Unknown OpenSSL error

[chris-wood]

I am having the following problem on El Capitan (OS X). Is anyone else able to reproduce this?

---

Traceback (most recent call last):
  File "XXX.py", line 8, in <module>
    backend = default_backend()
  File "/Library/Python/2.7/site-packages/cryptography/hazmat/backends/__init__.py", line 40, in default_backend
    _default_backend = MultiBackend(_available_backends())
  File "/Library/Python/2.7/site-packages/cryptography/hazmat/backends/__init__.py", line 27, in _available_backends
    "cryptography.backends"
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/pkg_resources.py", line 2108, in load
    entry = __import__(self.module_name, globals(),globals(), ['__name__'])
  File "/Library/Python/2.7/site-packages/cryptography/hazmat/backends/openssl/__init__.py", line 7, in <module>
    from cryptography.hazmat.backends.openssl.backend import backend
  File "/Library/Python/2.7/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 43, in <module>
    from cryptography.hazmat.bindings.openssl import binding
  File "/Library/Python/2.7/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 182, in <module>
    Binding.init_static_locks()
  File "/Library/Python/2.7/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 139, in init_static_locks
    cls._ensure_ffi_initialized()
  File "/Library/Python/2.7/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 134, in _ensure_ffi_initialized
    cls._register_osrandom_engine()
  File "/Library/Python/2.7/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 99, in _register_osrandom_engine
    _openssl_assert(cls.lib, cls.lib.ERR_peek_error() == 0)
  File "/Library/Python/2.7/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 43, in _openssl_assert
    errors

[reaperhulk]

What Python are you using (Python.org?), what OpenSSL, and how did you install cryptography?

[chris-wood]

Astounding response time! Here's the info.

Python 2.7.10
OpenSSL 0.9.8zg 14 July 2015
Installed the library with pip (pip install cryptography)

[reaperhulk]

I'm baffled how you would actually get it to compile against 0.9.8 in El Capitan. What do you see in /usr/include/openssl ?

[reaperhulk]

Oh wait I think I gave you unclear instructions. What happens if you do python -c "from cryptography.hazmat.backends.openssl.backend import backend;print(backend.openssl_version_text())"

[chris-wood]

$  python -c "from cryptography.hazmat.backends.openssl.backend import backend;print(backend.openssl_version_text())"
Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "/Library/Python/2.7/site-packages/cryptography/hazmat/backends/openssl/__init__.py", line 7, in <module>
    from cryptography.hazmat.backends.openssl.backend import backend
  File "/Library/Python/2.7/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 43, in <module>
    from cryptography.hazmat.bindings.openssl import binding
  File "/Library/Python/2.7/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 182, in <module>
    Binding.init_static_locks()
  File "/Library/Python/2.7/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 139, in init_static_locks
    cls._ensure_ffi_initialized()
  File "/Library/Python/2.7/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 134, in _ensure_ffi_initialized
    cls._register_osrandom_engine()
  File "/Library/Python/2.7/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 99, in _register_osrandom_engine
    _openssl_assert(cls.lib, cls.lib.ERR_peek_error() == 0)
  File "/Library/Python/2.7/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 43, in _openssl_assert
    errors
cryptography.exceptions.InternalError: Unknown OpenSSL error. Please file an issue at https://github.com/pyca/cryptography/issues with information on how to reproduce this.

[chris-wood]

But yeah, I was a little shocked too, especially since Apple pulled the OpenSSL headers with this distribution.

[reaperhulk]

Well at least it's consistent. Could you wrap that in a catch block and then tell me what's in the exception? There should be an attribute on it called "errors" which will contain more information.

