ssl broken on Debian (and derivatives), as of python 2.7.8-12 #513

Closed
csillag opened this Issue Nov 20, 2014 · 21 comments

Projects

None yet
@csillag
csillag commented Nov 20, 2014

In v2.7.8-12 of the Debian python suit, which was released 3 days ago, they added a patch, which, according to the changelog, "Allow building and testing without SSLv3 support"

In fact it removes many of the SSLv3-related constants, including ROTOCOL_SSLv3, which make gevent fail with a message similar to this:

  File "<whatever>/h/local/lib/python2.7/site-packages/gevent/ssl.py", line 386, in <module>
    def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None):
NameError: name 'PROTOCOL_SSLv3' is not defined

One could argue that it's not nice for a distribution to haphazardly remove constants that are still there in the upstream version, but these things happen, so... maybe gevent could do something about this?
(Like, maybe, move to 'PROTOCOL_SSLv23' instead?)

@csillag csillag referenced this issue in hypothesis/h Nov 20, 2014
Closed

SSLv3 problem #1704

@csillag
csillag commented Nov 21, 2014

(Like, maybe, move to 'PROTOCOL_SSLv23' instead?)

I mean here and here.

@tilgovi
tilgovi commented Nov 21, 2014

Python itself recently changed the default for this keyword arg: http://bugs.python.org/issue20896
Meanwhile, let the record show that I think Debian is doing a dumb thing by removing a public, documented constant from the standard library in a patch release.

@csillag
csillag commented Nov 21, 2014

Yeah. And the fix they proposed is the same one I am suggesting.
(btw, I think the title of the bug misses the root cause: it's the the upgrade of openssl package, but the upgrade of python package that caused this.)

@denik denik closed this in #517 Dec 9, 2014
@malarinv malarinv referenced this issue in docker-library/python Jan 6, 2015
Closed

PROTOCOL_SSLv3 is not defined error #29

@theY4Kman theY4Kman added a commit to hivelocity/gevent that referenced this issue Jan 19, 2015
@theY4Kman theY4Kman Downstream internal release (fixing #513 -- removal of PROTOCOL_SSLv3…
… from Debian upstream python openssl)
4f4c1ce
@Starefossen

Ok, thanks a lot for fixing this issue, but we need a new version with this fix in. Any ETA on v1.0.2 @denik or @Ivoz?

@csillag
csillag commented Mar 25, 2015

Any ETA on v1.0.2 @denik or @Ivoz?

+1

@bastianl

Any ETA on v1.0.2 @denik or @Ivoz?

+1

@pcdinh
pcdinh commented Apr 3, 2015

@denik It is time for a new release. Lots of people are waiting for it

@AxelVoitier

Yes, please!

This bug is biting anyone using gevent in a docker container using the official image for python, as it uses a debian image as a base...

@aleksandr-vin

I'm too on the waiting list, guys!

@dbrgn
dbrgn commented Apr 28, 2015

+1 here

@pedrudehuere

+1 here

@lmanolov
lmanolov commented May 5, 2015

+1

@telbizov
telbizov commented May 5, 2015

+1 here as well.

Jessie is now the Debian stable release as of a week ago. Just upgraded to it and my gevent based server experiences this problem.

Is there an ETA on releasing this in pip ?

@baljanak
baljanak commented May 6, 2015

+1

@jonblack
jonblack commented May 6, 2015

It drives me nuts all these "me too" posts. I want to know when this is fixed, hence I'm subscribed, but I really don't need to be notified every time someone waves their hands frantically in the air because they want it fixed.

@dbrgn
dbrgn commented May 6, 2015

The "+1" comments show to the maintainer that this is really an issue that affects a lot of people.

If people would use something like Zenhub they could +1 without commenting, thus solving that issue.

@tilgovi
tilgovi commented May 6, 2015

It's maybe worth asking if anyone knows @denik and whether they are okay. It's been five months since the last commit on master and since December that they last had any public activity on GitHub.

Is @denik okay?
Does the project need help from additional maintainers?

@ghost
ghost commented May 6, 2015

Hey,

Agreed, we really need a release to fix these SSL issues, and really need
to know if the project is still maintained and/or need maintainers...

Please revert.

Thanks.

2015-05-06 16:49 GMT+02:00 Randall Leeds notifications@github.com:

It's maybe worth asking if anyone knows @denik https://github.com/denik
and whether they are okay. It's been five months since the last commit on
master and since December that they last had any public activity on GitHub.

Is @denik https://github.com/denik okay?
Does the project need help from additional maintainers?


Reply to this email directly or view it on GitHub
#513 (comment).

@jamadden
Member
jamadden commented May 6, 2015

@tilgovi I exchanged emails with @denik on the subject of additional maintainers yesterday. I don't want to put words in anybody's mouth or quote out of context, though.

@tilgovi
tilgovi commented May 6, 2015

@jamadden that's great to hear. Thank you. I was beginning to be less worried about the project as I was about @denik :).

@dsuch dsuch referenced this issue in zatosource/zato May 12, 2015
Closed

Upgrade to gevent post-1.1 #443

@slamora slamora added a commit to glic3rinu/confine-controller that referenced this issue Jun 11, 2015
@slamora slamora Upgrade to gevent==1.0.2 that drops unsecure SSLv3.
Python 2.7.9 in Debian is built without support for SSLv3. As this
constant is unavailable, previous versions of gevent fail on these
systems.
gevent/gevent#513
334c39d
@slamora slamora added a commit to glic3rinu/confine-controller that referenced this issue Jun 17, 2015
@slamora slamora Upgrade to gevent==1.0.2 that drops unsecure SSLv3.
Python 2.7.9 in Debian is built without support for SSLv3. As this
constant is unavailable, previous versions of gevent fail on these
systems.
gevent/gevent#513
34940e3
@sylvain-garancher sylvain-garancher added a commit to syleam/odoo that referenced this issue Jul 22, 2015
@sylvain-garancher sylvain-garancher [FIX] Upgrade gevent to 1.0.2, that drops unsecure SSLv3
gevent 1.0.1 cannot be built on last Debian versions
gevent/gevent#513
68b5c98
@hannesj hannesj added a commit to hannesj/address_deduper that referenced this issue Oct 13, 2015
@hannesj hannesj Update gevent version to run on debian f016075
@AgDude AgDude added a commit to AgDude/Pi-GPIO-Server that referenced this issue Jan 9, 2016
@AgDude AgDude Update gevent and greenlet
See this gevent issue for details on why:
gevent/gevent#513
acf09d8
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment