-
Notifications
You must be signed in to change notification settings - Fork 81
Upgrade SSL
SickGear Wiki: Home | Reporting Issues | Frequently Answered Questions | Install Guides
The following documentation was relevant in 2017, but the security landscape has changed a lot since. In 2019, OpenSSL on most setups is fine, therefore, the following is left here for history. To be clear, you can ignore everything below.
Some users experience SSL connection errors that contain the following text:
error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error...
- Your installed OpenSSL version is less than 1.0.1
To check version numbers, on the command line run...
python -c "import ssl;import OpenSSL;print ssl.OPENSSL_VERSION;print 'pyOpenSSL ' + OpenSSL.__version__"
Ideally, you want to see something equal or better than ...
OpenSSL 1.0.2a 19 Mar 2015
pyOpenSSL 0.15.1
Or, for example on ubuntu 14.04 LTS
~$ dpkg -p openssl | grep Version
$ openssl version
to yield something better than,
Version: 1.0.1f-1ubuntu2.17
OpenSSL 1.0.1f 6 Jan 2014
Hopefully, one of the following solutions will work for you, otherwise it's search engine time. Architecture and system dependant files are fulfilled by the following solutions...
Prerequisites: For our needs, verson 2.7.9 is bundled with OpenSSL version 1.0.1j, so download Python 2.7.9 or newer.
Skip to fresh installation* if Python is not installed. Otherwise, create a fresh base to install into by listing existing python modules for future reference and taking a backup... that is, exit anything that uses the existing Python installation, then at a command prompt, type...
md c:\py27inf && cd c:\py27inf-
pip list >piplist.txt && type piplist.txtsaving list of existing python modules1 -
move c:\python27 c:\python27_origcreating space for the new install
fresh installation*
- With all options enabled, install Python
- Verify the base Python installation, open a new command prompt and type...
-
python -Vto verify that Python 2.7.9 is output -
pip listto see current installed modules
-
A fresh install will typically list...
pip (1.5.6)
pypm (1.4.3)
pythonselect (1.3)
pywin32 (218.3)
setuptools (5.2)
virtualenv (1.11.6)
wsgiref (0.1.2)
- Install then verify some modules2...
pip install --upgrade pyopenssleasy_install ndg-httpsclienteasy_install cheetahpip list
With the added modules, expect a list similar to the following...
cffi (1.0.1) (as of 31.Jul.2015, version 1.1.2)
cheetah (3.0.0)
cryptography (0.9) (as of 31.Jul.2015, version 0.9.3)
enum34 (1.0.4)
idna (2.0)
ipaddress (1.0.7) (as of 31.Jul.2015, version 1.0.14)
markdown (2.6.2)
ndg-httpsclient (0.4.0)
pip (1.5.6) (as of 31.Jul.2015, version 7.1.0)
pyasn1 (0.1.7) (as of 31.Jul.2015, version 0.1.8)
pycparser (2.13) (as of 31.Jul.2015, version 2.14)
pyOpenSSL (0.15.1)
pypm (1.4.3)
pythonselect (1.3)
pywin32 (218.3)
setuptools (16.0) (as of 31.Jul.2015, version 18.0.1)
six (1.9.0)
virtualenv (1.11.6) (as of 31.Jul.2015, version 13.1.0)
wsgiref (0.1.2)
That's all there is to it. You are now using Python 2.7.9 with no more SSL errors. You can reference the piplist.txt1 file to re-install2 any required modules into this new install.
Check you have OpenSSL 1.0.1 with # openssl version and upgrade if required.
Choose one of the following solutions... 1 Downgrade pyOpenSSL, 2 install missing modules, 3 upgrade or 4 install fresh Python.
# sudo apt-get install --reinstall build-essential python-pip python-dev libssl-dev libffi-dev
# sudo pip2.7 install -U setuptools pip pyasn1 ndg-httpsclient pyopenssl==0.13.1
The following should build and install all packages needed to use pyOpenSSL:
# sudo apt-get install build-essential python-pip python-dev libffi-dev libssl-dev
# wget https://bitbucket.org/pypa/setuptools/raw/bootstrap/ez_setup.py -O - | sudo python2
# sudo pip install -U cryptography ndg-httpsclient pyopenssl
Pyenv is a tool to install and manage side by side python installations. It's generally used for development, but can be used for production environments as well.
Installing pyenv is simple, we can use the installer. The installer installs pyenv to ~/.pyenv along with tools to build various python versions.
# curl -L https://raw.githubusercontent.com/yyuu/pyenv-installer/master/bin/pyenv-installer | bash
Follow the instructions given by the installer on how to enable the pyenv command.
You will also need the common build tools for python environments, more details here
Install a python environment by running: # pyenv install 3.9.13
After that you can select a python version to run by going to the sickgear installation directory and running
# pyenv local 3.9.13
# pip install -r requirements.txt
The latter command is used to install all the dependencies. Since pyenv installs a separate installation of python, your system modules are unavailable inside the pyenv python installation.
If you wish to run sickgear as a daemon, you need to set the python binary to point to the python shim, and it will automatically pick the right python to run (based on the local selection).
The shim path is in the .pyenv directory, e.g: /home/sickgear/.pyenv/shims/python
- The wget line is for distros that do not have setuptools available
- If you have problems with the wget command, try the following instead:
# curl http://bitbucket.org/pypa/setuptools/raw/bootstrap/ez_setup.py -O -L
# sudo python2 ez_setup.py
-
urllib3does not run usingpyopensslunlessndg-httpsclient,pyasn1, andpyopensslmodules are installed, it does run with the standardsslbuilt into python
With Ubuntu 14.04 to get Python 3.9.13 PPA
sudo add-apt-repository ppa:fkrull/deadsnakes-python2.7
sudo apt-get update
sudo apt-get install python2.7
# curl https://bootstrap.pypa.io/get-pip.py -L -k | python2.7
# ipkg install openssl-dev
# pip2.7 install -U setuptools pip pyopenssl==0.13.1
- Further reading: https://github.com/pyca/pyopenssl/issues/157
Apart from the Windows (JD) and "Installing a fresh python" sections (ressu), this document is adapted from original text by D Gibson.