maintainer-feedback requested: [Bug 273656] security/py-certbot: needs export CRYPTOGRAPHY_OPENSSL_NO_LEGACY=1 in ${LOCALBASE}/etc/periodic/weekly/500.certbot-3.9 on systems with OpenSSL 3
Date: Sat, 09 Sep 2023 15:01:11 UTC
Bugzilla Automation <bugzilla@FreeBSD.org> has asked freebsd-python (Nobody)
<python@FreeBSD.org> for maintainer-feedback:
Bug 273656: security/py-certbot: needs export CRYPTOGRAPHY_OPENSSL_NO_LEGACY=1
in ${LOCALBASE}/etc/periodic/weekly/500.certbot-3.9 on systems with OpenSSL 3
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=273656
--- Description ---
System is stable/14 as of today. OpenSSL comes from base. Installed version is
py39-certbot-2.6.0,1 built from ports.
# certbot renew --standalone
Traceback (most recent call last):
File "/usr/local/bin/certbot", line 33, in <module>
sys.exit(load_entry_point('certbot==2.6.0', 'console_scripts',
'certbot')())
File "/usr/local/bin/certbot", line 25, in importlib_load_entry_point
return next(matches).load()
File "/usr/local/lib/python3.9/importlib/metadata.py", line 86, in load
module = import_module(match.group('module'))
File "/usr/local/lib/python3.9/importlib/__init__.py", line 127, in
import_module
return _bootstrap._gcd_import(name[level:], package, level)
File "<frozen importlib._bootstrap>", line 1030, in _gcd_import
File "<frozen importlib._bootstrap>", line 1007, in _find_and_load
File "<frozen importlib._bootstrap>", line 986, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 680, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 850, in exec_module
File "<frozen importlib._bootstrap>", line 228, in _call_with_frames_removed
File "/usr/local/lib/python3.9/site-packages/certbot/main.py", line 6, in
<module>
from certbot._internal import main as internal_main
File "/usr/local/lib/python3.9/site-packages/certbot/_internal/main.py", line
21, in <module>
import josepy as jose
File "/usr/local/lib/python3.9/site-packages/josepy/__init__.py", line 40, in
<module>
from josepy.json_util import (
File "/usr/local/lib/python3.9/site-packages/josepy/json_util.py", line 14,
in <module>
from OpenSSL import crypto
File "/usr/local/lib/python3.9/site-packages/OpenSSL/__init__.py", line 8, in
<module>
from OpenSSL import SSL, crypto
File "/usr/local/lib/python3.9/site-packages/OpenSSL/SSL.py", line 9, in
<module>
from OpenSSL._util import (
File "/usr/local/lib/python3.9/site-packages/OpenSSL/_util.py", line 6, in
<module>
from cryptography.hazmat.bindings.openssl.binding import Binding
File
"/usr/local/lib/python3.9/site-packages/cryptography/hazmat/bindings/openssl/bi
nding.py",
line 167, in <module>
Binding.init_static_locks()
File
"/usr/local/lib/python3.9/site-packages/cryptography/hazmat/bindings/openssl/bi
nding.py",
line 134, in init_static_locks
cls._ensure_ffi_initialized()
File
"/usr/local/lib/python3.9/site-packages/cryptography/hazmat/bindings/openssl/bi
nding.py",
line 123, in _ensure_ffi_initialized
_legacy_provider_error(cls._legacy_provider_loaded)
File
"/usr/local/lib/python3.9/site-packages/cryptography/hazmat/bindings/openssl/bi
nding.py",
line 43, in _legacy_provider_error
raise RuntimeError(
RuntimeError: OpenSSL 3.0's legacy provider failed to load. This is a fatal
error by default, but cryptography supports running without legacy algorithms
by setting the environment variable CRYPTOGRAPHY_OPENSSL_NO_LEGACY. If you did
not expect this error, you have likely made a mistake with your OpenSSL
configuration.