Openssl version not detected in current oscrypto version (pypi)

[NeffIsBack]

Hi,

first of all thank you for your work!

We are currently encountering the Error:
oscrypto.errors.LibraryNotFoundError: Error detecting the version of libcrypto
See: https://github.com/mpgn/CrackMapExec/issues/108

I saw you already fixed that in d5f3437, but as this is not released to pypi our Tool does not fully work. Would it be possible to release a bug-fix version to pypi?

[plainenough]

Having a bugfix release would be much appreciated we are seeing this issue on AWS Ubuntu AMIs after issuing system updates, I can imagine that there are a few less than happy AI developers out there struggling to work their way back to this issue.

[ddl-joyce-zhao]

We are seeing the same issue too. The OpenSSL version we are using happens to be 3.0.10. Would really appreciate it to have a new release. Thanks!

[rysson]

The same OpenSSL 3.0.10 1 Aug 2023 doesn't match to regex \b(\d\.\d\.\d[a-z]*)\b in _openssl/_libcrypto_cffi.py.
Last \d should be \d+ or at least \d\d? I guess.

[plainenough]

@wbond Any chance you can look into this issue?

[daringer]

+1 for a bugfix release v1.3.1

[A132770]

+1 for a new release, this is a dependency of snowflake-connector-python, so I imagine many folks are impacted and pinning their OpenSSL version. Thanks for your time and care, we appreciate it!

[a143416]

The same OpenSSL 3.0.10 1 Aug 2023 doesn't match to regex \b(\d\.\d\.\d[a-z]*)\b in _openssl/_libcrypto_cffi.py. Last \d should be \d+ or at least \d\d? I guess.

I manually edited the file and changed the last \d in regex to \d+ and it worked. Note that this is a temp solution. We need to upgrade the package when a new release is available.

[DustinMoriarty]

It looks like the fix is merged. When will this be released? @wbond ?

#76

[camcyr-at-brzwy]

Any update on when this will be released?

[wbond]

No, this is a free-time project for me. The commit is there, so it is certainly possible to use most Python packaging tools to grab the sha of the commit.

[connor-lough]

For those too impatient, like myself... in my pyproject.toml I added in:

[tool.poetry.dependencies]
oscrypto = { git = "https://github.com/wbond/oscrypto.git", rev = "1547f53" }

And now we're all systems go. Thanks for taking the time to create this @wbond !

[camcyr-at-brzwy]

No, this is a free-time project for me. The commit is there, so it is certainly possible to use most Python packaging tools to grab the sha of the commit.

Thanks for the quick response, and appreciate the work you put into the package @wbond !

[khalilgreenidge]

@connor-lough For projects that don't use pyproject.toml, is there a way you can do this via the requirements.txt file?

[idexxbernvaug]

@connor-lough For projects that don't use pyproject.toml, is there a way you can do this via the requirements.txt file?

This is the line I added to my requirements.txt:
git+https://github.com/wbond/oscrypto.git@d5f3437
which replaced this line:
oscrypto==1.2.1

I also had to add "git" to my Dockerfile, because I was not installing git before:
apt-get install -y git

[khalilgreenidge]

Thank you!

[vermavikrant]

We are facing the same issue. Using oscrypto==1.3.0 and snowflake-connector-python==2.8.1 .
Is it possible to still face the issue despite we have hard set the versions in the requirements.txt?

[khalilgreenidge]

@vermavikrant Yes, the problem is due to a conflict with the ocrypto library and the openssl program version 3.0.>=10 on your machine. snowflake-connector-python just happens to use the ocrypto library. The way to solve this problem is by either:

1. Change the openssl version - on your machine use another version such as 1.1.1. Run $openssl version to verify which version of openssl you are using.

Or

2. upgrading your ocrypto library - by pointing to the commit that includes the bug fix as mentioned above, until the patch is released.

[mwisconsin]

I've spent most of the day updating our internal applications that use snowflake-connector. My fixes follow along the lines of what has been suggested, above.

If you're using Docker to build your app, you can include a pip install of the ocscrypo package prior to snowflake-connector, and it'll assume the dependency has already been met:

RUN pip install git+https://github.com/wbond/oscrypto.git@1547f535001ba568b239b8797465536759c742a3

If you need to embed it into a requirements.txt file, you can add the following line:

git+https://github.com/wbond/oscrypto.git@1547f535001ba568b239b8797465536759c742a3

[vermavikrant]

If installing via setuptools.setup, then the following line should work
"oscrypto @ git+https://github.com/wbond/oscrypto.git@d5f3437"
I also had to install git into Dockerfile and Jenkinsfile, as stated above.
apt-get update && apt-get install -y git

@mwisconsin wondering why your commit hash is different? Was the fix not in d5f3437 ?

[mwisconsin]

@vermavikrant I picked the latest just in case the recent commits fixed other problems I might encounter in the upcoming weeks before a release happens.

[ArtemHU]

Installed it directly with
pip install -I git+https://github.com/wbond/oscrypto.git
I believe the version should be updated

[blitline-dev]

Snowflake which is a $50,000,000,000 company should be paying you something, since their tool requires your good graces. IMO.

[mars-lan]

Snowflake which is a $50,000,000,000 company should be paying you something, since their tool requires your good graces. IMO.

Unsurprisingly, Snowflake chose to move away from this lib instead: https://github.com/snowflakedb/snowflake-connector-python/blob/main/DESCRIPTION.md

[wbond]

Unsurprisingly, Snowflake chose to move away from this lib instead

[gwerbin-tive]

@wbond Is there anything that a willing contributor can do to facilitate/expedite publishing a patch release to PyPI?

I work for a company that is currently affected by this issue. I well am within my rights here to dedicate some work time to helping with a PyPI release that includes this bugfix.

I can't actually benefit from Snowflake dropping your project as a dependency, because I'm stuck on an older version of their library. So you can consider me a fully captive audience.

It seems like I need to do the following:

1. Commit a new entry into the the changelog describing the changes in the range c91c86..1547f5.
2. Run git tag v1.3.1 to tag a new release.
3. Run python run.py release.

I imagine I need both Git committer access in this repo, and contributor access to the oscrypto project on PyPI. Is that right?

Just let me know what I can do to help get this published.

Edit: It seems like there have been a lot of changes since v1.3.0 was published, and it would be a lot of work for a new contributor to sort through the commit history in order to document all of it. Would it be acceptable to cherry-pick just this one patch (+ some minimal subset of related commits, if necessary) into a separate branch to create the release? If so, what's your recommended process for that? I assume you're not interested in rebasing all of master to re-order the commits, since that would be highly disruptive to contributors and anyone using this downstream as a Git repo (e.g. vendored as a Git submodule). Maybe the authors of PRs #61, #63, #68, #76, and #77 (I think that's all of them!) would be willing to write their own changelog entries?

[mars-lan]

PSA: snowflake-connector-python 3.4.0 has been released: https://github.com/snowflakedb/snowflake-connector-python/releases/tag/v3.4.0.

[neonknight]

any chance for a new release so that installations from pypi will include fixes such as this?

[c0r0n3r]

As the developer of cryptolyzer (free software), which depends on oscrypto indirectly (certvalidator), I would highly appreciate it if you could release the fix for the issue.