AttributeError: 'FFILibrary' object has no attribute 'Cryptography_HAS_SSL_ST'

[lithammer]

Since the release of 16.2.0 we keep running into this AttributeError. Seems like it's related to changes made in #526. Pinning pyOpenSSL to 16.1.0 fixes the issue.

Traceback (most recent call last):
  ...
  File "/usr/lib/convoy/lib/python2.7/site-packages/twisted/protocols/tls.py", line 41, in <module>
    from OpenSSL.SSL import Error, ZeroReturnError, WantReadError
  File "/usr/lib/convoy/lib/python2.7/site-packages/OpenSSL/__init__.py", line 8, in <module>
    from OpenSSL import rand, crypto, SSL
  File "/usr/lib/convoy/lib/python2.7/site-packages/OpenSSL/SSL.py", line 112, in <module>
    if _lib.Cryptography_HAS_SSL_ST:
AttributeError: 'FFILibrary' object has no attribute 'Cryptography_HAS_SSL_ST'

OS: CentOS 6.8
Python: 2.7.12 (comes from https://ius.io if that matters)
OpenSSL: 1.0.1e

[hynek]

I fear we might be requiring a newer cryptography now? Does pip install -U cryptography fix it too?

(if that’s the case and the only instance, we could fix it by simply using getattr() instead + add a test)

[lithammer]

Yes. Upgrading cryptography seems to solve the issue as well. We had pinned cryptography==0.8.2 and cffi==1.3.0. Both had to updated (I guess some newer version of cryptography depends on a more recent version of cffi than 1.3.0).

$ ./env/bin/pip install -U cryptography
...
Installing collected packages: idna, ipaddress, cffi, cryptography
  Found existing installation: ipaddress 1.0.15
    Uninstalling ipaddress-1.0.15:
      Successfully uninstalled ipaddress-1.0.15
  Found existing installation: cffi 1.3.0
    Uninstalling cffi-1.3.0:
      Successfully uninstalled cffi-1.3.0
  Found existing installation: cryptography 0.8.2
    Uninstalling cryptography-0.8.2:
      Successfully uninstalled cryptography-0.8.2
Successfully installed cffi-1.8.3 cryptography-1.5.2 idna-2.1 ipaddress-1.0.17

[hynek]

Now this is very odd, because pyOpenSSL depends on cryptography>=1.3.4. It should have refused to install…

Could re-try using cryptography==1.3.4 if the problem is still fixed? Because then it’s just a packaging FUBAR and not a bug (which is what I suspect at this point).

[reaperhulk]

@hynek we test our minimum version so it's definitely not a bug here. https://github.com/pyca/pyopenssl/blob/master/tox.ini#L12 and https://github.com/pyca/pyopenssl/blob/master/.travis.yml#L50-L61

[lithammer]

This is the trio of pinned dependencies causing this.

$ ./env/bin/pip install cryptography==0.8.2 cffi==1.3.0 service_identity==14.0.0
$ ./env/bin/python -c 'from OpenSSL import SSL'
Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "/Users/peter/Desktop/env/lib/python2.6/site-packages/OpenSSL/__init__.py", line 8, in <module>
    from OpenSSL import rand, crypto, SSL
  File "/Users/peter/Desktop/env/lib/python2.6/site-packages/OpenSSL/SSL.py", line 112, in <module>
    if _lib.Cryptography_HAS_SSL_ST:
AttributeError: 'FFILibrary' object has no attribute 'Cryptography_HAS_SSL_ST'

[john-bixly]

It raises this error.

Traceback (most recent call last): File "/Users/username/.virtualenvs/env/bin/pip", line 7, in <module> from pip import main File "/Users/username/.virtualenvs/env/lib/python2.7/site-packages/pip/__init__.py", line 16, in <module> from pip.vcs import git, mercurial, subversion, bazaar # noqa File "/Users/username/.virtualenvs/env/lib/python2.7/site-packages/pip/vcs/mercurial.py", line 9, in <module> from pip.download import path_to_url File "/Users/username/.virtualenvs/env/lib/python2.7/site-packages/pip/download.py", line 39, in <module> from pip._vendor import requests, six File "/Users/username/.virtualenvs/env/lib/python2.7/site-packages/pip/_vendor/requests/__init__.py", line 53, in <module> from .packages.urllib3.contrib import pyopenssl File "/Users/username/.virtualenvs/env/lib/python2.7/site-packages/pip/_vendor/requests/packages/urllib3/contrib/pyopenssl.py", line 54, in <module> import OpenSSL.SSL File "/Users/username/.virtualenvs/env/lib/python2.7/site-packages/OpenSSL/__init__.py", line 8, in <module> from OpenSSL import rand, crypto, SSL File "/Users/username/.virtualenvs/env/lib/python2.7/site-packages/OpenSSL/SSL.py", line 112, in <module> if _lib.Cryptography_HAS_SSL_ST: AttributeError: 'module' object has no attribute 'Cryptography_HAS_SSL_ST'

