Closed gygabyte017 closed 1 year ago
What version of openssl are you using ? Unfortunately, the python-swat client does not support openssl 3 at this time.
If you have an earlier version of openssl, such as openssl 1.1.1, installed you can try something similar to the following, pointing to the correct location for your system, to tell python-swat to use the openssl 1.1.1 libraries instead:
import os os.environ['TKESSL_OPENSSL_LIB'] = "/usr/lib/x86_64-linux-gnu/libssl.so.1.1" os.environ['TKECERT_CRYPTO_LIB'] = "/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1"
Thank you, I solved manually setting that environment variables you mentioned in the Dockerfile:
# Force using old openssl package due to swat compatibility
RUN apt-get update && apt-get install -y zstd && rm -rf /var/lib/apt/lists/*
RUN wget https://archlinux.org/packages/core/x86_64/openssl-1.1/download/ -O openssl-1.1-1.1.1.s-4-x86_64.pkg.tar.zst
RUN tar --use-compress-program=unzstd -xvf openssl-1.1-1.1.1.s-4-x86_64.pkg.tar.zst
RUN cp usr/lib/libcrypto.so.1.1 /usr/lib/x86_64-linux-gnu/
RUN cp usr/lib/libssl.so.1.1 /usr/lib/x86_64-linux-gnu/
ENV TKECERT_CRYPTO_LIB=/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
ENV TKESSL_OPENSSL_LIB=/usr/lib/x86_64-linux-gnu/libssl.so.1.1
The workaround described above was working, but stopped working when I rebuilt the container. https://archlinux.org/packages/core/x86_64/openssl-1.1/download/ downloads the latest patch version, which appears is a breaking change to what SWAT needs.
I got around it by using an ubuntu archive:
RUN wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2.20_amd64.deb && \ dpkg -i libssl1.1_1.1.1f-1ubuntu2.20_amd64.deb && \ rm libssl1.1_1.1.1f-1ubuntu2.20_amd64.deb
ENV TKESSL_OPENSSL_LIB=/usr/lib/x86_64-linux-gnu/libssl.so.1.1
My container already had libcrypto.so.1.1.
Ideally swat should be compatible the latest libssl so we don't need this work around
Hi, same as #106 is happening again in k8s environment: