to run Tahoe-LAFS:

  • found that openssl has a different error here:
    # PYTHONPATH=support/lib/python2.7/site-packages/ python -c 'from OpenSSL
    import cry
    pto'
    Traceback (most recent call last):
      File "<string>", line 1, in <module>
      File
    "/root/allmydata-tahoe-1.10.0/support/lib/python2.7/site-packages/pyOpenSSL-0.12-py2.7-linux-x86_64.egg/OpenSSL/__init__.py",
    line 41, in <module>
        from OpenSSL import rand, SSL
    ImportError:
    /root/allmydata-tahoe-1.10.0/support/lib/python2.7/site-packages/pyOpenSSL-0.12-py2.7-linux-x86_64.egg/OpenSSL/SSL.so:
    undefined symbol: SSLv2_method
    
  • found a mailing list post saying:
    The latest version is 0.13. You can get it on PyPI here
    http://pypi.python.org/pypi/pyOpenSSL
    SSLv2 is no longer supported in OpenSSL, and version 0.13 no longer expects it.
    

We should update the dependency to pyOpenSSL >= 0.13. Note that I'm assuming that we no longer need to support platforms with very old versions of OpenSSL (see #1637).

Change History (13)

comment:1 follow-up: Changed at 2013-07-23T16:49:54Z by srl

  • Cc srl@… added

Also (if that isn't implied) please update the SUMO version to pyOpenSSL 0.13 also. Debian 7.1 system couldn't install from the SUMO package, until I realized that I could just install the OS pyOpenSSL which was 0.13.

comment:2 Changed at 2013-07-23T19:43:44Z by srl

  • Cc srl@… added

comment:3 in reply to: ↑ 1 Changed at 2013-08-08T21:12:16Z by leif

To clarify comment #1: running python setup.py build on Debian 7.1 works if the python-openssl package is already installed, but if you happened to run python setup.py build before python-openssl was installed you'll need to rm -r tahoe-lafs/support/lib/python2.7/site-packages/pyOpenSSL-0.12-* to be able to use Debian's version.

comment:4 Changed at 2013-08-08T21:20:18Z by daira

  • Keywords eggs added

Blocked on updating the pyOpenSSL eggs on tahoe-lafs.org.

comment:5 Changed at 2013-08-31T23:26:39Z by daira

  • Milestone changed from soon to 1.11.0

https://tahoe-lafs.org/source/tahoe-lafs/deps/tahoe-lafs-dep-eggs/pyOpenSSL-0.13-py2.7-linux-x86_64.egg was built incorrectly and also had this problem; now that is fixed (but other copies of the egg might be broken).

comment:6 Changed at 2013-09-02T20:06:19Z by daira

  • Summary changed from update pyOpenSSL dependency to >= 0.13 to 'from OpenSSL import crypto' gives undefined symbol: SSLv2_method

comment:7 Changed at 2014-09-02T17:54:28Z by warner

Two requirements for this one:

  • update _auto_deps.py to pyOpenSSL >= 0.13
  • make sure we publish eggs for 0.13

comment:8 Changed at 2014-09-02T17:54:52Z by warner

  • Owner set to daira

comment:9 Changed at 2014-09-02T21:05:55Z by daira

Actually we should publish eggs for 0.13.1, which was the last version of pyOpenSSL before the switch to using cryptography and cffi. (We should make sure they are using the latest embedded OpenSSL to avoid recent OpenSSL security bugs.)

comment:10 Changed at 2014-09-07T17:12:29Z by daira

  • Keywords openitp-packaging added; packaging removed

comment:11 Changed at 2014-09-25T16:10:11Z by daira

  • Status changed from new to assigned

comment:12 Changed at 2014-10-08T11:45:57Z by Daira Hopwood <daira@…>

In b0b76a7c5b89c3fed5a65ef6732dc45e578f12f4/trunk:

Improve comments in _auto_deps.py. refs #2249, #2028, #2193, #2005, #1258

Signed-off-by: Daira Hopwood <daira@…>

comment:13 Changed at 2014-10-08T12:03:24Z by daira

  • Resolution set to fixed
  • Status changed from assigned to closed
Note: See TracTickets for help on using tickets.