Closed barronh closed 11 months ago
Confirm that the issue can be handled on the user side following the stackoverflow link that Barron provided.
Summary of what I did as example:
Create a new conda environment specifically for pyrsig application: $conda env create --name PYRSIG (take note of the environment location)
Activate the env: $conda activate PYRSIG
Install jupyter notebook (this will install dependent packages and give us the
Remove or backup the
openssl_conf = openssl_init
[openssl_init] ssl_conf = ssl_sect
[ssl_sect] system_default = system_default_sect
[system_default_sect] Options = UnsafeLegacyRenegotiation #######
Thanks @boylothoi !
The commands bellow will create a local config (in the present working directory) and adds an environmental variable to use the local file instead of the system version.
printf "openssl_conf = openssl_init\n\n[openssl_init]\nssl_conf = ssl_sect\n\n[ssl_sect]\nsystem_default = system_default_sect\n\n[system_default_sect]\nOptions = UnsafeLegacyRenegotiation\n" > openssl.cnf
export OPENSSL_CONF=${PWD}/openssl.cnf
You can add the environmental variable to your .bashrc to make it persist. To do that, you’d likely want the file in your home folder and the environmental variable would point to it there.
In csh, that would be
printf "openssl_conf = openssl_init\n\n[openssl_init]\nssl_conf = ssl_sect\n\n[ssl_sect]\nsystem_default = system_default_sect\n\n[system_default_sect]\nOptions = UnsafeLegacyRenegotiation\n" > openssl.cnf
setenv OPENSSL_CONF ${PWD}/openssl.cnf
On Google Colab, they have updated so that the OpenSSL now reports the same error. While I don't love it as a long-term solution, it can be solved by:
cnfstr = open('/etc/ssl/openssl.cnf').read().strip()
if not cnfstr.endswith('Options = UnsafeLegacyRenegotiation'):
cnfstr = cnfstr + '\nOptions = UnsafeLegacyRenegotiation\n'
open('/etc/ssl/openssl.cnf', 'w').write(cnfstr)
print('You must restart')
else:
print('Good configuration')
I am closing this issue because I have added native support for openssl v3.
Testing fails on github actions because the defaults of OpenSSL has changed.
This appears to be a known issue that is specific to certain government servers.
Unclear right now if this should be addressed in
pyrsig
or if it should be handled by configuring the users machine. as described on stackoverflow