pyOpenSSL

发表于 更新于 Disqus:

pyOpenSSL

  1. Cannot import pyOpenSSL

这是一次我认为并不常见的Cannot import pyOpenSSL的问题的处理

1
2
3
4
5
6
7
8
9
10
11
12
[root@NMS winrm]# python test.py 
Traceback (most recent call last):
  File "test.py", line 1, in <module>
    import winrm
  File "build/bdist.linux-x86_64/egg/winrm/__init__.py", line 6, in <module>
  File "build/bdist.linux-x86_64/egg/winrm/protocol.py", line 11, in <module>
  File "build/bdist.linux-x86_64/egg/winrm/transport.py", line 42, in <module>
  File "/usr/local/lib/python2.7/site-packages/requests_credssp/__init__.py", line 1, in <module>
    from .credssp import HttpCredSSPAuth
  File "/usr/local/lib/python2.7/site-packages/requests_credssp/credssp.py", line 8, in <module>
    raise Exception("Cannot import pyOpenSSL")
Exception: Cannot import pyOpenSSL

尝试手动执行

1
2
3
4
5
6
7
8
9
10
11
12
13
[root@NMS OpenSSL]# python /usr/local/lib/python2.7/site-packages/OpenSSL/__init__.py
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/site-packages/OpenSSL/__init__.py", line 8, in <module>
    from OpenSSL import rand, crypto, SSL
  File "/usr/local/lib/python2.7/site-packages/OpenSSL/__init__.py", line 8, in <module>
    from OpenSSL import rand, crypto, SSL
  File "/usr/local/lib/python2.7/site-packages/OpenSSL/rand.py", line 12, in <module>
    from OpenSSL._util import (
  File "/usr/local/lib/python2.7/site-packages/OpenSSL/_util.py", line 6, in <module>
    from cryptography.hazmat.bindings.openssl.binding import Binding
  File "/usr/local/lib/python2.7/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 14, in <module>
    from cryptography.hazmat.bindings._openssl import ffi, lib
ImportError: /usr/local/lib/python2.7/site-packages/cryptography/hazmat/bindings/_openssl.so: undefined symbol: EC_GROUP_new_curve_GF2m

EC_GROUP_new_curve_GF2这东西应该是openssl提供的

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
[root@NMS OpenSSL]# ldd /usr/local/lib/python2.7/site-packages/cryptography/hazmat/bindings/_openssl.so
        linux-vdso.so.1 =>  (0x00007ffe68b58000)
        libssl.so.10 => /usr/lib64/libssl.so.10 (0x00007f179b317000)
        libcrypto.so.10 => /usr/lib64/libcrypto.so.10 (0x00007f179af33000)
        libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f179ad15000)
        libc.so.6 => /lib64/libc.so.6 (0x00007f179a981000)
        libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 (0x00007f179a73d000)
        libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007f179a455000)
        libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007f179a251000)
        libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007f179a025000)
        libdl.so.2 => /lib64/libdl.so.2 (0x00007f1799e20000)
        libz.so.1 => /usr/lib64/libz.so.1 (0x00007f1799c0a000)
        /lib64/ld-linux-x86-64.so.2 (0x000000321cc00000)
        libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x00007f17999ff000)
        libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007f17997fb000)
        libresolv.so.2 => /lib64/libresolv.so.2 (0x00007f17995e1000)
        libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f17993c1000)

libcrypto.so.10 => /usr/lib64/libcrypto.so.10 (0x00007f179af33000)

1
2
[root@NMS OpenSSL]# nm /usr/lib64/libcrypto.so.10
nm: /usr/lib64/libcrypto.so.10: no symbols

问题应该出在libcrypto.so.10上,由于这系统不是我亲自一点点编译的,所以暂时不知道为什么

但重新编译openssl是少不了的

而且要注意加-fPIC shared

1
./config -fPIC shared

再nm一下

1
2
[root@NMS openssl-1.0.1e]# nm libcrypto.so | grep EC_GROUP_new_curve_GF2m 
00000000000bb960 T EC_GROUP_new_curve_GF2m

XXX: 需要注意,openssl相关的太底层,与许多基础功能相关,尤其是你SSH到这台服务器上进行操作,一不小心sshd就会跪,就再也SSH不上了,处理的时候一定要小心再小心