Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tests fail after openssl: 3.0.9 -> 3.0.10 #75

Closed
vcunat opened this issue Aug 7, 2023 · 11 comments
Closed

Tests fail after openssl: 3.0.9 -> 3.0.10 #75

vcunat opened this issue Aug 7, 2023 · 11 comments

Comments

@vcunat
Copy link

vcunat commented Aug 7, 2023

Busted parsing when more digits appeared, most likely.

==================================== ERRORS ====================================
__________________ ERROR collecting tests/test_asymmetric.py ___________________
tests/test_asymmetric.py:9: in 
    from oscrypto import asymmetric, errors, backend
oscrypto/asymmetric.py:19: in 
    from ._asymmetric import _unwrap_private_key_info
oscrypto/_asymmetric.py:27: in 
    from .kdf import pbkdf1, pbkdf2, pkcs12_kdf
oscrypto/kdf.py:9: in 
    from .util import rand_bytes
oscrypto/util.py:14: in 
    from ._openssl.util import rand_bytes
oscrypto/_openssl/util.py:6: in 
    from ._libcrypto import libcrypto, libcrypto_version_info, handle_openssl_error
oscrypto/_openssl/_libcrypto.py:15: in 
    from ._libcrypto_ctypes import (
oscrypto/_openssl/_libcrypto_ctypes.py:47: in 
    raise LibraryNotFoundError('Error detecting the version of libcrypto')
E   oscrypto.errors.LibraryNotFoundError: Error detecting the version of libcrypto
______________________ ERROR collecting tests/test_kdf.py ______________________
tests/test_kdf.py:7: in 
    from oscrypto import kdf, _pkcs5
oscrypto/kdf.py:9: in 
    from .util import rand_bytes
oscrypto/util.py:14: in 
    from ._openssl.util import rand_bytes
oscrypto/_openssl/util.py:6: in 
    from ._libcrypto import libcrypto, libcrypto_version_info, handle_openssl_error
oscrypto/_openssl/_libcrypto.py:15: in 
    from ._libcrypto_ctypes import (
oscrypto/_openssl/_libcrypto_ctypes.py:47: in 
    raise LibraryNotFoundError('Error detecting the version of libcrypto')
E   oscrypto.errors.LibraryNotFoundError: Error detecting the version of libcrypto
_____________________ ERROR collecting tests/test_keys.py ______________________
tests/test_keys.py:9: in 
    from oscrypto import keys, backend
oscrypto/keys.py:5: in 
    from ._asymmetric import parse_certificate, parse_private, parse_public
oscrypto/_asymmetric.py:27: in 
    from .kdf import pbkdf1, pbkdf2, pkcs12_kdf
oscrypto/kdf.py:9: in 
    from .util import rand_bytes
oscrypto/util.py:14: in 
    from ._openssl.util import rand_bytes
oscrypto/_openssl/util.py:6: in 
    from ._libcrypto import libcrypto, libcrypto_version_info, handle_openssl_error
oscrypto/_openssl/_libcrypto.py:15: in 
    from ._libcrypto_ctypes import (
oscrypto/_openssl/_libcrypto_ctypes.py:47: in 
    raise LibraryNotFoundError('Error detecting the version of libcrypto')
E   oscrypto.errors.LibraryNotFoundError: Error detecting the version of libcrypto
___________________ ERROR collecting tests/test_symmetric.py ___________________
tests/test_symmetric.py:7: in 
    from oscrypto import symmetric, util, backend
oscrypto/symmetric.py:43: in 
    from ._openssl.symmetric import (
oscrypto/_openssl/symmetric.py:8: in 
    from ._libcrypto import libcrypto, libcrypto_legacy_support, LibcryptoConst, handle_openssl_error
oscrypto/_openssl/_libcrypto.py:15: in 
    from ._libcrypto_ctypes import (
oscrypto/_openssl/_libcrypto_ctypes.py:47: in 
    raise LibraryNotFoundError('Error detecting the version of libcrypto')
E   oscrypto.errors.LibraryNotFoundError: Error detecting the version of libcrypto
______________________ ERROR collecting tests/test_tls.py ______________________
tests/test_tls.py:13: in 
    from oscrypto import tls, errors, backend
oscrypto/tls.py:23: in 
    from ._openssl.tls import (
oscrypto/_openssl/tls.py:10: in 
    from ._libssl import libssl, LibsslConst
oscrypto/_openssl/_libssl.py:7: in 
    from ._libcrypto import libcrypto_version_info
oscrypto/_openssl/_libcrypto.py:15: in 
    from ._libcrypto_ctypes import (
oscrypto/_openssl/_libcrypto_ctypes.py:47: in 
    raise LibraryNotFoundError('Error detecting the version of libcrypto')
E   oscrypto.errors.LibraryNotFoundError: Error detecting the version of libcrypto
=============================== warnings summary ===============================
tests/__init__.py:4
  /build/source/tests/__init__.py:4: DeprecationWarning: the imp module is deprecated in favour of importlib and slated for removal in Python 3.12; see the module's documentation for alternative uses
    import imp