On Nov 5, 2015, at 3:12 PM, Christopher Wood notifications@github.com wrote:

$ python -c "from cryptography.hazmat.backends.openssl.backend import backend;print(backend.openssl_version_text())"
Traceback (most recent call last):
File "", line 1, in
File "/Library/Python/2.7/site-packages/cryptography/hazmat/backends/openssl/init.py", line 7, in
from cryptography.hazmat.backends.openssl.backend import backend
File "/Library/Python/2.7/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 43, in
from cryptography.hazmat.bindings.openssl import binding
File "/Library/Python/2.7/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 182, in
Binding.init_static_locks()
File "/Library/Python/2.7/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 139, in init_static_locks
cls._ensure_ffi_initialized()
File "/Library/Python/2.7/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 134, in _ensure_ffi_initialized
cls._register_osrandom_engine()
File "/Library/Python/2.7/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 99, in _register_osrandom_engine
_openssl_assert(cls.lib, cls.lib.ERR_peek_error() == 0)
File "/Library/Python/2.7/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 43, in _openssl_assert
errors
cryptography.exceptions.InternalError: Unknown OpenSSL error. Please file an issue at https://github.com/pyca/cryptography/issues with information on how to reproduce this.

—
Reply to this email directly or view it on GitHub.

[chris-wood]

Sure thing, one sec.

[reaperhulk]

Yeah you're probably using our wheel, which is compiled statically against 1.0.2d. openssl on the command line continues to be apple's legacy version. why it's not working though...

[chris-wood]

I just caught and printed the exception dictionary. Here it is.

{'err_code': [_OpenSSLError(code=621174887L, lib=37, func=102, reason=103), _OpenSSLError(code=621215847L, lib=37, func=112, reason=103)]}

[reaperhulk]

Perfect, thanks. I can take a look at this once I get back to a computer.

[chris-wood]

I'll look into the OpenSSL error in the mean time. Thanks!

[reaperhulk]

Okay, the error you're getting is ENGINE_R_CONFLICTING_ENGINE_ID, which is expected and handled in some places, but not at the call site we're seeing here. I'm kind of baffled how you're managing to cause this with just the python -c "from cryptography.hazmat.backends.openssl.backend import backend;print(backend.openssl_version_text())" call. Any ideas @alex?

[alex]

Weird. This is pretty vague, but have you ever installed anything else that's OpenSSL related? Other libraries that use it, custom engines, anything like that?

[chris-wood]

Nope.

[grhaonan]

hello guys:
I met almost the same issue when scrapy is run on my Mac:

➜  ~  scrapy
Traceback (most recent call last):
  File "/usr/local/bin/scrapy", line 7, in <module>
    from scrapy.cmdline import execute
  File "/Library/Python/2.7/site-packages/scrapy/__init__.py", line 48, in <module>
    from scrapy.spiders import Spider
  File "/Library/Python/2.7/site-packages/scrapy/spiders/__init__.py", line 10, in <module>
    from scrapy.http import Request
  File "/Library/Python/2.7/site-packages/scrapy/http/__init__.py", line 15, in <module>
    from scrapy.http.response.html import HtmlResponse
  File "/Library/Python/2.7/site-packages/scrapy/http/response/html.py", line 8, in <module>
    from scrapy.http.response.text import TextResponse
  File "/Library/Python/2.7/site-packages/scrapy/http/response/text.py", line 13, in <module>
    from scrapy.utils.response import get_base_url
  File "/Library/Python/2.7/site-packages/scrapy/utils/response.py", line 12, in <module>
    from twisted.web import http
  File "/Library/Python/2.7/site-packages/twisted/web/http.py", line 92, in <module>
    from twisted.internet import interfaces, reactor, protocol, address
  File "/Library/Python/2.7/site-packages/twisted/internet/reactor.py", line 38, in <module>
    from twisted.internet import default
  File "/Library/Python/2.7/site-packages/twisted/internet/default.py", line 56, in <module>
    install = _getInstallFunction(platform)
  File "/Library/Python/2.7/site-packages/twisted/internet/default.py", line 50, in _getInstallFunction
    from twisted.internet.selectreactor import install
  File "/Library/Python/2.7/site-packages/twisted/internet/selectreactor.py", line 18, in <module>
    from twisted.internet import posixbase
  File "/Library/Python/2.7/site-packages/twisted/internet/posixbase.py", line 18, in <module>
    from twisted.internet import error, udp, tcp
  File "/Library/Python/2.7/site-packages/twisted/internet/tcp.py", line 29, in <module>
    from twisted.internet._newtls import (
  File "/Library/Python/2.7/site-packages/twisted/internet/_newtls.py", line 21, in <module>
    from twisted.protocols.tls import TLSMemoryBIOFactory, TLSMemoryBIOProtocol
  File "/Library/Python/2.7/site-packages/twisted/protocols/tls.py", line 41, in <module>
    from OpenSSL.SSL import Error, ZeroReturnError, WantReadError
  File "/Library/Python/2.7/site-packages/OpenSSL/__init__.py", line 8, in <module>
    from OpenSSL import rand, crypto, SSL
  File "/Library/Python/2.7/site-packages/OpenSSL/rand.py", line 11, in <module>
    from OpenSSL._util import (
  File "/Library/Python/2.7/site-packages/OpenSSL/_util.py", line 6, in <module>
    from cryptography.hazmat.bindings.openssl.binding import Binding
  File "/Library/Python/2.7/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 182, in <module>
    Binding.init_static_locks()
  File "/Library/Python/2.7/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 139, in init_static_locks
    cls._ensure_ffi_initialized()
  File "/Library/Python/2.7/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 134, in _ensure_ffi_initialized
    cls._register_osrandom_engine()
  File "/Library/Python/2.7/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 99, in _register_osrandom_engine
    _openssl_assert(cls.lib, cls.lib.ERR_peek_error() == 0)
  File "/Library/Python/2.7/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 43, in _openssl_assert
    errors
cryptography.exceptions.InternalError: Unknown OpenSSL error. Please file an issue at https://github.com/pyca/cryptography/issues with information on how to reproduce this.

