[Bug 281848] mail/py-spf-engine

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 281848] mail/py-spf-engine: doesn't start with security/openssl32-3.2.3 installed"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 281848] mail/py-spf-engine: doesn't start with security/openssl32-3.2.3 installed"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 281848] mail/py-spf-engine: doesn't start with security/openssl3* port installed"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 281848] mail/py-spf-engine: doesn't start with security/openssl3* port installed"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 04 Oct 2024 13:12:15 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281848

            Bug ID: 281848
           Summary: mail/py-spf-engine
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: ports-bugs@FreeBSD.org
          Reporter: gessel@blackrosetech.com

mail/py311-spf-engine-3.0.4 doesn't start with security/openssl32-3.2.3 (and
likely other openssl3x variants).  Running "/usr/sbin/daemon -c
/usr/local/bin/pyspf-milter /usr/local/etc/pyspf-milter/pyspf-milter.conf" to
get stdio errors yields

...
 File
"/usr/local/lib/python3.11/site-packages/cryptography/x509/certificate_transparency.py",
line 11, in <module>
    from cryptography.hazmat.bindings._rust import x509 as rust_x509
RuntimeError: OpenSSL 3.0's legacy provider failed to load. This is a fatal
error by default, but cryptography supports running without legacy algorithms
by setting the environment variable CRYPTOGRAPHY_OPENSSL_NO_LEGACY. If you did
not expect this error, you have likely made a mistake with your OpenSSL
configuration.
....

executing "export CRYPTOGRAPHY_OPENSSL_NO_LEGACY=1" and then repeating, the
service runs and stays up.  

The following patch sets the value before each execution.  The problem appears
to be inherited from py-cryptography and also impacts certbot. Other options
would include exporting the variable from .profile until the issue is resolved
upstream.

*** /usr/local/bin/pyspf-milter     Thu Oct  3 23:10:03 2024
--- /usr/local/bin/pyspf-milter.mod Fri Oct  4 05:34:09 2024
***************
*** 1,8 ****
--- 1,10 ----
  #!/usr/local/bin/python3.11
  # -*- coding: utf-8 -*-
  import re
  import sys
+ import os
+ os.environ['CRYPTOGRAPHY_OPENSSL_NO_LEGACY'] = '1'
  from spf_engine.milter_spf import main
  if __name__ == "__main__":
      sys.argv[0] = re.sub(r"(-script\.pyw|\.exe)?$", "", sys.argv[0])
      sys.exit(main())

-- 
You are receiving this mail because:
You are the assignee for the bug.