AttributeError: module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK'

Asked 23/9, 2022 at 16:18 Answered 26/3 at 12:13

157

Recently I had to reinstall Python due to a corrupt executable. This made one of our Python scripts bomb with the following error:

AttributeError: module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK'

The line of code that caused it to bomb was:

from apiclient.discovery import build

I tried pip uninstalling and pip upgrading the google-api-python-client, but I can’t seem to find any information on this particular error.

For what it is worth, I am trying to pull Google Analytics information down via an API call.

Here is an output of the command prompt error:

  File "C:\Analytics\Puritan_GoogleAnalytics\Google_Conversions\mcfTest.py", line 1, in <module>
    from apiclient.discovery import build
  File "C:\ProgramData\Anaconda3\lib\site-packages\apiclient\__init__.py", line 3, in <module>
    from googleapiclient import channel, discovery, errors, http, mimeparse, model
  File "C:\ProgramData\Anaconda3\lib\site-packages\googleapiclient\discovery.py", line 57, in <module>
    from googleapiclient import _auth, mimeparse
  File "C:\ProgramData\Anaconda3\lib\site-packages\googleapiclient\_auth.py", line 34, in <module>
    import oauth2client.client
  File "C:\ProgramData\Anaconda3\lib\site-packages\oauth2client\client.py", line 45, in <module>
    from oauth2client import crypt
  File "C:\ProgramData\Anaconda3\lib\site-packages\oauth2client\crypt.py", line 45, in <module>
    from oauth2client import _openssl_crypt
  File "C:\ProgramData\Anaconda3\lib\site-packages\oauth2client\_openssl_crypt.py", line 16, in <module>
    from OpenSSL import crypto
  File "C:\ProgramData\Anaconda3\lib\site-packages\OpenSSL\__init__.py", line 8, in <module>
    from OpenSSL import crypto, SSL
  File "C:\ProgramData\Anaconda3\lib\site-packages\OpenSSL\crypto.py", line 1517, in <module>
    class X509StoreFlags(object):
  File "C:\ProgramData\Anaconda3\lib\site-packages\OpenSSL\crypto.py", line 1537, in X509StoreFlags
    CB_ISSUER_CHECK = _lib.X509_V_FLAG_CB_ISSUER_CHECK
AttributeError: module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK'

Plenteous answered 23/9, 2022 at 16:18 Comment(4)

Have you followed Google analytics python quickstart? for service accounts? or QuickStart python for installed app – Bunko 23/9, 2022 at 16:23

@Daimto I did in fact. My posting here was to see if someone had an idea of what packages I could verify if there were version differences I was fighting with. I at least assume thats the issue based on my small research since this happened. – Plenteous 23/9, 2022 at 16:27

X509 implies to me that you are still using the p12 certificate for the service account instead of the json key file for the service account. If that is infact true. Then i would advice you to fix the code so you are using the json key file instead of the p12 file. "Its just easer and causes less errors" – Bunko 23/9, 2022 at 17:5

@Daimto I am using the json file. After a few trials and error I did find that the error was due to conflicting cryptography versions. I was able to get it up and running. Woohoo! – Plenteous 23/9, 2022 at 17:10

241

Upgrade the latest version of PyOpenSSL.

python3 -m pip install pip --upgrade
pip install pyopenssl --upgrade

Vanthe answered 3/10, 2022 at 8:5 Comment(15)

If you are like me, be sure not to read over this part: "Edit the crypto.py file and remove the offending line by commenting it out with a #" – Jimerson 21/10, 2022 at 15:30

what's the difference between using pip and pip3 here? should I do pip3 if using python3 and rpi4? – Divine 21/10, 2022 at 16:46

Sorry it took so long to give you the deserved feedback. thanks! – Plenteous 3/11, 2022 at 14:59

where is the crypto.py file located? – Hiramhirasuna 9/11, 2022 at 22:26

@JamesDraper just check the stacktrace and you should see the path to the crypto.py – Vanthe 11/11, 2022 at 13:3

Unfortunately pip is also failing with this error – Inaudible 15/11, 2022 at 9:19

I found it better to remove OpenSSL package entirely: rm -rf <path_to_lib_python3.7>/site-packages/OpenSSL and then doing pip install -U pyopenssl – Deccan 16/11, 2022 at 1:3

Commenting-out the offending line or deleting the whole package seems harsh, but in this case they are perfect. The other options will probably cause more harm and may also trash the Python installation completely. – Alpert 7/12, 2022 at 8:0

very bad advice to modify library. – Sandeesandeep 26/12, 2022 at 8:55

what crypto.py file? – Piliform 31/12, 2022 at 9:16

The upgrade seemed to work for me, but I'm not sure if this is a stab in the dark that happened to work. Does this happen for specific versions of pyopenssl? – Maledict 17/1, 2023 at 4:50

Yeah not clear on where that file is. What OP should have said is "After encountering this error, look at the trace back report (The error message displayed) at the very bottom it should show the file path" like this ` File "/usr/lib/python3/dist-packages/OpenSSL/crypto.py", line 3126, in <module>` or if you need to you can try and find it like this sudo find / -name "crypto.py" -type f 2>/dev/null. Also after doing this it does not fix the issue for me. – Alien 17/1, 2023 at 14:0

DId not work for me. I had to recreate a new venv . – Merce 8/2, 2023 at 9:15

I just upgraded pyopenssl in the python install referenced in the stacktrace and the error went away. Did not need to edit any files manually. – Cleruchy 24/6, 2023 at 9:16

For me, I had an offending cryptograph package in ~/.local/lib/python3.9/site-packages. Removing that fixed it. I installed nostr-relay which brought an other version in causing the conflict. – Eward 31/7, 2023 at 10:52

140

As all the previous answers failed for me, I used the trick in module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK':

sudo apt remove python3-pip
wget https://bootstrap.pypa.io/get-pip.py
sudo python3 get-pip.py

And then after a reboot (Starting a new shell may be enough, see comments):

pip install pyopenssl --upgrade

Inaudible answered 15/11, 2022 at 9:38 Comment(9)

Logged in just to upvote you! Thanks – Workbook 17/11, 2022 at 3:15

This is the only thing that worked for me as well; Ubuntu 20 – Hoopes 20/12, 2022 at 12:22

WARNING: Running pip as the 'root' user can result in broken permissions and conflicting behaviour with the system package manager. It is recommended to use a virtual environment instead: pip.pypa.io/warnings/venv – Piliform 31/12, 2022 at 9:18

Works like a charm, this saved us so much time, thank you so much! – Boykins 23/7, 2023 at 10:32

Had to login to upvote thanks! – Stephine 2/8, 2023 at 21:21

This only works if you have internet on the host. Working on a closed off box, cannot do this. – Alien 29/1 at 21:6

True, if You do not have internet access, then You need to have a reference system, where pyopenssl has been upgraded. Do a pip freeze and then copy all the openssl related packages from the internet to a local media and install them. – Inaudible 30/1 at 10:21

This one worked. by the way, no need to reboot, just reload your shell and the pip install will work too – Scissors 10/4 at 5:54

This worked for me on Ubuntu 22. The other answer, upgrading with pip3, give the same error. Logged in to upvote. – Todo 11/4 at 8:33

I also encountered this error while installing Flask and firebase-admin on Ubuntu 20.04. The following commands solved my problem. First I removed OpenSSL using this command.

sudo rm -rf /usr/lib/python3/dist-packages/OpenSSL
sudo pip3 install pyopenssl
sudo pip3 install pyopenssl --upgrade

Salmons answered 31/1, 2023 at 10:37 Comment(5)

This solution worked for me, while other answers did not. – Subtonic 6/3, 2023 at 17:35

Just need to replace the path for OpenSSL folder to the one on your file system. In my case, it was inside- /Users/<user>/anaconda3/lib/python3.7/site-packages/OpenSSL – Dispose 16/3, 2023 at 2:51

This fixed it, thank you! One extra note, if you're using venv, you'd want to delete the OpenSSL directory from <project directory>/venv/lib/python<version>/site-packages/OpenSSL rather than /usr/lib. – Educatee 11/5, 2023 at 16:55

That's the best solution inside a virtual environment. Thanks! – Pantie 4/1 at 15:22

This works in the conda environment too. Thanks1 – Damocles 15/1 at 16:13

pip3 install pyOpenSSL --upgrade

solved all my issues.

Comprehensible answered 12/12, 2022 at 10:53 Comment(1)

When I tried this, I got an exception backtrace:

CB_ISSUER_CHECK = _lib.X509_V_FLAG_CB_ISSUER_CHECK AttributeError: module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK'

Which is what we are trying to solve. – Subtonic 6/3, 2023 at 17:22

sudo apt remove python3-openssl

Kanya answered 6/2, 2023 at 14:40 Comment(5)

Hey mtwebster, thank you for your answer! The community would appreciate if you would provide more context to your answer -- for example, how exactly python3-openssl package might be related to the problems described in the question, and how it's uninstallation can help with it. Also, while it's clear from the question that the author uses Windows environment, so your answer is probably not helpful to them, I appreciate it can be useful to Linux users (whom distributives are APT-based), if it would be more elaborate in explaining what the issue is and why it can be addressed this way. – Raney 6/2, 2023 at 21:41

This does work to fix the broken package situation where pip commands give the original error. – Subtonic 6/3, 2023 at 17:26

this did help resolve the error, but as @Raney suggested, whats the reason behind this? how does uninstalling python3-openssl get around this issue? – Amicable 5/5, 2023 at 15:39

It solved the issue but how? – Therefor 27/12, 2023 at 16:40

The most clean solution, I think – Vinitavinn 22/2 at 3:54

On my Ubuntu 20.04.5 (Focal Fossa), I managed to solve the error:

CB_ISSUER_CHECK = _lib.X509_V_FLAG_CB_ISSUER_CHECK\r

by reinstalling the following packages:

apt-get --reinstall install python-apt
apt-get --reinstall install apt-transport-https
apt-get install build-essential libssl-dev libffi-dev python-dev

I do not use pip as I received this error message using Ansible playbook and wasn't able to reach the servers anymore.

Adieu answered 12/10, 2022 at 8:16 Comment(6)

After re-installation I needed to upgrade pyOpenSSL and cryptography as in answer by @Robin Sving and it worked – Pleuro 17/10, 2022 at 20:12

This is more likely for python2 – Maxon 22/12, 2022 at 15:11

python-dev wasn't a package – Piliform 31/12, 2022 at 9:20

This will downgrade from python-is-python3 to python 2. Not a great option. – Quintessence 15/9, 2023 at 21:16

Solved it for me, thanks ! – Voelker 1/2 at 15:14

FWIW This also fixed it for me on Debian 11 after one of my SSL-using packages randomly encountered this. I made the following modifications: 1. Use python3-apt instead of python-apt 2. Use python3-dev instead of python-dev – Talmudist 13/3 at 15:7

For me, earlier answers can't help me as I meet this problem for all pip commands, even pip3 -V. But I solved it by:

Get the URL from https://pypi.org/project/pyOpenSSL/#files if you need the latest version.

wget https://files.pythonhosted.org/packages/00/3f/ea5cfb789dddb327e6d2cf9377c36d9d8607af85530af0e7001165587ae7/pyOpenSSL-22.1.0-py3-none-any.whl

Install pyOpenSSL from the wheel file.

python3 -m easy_install pyOpenSSL-22.1.0-py3-none-any.whl

Thanks module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK'.

Postconsonantal answered 29/10, 2022 at 5:56 Comment(3)

Please try the "sort by" feature of StackOverflow and reconsider the phrasing "above". – Integrator 29/10, 2022 at 6:12

The other solutions' commands didn't resolve the issue, and pip3 --version was also broken with stacktrace output in the same way. I see the "offending" crypto.py at ~/.local/lib/python3.8/site-packages/localstack/utils/crypto.py but didn't think that commenting out a line was a proper solution. This solution seems like the actual fix. – Adytum 8/11, 2022 at 15:0

Interesting trick, however easy_install was not installed on my system :-( – Inaudible 15/11, 2022 at 9:32

I stumbled into this problem this morning trying to install weasyprint after a system update and restart. Commenting out the line containing

X509_V_FLAG_CB_ISSUER_CHECK

in /usr/lib/python3/dist-packages/OpenSSL/crypto.py resulted in a further error

AttributeError: module 'lib' has no attribute 'OpenSSL_add_all_algorithms'

None of the suggested fixes would work for me.

sudo apt remove python3-pip followed by sudo apt install python3-pip
sudo pip install pyopenssl --upgrade
sudo python3 -m easy_install pyOpenSSL-22.0.0-py2.py3-none-any.whl
sudo pip install --force-reinstall "cryptography==38.0.4"

I found this module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK' but it didn't add to anything I already knew. I found this AttributeError: module 'lib' has no attribute 'OpenSSL_add_all_algorithms' but it comes with WARNINGS for people running on desktops and it causing significant system wide issues.

I tried upgrading OpenSSL via easy_install but the wheel could not be found and there was a depreciation warning. Eventually I came back to the comment by @Alexandr who said just remove OpenSSL with rm.

sudo rm -rf /usr/lib/python3/dist-packages/OpenSSL

From here I attempted to reinstall OpenSSL but found it was already statisfied. Maybe an older package was blocking and this was the root of the problem?

sudo pip install pyopenssl
Requirement already satisfied: pyopenssl in /usr/lib/python3/dist-packages (19.0.0)

I then upgraded pip and was able to install WeasyPrint which I hope confirms I have solved this issue.

pip install pip --upgrade
Successfully installed pip-22.3.1

pip install weasyprint
Successfully installed Pyphen-0.13.2 ... weasyprint-57.2 zopfli-0.2.2

Pericynthion answered 12/1, 2023 at 9:17 Comment(0)

The below commands worked for me...

sudo pip3 install pyopenssl

sudo pip3 install pyopenssl --upgrade

Detta answered 9/1, 2023 at 8:16 Comment(1)

Your answer could be improved with additional supporting information. Please edit to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers in the help center. – Lac 9/1, 2023 at 13:20

If you got this error when using pip, try this:

rm -rf <python_path>/site-packages/OpenSSL

The problem will be solved.

Lichee answered 29/7, 2023 at 2:13 Comment(0)

I've tried upgrading pip and installing another version of pyOpenSSL from whl file, but that didn't work. The only thing that helped is removing the entire folder with OpenSSL module like that rm -rf ...python-3.8.10/lib/python3.8/site-packages/OpenSSL and then doing all the thing you need.

Percussion answered 16/11, 2022 at 13:9 Comment(2)

This is what worked for me. I tried all the other answers. – Alsup 11/7, 2023 at 14:40

Out of curiosity, does anyone know why this works? – Downcomer 20/9, 2023 at 0:29

If you have pip completely broken, as @sgdesmet propose in a comment, the only option to resolve this issue is

"Edit the crypto.py file and remove the offending line by commenting it out with a #"

No other solutions work with me.

