Closed azhuzhu closed 7 years ago
This means something in your software that is called before pyOpenSSL tries to initialize is not properly clearly its error stack. cryptography can't reliably determine whether OpenSSL is in a safe state if the error stack isn't empty. It's possible this is mod_ssl itself -- the error indicates something tried (and failed) to load a PEM formatted cert or key.
The "right" fix is to find the spot where the PEM load is being called and then the error stack is not being cleared, but it may be worth adding these specific errors to a list of allowable errors since they are safe to ignore.
@azhuzhu https://bugzilla.redhat.com/show_bug.cgi?id=1402235 tracks the issue for Fedora.
when open the page on browser, error occurs in httpd
dependencies: mod_ssl-2.4.23-4.fc24.x86_64 openssl-1.0.2j-1.fc24.x86_64 pyOpenSSL-16.0.0-1.fc24.noarch python2-cryptography-1.5.3-3.fc24.x86_64
Referring to https://github.com/pyca/cryptography/issues/2699, after changing the code in "/usr/lib64/python2.7/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 140 from _openssl_assert(cls.lib, cls.lib.ERR_peek_error() == 0) to cls.lib.ERR_clear_error(), it's back to normal.
Is that a bug or something wrong with fc24 package?
Thanks