补丁pyopenssl为sslv3问题 [英] Patch pyopenssl for sslv3 issue
问题描述
我在Debian 8系统上遇到问题,使用python 2.7.9-2 amd64:
I got a problem on a Debian 8 system with python 2.7.9-2 amd64:
marius@pydev:/usr/lib/python2.7/dist-packages/urllib3/contrib$ pip search doo
Traceback (most recent call last):
File "/usr/bin/pip", line 9, in <module>
load_entry_point('pip==1.5.6', 'console_scripts', 'pip')()
File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 356, in load_entry_point
return get_distribution(dist).load_entry_point(group, name)
File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 2476, in load_entry_point
return ep.load()
File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 2190, in load
['__name__'])
File "/usr/lib/python2.7/dist-packages/pip/__init__.py", line 74, in <module>
from pip.vcs import git, mercurial, subversion, bazaar # noqa
File "/usr/lib/python2.7/dist-packages/pip/vcs/mercurial.py", line 9, in <module>
from pip.download import path_to_url
File "/usr/lib/python2.7/dist-packages/pip/download.py", line 22, in <module>
import requests, six
File "/usr/local/lib/python2.7/dist-packages/requests/__init__.py", line 53, in <module>
from .packages.urllib3.contrib import pyopenssl
File "/usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/contrib/pyopenssl.py", line 73, in <module>
ssl.PROTOCOL_SSLv3: OpenSSL.SSL.SSLv3_METHOD,
**AttributeError: 'module' object has no attribute 'PROTOCOL_SSLv3'**
我检查了lib,并尝试修补/usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/contrib/pyopenssl.py
I checked into the lib and tried to patch /usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/contrib/pyopenssl.py
from .. import connection
from .. import util
__all__ = ['inject_into_urllib3', 'extract_from_urllib3']
# SNI only *really* works if we can read the subjectAltName of certificates.
HAS_SNI = SUBJ_ALT_NAME_SUPPORT
# Map from urllib3 to PyOpenSSL compatible parameter-values.
_openssl_versions = {
ssl.PROTOCOL_SSLv23: OpenSSL.SSL.SSLv23_METHOD,
**ssl.PROTOCOL_SSLv3: OpenSSL.SSL.SSLv3_METHOD,**
ssl.PROTOCOL_TLSv1: OpenSSL.SSL.TLSv1_METHOD,
}
_openssl_verify = {
ssl.CERT_NONE: OpenSSL.SSL.VERIFY_NONE,
ssl.CERT_OPTIONAL: OpenSSL.SSL.VERIFY_PEER,
ssl.CERT_REQUIRED: OpenSSL.SSL.VERIFY_PEER
+ OpenSSL.SSL.VERIFY_FAIL_IF_NO_PEER_CERT,
}
Could someone enlighten me how I can fix this? It would be super awesome if someone had a clue. I googled the issue and only found incomplete patches and it's messy. Probably a case for the bug tracker once this is fixed, too. I have this issue for all Python packages.
推荐答案
这实际上是一个问题, urllib3 ,而不是 pyopenssl 。 Debian 最近编译没有SSLv3支持的OpenSSL ,而$ code> urllib3 只是假定支持在那里。
This is actually an issue with urllib3, not with pyopenssl. Debian lately compiles OpenSSL without SSLv3 support, and urllib3 just assumed that support was there.
问题是固定在提交b9b3b0102 ,它是 urllib3 的1.10版本的一部分。
The issue was fixed in commit b9b3b0102 which is part of the 1.10 release of urllib3.
使用 urllib3 作为请求的一部分,而 pip ,应该足以更新到最新版本的请求。截至撰写时,目前版本为2.6.0,其中包含修复程序:
As you are using urllib3 as part of requests, which in turn is used by pip, it should be enough to update to a recent version of requests. As of writing, the current version is 2.6.0 which contains the fix:
# pip install requests==2.6.0
由于升级请求可能会遇到问题,因为的鸡蛋问题。要解决这个问题,您可以尝试暂时删除 pyopenssl 包,升级请求并重新安装 pyopenssl 。
You might encounter a problem upgrading requests, because of the chicken-egg problem. To fix this, you can try to temporarily remove the pyopenssl package, upgrade requests and reinstall pyopenssl.
此外,您可能希望使用以下行来更新 pip 尝试更新请求:
Additionally you might want to use the following line to update pip before trying to update requests:
# sudo easy_install --upgrade pip
这篇关于补丁pyopenssl为sslv3问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