---

Mac Os: 10.11 OS X EI Capitan

openssl version
OpenSSL 0.9.8zg 14 July 2015

python version:
Python 2.7.10

[grhaonan]

Any hints ? :>

[reaperhulk]

We're getting a reasonable number of these reports, but we don't have a good solution as of yet (partially because we haven't been able to replicate it ourselves). :(

[grhaonan]

The problem is solved by uninstall the 1.1 cryptography and install 1.0.2 version

[reaperhulk]

@chris-wood do you have this problem if you pip install cryptography==1.0.2 ? Trying to isolate this a bit more...

[glyph]

@chris-wood This is a bit of a hail-mary, but if you look at your shell environment, you wouldn't happen to have PYTHONOPTIMIZE set to something, would you?

[glyph]

Ah, never mind, I was looking at the wrong diff; PYTHONOPTIMIZE is irrelevant here.

[glyph]

@chris-wood more relevant though - @reaperhulk originally asked you:

What Python are you using (Python.org?)

and you replied:

Python 2.7.10

However (although useful information) this is not really what he was asking. The question is: where did you get your Python from? Your traceback, which includes a file in /System, implies that you're using the Python built into the platform (the one in /usr/bin/python) but it's also possible that you got a Python downloaded in a .pkg installer from python.org, or you installed one from Homebrew, or you installed one from pyenv, or any one of a number of different places, all of which may be built with different options.

[glyph]

I believe this command line will tell you if you've got a cryptography dynamically linked against an OpenSSL without actually attempting to load it, which may be helpful for discovering its version:

otool -L "$(python -c "from cryptography.hazmat import bindings; print(bindings.__path__[0])")"/*.so

[chris-wood]

@reaperhulk That worked! 👍

@glyph Ah, I thought he was asking for the version. I am using the system-provided version. It's not relevant anymore though. Paul's fix did the trick.

[reaperhulk]

My "fix" is a downgrade to an older version though so we still need to solve the problem. I may have a PR for you to try today or tomorrow, although I still don't understand how this bug is occurring...

[ernests]

Had the same problem with scrapy as @grhaonan. Couldn't do anything with pip (show, uninstall). Removed manually and did pip install cryptography==1.0.2 and it worked!