after

[example.com] out: Could not find .egg-info directory in install record for cryptography==1.1 (from -r requirements/base.txt (line 3)) [example.com] out: Found existing installation: requests 2.11.1 [example.com] out: Uninstalling requests: [example.com] out: Successfully uninstalled requests [example.com] out: Found existing installation: simple-salesforce 0.72 [example.com] out: Uninstalling simple-salesforce: [example.com] out: Successfully uninstalled simple-salesforce [example.com] out: Running setup.py install for simple-salesforce [example.com] out: [example.com] out: Could not find .egg-info directory in install record for simple-salesforce==0.67.0 (from -r requirements/base.txt (line 28)) [example.com] out: Successfully installed cryptography requests simple-salesforce [example.com] out: Cleaning up...

I didn't do anything except deploying changes to server. Now, I can't perform any pip commands too.

[embedded1]

Got the same problem, I can't use pip anymore:
py", line 8, in
from OpenSSL import rand, crypto, SSL
File "/xxx/lib/python2.7/site-packages/OpenSSL/SSL.py", line 112, in
if _lib.Cryptography_HAS_SSL_ST:
AttributeError: 'FFILibrary' object has no attribute 'Cryptography_HAS_SSL_ST'

Please help this is urgent!

thanks

[embedded1]

Got it solved - I had to comment out those buggy lines, updates all libraries and now everything works

[edwardotis]

Upgrading cryptography fixed it so I could use 16.2.0.
Otherwise, I had to pin at 16.1.0

pip install -U cryptography

Put my at version:
cryptography==1.7.1

[techsurrusr]

When going for pip install -U cryptography I get the following output and a bit stuck how to solve it and open for suggestion how to fix it:

Traceback (most recent call last): File "/usr/bin/pip", line 9, in <module> load_entry_point('pip==1.5.6', 'console_scripts', 'pip')() File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 356, in load_entry_point return get_distribution(dist).load_entry_point(group, name) File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 2476, in load_entry_point return ep.load() File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 2190, in load ['__name__']) File "/usr/lib/python2.7/dist-packages/pip/__init__.py", line 74, in <module> from pip.vcs import git, mercurial, subversion, bazaar # noqa File "/usr/lib/python2.7/dist-packages/pip/vcs/mercurial.py", line 9, in <module> from pip.download import path_to_url File "/usr/lib/python2.7/dist-packages/pip/download.py", line 22, in <module> import requests, six File "/usr/lib/python2.7/dist-packages/requests/__init__.py", line 68, in <module> _attach_namespace(urllib3, 'requests.packages') File "/usr/lib/python2.7/dist-packages/requests/__init__.py", line 63, in _attach_namespace module = __import__(name) File "/usr/lib/python2.7/dist-packages/urllib3/contrib/pyopenssl.py", line 55, in <module> import OpenSSL.SSL File "/usr/local/lib/python2.7/dist-packages/OpenSSL/__init__.py", line 8, in <module> from OpenSSL import rand, crypto, SSL File "/usr/local/lib/python2.7/dist-packages/OpenSSL/SSL.py", line 112, in <module> if _lib.Cryptography_HAS_SSL_ST: AttributeError: 'FFILibrary' object has no attribute 'Cryptography_HAS_SSL_ST'

[reaperhulk]

Looks like you're probably stuck in a loop where the bundled copy of requests in pip is trying to use pyopenssl to make the connection but cryptography is outdated so it fails. Remove pyopenssl first and then try to upgrade cryptography and reinstall pyopenssl

[techsurrusr]

Thanks reaperhulk tried out what you suggested and I got one step closer to get it to working; quickly removing python-openssl and trying out pip install -U cryptography gave another error ImportError: No module named setuptools_ext was fixed by first running pip install --upgrade cffi and then pip install -U cryptography I got the ssl to work again.

[Sleavely]

Summary of what fixes the issue (high fives to both @embedded1 and @khaverblad):

1. Comment out (using #) the whole IF statement in /usr/local/lib/python2.7/site-packages/OpenSSL/SSL.py:112
   (Your path to the broken SSL.py file may vary, but under Debian 8 that's where it ended up for me.)
2. Run pip install -U cffi (Because pip just keeps on giving)
3. Run pip install -U cryptography
4. Uncomment the lines from step 1 (or you'll have a possible security issue with your OpenSSL module)