-- Docs: https://docs.pytest.org/en/stable/how-to/capture-warnings.html

=========================== short test summary info ============================

ERROR tests/test_asymmetric.py - oscrypto.errors.LibraryNotFoundError: Error detecting the version of libcrypto

ERROR tests/test_kdf.py - oscrypto.errors.LibraryNotFoundError: Error detecting the version of libcrypto

ERROR tests/test_keys.py - oscrypto.errors.LibraryNotFoundError: Error detecting the version of libcrypto

ERROR tests/test_symmetric.py - oscrypto.errors.LibraryNotFoundError: Error detecting the version of libcrypto

ERROR tests/test_tls.py - oscrypto.errors.LibraryNotFoundError: Error detecting the version of libcrypto

!!!!!!!!!!!!!!!!!!! Interrupted: 5 errors during collection !!!!!!!!!!!!!!!!!!!!

================== 4 deselected, 1 warning, 5 errors in 0.42s ==================

@lewinfox
Copy link

lewinfox commented Aug 8, 2023

👍 for this - I'm using OpenSSL 3.1.10 1 Aug 2023 and I get

File "/home/.../lib/python3.8/site-packages/oscrypto/_openssl/_libcrypto_cffi.py", line 46, in <module>
    raise LibraryNotFoundError('Error detecting the version of libcrypto')

Looks like the regex on line 42 expects single-digit version components only.

version_match = re.search('\\b(\\d\\.\\d\\.\\d[a-z]*)\\b', version_string)

@sfc-gh-jfreeberg sfc-gh-jfreeberg mentioned this issue Aug 8, 2023
Closed
sfc-gh-jfreeberg added a commit to Snowflake-Labs/snowpark-python-template that referenced this issue Aug 8, 2023
@sfc-gh-jfreeberg
v1.2.0 update (#7)
32d440f 
- Add setup.py and editable install
- Update environment.yml to create the editable install
- Sproc now returns a table
- Set OpenSSL version to address this issue: wbond/oscrypto#75
- Consolidate test req's into requirements.txt
- Update README for the corresponding changes above
BibMartin pushed a commit to BibMartin/oscrypto that referenced this issue Aug 9, 2023
MJ: Fix wbond#75 bug with openssl 3.0.10
3c2cdea
@BibMartin BibMartin mentioned this issue Aug 9, 2023
Merged
@vcunat
Copy link
Author

vcunat commented Aug 10, 2023

So if someone wants a ready full patch (that passes for me), here it is:
https://github.com/NixOS/nixpkgs/blob/72b94272c96eef5fe866d10fd76544e54789759c/pkgs/development/python-modules/oscrypto/support-openssl-3.0.10.patch

@lewinfox
Copy link

So if someone wants a ready full patch (that passes for me), here it is:

https://github.com/NixOS/nixpkgs/blob/72b94272c96eef5fe866d10fd76544e54789759c/pkgs/development/python-modules/oscrypto/support-openssl-3.0.10.patch

Is it worth accounting for e.g. v10.10.10 as well? I.e. adding + quantifiers to all the version components?