OSX El Capitan
pyOpenSSL 0.15.1
OpenSSL 1.0.2d 9 Jul 2015
Python 2.7.10

[glyph]

@ernests @chris-wood @grhaonan - how did all of you install cryptography? sudo pip install, or something else?

[chris-wood]

Yeah—sudo pip install cryptography.

On November 16, 2015 at 4:31:29 PM, Glyph (notifications@github.com) wrote:

@ernests @chris-wood @grhaonan - how did all of you install cryptography? sudo pip install, or something else?

---

Reply to this email directly or view it on GitHub:
#2468 (comment)

[reaperhulk]

We're pretty close to understanding this now.

When cryptography is imported it attempts to initialize the OpenSSL library with a number of calls, including SSL_library_init. This call causes a call to dlopen which loads zlib (for compression support). On OS X 10.11 there is a new feature called System Integrity Protection (SIP) which prevents this dlopen call from succeeding in certain cases. The following scenarios can occur:

• With SIP enabled, a user installs cryptography outside of a virtualenv with system Python and imports it -- Failure (dlopen error)
• With SIP disabled, a user installs cryptography outside of a virtualenv with system Python and imports it -- Success
• With SIP enabled, a user installs cryptography inside a virtualenv using system Python and imports it -- Success (virtualenv does some magic with how it invokes Python that appears to bypass this problem)
• With SIP disabled, a user installs cryptography inside a virtualenv using system Python and imports it -- Success

Disabling SIP is a terrible solution (DO NOT DO THAT!), but fortunately the dlopen in question is occurring because we haven't compiled our OpenSSL with no-comp (to disable compression). We really should. In testing we rebuilt OpenSSL with no-comp, built a new wheel, and it resolved the problem.

We'd still like to fully understand what SIP is doing here, so this fix won't make it into a new release immediately, but you can expect a 1.1.1 in the near future.

[dmwelch]

I'm having the same issue and downgrading to 1.0.2 solved it for me.

El Capitan 10.11.1
OpenSSL 1.0.2d_1
python 2.7.10

[reaperhulk]

This is now resolved in 1.1.1. @chris-wood would you mind confirming? I've verified the fix (which actually has nothing to do with the code changes and everything to do with the way we compiled the wheel) in a VM, but more verification is never bad. I am going to close this as fixed for now though!

[glyph]

@reaperhulk - so, I get that building with no-comp fixes the issue, and that should probably be done anyway, but did you ever figure out (A) why it was trying to dlopen zlib rather than just, like, linking against it, and (B) why it failed so spectacularly? It seems like other compilation options might cause similar misbehavior.

[reaperhulk]

it's built with dynamic-zlib which makes it go down this code path: https://github.com/openssl/openssl/blob/55646005a9ce3c85e394c6afae5f6ed6045494c6/crypto/comp/c_zlib.c#L262

Why SIP denies dlopen when using a binary like /usr/bin/python is still an open question. I'd very much like to know the answer, but I don't know how to continue to investigate this. Apple has no documentation on what's going on here that I can find and I don't know of a forum where this sort of question wouldn't be met with "what are you talking about?".

[chris-wood]

@reaperhulk All set! Thanks for the fix.

[et304383]

I'm encountering the same issue even on 1.1.1 cryptography on Amazon EC2:

mod_wsgi (pid=32489): Target WSGI script '/var/builds/my_application/current/webroot/index.wsgi' cannot be loaded as Python module.
mod_wsgi (pid=32489): Exception occurred processing WSGI script '/var/builds/my_application/current/webroot/index.wsgi'.
Traceback (most recent call last):
  File "/var/builds/my_application/current/webroot/index.wsgi", line 3, in <module>
    from index import app as application
  File "/var/builds/my_application/releases/31/code/index.py", line 5, in <module>
    import requests
  File "/usr/local/lib/python2.7/site-packages/requests/__init__.py", line 53, in <module>
    from .packages.urllib3.contrib import pyopenssl
  File "/usr/local/lib/python2.7/site-packages/requests/packages/urllib3/contrib/pyopenssl.py", line 53, in <module>
    import OpenSSL.SSL
  File "/usr/local/lib/python2.7/site-packages/OpenSSL/__init__.py", line 8, in <module>
    from OpenSSL import rand, crypto, SSL
  File "/usr/local/lib/python2.7/site-packages/OpenSSL/rand.py", line 11, in <module>
    from OpenSSL._util import (
  File "/usr/local/lib/python2.7/site-packages/OpenSSL/_util.py", line 6, in <module>
    from cryptography.hazmat.bindings.openssl.binding import Binding
  File "/usr/local/lib64/python2.7/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 182, in <module>
    Binding.init_static_locks()
  File "/usr/local/lib64/python2.7/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 139, in init_static_locks
    cls._ensure_ffi_initialized()
  File "/usr/local/lib64/python2.7/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 134, in _ensure_ffi_initialized
    cls._register_osrandom_engine()
  File "/usr/local/lib64/python2.7/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 99, in _register_osrandom_engine
    _openssl_assert(cls.lib, cls.lib.ERR_peek_error() == 0)
  File "/usr/local/lib64/python2.7/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 43, in _openssl_assert
    errors
InternalError: Unknown OpenSSL error. Please file an issue at https://github.com/pyca/cryptography/issues with information on how to reproduce this. ([_OpenSSLError(code=151441516L, lib=9, func=109, reason=108), _OpenSSLError(code=151441516L, lib=9, func=109, reason=108)])

Other output from commands in this thread:

# python -c "from cryptography.hazmat.backends.openssl.backend import backend;print(backend.openssl_version_text())"
OpenSSL 1.0.1k-fips 8 Jan 2015

# pip list
aws-cfn-bootstrap (1.4)
awscli (1.9.11)
awscli-cwlogs (1.3.0)
Babel (0.9.4)
backports.ssl-match-hostname (3.4.0.2)
boto (2.38.0)
boto3 (1.2.2)
botocore (1.3.11)
cffi (1.3.1)
chardet (2.0.1)
cloud-init (0.7.6)
colorama (0.3.3)
configobj (4.7.2)
cryptography (1.1.1)
docutils (0.12)
ecdsa (0.11)
enum34 (1.1.1)
Flask (0.10.1)
futures (2.2.0)
idna (2.0)
iniparse (0.3.1)
ipaddress (1.0.15)
itsdangerous (0.24)
Jinja2 (2.8)
jmespath (0.9.0)
jsonpatch (1.2)
jsonpointer (1.0)
kitchen (1.1.1)
lockfile (0.8)
MarkupSafe (0.23)
ndg-httpsclient (0.4.0)
paramiko (1.15.1)
PIL (1.1.6)
pip (6.1.1)
ply (3.4)
pyasn1 (0.1.9)
pycparser (2.14)
pycrypto (2.6.1)
pycurl (7.19.0)
pygpgme (0.3)
pyliblzma (0.5.3)
pyOpenSSL (0.15.1)
pystache (0.5.3)
python-daemon (1.5.2)
python-dateutil (2.4.2)
pyxattr (0.5.0)
PyYAML (3.10)
requests (2.8.1)
rsa (3.2.3)
setuptools (18.7.1)
simplejson (3.6.5)
six (1.10.0)
urlgrabber (3.9.1)
urllib3 (1.8.2)
virtualenv (12.0.7)
Werkzeug (0.11.2)
yum-metadata-parser (1.1.4)

Downgrading to 1.0.2 did not resolve the issue for me.

However, as I write this, I began testing my API calls multiple times (I'm running a Flask API behind WSGI under httpd) and I'm getting random success and failure. I might get ten success in a row followed by 2 failures or I might get a few failures and a few success. I realize this is likely the hardest type of issue to solve - it's like bringing your car in for service and it won't act up for the mechanic.

[reaperhulk]

@eric-tucker if you're running this using mod_wsgi please try setting WSGIApplicationGroup %{GLOBAL} in your config.

[et304383]

Hi @reaperhulk . This setting did not help. Still seeing random success/failures.

[reaperhulk]

Huh, odd... This is almost certainly some type of threading/subinterpreter race condition, but without a way to reproduce it we're going to have a lot of difficulty tracking it down. What happens if you edit /usr/local/lib64/python2.7/site-packages/cryptography/hazmat/bindings/openssl/binding.py to add cls.lib.ERR_clear_error() above line 99? (This is not a good solution but I'm curious if you're seeing races anywhere other than during library init)

[et304383]

HI @reaperhulk. Unfortunately I don't have time to start debugging to this level. Our project is due too soon. I've reverted to running my API in AWS Lambda behind API Gateway. I may come back to this some day, but not anytime soon I imagine. Thanks though.

[dikonoor]

reaperhulk,

I use python2-cryptography version 1.3.1 with Apache httpd (mod_wsgi) on RHEL 7.* and I get this error whenever I restart httpd . I followed your suggestion (#2471) to replace /usr/lib64/python2.7/site-packages/cryptography/hazmat/bindings/openssl/bindings.py (below line) after which I cannot reproduce the error. If I revert the change, the problem can be reproduced.

_openssl_assert(cls.lib, cls.lib.ERR_peek_error() == 0)

with

cls.lib.ERR_clear_error()?

I see multiple bugs opened along this line. but I am not able to figure out if a fix for this problem is available in any of the latest versions. Please let me know.

[asraro]

I am getting the same error. Here's my trace.

"Traceback (most recent call last):" , "referer" : },
" File "./views.py", line 147, in _get_data_json" , "referer" : },
" key = paramiko.RSAKey.from_private_key_file('../.ssh/id_rsa_lbxweb')" , "referer" : },
" File "./python3.6/site-packages/paramiko/pkey.py", line 205, in from_private_key_file" , "referer" : },
" key = cls(filename=filename, password=password)" , "referer" : },
" File "./python3.6/site-packages/paramiko/rsakey.py", line 47, in init" , "referer" : },
" self._from_private_key_file(filename, password)" , "referer" : },
" File "./python3.6/site-packages/paramiko/rsakey.py", line 173, in _from_private_key_file" , "referer" : },
" self._decode_key(data)" , "referer" : },
" File "./python3.6/site-packages/paramiko/rsakey.py", line 182, in _decode_key" , "referer" : },
" data, password=None, backend=default_backend()" , "referer" : },
" File "./python3.6/site-packages/cryptography/hazmat/primitives/serialization.py", line 32, in load_der_private_key" , "referer" : },
" return backend.load_der_private_key(data, password)" , "referer" : },
" File "./python3.6/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1053, in load_der_private_key" , "referer" : },
" return self._evp_pkey_to_private_key(key)" , "referer" : },
" File "./python3.6/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 478, in _evp_pkey_to_private_key" , "referer" : },
" return _RSAPrivateKey(self, rsa_cdata, evp_pkey)" , "referer" : },
" File "./python3.6/site-packages/cryptography/hazmat/backends/openssl/rsa.py", line 376, in init" , "referer" : },
" self._backend.openssl_assert(n[0] != self._backend._ffi.NULL)" , "referer" : },
" File "./python3.6/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 111, in openssl_assert" , "referer" : },
" return binding._openssl_assert(self._lib, ok)" , "referer" : },
" File "./python3.6/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 75, in _openssl_assert" , "referer" : },
" errors_with_text" , "referer" : },
"cryptography.exceptions.InternalError: Unknown OpenSSL error. This error is commonly encountered when another library is not cleaning up the OpenSSL error stack. If you are using cryptography with another library that uses OpenSSL try disabling it before reporting a bug. Otherwise please file an issue at https://github.com/pyca/cryptography/issues with information on how to reproduce this. ([])" , "referer" : },

Using Python 3.6.2
cryptography==2.0.3

[yypeng1992]

I also get the same exception.

[yypeng1992]

But I have no right to paste trace log here.