Login/Register
Python referencing old SSL version
Asked Answered
pythonsslopenssldropbox-apinas
S

9

20

I have a Dropbox upload script on an old nas box I have, recently I've been getting the following error

SSL certificate error: [Errno 1] _ssl.c:504: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm

I think this is due to openssl being out of date on the box

So I download openssl, built it from source and installed it, now when I run the following it appears to be updated correctly.

openssl version
OpenSSL 1.0.1h 5 Jun 2014

But it would appear Python is still referencing an old version, how would I update this?

python -c "import ssl; print ssl.OPENSSL_VERSION"
OpenSSL 0.9.7m 23 Feb 2007
Skilful answered 20/6, 2014 at 9:17 Comment(4)
Oh my, 0.9.7... You need to migrate to 0.9.8. 1.0.1 is not binary compatible.Interpellate
You'll need to recompile Python against the newer OpenSSL.Flytrap
@Paul - does Python link statically? I thought it used dynamic linking to OpenSSL. From Modules/Setup.dist: -L$(SSL)/lib -lssl -lcrypto. If its dynamic, he only needs to set LD_PRELOAD, point to the 0.9.8 shared object and then launch Python.Interpellate
Depends on platform, but it can be either. Looking at the implementation underlying ssl.OPENSSL_VERSION it will display the library it loaded if dynamic (not just what it originally linked against), so it's probably worth trying LD_PRELOAD.Flytrap
P
24

Got this working after several days. MAC OS X El Captian or greater

 sudo rm -rf /Library/Frameworks/Python.framework/Versions/2.7
 sudo rm -rf "/Applications/Python 2.7"
 cd /usr/local/bin/
 ls -l /usr/local/bin | grep '../Library/Frameworks/Python.framework/Versions/2.7' | awk '{print $9}' | tr -d @ | xargs rm
 brew uninstall python
 brew uninstall openssl
 brew link --force openssl

Now install python and openssl again using brew. 

 brew install openssl
 brew install python --with-brewed-openssl

Add the following to the PATH in ~/.bash_profile on your MAC

 vi ~/.bash_profile
 export PATH=/usr/local/opt/openssl/bin:/usr/local/opt/python/libexec/bin:$PATH

restart the terminal 

 python --version (verify if it is picking up the right version)
 openssl version -a (verify if it is picking up the right version)
 python -c "import ssl; print ssl.OPENSSL_VERSION"

(note: if you installed Python3, you'll have to update the print syntax in the inline compiler step)

python -c "import ssl; print(ssl.OPENSSL_VERSION)"

should give you the latest version OPEN SSL version

Parrott answered 19/9, 2017 at 19:38 Comment(5)
You just saved my night! hours lost super sorry you lost days but thank you so much for sharing this !!Regret
When installing python it says Warning: python: this formula has no --with-brewed-openssl option so it will be ignored!Ferroconcrete
I will edit the > from your post, because I accidentally deleted the brew file because i copied the > from instruction.Oyez
For me I needed to do brew uninstall --ignore-dependencies python and brew uninstall --ignore-dependencies openssl to ignore dependencies.Arak
I have been trying to fix this for ages. ThanksBaseboard
F
9

2018 on MacOS
I tried with the other answers without success:

  • The --with-brewed-openssl option gives Warning: python: this formula has no --with-brewed-openssl option so it will be ignored!
  • and the command brew link openssl --force gives Warning: Refusing to link: openssl

I got it working with

brew install openssl
brew install python@2

Then 

openssl version

and

python -c "import ssl; print ssl.OPENSSL_VERSION"

gave me the same OpenSSL version.

Ferroconcrete answered 24/3, 2018 at 15:44 Comment(1)
It's 2019, and this came to my rescue. However, I had to upgrade my python2 with: brew upgrade python@2Smokeless
M
6

Please refer to http://rkulla.blogspot.kr/2014/03/the-path-to-homebrew.html.

I got the same issue like you, and so I have searched several answers but it didn't help me.

  1. Updating openssl in python 2.7
  2. Update OpenSSL on OS X with Homebrew
  3. https://apple.stackexchange.com/questions/126830/how-to-upgrade-openssl-in-os-x

After upgrading openssl to 1.0.1j by homebrew on MAC, but system python still referred to old version 0.9.8. It turned out the python referred to openssl. So I have installed new python with brewed openssl and finished this issue on Mac, not yet Ubuntu.

On Mac OS X version 10.10 and system python version 2.7.6, my procedure is as follows.

  1. $ brew update
  2. $ brew install openssl. Then you can see openssl version 1.0.1j.
  3. $ brew link openssl --force
  4. $ brew install python --with-brewed-openssl. You have to install new python with brewed openssl. Then, you can see /usr/local/Cellar/python/2.7.8_2/bin/python.
  5. $ sudo ln -s /usr/local/Cellar/python/2.7.8_2/bin/python /usr/local/bin/python. Of course, /usr/local/* should be owned by $USER, not root, which is told by Ryan, but I used 'sudo'. And, before this instruction, I didn't have /usr/local/bin/python. After this instruction, you can use python version 2.7.8 not 2.7.6.

