skip to Main Content

I have a Django app running on an old CentOS 7 box, and to have my own python3 environment there I’m using venv and pip. Today I rebuilt my environment, and suddenly, I had an ssl related backtrace.

    [root@miketug1 teleworker]# vpython manage.py showmigrations
Traceback (most recent call last):
  File "manage.py", line 22, in <module>
    execute_from_command_line(sys.argv)
  File "/usr/lib/tug/env/lib64/python3.6/site-packages/django/core/management/__init__.py", line 364, in execute_from_command_line
    utility.execute()
  File "/usr/lib/tug/env/lib64/python3.6/site-packages/django/core/management/__init__.py", line 338, in execute
    django.setup()
  File "/usr/lib/tug/env/lib64/python3.6/site-packages/django/__init__.py", line 27, in setup
    apps.populate(settings.INSTALLED_APPS)
  File "/usr/lib/tug/env/lib64/python3.6/site-packages/django/apps/registry.py", line 108, in populate
    app_config.import_models()
  File "/usr/lib/tug/env/lib64/python3.6/site-packages/django/apps/config.py", line 202, in import_models
    self.models_module = import_module(models_module_name)
  File "/usr/lib64/python3.6/importlib/__init__.py", line 126, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "<frozen importlib._bootstrap>", line 994, in _gcd_import
  File "<frozen importlib._bootstrap>", line 971, in _find_and_load
  File "<frozen importlib._bootstrap>", line 955, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 665, in _load_unlocked
  File "<frozen importlib._bootstrap_external>", line 678, in exec_module
  File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
  File "/etc/e-smith/web/django/teleworker/dashboard/models.py", line 9, in <module>
    import teleworker.lib.common as commonlib
  File "/etc/e-smith/web/django/teleworker/lib/common.py", line 35, in <module>
    import requests
  File "/usr/lib/tug/env/lib64/python3.6/site-packages/requests/__init__.py", line 95, in <module>
    from urllib3.contrib import pyopenssl
  File "/usr/lib/tug/env/lib64/python3.6/site-packages/urllib3/contrib/pyopenssl.py", line 46, in <module>
    import OpenSSL.SSL
  File "/usr/lib/tug/env/lib64/python3.6/site-packages/OpenSSL/__init__.py", line 8, in <module>
    from OpenSSL import crypto, SSL
  File "/usr/lib/tug/env/lib64/python3.6/site-packages/OpenSSL/SSL.py", line 664, in <module>
    _lib.Cryptography_HAS_TLSEXT_HOSTNAME, "SNI not available"
AttributeError: module 'lib' has no attribute 'Cryptography_HAS_TLSEXT_HOSTNAME'

The versions of my modules are set in a requirements.txt file, which did not change. I was running pyOpenSSL 19.0.0, with Python 3.6. I upgraded to pyOpenSSL 20.0.0 and the problem went away, but I am confused as to how this could happen unless the 19.0.0 version on PyPI was changed, as I’ve used fixed versions of this module for some time now.

Can anyone explain what happened here? I’d like to avoid anything similar in the future. Thanks.

4

Answers


  1. Chosen as BEST ANSWER

    I think I found it. I didn't have the cryptography module in my requirements.txt, so it was upgraded to the latest version without upgrading pyOpenSSL which was in my requirements.txt file. Seems like some kind of dependency should have prevented this, but I'm updating my requirements.txt to include everything now.


  2. The root cause for this issue is the latest cryptography-3.3 package which was released 20 hours ago; unfortunately, the pyopenssl-19 has a weird requirement (cryptography >=2.3) hence the pip install automatically upgraded the cryptography to 3.3.

    Login or Signup to reply.
  3. There’s a new cryptography 3.3.1 which fixes the issue

    Login or Signup to reply.
  4. We have both pip and pip3 installed. So the following sequence is what fixed it for me:

    sudo apt update; pip install -U cryptography; sudo apt remove python3-openssl -y; sudo apt autoremove; pip3 install -U cryptography;

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search