problem with Python 2.7.9 and OpenSSL 1.0.2 #38226
Comments
Does it fix anything if downstream upgrade their version of |
a better related issue link here: docker/compose#890 it seems both docker-py and docker-compose pin their |
@tdsmith is the magician of all things Python, but as far as I know, since upgrading to Requests 2.6.0 we haven't had any reports of OpenSSL breakage against it - If that indeed proves to be the problem here. M2Crypto has some known failures, but downstream doesn't seem to depend on that at all. |
The idea that packages required for SNI are missing sounds true to me: docker/docker-py#465 (comment)
Thanks for filing against Homebrew. It sucks that this was a (our?) problem for two months and nobody's told us. Can you give me instructions for reproducing, starting just after a fresh install of OS X on a new machine? I don't know how to use anything in the Docker ecosystem. |
Though people are saying that the Homebrew formula just works, probably because it's using system Python and system OpenSSL, so if installing the extra packages requests needs for SNI works (in a venv, say), it's probably a case of docker underspeccing the install-requires packages: docker/compose#890 (comment) |
I believe my problem started when I upgraded to Py 2.7.9 via Homebrew I already had fig (now called docker-compose) install via pip in a virtualenv After the Python upgrade this stopped working. I think I deleted and recreated my virtualenv using the new Python, but didn't help. I was able to make docker-compose work by removing it from my virtualenv and installing via Homebrew, though I still had problems with some tools which used docker-py. Disabling TLS in my boot2docker vm got things working again, but just as a workaround I guess. |
Can you give me a quick bulleted instruction list on how to set up boot2docker and whatever else I need to do in order to see this breaking? |
with brew python 2.7.9 and OpenSSL 1.0.2 installed, in a test directory create the following file as test:
image: ubuntu then: $ brew install boot2docker
$ boot2docker init
$ boot2docker up
$ $(boot2docker shellinit)
$ mkvirtualenv docker
(docker)$ pip install docker-compose
(docker)$ docker-compose up
SSL error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581) and (docker)$ pip uninstall docker-compose
(docker)$ deactivate
$ brew install docker-compose
$ workon docker
(docker)$ docker-compose up
Recreating docker_test_1...
Attaching to docker_test_1
docker_test_1 exited with code 0
Gracefully stopping... (press Ctrl+C again to force) |
Any progress on this? It's pretty easy to reproduce, and the instructions @anentropic posted appear to be good enough to do it. |
I just did a |
I had a failure in |
The above is unrelated by the looks of it. I suspect that may be a |
I believe this issue is very related to this persistent pain in my butt: GoogleCloudPlatform/gcloud#25 Unfortunately I don't have detailed notes but last time this hit me I traced it down to SSL connection issues (I can't remember if requests was involved) |
I had an xcode command line tools update that I needed to apply, and then the |
Confirmed that updating xcode and reinstalling python and openssl from brew has fixed this for me. Has anyone tried the hint given during openssl brew install of running: /usr/local/opt/openssl/bin/c_rehash |
I was not able to have this work reinstalling openssl, python, and running the |
It worked for me on fully updated MacOSX 10.10 and Xcode, which version of MacOSX are you on? |
The machine I ran it on was fully updated (Xcode) 10.10.2. I'm going to carve out some time today to try this out on my machine which is 10.10.4 (public beta) fully updated as well as try the possible solution listed in tethysplatform/tethys#63 I'll report back later |
I'm also investigating this over on docker/compose#890. Relevant debug info (would be good to know your output for this, @dcousineau and @TimJDFletcher):
|
Also, forcing an older OpenSSL doesn't work for me - it causes Python to error out on
|
@aanand at the moment my winner on OSX (10.10.3) is to roll back to native python. It's fresh enough for dev and there are no issues with SSL.
|
@munhitsu that's what I'm having to do currently. |
I get this version from python: dhcp-1-122:~ tim$ python -V dhcp-1-122:~ tim$ python -c 'import ssl; print ssl.OPENSSL_VERSION' |
After looking at this I do not expect that this is a Homebrew bug or that it can or should be fixed in Homebrew, so I'm closing this ticket. Please open a new ticket for any issues that do not involve receiving a |
The workaround I recommend is running |
Do you mean just run it in the command line? Or it should be something more intelligent. Regards, |
That is no longer necessary and I do not recommend it; you will not experience this issue with an up-to-date version of boot2docker or if you use docker-machine. |
I have tried several variants:
docker-machine has the latest version Would you recommend some special variant of the installation? |
I have no idea what problem you're experiencing, sorry. I think the root cause must be different. |
There seems to be a problem between Python 2.7.9, OpenSSL 1.0.2 installed via Homebrew
Some details here:
docker/docker-py#465
I don't know what the underlying problem is but it looks like it might be something that could be solved in Homebrew
The text was updated successfully, but these errors were encountered: