search

nabla-c0d3 / sslyze

Fast and powerful SSL/TLS scanning library.
GNU Affero General Public License v3.0
3.25k stars 450 forks source link

Error running SSLyze 5.x on a M1 Mac #541

Closed gattjoe closed 2 years ago

gattjoe commented 2 years ago

Describe the bug Error running SSLyze 5.x on a M1 Mac

To Reproduce Steps to reproduce the behavior:

  1. Install SSLyze using 'pip install sslyze'
  2. Run the following command 'sslyze'
  3. See error below

Traceback (most recent call last): File "/Users/joe/code/sslyze5/bin/sslyze", line 5, in from sslyze.main import main File "/Users/joe/code/sslyze5/lib/python3.9/site-packages/sslyze/init.py", line 4, in from sslyze.server_setting import ( File "/Users/joe/code/sslyze5/lib/python3.9/site-packages/sslyze/server_setting.py", line 12, in from nassl.ssl_client import OpenSslFileTypeEnum, SslClient File "/Users/joe/code/sslyze5/lib/python3.9/site-packages/nassl/ssl_client.py", line 6, in from nassl import _nassl ImportError: dlopen(/Users/joe/code/sslyze5/lib/python3.9/site-packages/nassl/_nassl.cpython-39-darwin.so, 2): Symbol not found: _PEM_write_bio_X509 Referenced from: /Users/joe/code/sslyze5/lib/python3.9/site-packages/nassl/_nassl.cpython-39-darwin.so Expected in: flat namespace in /Users/joe/code/sslyze5/lib/python3.9/site-packages/nassl/_nassl.cpython-39-darwin.so

Expected behavior sslyze works

Python environment (please complete the following information):

Additional context SSLyze installed with no issues.

Successfully installed cffi-1.15.0 cryptography-35.0.0 nassl-4.0.1 pycparser-2.21 pydantic-1.8.2 sslyze-5.0.0 tls-parser-1.2.2 typing-extensions-4.0.0

Also, I happen to have an Intel Mac with Big Sur at 11.6.1 and it installed and worked flawlessly.

Keep up the great work, I love this library.

nabla-c0d3 commented 2 years ago

As a workaround you can install Python under Rosetta2 on your M1 (https://www.caktusgroup.com/blog/2021/04/02/python-django-react-development-apple-silicon/); then SSLyze will work.

Native support for M1 is not trivial: https://github.com/nabla-c0d3/nassl/issues/83

gattjoe commented 2 years ago

@nabla-c0d3 thank you for the quick response! I did see https://github.com/nabla-c0d3/nassl/issues/83 and agree that it will be tough to support. I will close this issue since its a dupe/known issue. Let me know if I can help test nassl in any way should you decide to tackle back-porting OpenSSL support for a M1.

In the short term, I'm just going to use docker containers for my development purposes instead of messing with dual installations of homebrew/python.

tokred commented 2 years ago

Don't want to reopen this closed issue, just for reference in case someone else seeks a solution on M1:

# install Rosetta translation layer, to get the 'arch' command
softwareupdate --install-rosetta --agree-to-license

# install separate x86 homebrew into /usr/local/ (the arm-native brew lives in /opt/homebrew/)
arch -x86_64 /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)"

# install sslyze using x86 homebrew, incl. its dependencies
arch -x86_64 /usr/local/bin/brew install sslyze

# for convenience, add an alias for the x86 version in .zshrc, .bashrc, etc.
alias brew_x86='arch -x86_64 /usr/local/bin/brew'

Regards

nabla-c0d3 commented 1 year ago

Native support for Apple Silicon is now available, starting with nassl 5.0.1.