@vcunat
Copy link
Author

vcunat commented Aug 10, 2023

Based on openssl version history, I don't think it's likely to make any difference in the next decade.

@timgraham timgraham mentioned this issue Aug 13, 2023
Closed
@flavico
Copy link

flavico commented Aug 15, 2023

@wbond it is possible throw new version of oscrypto with this patch ? we need this help to fix a kerberos auth.

@wbond
Copy link
Owner

wbond commented Aug 15, 2023

Thanks for pinging me - GitHub never seems to notify me of new issues even though I have that configured.

@wbond wbond closed this as completed in ebbc944 Aug 17, 2023
@SebastianHuettersen SebastianHuettersen mentioned this issue Aug 29, 2023
Closed
@alopezz alopezz mentioned this issue Oct 3, 2023
Merged
10 tasks
bhuvansingla pushed a commit to bhuvansingla/oscrypto that referenced this issue Oct 9, 2023
@BibMartin @bhuvansingla
MJ: Fix wbond#75 bug with openssl 3.0.10 (wbond#76)
53b1980 
* MJ: Fix wbond#75 bug with openssl 3.0.10
* MJ: Add fix suggested by @vcunat on _libcrypto_ctypes regex
@LiterallyDad
Copy link

LiterallyDad commented Oct 10, 2023
edited
Loading

EDIT: Fixed using snippet below, may be useful for others, ty

Sorry for the dumb question @wbond:

How do we actually use this fix? getting this error connecting to snowflake, latest version (1.3.0) installed on OS

using snowflake-connector-python and snowflake-sqlalchemy, python:3.10-slim

Saw that datadog was fixing this way so trying this:

# add after installing requirements
# added below before install as pip freeze in container showed 1.3.0
RUN python -m pip uninstall oscrypto -y
RUN python -m pip install oscrypto @ git+https://github.com/wbond/oscrypto.git@d5f3437ed24257895ae1edd9e503cfb352e635a8

@wbond
Copy link
Owner

wbond commented Oct 11, 2023

If a bunch of people and companies are dependent on oscrypto, I’d encourage your companies to sponsor development through GitHub sponsors.

Currently the asn1crypto project is sponsored through Tidelift, but oscrypto isn’t “big enough”, hence my request for GitHub sponsors.

@ynouri
Copy link

ynouri commented Oct 16, 2023

@wbond thanks for your work on this package! We have a dependency on oscrypto via snowflake-connector-python and have been experiencing the issue described in this thread. I'm sure plenty of other Snowflake customers have as well... Maybe Snowflake could be a good sponsor?

This being said, curious what are the current bottlenecks for releasing the latest master branch on PyPI? Depending on what the pain points are, maybe we could help by adding an on-demand Github Actions release workflow

@ad-m-ss
Copy link

ad-m-ss commented Nov 29, 2023

We have a dependency on oscrypto via snowflake-connector-python and have been experiencing the issue described in this thread. I'm sure plenty of other Snowflake customers have as well... Maybe Snowflake could be a good sponsor?

Snowflake connector is not using oscrypto anymore: https://github.com/snowflakedb/snowflake-connector-python/blob/f323d22bf259a176f6c57510efd4927c52f1abb9/DESCRIPTION.md?plain=1#L37

@exFalso
Copy link

exFalso commented Feb 16, 2024

Any chance of a release of this fix? We were looking into switching to cryptography, but that project doesn't support generic x509 validation

@viettappcard viettappcard mentioned this issue Mar 21, 2024
Open
@skrydal skrydal mentioned this issue May 7, 2024
Merged
@alcaeus alcaeus mentioned this issue Jun 27, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@wbond @exFalso @vcunat @ynouri @flavico @lewinfox @LiterallyDad @ad-m-ss