Skip to content

Upgrade SSL

SickGear edited this page Mar 6, 2021 · 6 revisions
Clone this wiki locally

SickGear Wiki: Home | Reporting Issues | Frequently Answered Questions | Install Guides

SickGear Upgrade ... SSL

The following documentation was relevant in 2017, but the security landscape has changed a lot since. In 2019, OpenSSL on most setups is fine, therefore, the following is left here for history. To be clear, you can ignore everything below.

Some users experience SSL connection errors that contain the following text: error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error...


Cause

  • Your installed OpenSSL version is less than 1.0.1

To check version numbers, on the command line run...

python -c "import ssl;import OpenSSL;print ssl.OPENSSL_VERSION;print 'pyOpenSSL ' + OpenSSL.__version__"

Ideally, you want to see something equal or better than ...

OpenSSL 1.0.2a 19 Mar 2015
pyOpenSSL 0.15.1

Or, for example on ubuntu 14.04 LTS

~$ dpkg -p openssl | grep Version
$ openssl version

to yield something better than,

Version: 1.0.1f-1ubuntu2.17  
OpenSSL 1.0.1f 6 Jan 2014  

Solutions

Hopefully, one of the following solutions will work for you, otherwise it's search engine time. Architecture and system dependant files are fulfilled by the following solutions...

Windows x64 (should work for x86 too)

Prerequisites: For our needs, verson 2.7.9 is bundled with OpenSSL version 1.0.1j, so download Python 2.7.9 or newer.

Skip to fresh installation* if Python is not installed. Otherwise, create a fresh base to install into by listing existing python modules for future reference and taking a backup... that is, exit anything that uses the existing Python installation, then at a command prompt, type...

  • md c:\py27inf && cd c:\py27inf
  • pip list >piplist.txt && type piplist.txt saving list of existing python modules1
  • move c:\python27 c:\python27_orig creating space for the new install

fresh installation*

  • With all options enabled, install Python
  • Verify the base Python installation, open a new command prompt and type...
    • python -V to verify that Python 2.7.9 is output
    • pip list to see current installed modules

A fresh install will typically list...

    pip (1.5.6)
    pypm (1.4.3)
    pythonselect (1.3)
    pywin32 (218.3)
    setuptools (5.2)
    virtualenv (1.11.6)
    wsgiref (0.1.2)
  • Install then verify some modules2...
    • pip install --upgrade pyopenssl
    • easy_install ndg-httpsclient
    • easy_install cheetah
    • pip list

With the added modules, expect a list similar to the following...

    cffi (1.0.1)  (as of 31.Jul.2015, version 1.1.2)
    cheetah (3.0.0)
    cryptography (0.9)  (as of 31.Jul.2015, version 0.9.3)
    enum34 (1.0.4)
    idna (2.0)
    ipaddress (1.0.7)  (as of 31.Jul.2015, version 1.0.14)
    markdown (2.6.2)
    ndg-httpsclient (0.4.0)
    pip (1.5.6)  (as of 31.Jul.2015, version 7.1.0)
    pyasn1 (0.1.7)  (as of 31.Jul.2015, version 0.1.8)
    pycparser (2.13)  (as of 31.Jul.2015, version 2.14)
    pyOpenSSL (0.15.1)
    pypm (1.4.3)
    pythonselect (1.3)
    pywin32 (218.3)
    setuptools (16.0)  (as of 31.Jul.2015, version 18.0.1)
    six (1.9.0)
    virtualenv (1.11.6)  (as of 31.Jul.2015, version 13.1.0)
    wsgiref (0.1.2)

That's all there is to it. You are now using Python 2.7.9 with no more SSL errors. You can reference the piplist.txt1 file to re-install2 any required modules into this new install.


Others (adapted from an original text)

Check you have OpenSSL 1.0.1 with # openssl version and upgrade if required.

Choose one of the following solutions... 1 Downgrade pyOpenSSL, 2 install missing modules, 3 upgrade or 4 install fresh Python.

1. Downgrade pyOpenSSL (Perhaps the easiest solution for platforms with apt)
# sudo apt-get install --reinstall build-essential python-pip python-dev libssl-dev libffi-dev
# sudo pip2.7 install -U setuptools pip pyasn1 ndg-httpsclient pyopenssl==0.13.1
2. Install the Python cryptography module (warn: not compatible on all platforms)

The following should build and install all packages needed to use pyOpenSSL:

# sudo apt-get install build-essential python-pip python-dev libffi-dev libssl-dev
# wget https://bitbucket.org/pypa/setuptools/raw/bootstrap/ez_setup.py -O - | sudo python2
# sudo pip install -U cryptography ndg-httpsclient pyopenssl
3. Upgrade Python to 2.7.9
4. Installing a fresh python through pyenv (Thanks to Zanaga)

Pyenv is a tool to install and manage side by side python installations. It's generally used for development, but can be used for production environments as well.

Installing pyenv is simple, we can use the installer. The installer installs pyenv to ~/.pyenv along with tools to build various python versions.

# curl -L https://raw.githubusercontent.com/yyuu/pyenv-installer/master/bin/pyenv-installer | bash

Follow the instructions given by the installer on how to enable the pyenv command.

You will also need the common build tools for python environments, more details here

Install a python environment by running: # pyenv install 2.7.18

After that you can select a python version to run by going to the sickgear installation directory and running

# pyenv local 2.7.18
# pip install -r requirements.txt

The latter command is used to install all the dependencies. Since pyenv installs a separate installation of python, your system modules are unavailable inside the pyenv python installation.

If you wish to run sickgear as a daemon, you need to set the python binary to point to the python shim, and it will automatically pick the right python to run (based on the local selection). The shim path is in the .pyenv directory, e.g: /home/sickgear/.pyenv/shims/python


Notes

  • The wget line is for distros that do not have setuptools available
  • If you have problems with the wget command, try the following instead:
# curl http://bitbucket.org/pypa/setuptools/raw/bootstrap/ez_setup.py -O -L
# sudo python2 ez_setup.py
  • urllib3 does not run using pyopenssl unless ndg-httpsclient, pyasn1, and pyopenssl modules are installed, it does run with the standard ssl built into python

Ubuntu

With Ubuntu 14.04 to get Python 2.7.18 PPA

sudo add-apt-repository ppa:fkrull/deadsnakes-python2.7
sudo apt-get update
sudo apt-get install python2.7

QNAP

# curl https://bootstrap.pypa.io/get-pip.py -L -k | python2.7
# ipkg install openssl-dev
# pip2.7 install -U setuptools pip pyopenssl==0.13.1

References

Apart from the Windows (JD) and "Installing a fresh python" sections (ressu), this document is adapted from original text by D Gibson.