Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OSX-builds: Deprecated OpenSSL library inside python@2 and python3.5 #70

Closed
ysig opened this issue May 3, 2018 · 8 comments
Closed

OSX-builds: Deprecated OpenSSL library inside python@2 and python3.5 #70

ysig opened this issue May 3, 2018 · 8 comments

Comments

@ysig
Copy link

ysig commented May 3, 2018
edited
Loading

I got a very well known error this days, concerning OSX and openssl which is:

URLError: <urlopen error [SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version (_ssl.c:661)>

see from urllib2 in python@2 and urllib in python3.5.
After searching a lot I found out that this is because of deprecated version of open-ssl used by python: "OpenSSL 0.9.8zh 14 Jan 2016"
[You can see that by running {python} -c "from __future__ import print_function; import ssl; print(ssl.OPENSSL_VERSION)" - see from urllib2 in python@2 and urllib in see]

Instead, a version >= 1.0.2 is needed to avoid the error and although the system has it (as you can see when brew installing openssl), it is not the one executed from path. Even if you change the path and append the location of the desired binary in front, this is not a workaround for python as the correct libraries are not linked. An optional workaround is to brew install {python} --with-brewed-openssl and afterwards replace the one in path marked by {python} tagger. For this workaround you can see here.

I am stuck and I don't know how to proceed because of aliases of python version and mysticism of where is the python executable is and if and how it can be replaced by a new one (if there are predependencies installed that are not the ones installed by user). That's why I am opening an issue and suggesting adding an installation of python in osx with the current version of openssl in your package, driven by the fact that this is not a problem of the project that I am testing and a normal user would be able to solve any dependency issue on his machine.

Thanks in advance for your awesome package and I hope the problem was made clear :)
@ysig ysig changed the title Deprecated OpenSSL library inside python@2 and python3.5 OSX-builds: Deprecated OpenSSL library inside python@2 and python3.5 May 3, 2018
@mayeut
Copy link
Member

mayeut commented May 3, 2018

#68 shall fix the issue when building with python 2.7
Once this is done, remains official python 3.4 & 3.5 that link against apple provided openSSL

/Library/Frameworks/Python.framework/Versions/2.7/bin/python2.7 -c "from __future__ import print_function; import ssl; print(ssl.OPENSSL_VERSION)"
OpenSSL 1.0.2o  27 Mar 2018
/Library/Frameworks/Python.framework/Versions/3.4/bin/python3 -c "from __future__ import print_function; import ssl; print(ssl.OPENSSL_VERSION)"
OpenSSL 0.9.8zh 14 Jan 2016
/Library/Frameworks/Python.framework/Versions/3.5/bin/python3 -c "from __future__ import print_function; import ssl; print(ssl.OPENSSL_VERSION)"
OpenSSL 0.9.8zh 14 Jan 2016
/Library/Frameworks/Python.framework/Versions/3.6/bin/python3 -c "from __future__ import print_function; import ssl; print(ssl.OPENSSL_VERSION)"
OpenSSL 1.0.2n  7 Dec 2017

c.f. https://bugs.python.org/issue17128, I don't think there's some plan for python 3.4 & 3.5 official packages

@ysig
Copy link
Author

ysig commented May 4, 2018

I saw the pr afterwards and I am waiting for it 👍

I don''t know if correct linking after: brew install python3.5 --with-brewed-openssl will work
but for now conda python3.5 supports openssl >= 1.0.2.

Is there a workaround for the user to replace the python you use for python3.5 with
conda python3.5 and fix all the relative paths and packages for your package to work?

Thanks in advance

@YannickJadoul YannickJadoul mentioned this issue May 4, 2018
Merged
@YannickJadoul
Copy link
Member

Both relevant PRs (#68 and #69) are merged, and seem to be succeeding (#68 is still building but can hardly break any build). Until @joerick manages to find some time to approve and publish a new release, you can always pip install https://github.com/joerick/cibuildwheel/archive/master.zip or pip install git+https://github.com/joerick/cibuildwheel.git.

@joerick
Copy link
Contributor

joerick commented May 4, 2018

Hey @YannickJadoul - just catching up on this. Thanks for merging these PRs! I'm happy to cut a release now. Gimme a few mins....

@joerick
Copy link
Contributor

joerick commented May 4, 2018

Released as 0.8.0!

@mayeut
Copy link
Member

mayeut commented May 4, 2018

I'm pretty sure #69 won't help (as mentioned in #69 (comment)).
#68 will correct the issue on python 2.7.
I'm still digging around to find a solution for python 3.4 & 3.5

@mayeut mayeut mentioned this issue May 6, 2018
Merged
@mayeut
Copy link
Member

mayeut commented May 6, 2018

@ysig

Could you try the patch to check it really corrects issues you're seeing ?
You should also update cibuildwheel to 0.8.0
Try adding this in the specific osx part of your ci_scripts/travis/install.sh file:

PYVER=$({python} -c 'import sys; print("%s.%s" % sys.version_info[0:2])')
if [ "$PYVER" == "3.4" ] || [ "$PYVER" == "3.5" ]; then
	curl -fsSLo /tmp/patch.tar.gz https://github.com/mayeut/patch-macos-python-openssl/releases/download/v0.1.0/patch-macos-python-$PYVER-openssl-v0.1.0.tar.gz
	sudo tar -C /Library/Frameworks/Python.framework/Versions/$PYVER/ -xmf /tmp/patch.tar.gz
fi

@joerick
Copy link
Contributor

joerick commented Jun 18, 2018

This is fixed on Python 3.4 and 3.5 as of 0.9.1, which was just released :)

@joerick joerick closed this as completed Jun 18, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@joerick @YannickJadoul @mayeut @ysig