Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Openssl version not detected in current oscrypto version (pypi) #78

Open
NeffIsBack opened this issue Aug 18, 2023 · 52 comments
Open

Openssl version not detected in current oscrypto version (pypi) #78

NeffIsBack opened this issue Aug 18, 2023 · 52 comments

Comments

@NeffIsBack
Copy link

NeffIsBack commented Aug 18, 2023

Hi,

first of all thank you for your work!

We are currently encountering the Error:
oscrypto.errors.LibraryNotFoundError: Error detecting the version of libcrypto
See: https://github.com/mpgn/CrackMapExec/issues/108

I saw you already fixed that in d5f3437, but as this is not released to pypi our Tool does not fully work. Would it be possible to release a bug-fix version to pypi?

@plainenough
Copy link

Having a bugfix release would be much appreciated we are seeing this issue on AWS Ubuntu AMIs after issuing system updates, I can imagine that there are a few less than happy AI developers out there struggling to work their way back to this issue.

@ddl-joyce-zhao
Copy link

ddl-joyce-zhao commented Aug 25, 2023

We are seeing the same issue too. The OpenSSL version we are using happens to be 3.0.10. Would really appreciate it to have a new release. Thanks!

@rysson
Copy link

rysson commented Sep 2, 2023

The same OpenSSL 3.0.10 1 Aug 2023 doesn't match to regex \b(\d\.\d\.\d[a-z]*)\b in _openssl/_libcrypto_cffi.py.
Last \d should be \d+ or at least \d\d? I guess.

@plainenough
Copy link

@wbond Any chance you can look into this issue?

@daringer
Copy link

daringer commented Sep 25, 2023

+1 for a bugfix release v1.3.1

@A132770
Copy link

A132770 commented Sep 29, 2023

+1 for a new release, this is a dependency of snowflake-connector-python, so I imagine many folks are impacted and pinning their OpenSSL version. Thanks for your time and care, we appreciate it!

@a143416
Copy link

a143416 commented Oct 9, 2023

The same OpenSSL 3.0.10 1 Aug 2023 doesn't match to regex \b(\d\.\d\.\d[a-z]*)\b in _openssl/_libcrypto_cffi.py. Last \d should be \d+ or at least \d\d? I guess.

I manually edited the file and changed the last \d in regex to \d+ and it worked. Note that this is a temp solution. We need to upgrade the package when a new release is available.

@DustinMoriarty
Copy link

DustinMoriarty commented Oct 9, 2023

It looks like the fix is merged. When will this be released? @wbond ?

#76

@camcyr-at-brzwy
Copy link

Any update on when this will be released?

@wbond
Copy link
Owner

wbond commented Oct 10, 2023

No, this is a free-time project for me. The commit is there, so it is certainly possible to use most Python packaging tools to grab the sha of the commit.

@connor-lough
Copy link

connor-lough commented Oct 10, 2023

For those too impatient, like myself... in my pyproject.toml I added in:

[tool.poetry.dependencies]
oscrypto = { git = "https://github.com/wbond/oscrypto.git", rev = "1547f53" }

And now we're all systems go. Thanks for taking the time to create this @wbond !

@camcyr-at-brzwy
Copy link

No, this is a free-time project for me. The commit is there, so it is certainly possible to use most Python packaging tools to grab the sha of the commit.

Thanks for the quick response, and appreciate the work you put into the package @wbond !

@khalilgreenidge
Copy link

@connor-lough For projects that don't use pyproject.toml, is there a way you can do this via the requirements.txt file?

@idexxbernvaug
Copy link

idexxbernvaug commented Oct 10, 2023

@connor-lough For projects that don't use pyproject.toml, is there a way you can do this via the requirements.txt file?

This is the line I added to my requirements.txt:
git+https://github.com/wbond/oscrypto.git@d5f3437
which replaced this line:
oscrypto==1.2.1

I also had to add "git" to my Dockerfile, because I was not installing git before:
apt-get install -y git

@khalilgreenidge
Copy link

Thank you!

@vermavikrant
Copy link

We are facing the same issue. Using oscrypto==1.3.0 and snowflake-connector-python==2.8.1 .
Is it possible to still face the issue despite we have hard set the versions in the requirements.txt?

@khalilgreenidge
Copy link

@vermavikrant Yes, the problem is due to a conflict with the ocrypto library and the openssl program version 3.0.>=10 on your machine. snowflake-connector-python just happens to use the ocrypto library. The way to solve this problem is by either:

  1. Change the openssl version - on your machine use another version such as 1.1.1. Run $openssl version to verify which version of openssl you are using.

Or

  1. upgrading your ocrypto library - by pointing to the commit that includes the bug fix as mentioned above, until the patch is released.

@mwisconsin
Copy link

I've spent most of the day updating our internal applications that use snowflake-connector. My fixes follow along the lines of what has been suggested, above.

If you're using Docker to build your app, you can include a pip install of the ocscrypo package prior to snowflake-connector, and it'll assume the dependency has already been met:

RUN pip install git+https://github.com/wbond/oscrypto.git@1547f535001ba568b239b8797465536759c742a3

If you need to embed it into a requirements.txt file, you can add the following line:

git+https://github.com/wbond/oscrypto.git@1547f535001ba568b239b8797465536759c742a3

@vermavikrant
Copy link

vermavikrant commented Oct 11, 2023

If installing via setuptools.setup, then the following line should work
"oscrypto @ git+https://github.com/wbond/oscrypto.git@d5f3437"
I also had to install git into Dockerfile and Jenkinsfile, as stated above.
apt-get update && apt-get install -y git

@mwisconsin wondering why your commit hash is different? Was the fix not in d5f3437 ?

@mwisconsin
Copy link

@vermavikrant I picked the latest just in case the recent commits fixed other problems I might encounter in the upcoming weeks before a release happens.

@ArtemHU
Copy link

ArtemHU commented Oct 11, 2023

Installed it directly with
pip install -I git+https://github.com/wbond/oscrypto.git
I believe the version should be updated

@blitline-dev
Copy link

Snowflake which is a $50,000,000,000 company should be paying you something, since their tool requires your good graces. IMO.

@mars-lan
Copy link

Snowflake which is a $50,000,000,000 company should be paying you something, since their tool requires your good graces. IMO.

Unsurprisingly, Snowflake chose to move away from this lib instead: https://github.com/snowflakedb/snowflake-connector-python/blob/main/DESCRIPTION.md

@wbond
Copy link
Owner

wbond commented Oct 27, 2023

Unsurprisingly, Snowflake chose to move away from this lib instead

IMG_5235

@gwerbin-tive
Copy link

gwerbin-tive commented Oct 31, 2023

@wbond Is there anything that a willing contributor can do to facilitate/expedite publishing a patch release to PyPI?

I work for a company that is currently affected by this issue. I well am within my rights here to dedicate some work time to helping with a PyPI release that includes this bugfix.

I can't actually benefit from Snowflake dropping your project as a dependency, because I'm stuck on an older version of their library. So you can consider me a fully captive audience.

It seems like I need to do the following:

  1. Commit a new entry into the the changelog describing the changes in the range c91c86..1547f5.
  2. Run git tag v1.3.1 to tag a new release.
  3. Run python run.py release.

I imagine I need both Git committer access in this repo, and contributor access to the oscrypto project on PyPI. Is that right?

Just let me know what I can do to help get this published.

Edit: It seems like there have been a lot of changes since v1.3.0 was published, and it would be a lot of work for a new contributor to sort through the commit history in order to document all of it. Would it be acceptable to cherry-pick just this one patch (+ some minimal subset of related commits, if necessary) into a separate branch to create the release? If so, what's your recommended process for that? I assume you're not interested in rebasing all of master to re-order the commits, since that would be highly disruptive to contributors and anyone using this downstream as a Git repo (e.g. vendored as a Git submodule). Maybe the authors of PRs #61, #63, #68, #76, and #77 (I think that's all of them!) would be willing to write their own changelog entries?

@mars-lan
Copy link

mars-lan commented Nov 3, 2023

PSA: snowflake-connector-python 3.4.0 has been released: https://github.com/snowflakedb/snowflake-connector-python/releases/tag/v3.4.0.

Sp00kyB00k added a commit to Sp00kyB00k/Mobile-Security-Framework-MobSF that referenced this issue Nov 16, 2023
Fixed a bug in oscrypto where the regex would fail to recognize the right version of SSL due to insufficient check on multiple digits. 
However the owner of the repo does not plan to make a new release soon due to time constraints. 
See -> wbond/oscrypto#78 

This can be fixed by using a specific version from git pointing to the right commit. 
Hence this change in the pyproject.toml file.
johnandersen777 pushed a commit to johnandersen777/scitt-api-emulator that referenced this issue Nov 22, 2023
Signed-off-by: John Andersen <johnandersenpdx@gmail.com>
johnandersen777 pushed a commit to johnandersen777/scitt-api-emulator that referenced this issue Nov 22, 2023
Signed-off-by: John Andersen <johnandersenpdx@gmail.com>
cameronSMN added a commit to cameronSMN/pipelinewise-target-snowflake that referenced this issue Nov 24, 2023
AdrianVollmer added a commit to AdrianVollmer/minikerberos that referenced this issue Dec 5, 2023
Many dependents of minikerberos don't need `PKINIT`, so it makes sense
to import `oscrypt` only when needed. Especially because `oscrypt<=1.3.0` does
not work when `openssl>=3.0.10`.

See: wbond/oscrypto#78
mssalvatore pushed a commit to guardicore/monkey that referenced this issue Dec 15, 2023
Oscrypto has not yet releasedawith fix to this
wbond/oscrypto#78 so we need to lock the
oscrypto version until the fix is released.

PR #3958
mssalvatore pushed a commit to guardicore/monkey that referenced this issue Dec 15, 2023
Oscrypto has not yet releasedawith fix to this
wbond/oscrypto#78 so we need to lock the
oscrypto version until the fix is released.

PR #3958
blshkv added a commit to pentoo/pentoo-overlay that referenced this issue Jan 7, 2024
@neonknight
Copy link

any chance for a new release so that installations from pypi will include fixes such as this?

ferenc-hechler pushed a commit to ODA-CANVAS-FORK/oda-canvas-component-vault that referenced this issue Mar 6, 2024
@c0r0n3r
Copy link

c0r0n3r commented Mar 9, 2024

As the developer of cryptolyzer (free software), which depends on oscrypto indirectly (certvalidator), I would highly appreciate it if you could release the fix for the issue.

@jgstew
Copy link

jgstew commented Jul 5, 2024

I'm running into this issue on an ubuntu:latest docker container running on an ARM cpu.

in my case it was fixed with:

.venv/bin/python3 -m pip install -I git+https://github.com/wbond/oscrypto.git

Is there something I can help with for there to be a new release version on pip? #81

@infineon-zhovtobriukh
Copy link

@wbond Are there any news when the next release is planned?
I am dependent on this issue with newest Ubuntu 24.04 which comes with OpenSSL 3.0.13 and I would appreciate this fix released soon.

@lambdaq
Copy link

lambdaq commented Oct 22, 2024

Same problem with OpenSSL 3.0.15 3 Sep 2024.

@wbond is there anything we can help make this pypi release happen?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests