Re: Does kyua based testing need some hazmat/bindings/_openssl.abi3.so related updating?: Undefined symbol "ERR_GET_FUNC"

In reply to: Mark Millard : "Re: Does kyua based testing need some hazmat/bindings/_openssl.abi3.so related updating?: Undefined symbol "ERR_GET_FUNC""
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Enji Cooper <yaneurabeya_at_gmail.com>
Date: Thu, 13 Jul 2023 02:18:15 UTC

> On Jul 10, 2023, at 3:27 PM, Mark Millard <marklmi@yahoo.com> wrote:
> 
> On Jul 10, 2023, at 15:03, Mark Millard <marklmi@yahoo.com <mailto:marklmi@yahoo.com>> wrote:
> 
>> On Jul 10, 2023, at 11:42, The Doctor <doctor@doctor.nl2k.ab.ca> wrote:
>> 
>>> On Mon, Jul 10, 2023 at 08:56:22AM -0700, Mark Millard wrote:
>>>> The subject line's question was prompted by
>>>> . . ./hazmat/bindings/_openssl.abi3.so related notices
>>>> in a kyua report:
>>>> 
>>>> # kyua report --verbose --results-file=usr_obj_DESTDIRs_main-CA7-chroot_usr_tests.20230710-064632-752785 2>&1 | grep "Undefined symbol" | sort -u
>>>> +ImportError: /usr/obj/DESTDIRs/main-CA7-chroot/usr/local/lib/python3.9/site-packages/cryptography/hazmat/bindings/_openssl.abi3.so: Undefined symbol "ERR_GET_FUNC"
>>>> ImportError: /usr/local/lib/python3.9/site-packages/cryptography/hazmat/bindings/_openssl.abi3.so: Undefined symbol "ERR_GET_FUNC"
>>>> ImportError: /usr/obj/DESTDIRs/main-CA7-chroot/usr/local/lib/python3.9/site-packages/cryptography/hazmat/bindings/_openssl.abi3.so: Undefined symbol "ERR_GET_FUNC"
>>>> 
>>>> It is possible that this is related to some oddities of my
>>>> context for this. But I figured I'd ask the general question
>>>> anyway.
>>>> 
>>> 
>>> No! The problem is that Python is calling an openssl 1.X function
>>> which is dropped in Opensss 3.X
>>> 
>>> Python nedds to fix that issue.
>> 
>> Well:
>> 
>> # strings /usr/obj/DESTDIRs/main-CA7-chroot/usr/local/lib/python3.9/site-packages/cryptography/hazmat/bindings/_openssl.abi3.so | grep -i "3\.[0-9]*\.[0-9]"
>> OpenSSL 3.0.9 30 May 2023
>> 3.4.8
>> 
>> From what I read, 3.4.8 is too old and is known to have this issue and this
>> was fixed in a later version. I see references to "cryptography" needing to
>> be "at least 35.0.0 for OpenSSL 3.0 support" instead of "3.4.8" as one place
>> put it.
>> 
>> I've no clue of the details for python3.9 vs. python3.10 or python3.11 for
>> containing a sufficiently modern "cryptography" already in FreeBSD ports
>> (vs. not). But this may be more of a port-update issue than an up-stream
>> python issue -- or possibly just a "use python 3.? or later" issue for
>> some value for "?".
>> 
> 
> 35.0.0 of cryptography dates back to 2021-09-29.
> Current for cryptography is 41.0.1 (2023-06-01).
> It claims: "It supports Python 3.7+ and PyPy3
> 7.3.10+."
> 
> security/py-cryptography is at 3.4.8 (2021-08-24)
> for py39-cryptography and is, in-part, a FreeBSD
> ports issue as far as I can tell.
> 
> Looking, it seems it is at 3.4.8 for all @${PY_FLAVOR}
> instances. So trying python310 or python311 might
> well do no good for openssl 3.0 compatibility if they
> use security/py-cryptography .
> 
> (Note: I build my own ports via poudriere-devel .)

py-cryptography in ports doesn’t support OpenSSL 3. Please see this issue for more details: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254853 <https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254853> .
Thanks,
-Enji