ImportError: No module named _ssl on App Engine since 1.5.0 #191
Comments
|
@dhermes any ideas on this one? Seems like oauth2client now requires openssl instead of it being optional. |
|
I don't see any noticeable changes in |
|
I think it's more that maybe some ``try... import... except` clauses were removed? |
|
None of them were "removed" (that I know of), just made more explicit (with actual code definitions moved into their own modules). From the stack trace it looks like |
|
Arg, thanks! Sorry for assuming it was on |
|
No worries. Cheers. |
|
Here's the commit that, I think, introduced the error by importing |
|
(+@rryk, author of the cited commit) Let's imagine for a moment that I were a boorish project maintainer incapable of grasping nuance: what's the problem being reported here? The ssl module is part of the Python standard library, right? Why would it be a problem that our library uses the language's standard library? |
|
The problem is that the App Engine documentation states that you can use googleapiclient on App Engine ( https://developers.google.com/api-client-library/python/guide/google_app_engine ) and this is no longer true unless you make special, non-intuitive changes to your app.yaml file, in order to work around some code that may or may not work on App engine anyway (as the commit did not take this use case into account). |
|
@nathanielmanistaatgoogle App Engine used a heavily modified version of Python, which does not have ssl included by default. Users have to make a change to their app.yaml to opt-in to ssl. We can document this, but IMO it should remain optional as it was before. |
|
@nabla-c0d3: thank you for your strong and clear response. @jonparrott: elaborate a bit more on your opinion? Aside from gumbling in App Engine's general direction I'm not yet sure what the right thing to do here is. I'm reluctant to take on a special requirement for the library like "must not import ssl" that would be awkward or weird to verify in tests. |
|
@nathanielmanistaatgoogle grumbling in App Engine's direction is deserved, I think. I think we have two options here:
We can grumble at App Engine either way, it's just what we want to do between now and whenever I can convince the runtime team to turn on ssl by default. |
|
A guarded import would wound my pride but I think I might survive. Is there an issue in a public issue tracker about turning on ssl by default to which we might link our TODO? @rryk, any opinion on any of this? |
|
Public issue tracker for App engine is in limbo. I'm part of the runtime team, so I will bring it up in our meeting tomorrow. |
|
Sorry for insisting but I just want to re-iterate something: I don't think the newly introduced code that is using |
|
@nabla-c0d3: are you sure you're not conflating CPython and Cython? They are very different things. I'm not following your point, though - are you saying that the version of the |
|
@nathanielmanistaatgoogle yeah I meant CPython. The The |
|
Hi, I am on vacation and don't have a good internet access or a computer to On Wed, Feb 24, 2016, 14:51 Alban Diquet notifications@github.com wrote:
|
Fix googleapis#191 by adding a guard when importing `ssl`, and replace all direct references to `SSLError` (the sole member of `ssl` being used) with a shim, `_ssl_SSLError`. It is prefixed with a `_` to caution users against relying on the name when importing `googleclient.http`. `httplib2` also takes the same approach (see `ssl_SSLError` in `httplib2/__init__.py`), but instead of using `None` when faking `SSLError`, we provide a 'real' class, so that code can continue to trigger the exception handler for `SSLError` in `googleclient.http` (eg. in tests, `SSLError`'s are raised). If the shim `_ssl_SSLError` were `None`, an exception handler for it would not catch anything, as `None` is not a class and we could never throw anything that could be "compatible" with `None` [1} [1] https://docs.python.org/2/reference/compound_stmts.html#except
Fix googleapis#191 by adding a guard when importing `ssl`, and replace all direct references to `SSLError` (the sole member of `ssl` being used) with a shim, `_ssl_SSLError`. It is prefixed with a '_' to caution users against relying on the name when importing `googleclient.http`. `httplib2` also takes the same approach (see `ssl_SSLError` in `httplib2/__init__.py`), but instead of using `None` when faking `SSLError`, we provide a 'real' class, so that code can continue to trigger the exception handler for `SSLError` in `googleclient.http` (eg. in tests, `SSLError`'s are raised). If the shim `_ssl_SSLError` were `None`, an exception handler for it would not catch anything, as `None` is not a class and we could never throw anything that could be "compatible" with `None` [1] [1] https://docs.python.org/2/reference/compound_stmts.html#except
|
I ran into this issue while on App Engine and saw this issue. Since there appears to be a consensus on import guards, I have created a pull request #220 that guardedly imports (hurhur) |
Fix googleapis#191 by adding a guard when importing `ssl`, and replace all direct references to `SSLError` (the sole member of `ssl` being used) with a shim, `_ssl_SSLError`. It is prefixed with a '_' to caution users against relying on the name when importing `googleclient.http`. `httplib2` also takes the same approach (see `ssl_SSLError` in `httplib2/__init__.py`), but instead of using `None` when faking `SSLError`, we provide a 'real' class, so that code can continue to trigger the exception handler for `SSLError` in `googleclient.http` (eg. in tests, `SSLError`'s are raised). If the shim `_ssl_SSLError` were `None`, an exception handler for it would not catch anything, as `None` is not a class and we could never throw anything that could be "compatible" with `None` [1] [1] https://docs.python.org/2/reference/compound_stmts.html#except
Fix googleapis#191 by adding a guard when importing `ssl`, and replace all direct references to `SSLError` (the sole member of `ssl` being used) with a shim, `_ssl_SSLError`. It is prefixed with a '_' to caution users against relying on the name when importing `googleclient.http`. `httplib2` also takes the same approach (see `ssl_SSLError` in `httplib2/__init__.py`), but instead of using `None` when faking `SSLError`, we provide a 'real' class, so that code can continue to trigger the exception handler for `SSLError` in `googleclient.http` (eg. in tests, `SSLError`'s are raised). If the shim `_ssl_SSLError` were `None`, an exception handler for it would not catch anything, as `None` is not a class and we could never throw anything that could be "compatible" with `None` [1] [1] https://docs.python.org/2/reference/compound_stmts.html#except
Fix googleapis#191 by adding a guard when importing `ssl`, and replace all direct references to `SSLError` (the sole member of `ssl` being used) with a shim, `_ssl_SSLError`. It is prefixed with a '_' to caution users against relying on the name when importing `googleclient.http`. `httplib2` also takes a similar approach (see `ssl_SSLError` in `httplib2/__init__.py`).
Fix googleapis#191 by adding a guard when importing `ssl`, and replace all direct references to `SSLError` (the sole member of `ssl` being used) with a shim, `_ssl_SSLError`. It is prefixed with a '_' to caution users against relying on the name when importing `googleclient.http`. `httplib2` also takes a similar approach (see `ssl_SSLError` in `httplib2/__init__.py`).
AppEngine broke compatibility by introducing an additional ssl dependency (googleapis/google-api-python-client#191)
Check for OpenSSL.crypto when detecting OpenSSL.
yoshi-automation
added
🚨
After updating to 1.5.0, my App running on App Engine stopped working:
The error goes away if I add the ssl module to my app.yaml:
However, googleapiclient worked fine previously without using/importing the ssl module, so I am not sure this is intended.
Thanks,
The text was updated successfully, but these errors were encountered: