为 sslv3 问题修补 pyopenssl [英] Patch pyopenssl for sslv3 issue
问题描述
我在使用 python 2.7.9-2 amd64 的 Debian 8 系统上遇到问题:
I got a problem on a Debian 8 system with python 2.7.9-2 amd64:
marius@pydev:/usr/lib/python2.7/dist-packages/urllib3/contrib$ pip search doo
Traceback (most recent call last):
File "/usr/bin/pip", line 9, in <module>
load_entry_point('pip==1.5.6', 'console_scripts', 'pip')()
File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 356, in load_entry_point
return get_distribution(dist).load_entry_point(group, name)
File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 2476, in load_entry_point
return ep.load()
File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 2190, in load
['__name__'])
File "/usr/lib/python2.7/dist-packages/pip/__init__.py", line 74, in <module>
from pip.vcs import git, mercurial, subversion, bazaar # noqa
File "/usr/lib/python2.7/dist-packages/pip/vcs/mercurial.py", line 9, in <module>
from pip.download import path_to_url
File "/usr/lib/python2.7/dist-packages/pip/download.py", line 22, in <module>
import requests, six
File "/usr/local/lib/python2.7/dist-packages/requests/__init__.py", line 53, in <module>
from .packages.urllib3.contrib import pyopenssl
File "/usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/contrib/pyopenssl.py", line 73, in <module>
ssl.PROTOCOL_SSLv3: OpenSSL.SSL.SSLv3_METHOD,
**AttributeError: 'module' object has no attribute 'PROTOCOL_SSLv3'**
我检查了 lib 并尝试修补/usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/contrib/pyopenssl.py
I checked into the lib and tried to patch /usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/contrib/pyopenssl.py
from .. import connection
from .. import util
__all__ = ['inject_into_urllib3', 'extract_from_urllib3']
# SNI only *really* works if we can read the subjectAltName of certificates.
HAS_SNI = SUBJ_ALT_NAME_SUPPORT
# Map from urllib3 to PyOpenSSL compatible parameter-values.
_openssl_versions = {
ssl.PROTOCOL_SSLv23: OpenSSL.SSL.SSLv23_METHOD,
**ssl.PROTOCOL_SSLv3: OpenSSL.SSL.SSLv3_METHOD,**
ssl.PROTOCOL_TLSv1: OpenSSL.SSL.TLSv1_METHOD,
}
_openssl_verify = {
ssl.CERT_NONE: OpenSSL.SSL.VERIFY_NONE,
ssl.CERT_OPTIONAL: OpenSSL.SSL.VERIFY_PEER,
ssl.CERT_REQUIRED: OpenSSL.SSL.VERIFY_PEER
+ OpenSSL.SSL.VERIFY_FAIL_IF_NO_PEER_CERT,
}
有人能告诉我如何解决这个问题吗?如果有人有线索,那就太棒了.我用谷歌搜索了这个问题,只发现不完整的补丁,而且很乱.一旦这个问题得到修复,也可能是错误跟踪器的一个案例.我对所有 Python 包都有这个问题.
Could someone enlighten me how I can fix this? It would be super awesome if someone had a clue. I googled the issue and only found incomplete patches and it's messy. Probably a case for the bug tracker once this is fixed, too. I have this issue for all Python packages.
推荐答案
这实际上是 urllib3
的问题,而不是 pyopenssl
的问题.Debian 最近在不支持 SSLv3 的情况下编译 OpenSSL,而 urllib3
只是假设这种支持就在那里.
This is actually an issue with urllib3
, not with pyopenssl
. Debian lately compiles OpenSSL without SSLv3 support, and urllib3
just assumed that support was there.
问题是已在提交 b9b3b0102 中修复,它是 urllib3 的 1.10 版本的一部分代码>.
The issue was fixed in commit b9b3b0102 which is part of the 1.10 release of urllib3
.
当您使用 urllib3
作为 requests
的一部分,而 pip
又使用它时,更新到requests
的最新版本.在撰写本文时,当前版本是 2.6.0,其中包含修复:
As you are using urllib3
as part of requests
, which in turn is used by pip
, it should be enough to update to a recent version of requests
. As of writing, the current version is 2.6.0 which contains the fix:
# pip install requests==2.6.0
您可能会遇到升级 requests
的问题,因为鸡蛋问题.要解决此问题,您可以尝试暂时删除 pyopenssl
包,升级 requests
并重新安装 pyopenssl
.
You might encounter a problem upgrading requests
, because of the chicken-egg problem. To fix this, you can try to temporarily remove the pyopenssl
package, upgrade requests
and reinstall pyopenssl
.
此外,您可能希望在尝试更新 requests
之前使用以下行来更新 pip
:
Additionally you might want to use the following line to update pip
before trying to update requests
:
# sudo easy_install --upgrade pip
这篇关于为 sslv3 问题修补 pyopenssl的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!