Palanquin answered 23/10, 2022 at 12:23 Comment(1)

Unfortunately, there are more lines that are broken. Removing the entire package seems to be the best way out. Snake wrangling -- it's a way of life! – Quintessence 15/9, 2023 at 21:17

If you don't have sudo rights the --user option might do the trick:

wget https://bootstrap.pypa.io/get-pip.py && python3 get-pip.py --user
python3 -m pip install pyopenssl --upgrade --user

Hebdomad answered 22/6, 2023 at 10:43 Comment(0)

I got the same issue using Certbot, the right version was not the latest, so : pip3 install pyOpenSSL==23.1.1

Blood answered 24/7, 2023 at 10:53 Comment(0)

Thank you for the suggestions. Once I realized the issue was the OpenSSL implementation, I just upgraded it using APT as follows:

apt-get install python3-openssl

This will resolve the issue system-wide as my Python environment is maintained by the distribution.

Silkworm answered 30/11, 2023 at 17:37 Comment(1)

What distribution? A Linux distribution? Which one? – Cal 6/1 at 3:2

I would just remove the package

sudo rm -rf /usr/lib/python3/dist-packages/OpenSSL

Sponson answered 9/3 at 15:41 Comment(0)

To solve it, I resolved by taking the last line that mentions the installation of the OpenSSL library, removing the folder, and installing the previous version:

File "/home/azureuser/.local/lib/python3.8/site-packages/OpenSSL/__init__.py", line 8, in <module>
from OpenSSL import SSL, crypto
File "/home/azureuser/.local/lib/python3.8/site-packages/OpenSSL/SSL.py", line 34, in <module>
from OpenSSL.crypto import (
File "/home/azureuser/.local/lib/python3.8/site-packages/OpenSSL/crypto.py"

$ sudo rm -rf /home/azureuser/.local/lib/python3.8/site-packages/OpenSSL

And installing version 22.0.0 which fixes this issue:

$ pip install pyOpenSSL==22.0.0

Galegalea answered 26/3 at 12:13 Comment(0)

If pip / pip3 is completely broken and nothing of the other option work (as described by @DarkSkull), then the line in the crypto.py file that's causing the issue has to be deleted or commented out.

Here's an automated way of doing it:

python_openssl_crypto_file="/usr/lib/python3/dist-packages/OpenSSL/crypto.py"
search_term="CB_ISSUER_CHECK = _lib.X509_V_FLAG_CB_ISSUER_CHECK"
cb_issuer_check_line_number="$(awk "/$search_term/ {print FNR}" $python_openssl_crypto_file)"
sed -i "${cb_issuer_check_line_number}s/.*/    # $search_term/" $python_openssl_crypto_file

Hoppe answered 12/11, 2022 at 5:18 Comment(2)

Unfortunately, there will be more errors when this one's deleted. You need to remove and/or replace the entire package, because it's a python/ssl version mismatch problem. – Quintessence 15/9, 2023 at 21:18

For me, this code worked. But judging by the number of answers in this thread, there is no one right way to solve this problem. Just take these answers as inspiration and try until you get it to work for you. Eventually you can post another answer here. 😉 – Hoppe 16/9, 2023 at 2:36

Thanks to the answers above I was able to solve the same problem. I use pipenv to manage my environment. The issue arose after upgrading my cryptography module.

The fix (for me):

pipenv update pyOpenSSL

Viradis answered 16/12, 2022 at 0:33 Comment(1)

hell yeah dude, thats awesome – Plenteous 16/12, 2022 at 4:40

For me, issue resolved by changing snowflake-connector-python package version from 2.7.1 to latest version in requirements.txt file of Azure function app.

Bewhiskered answered 13/3, 2023 at 12:0 Comment(0)

The issue in this case was an unneeded OpenSSL installed that made the conflict and broke/block pip. The problem was solved when manual deleting the OpenSSL folder within site-packages folder.

For example, I deleted this folder in venv: venv/bin/python3.8/site-packages/OpenSSL

And fixed the pip issue globally: usr/lib/python3.8/site-packages/OpenSSL

Note: I found that due to this error, pip was broken and could not install or remove. After this solution, I could install new packages and import packages that may install new one.

Stereotropism answered 5/9, 2023 at 8:39 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags