为 sslv3 问题修补 pyopenssl [英] Patch pyopenssl for sslv3 issue
问题描述
我在使用 python 2.7.9-2 amd64 的 Debian 8 系统上遇到问题:
I got a problem on a Debian 8 system with python 2.7.9-2 amd64:
marius@pydev:/usr/lib/python2.7/dist-packages/urllib3/contrib$ pip search doo
Traceback (most recent call last):
File "/usr/bin/pip", line 9, in <module>
load_entry_point('pip==1.5.6', 'console_scripts', 'pip')()
File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 356, in load_entry_point
return get_distribution(dist).load_entry_point(group, name)
File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 2476, in load_entry_point
return ep.load()
File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 2190, in load
['__name__'])
File "/usr/lib/python2.7/dist-packages/pip/__init__.py", line 74, in <module>
from pip.vcs import git, mercurial, subversion, bazaar # noqa
File "/usr/lib/python2.7/dist-packages/pip/vcs/mercurial.py", line 9, in <module>
from pip.download import path_to_url
File "/usr/lib/python2.7/dist-packages/pip/download.py", line 22, in <module>
import requests, six
File "/usr/local/lib/python2.7/dist-packages/requests/__init__.py", line 53, in <module>
from .packages.urllib3.contrib import pyopenssl
File "/usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/contrib/pyopenssl.py", line 73, in <module>
ssl.PROTOCOL_SSLv3: OpenSSL.SSL.SSLv3_METHOD,
**AttributeError: 'module' object has no attribute 'PROTOCOL_SSLv3'**
我检查了 lib 并尝试修补/usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/contrib/pyopenssl.py
I checked into the lib and tried to patch /usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/contrib/pyopenssl.py
from .. import connection
from .. import util
__all__ = ['inject_into_urllib3', 'extract_from_urllib3']
# SNI only *really* works if we can read the subjectAltName of certificates.
HAS_SNI = SUBJ_ALT_NAME_SUPPORT
# Map from urllib3 to PyOpenSSL compatible parameter-values.
_openssl_versions = {
ssl.PROTOCOL_SSLv23: OpenSSL.SSL.SSLv23_METHOD,
**ssl.PROTOCOL_SSLv3: OpenSSL.SSL.SSLv3_METHOD,**
ssl.PROTOCOL_TLSv1: OpenSSL.SSL.TLSv1_METHOD,
}
_openssl_verify = {
ssl.CERT_NONE: OpenSSL.SSL.VERIFY_NONE,
ssl.CERT_OPTIONAL: OpenSSL.SSL.VERIFY_PEER,
ssl.CERT_REQUIRED: OpenSSL.SSL.VERIFY_PEER
+ OpenSSL.SSL.VERIFY_FAIL_IF_NO_PEER_CERT,
}
有人能告诉我如何解决这个问题吗?如果有人有线索,那就太棒了.我用谷歌搜索了这个问题,只发现不完整的补丁,而且很乱.一旦这个问题得到修复,也可能是错误跟踪器的一个案例.我对所有 Python 包都有这个问题.
Could someone enlighten me how I can fix this? It would be super awesome if someone had a clue. I googled the issue and only found incomplete patches and it's messy. Probably a case for the bug tracker once this is fixed, too. I have this issue for all Python packages.
推荐答案
这实际上是 urllib3 的问题,而不是 pyopenssl 的问题.Debian 最近在不支持 SSLv3 的情况下编译 OpenSSL,而 urllib3 只是假设这种支持就在那里.
This is actually an issue with urllib3, not with pyopenssl. Debian lately compiles OpenSSL without SSLv3 support, and urllib3 just assumed that support was there.
问题是已在提交 b9b3b0102 中修复,它是 urllib3 的 1.10 版本的一部分代码>.
The issue was fixed in commit b9b3b0102 which is part of the 1.10 release of urllib3.
当您使用 urllib3 作为 requests 的一部分,而 pip 又使用它时,更新到requests 的最新版本.在撰写本文时,当前版本是 2.6.0,其中包含修复:
As you are using urllib3 as part of requests, which in turn is used by pip, it should be enough to update to a recent version of requests. As of writing, the current version is 2.6.0 which contains the fix:
# pip install requests==2.6.0
您可能会遇到升级 requests 的问题,因为鸡蛋问题.要解决此问题,您可以尝试暂时删除 pyopenssl 包,升级 requests 并重新安装 pyopenssl.
You might encounter a problem upgrading requests, because of the chicken-egg problem. To fix this, you can try to temporarily remove the pyopenssl package, upgrade requests and reinstall pyopenssl.
此外,您可能希望在尝试更新 requests 之前使用以下行来更新 pip:
Additionally you might want to use the following line to update pip before trying to update requests:
# sudo easy_install --upgrade pip
这篇关于为 sslv3 问题修补 pyopenssl的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
