pyOpenSSL 17.3.0 break acme

buchdag commented 7 years ago

nduchon@vps:~/git/simp_le$ docker run -it --rm zenhack/simp_le:local --test
Traceback (most recent call last):
  File "/usr/lib/python3.6/site-packages/simp_le.py", line 1486, in main
    return main_with_exceptions(cli_args)
  File "/usr/lib/python3.6/site-packages/simp_le.py", line 1443, in main_with_exceptions
    return test(args)
  File "/usr/lib/python3.6/site-packages/simp_le.py", line 1180, in test
    TestLoader().load_tests_from_subclass(UnitTestCase),
  File "/usr/lib/python3.6/site-packages/simp_le.py", line 1165, in load_tests_from_subclass
    for attr in dir(module)
  File "/usr/lib/python3.6/site-packages/simp_le.py", line 1167, in <listcomp>
    issubclass(getattr(module, attr), subcls)])
  File "/usr/lib/python3.6/unittest/loader.py", line 92, in loadTestsFromTestCase
    loaded_suite = self.suiteClass(map(testCaseClass, testCaseNames))
  File "/usr/lib/python3.6/unittest/suite.py", line 24, in __init__
    self.addTests(tests)
  File "/usr/lib/python3.6/unittest/suite.py", line 57, in addTests
    for test in tests:
  File "/usr/lib/python3.6/site-packages/simp_le.py", line 631, in __init__
    cert=jose.ComparableX509(crypto_util.gen_ss_cert(raw_key, ['a'])),
  File "/usr/lib/python3.6/site-packages/acme/crypto_util.py", line 246, in gen_ss_cert
    cert.set_serial_number(int(binascii.hexlify(OpenSSL.rand.bytes(16)), 16))
AttributeError: module 'OpenSSL' has no attribute 'rand'

Removed the deprecated OpenSSL.rand module. This is being done ahead of our normal deprecation schedule due to its lack of use and the fact that it was becoming a maintenance burden. os.urandom() should be used instead. #675

https://pypi.python.org/pypi/pyOpenSSL

I don't know if it is breaking anything else, I'll test asap.

edit: in fact it breaks parts of acme / certbot

zenhack commented 7 years ago

Yeah, the stack trace indicates that acme is making the offending call. My inclination is just to wait for acme to release that fix; this doesn't look like it's our bug.

buchdag commented 7 years ago

The patch is included in the 0.19.0 milestone, which is due in about two weeks.

Should we just wait or install pyOpenSSL<17.3.0 / pyOpenSSL==17.2.0 in the interval ?

zenhack commented 7 years ago

I just pushed a patch that adds a version bound, seems to have fixed the CI. I'm going to tag a release in the next couple days, was waiting for PRs to land and now that they have...

Quoting Nicolas Duchon (2017-09-18 05:47:03)

The patch is included in the 0.19.0 milestone, which is due in about two weeks.

Should we just wait or install pyOpenSSL<17.3.0 in the interval ?

-- You are receiving this because you commented. Reply to this email directly, [1]view it on GitHub, or [2]mute the thread.

Verweise

https://github.com/zenhack/simp_le/issues/70#issuecomment-330172977

https://github.com/notifications/unsubscribe-auth/AA18PsGjBpgX10IJwhFCCahYtj41HZctks5sjjwXgaJpZM4PanHJ

buchdag commented 7 years ago

Fixed by #72

zenhack / simp_le

pyOpenSSL 17.3.0 break acme #70