Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot initialize openssl bindings #6818

Closed
rossburton opened this issue Jan 26, 2022 · 8 comments
Closed

Cannot initialize openssl bindings #6818

rossburton opened this issue Jan 26, 2022 · 8 comments

Comments

@rossburton
Copy link

rossburton commented Jan 26, 2022
edited
Loading

We've built cryptography 36.0.1 against OpenSSL 3.0.1 but get the following error. It's reproducible with a minimal test case:

$ python3 -c "import cryptography.hazmat.backends.openssl"

cryptography.exceptions.InternalError: Unknown OpenSSL error. This error is commonly encountered when another library is not cleaning up the OpenSSL error stack. If you are using cryptography with another library that uses OpenSSL try disabling it before reporting a bug. Otherwise please file an issue at https://github.com/pyca/cryptography/issues with information on how to reproduce this.
([_OpenSSLErrorWithText(code=310378599, lib=37, reason=103, reason_text=b'error:12800067:DSO support routines::could not load the shared library'), _OpenSSLErrorWithText(code=310378599, lib=37, reason=103, reason_text=b'error:12800067:DSO support routines::could not load the shared library'), _OpenSSLErrorWithText(code=126615813, lib=15, reason=786693, reason_text=b'error:078C0105:common libcrypto routines::init fail')])
@alex
Copy link
Member

alex commented Jan 26, 2022

Please provide instructions for reproducing -- we test against OpenSSL 3.0.1 in CI so this is known to work.

@rossburton
Copy link
Author

I can give you a full reproducer but you'll spend a while building stuff as we bootstrap rust and gcc. Is there anything obvious I can poke at myself? strace shows it's loading the right libssl.so so that really obvious problem isn't the cause.

@tiran
Copy link
Contributor

tiran commented Jan 26, 2022

OpenSSL 3.0 uses external shared libraries to provide cryptographic primitives. Did you build OpenSSL 3.0 with special flags to disable dynamic loading or are the crypto providers missing?

@alex
Copy link
Member

alex commented Jan 26, 2022

Here's how we build in CI:

Has this previously worked on other versions of OpenSSL, or is this a fresh setup?

@rossburton
Copy link
Author

Fresh setup, we've just upgraded to 36 from 3.3.2

@rossburton
Copy link
Author

Ah, it looks like we're not installing the legacy provider for some reason. That might be a problem.

@tiran
Copy link
Contributor

tiran commented Jan 26, 2022

Ah, it looks like we're not installing the legacy provider for some reason. That might be a problem.

That's it. Cryptography loads the legacy and the default provider. #6809 might change it.

@rossburton
Copy link
Author

We have an interesting build environment and it was looking in the wrong place for the providers, so couldn't load the legacy provider.

Thanks for the hint @tiran.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Apr 27, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@alex @rossburton @tiran