Patch pyopenssl for sslv3 issue

2019-03-09 15:42发布

I got a problem on a Debian 8 system with python 2.7.9-2 amd64:

    marius@pydev:/usr/lib/python2.7/dist-packages/urllib3/contrib$ pip search doo
Traceback (most recent call last):
  File "/usr/bin/pip", line 9, in <module>
    load_entry_point('pip==1.5.6', 'console_scripts', 'pip')()
  File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 356, in load_entry_point
    return get_distribution(dist).load_entry_point(group, name)
  File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 2476, in load_entry_point
    return ep.load()
  File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 2190, in load
    ['__name__'])
  File "/usr/lib/python2.7/dist-packages/pip/__init__.py", line 74, in <module>
    from pip.vcs import git, mercurial, subversion, bazaar  # noqa
  File "/usr/lib/python2.7/dist-packages/pip/vcs/mercurial.py", line 9, in <module>
    from pip.download import path_to_url
  File "/usr/lib/python2.7/dist-packages/pip/download.py", line 22, in <module>
    import requests, six
  File "/usr/local/lib/python2.7/dist-packages/requests/__init__.py", line 53, in <module>
    from .packages.urllib3.contrib import pyopenssl
  File "/usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/contrib/pyopenssl.py", line 73, in <module>
    ssl.PROTOCOL_SSLv3: OpenSSL.SSL.SSLv3_METHOD,
**AttributeError: 'module' object has no attribute 'PROTOCOL_SSLv3'**

I checked into the lib and tried to patch /usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/contrib/pyopenssl.py

    from .. import connection
from .. import util

__all__ = ['inject_into_urllib3', 'extract_from_urllib3']

# SNI only *really* works if we can read the subjectAltName of certificates.
HAS_SNI = SUBJ_ALT_NAME_SUPPORT

# Map from urllib3 to PyOpenSSL compatible parameter-values.
_openssl_versions = {
    ssl.PROTOCOL_SSLv23: OpenSSL.SSL.SSLv23_METHOD,
    **ssl.PROTOCOL_SSLv3: OpenSSL.SSL.SSLv3_METHOD,**
    ssl.PROTOCOL_TLSv1: OpenSSL.SSL.TLSv1_METHOD,
}
_openssl_verify = {
    ssl.CERT_NONE: OpenSSL.SSL.VERIFY_NONE,
    ssl.CERT_OPTIONAL: OpenSSL.SSL.VERIFY_PEER,
    ssl.CERT_REQUIRED: OpenSSL.SSL.VERIFY_PEER
                       + OpenSSL.SSL.VERIFY_FAIL_IF_NO_PEER_CERT,
}

Could someone enlighten me how I can fix this? It would be super awesome if someone had a clue. I googled the issue and only found incomplete patches and it's messy. Probably a case for the bug tracker once this is fixed, too. I have this issue for all Python packages.

7条回答
Fickle 薄情
2楼-- · 2019-03-09 15:42

I've received the same error.
In conjunction with the previous answers:

sudo easy_install --upgrade pip

I've also had to run:

sudo pip uninstall pyopenssl
sudo pip install mozdownload

This fixed my error, maybe it can help others. I came here by googling:

AttributeError: 'module' object has no attribute 'PROTOCOL_SSLv3'

查看更多
smile是对你的礼貌
3楼-- · 2019-03-09 15:55

I ran into this problem today with Ansible. I solved it with: pip uninstall pyopenssl

maybe this will help someone else in the same situation

查看更多
霸刀☆藐视天下
4楼-- · 2019-03-09 15:56

I ran into this on a new Xenial and was unsuccessful w/many answers I had seen (some I really didn't try because most of my software was more current). What finally solved it for me was: sudo pip install requests --upgrade ... which is just a twist on the other request upgrade recommendation.

查看更多
Fickle 薄情
5楼-- · 2019-03-09 15:59

I received this error after an upgrade from Ubuntu 14 to 16. The upgrade changed some Python paths, which broke some core packages. This answer essentially fixed it for me.

sudo apt-get purge python-pkg-resources
sudo apt-get -f install
sudo rm -Rf /usr/local/bin/pip
sudo apt-get install python-pip
sudo pip install -U pip
查看更多
ら.Afraid
6楼-- · 2019-03-09 16:02

This is actually an issue with urllib3, not with pyopenssl. Debian lately compiles OpenSSL without SSLv3 support, and urllib3 just assumed that support was there.

The issue was fixed in commit b9b3b0102 which is part of the 1.10 release of urllib3.

As you are using urllib3 as part of requests, which in turn is used by pip, it should be enough to update to a recent version of requests. As of writing, the current version is 2.6.0 which contains the fix:

# pip install requests==2.6.0

You might encounter a problem upgrading requests, because of the chicken-egg problem. To fix this, you can try to temporarily remove the pyopenssl package, upgrade requests and reinstall pyopenssl.

Additionally you might want to use the following line to update pip before trying to update requests:

# sudo easy_install --upgrade pip
查看更多
劫难
7楼-- · 2019-03-09 16:02

I meet the same problems and I just uninstall the version of requests and install the exact version by using the following command.

pip install requests==2.6.0

then it works

查看更多
登录 后发表回答