Finally, you can see as belows;

$ python --version

Python 2.7.8

$ python -c "import ssl; print ssl.OPENSSL_VERSION"

OpenSSL 1.0.1j 15 Oct 2014

Till now, I'm working on it on Ubuntu 12.04. If I have a solution for Ubuntu 12.04, then I will update my answer. I hope this procedure help you.

Modestine answered 1/12, 2014 at 14:3 Comment(0)
M
3

I found I had to change the PATH to use the system (upgraded) SSL:

$ pip install --editable .

Obtaining file:///Users/jhlynch/Projects/flaskr
Collecting flask (from flaskr==0.0.0)
  Could not fetch URL https://pypi.python.org/simple/flask/: There was a problem confirming the ssl certificate: [SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version (_ssl.c:661) - skipping
  Could not find a version that satisfies the requirement flask (from flaskr==0.0.0) (from versions: )
No matching distribution found for flask (from flaskr==0.0.0)

$ python -c "import ssl; print(ssl.OPENSSL_VERSION)"

OpenSSL 0.9.8zh 14 Jan 2016                      <<< note older version


$ echo $PATH
/Library/Frameworks/Python.framework/Versions/2.7/bin:/Library/Frameworks/Python.framework/Versions/3.6/bin:/Users/jhlynch/.nix-profile/bin:/Users/jhlynch/.nix-profile/sbin:/Users/jhlynch/.nix-profile/lib/kde4/libexec:/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/nix/var/nix/profiles/default/lib/kde4/libexec:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin

$ PATH="/usr/local/bin:/usr/local/sbin:${PATH}"

$ export PATH

$ python -c "import ssl; print(ssl.OPENSSL_VERSION)"

OpenSSL 1.0.2o  27 Mar 2018                       <<< note newer version

$ pip install --editable .

Obtaining file:///Users/jhlynch/Projects/flaskr
Collecting flask (from flaskr==0.0.0)
  Downloading https://files.pythonhosted.org/packages/77/32/e3597cb19ffffe724ad4bf0beca4153419918e7fa4ba6a34b04ee4da3371/Flask-0.12.2-py2.py3-none-any.whl (83kB)
...                <<< works this time!
Mungovan answered 22/4, 2018 at 14:43 Comment(0)
A
3

OSX Sierra, Python 3.7, same problem, re-installing/updating Python & OpenSSL did not help with this particular issue (but was useful anyway, I guess).

Basic solution: clean up your $PATH in .bash_profile! I had to manually remove bunch of stale dirs (/Library/Frameworks/Python.framework/Versions/3.4/bin:/Library/Frameworks/Python.framework/Versions/3.6/bin:/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages:/Library/Frameworks/Python.framework/Versions/2.7/bin)

Then run:

brew link --overwrite --dry-run python

If everything looks OK, repeat without --dry-run:

brew link --overwrite python

Result:

Linking /usr/local/Cellar/python/3.7.0... 25 symlinks created
~
$  python3 -c "import ssl; print(ssl.OPENSSL_VERSION)"
OpenSSL 1.0.2p  14 Aug 2018
Alveta answered 22/8, 2018 at 15:28 Comment(0)
L
2

This worked for me.

python -c "import ssl; print ssl.OPENSSL_VERSION"
brew link openssl --force
brew install python --with-brewed-openssl
mv /usr/local/bin/python /usr/local/bin/python_old
sudo ln -s /usr/local/Cellar/python/2.7.11/bin/python /usr/local/bin/python
Loaded answered 16/6, 2016 at 16:59 Comment(0)
F
1

I did all the steps above and still was getting the same problem. I solved my problem adding the following command after all the ones listed on the previous answers:

brew unlink openssl --force --overwrite python && brew link openssl --force --overwrite python

Hope it helps anyone :)

Flapper answered 10/7, 2016 at 20:18 Comment(0)
M
1

I’m running running OSX 10.14.5 Mojave and using pyenv.

The problem I had was that when Homebrew upgraded openssl, Python was left looking for the old version. python -c "import ssl; print(ssl.OPENSSL_VERSION)" gave the error:

Library not loaded: /usr/local/opt/openssl/lib/libssl.1.0.0.dylib

After trying lots of things, the solution turned out to be:

pyenv uninstall 3.6.8
pyenv install 3.6.8

The magic line in the builds logs was:

python-build: use [email protected] from homebrew

Marisolmarissa answered 11/2, 2020 at 14:14 Comment(0)
N
0

Had to modify this answer to work with Homebrew 2.2.4 and python3 on MacOS 10.15.3: 

brew unlink openssl python3 && brew link openssl python3
echo 'export PATH="/usr/local/opt/[email protected]/bin:$PATH"' >> ~/.bash_profile
Norland answered 3/2, 2020 at 2:27 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.