31

I was using python 3.6 on my ubuntu machine and faced this error when doing some testing:

CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography and will be removed in a future release.
...
from OpenSSL import crypto, SSL
default:       File "/usr/lib/python3/dist-packages/OpenSSL/crypto.py", line 1550, in <module>
default:         class X509StoreFlags(object):
default:       File "/usr/lib/python3/dist-packages/OpenSSL/crypto.py", line 1570, in X509StoreFlags
default:         CB_ISSUER_CHECK = _lib.X509_V_FLAG_CB_ISSUER_CHECK
default:     AttributeError: module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK'

Did research on the error. So I installed python 3.9 and then update alternatives to assign python 3.9 as the main python to use. Then I reinstall and upgrade OpenSSL and Cryptography.

sudo pip3 install pyOpenSSL --upgrade
sudo pip3 install cryptography --upgrade

I run my testing again and still face the same error.

I decided to check the python3.9 dist-packages folder (/usr/local/lib/python3.9/dist-packages/) and realise that OpenSSL and Cryptography are nowhere to be found. They are found in /usr/local/lib/python3.6/dist-packages/ instead. Could this be why the error persist?

snow
  • 413

13 Answers13

25

I ran into this with pyOpenSSL==19.0.0 and was able to fix this with

pip3 install pyOpenSSL --upgrade
Leopd
  • 583
16

It seems to be due to pip 22.2.2 upgrade. Check if you can upgrade pyOpenSSL to 22.0.0 to fix the issue.

Let me know if it is not working.

user1630099
  • 176
14

I had the same problem. You need to update pip to latest version.

  1. Delete old version
sudo apt remove python3-pip
  1. Based on the pip Install guide, do the following:
wget https://bootstrap.pypa.io/get-pip.py
sudo python3 get-pip.py
Vaso
  • 183
MiGri
  • 141
  • Doesn't work. I still get the error: ImportError: cannot import name 'DEFAULT_CIPHERS' from 'urllib3.util.ssl_' – Coder Jun 21 '23 at 00:10
  • I have also to install a specific version of cryptography package sudo pip3.10 install --upgrade cryptography==36.0.2 – esguti Jan 23 '24 at 20:05
11

My pip stopped working due to the issue (I couldn't even get the version).

I resolved this issue by download the problem package from pypi.org and update it via easy_install module:

python3 -m easy_install pyOpenSSL-22.0.0-py2.py3-none-any.whl
Shalamnik
  • 111
  • 4
  • 1
    It's work for me, thank you. -> https://stackoverflow.com/a/74243128/686105 – Chu-Siang Lai Feb 24 '23 at 09:34
  • Got an error: No local packages or working download links found for pyOpenSSL-22.0.0-py2.py3-none-any.whl error: Could not find suitable distribution for Requirement.parse('pyOpenSSL-22.0.0-py2.py3-none-any.whl') – Coder Jun 21 '23 at 00:07
  • @Coder, you need to download the pyOpenSSL....whl package from pypi.org (link above in my answer) before install it. – Shalamnik Jun 21 '23 at 08:16
  • This is what fixed the issue to me. Thank you! – Amro Younes Feb 01 '24 at 16:07
7

After upgrading cryptography to version 38.0.1, the pip command was completely broken on my Linux system, I couldn't fix it in any way. I could solve the issue only by removing the line

"CB_ISSUER_CHECK = _lib.X509_V_FLAG_CB_ISSUER_CHECK"

from the file /usr/lib/python3/dist-packages/OpenSSL/crypto.py

Hooray! After this, pip worked again and I could downgrade cryptography to a version compatible with pyOpenSSL==20.0.1:

pip uninstall cryptography

pip install --upgrade cryptography==36.0.2

Topoignaz
  • 71
  • After commenting out, i tried again and i am getting below error now.. File "/usr/lib/python3/dist-packages/OpenSSL/init.py", line 8, in from OpenSSL import crypto, SSL File "/usr/lib/python3/dist-packages/OpenSSL/crypto.py", line 3126, in _lib.OpenSSL_add_all_algorithms() AttributeError: module 'lib' has no attribute 'OpenSSL_add_all_algorithms' – xrkr Jan 05 '23 at 06:12
  • I just tried to upgrade pip by the below method and it worked ----- #python3 -m easy_install pyOpenSSL-22.0.0-py2.py3-none-any.whl – xrkr Jan 05 '23 at 06:47
5

Had the same error. Updated the pyOpenSSL package with 22.0.0 version. Working fine now.

Mayank
  • 51
3

pyOpenSSL < 22.0.0 seems to be incompatible since they did not pin the cryptography package. Since the latest cryptography package was installed in version prior 22.0.0 they simply break.

Corresponding Github issue: https://github.com/pyca/pyopenssl/issues/1143

RodrigoDela
  • 131
  • 2
2

Warning!!! if you are using pyOpenSSL==20.0.1 and find this error when building new container image. Upgrade to pyOpenSSL==22.0.0 could fix this problem, but may cause CPU load Higher. It cause for 50% qps loss for our system which is running a heavy load requests & upload system.

Finally, we rollback pyOpenSSL==22.0.0 to pyOpenSSL==20.0.1 and manually install cryptography==36.0.2 to fix the problem.

rongdong.bai
  • 121
1

Note, when I say "which is the situation we are in right now", I am referring to the fact that every release of pyOpenSSL before version 22.0.0 is incompatible with cryptography versions from 38.0.0, but pip does not know this, so can't correctly resolve the dependency issue.

https://github.com/pyca/pyopenssl/issues/1143#issuecomment-1246086105

In my case, my Ubuntu 20.04 has pyOpenSSL version 19.0.0 installed while the cryptography version is 38.0.3.

user1648110
  • 11
1

I fixed it by removing the openSSL python package directory

sudo rm -R /usr/lib/python3/dist-packages/OpenSSL

Then just install the OpenSSL library again

pip3 install pyOpenSSL --upgrade
Lionel Arucy
  • 11
0

I had same problem. When it happens i saw log like this.

Oct 26 00:59:45 d51307 certbot[4185368]:     from OpenSSL import crypto, SSL
Oct 26 00:59:45 d51307 certbot[4185368]:   File "/usr/lib/python3/dist-packages/OpenSSL/crypto.py", line 1553, in <module>
Oct 26 00:59:45 d51307 certbot[4185368]:     class X509StoreFlags(object):
Oct 26 00:59:45 d51307 certbot[4185368]:   File "/usr/lib/python3/dist-packages/OpenSSL/crypto.py", line 1573, in X509StoreFlags
Oct 26 00:59:45 d51307 certbot[4185368]:     CB_ISSUER_CHECK = _lib.X509_V_FLAG_CB_ISSUER_CHECK
Oct 26 00:59:45 d51307 certbot[4185368]: AttributeError: module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK'
Oct 26 00:59:45 d51307 systemd[1]: certbot.service: Main process exited, code=exited, status=1/FAILURE

Then i try apt remove python3-pip and apt install python3-pip and it helps me. Then i run certbot and it works

ivanbogomolov
  • 1
0

First, comment out below line in /usr/lib/python3/dist-packages/OpenSSL/crypto.py

CB_ISSUER_CHECK = _lib.X509_V_FLAG_CB_ISSUER_CHECK

Then, run below commands to update pip3 and pyopenssl

pip3 install pip --upgrade
pip3 install pyopenssl --upgrade

Last, uncomment the line in first step. You should be able to use pip3 now

Chance
  • 101
0

I managed to solve this issue by downgrading cryptography library using following command.

pip install cryptography==36.0.0

chirag sanghvi
  • 101