Python and OpenSSL error on import

Question

So I'm trying to add SSL to my web server running on my pi B+ (using cherrypy)

I made sure that OpenSSL was installed with:

sudo apt-get install openssl

Then I installed pyOpenSSL with:

sudo apt-get install python-openssl

In both cases it says:

openssl is already the newest version.
python-openssl is already the newest version.

Because I've run the command more than once. So this seems fine.

By then in python when I do:

import OpenSSL

I get errors. Specifically:

Python 2.7.3 (default, Mar 18 2014, 05:13:23) 
[GCC 4.6.3] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import OpenSSL
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/lib/python2.7/dist-packages/OpenSSL/__init__.py", line 8, in <module>
    from OpenSSL import rand, crypto, SSL 
  File "/usr/local/lib/python2.7/dist-packages/OpenSSL/rand.py", line 11, in <module>
    from OpenSSL._util import (
  File "/usr/local/lib/python2.7/dist-packages/OpenSSL/_util.py", line 3, in <module>
    from cryptography.hazmat.bindings.openssl.binding import Binding
ImportError: No module named cryptography.hazmat.bindings.openssl.binding

Do I have a compatibility issue here? Are the two latest versions incompatible with each other? Anyone seen this before?

The version info I have:

% openssl version
OpenSSL 1.0.1e 11 Feb 2013

And for python-openssl I have:

% dpkg -s python-openssl
Package: python-openssl
Status: install ok installed
Priority: optional
Section: python
Installed-Size: 532
Maintainer: Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>
Architecture: armhf
Source: pyopenssl
Version: 0.13-2+rpi1+deb7u1
Depends: python (<< 2.8), python (>= 2.6), python-support (>= 0.90.0), libc6 (>= 2.13-28), libssl1.0.0 (>= 1.0.0)
Suggests: python-openssl-doc, python-openssl-dbg
Description: Python 2 wrapper around the OpenSSL library
High-level wrapper around a subset of the OpenSSL library, includes
 .
   * SSL.Connection objects, wrapping the methods of Python's portable
     sockets
   * Callbacks written in Python
   * Extensive error-handling mechanism, mirroring OpenSSL's error
     codes
 .
A lot of the object methods do nothing more than calling a
corresponding function in the OpenSSL library.
Homepage: http://launchpad.net/pyopenssl

When using the -v flag on python I get:

>>> import OpenSSL
import OpenSSL # directory /usr/local/lib/python2.7/dist-packages/OpenSSL
# /usr/local/lib/python2.7/dist-packages/OpenSSL/__init__.pyc matches /usr/local/lib/python2.7/dist-packages/OpenSSL/__init__.py
import OpenSSL # precompiled from /usr/local/lib/python2.7/dist-packages/OpenSSL/__init__.pyc
# /usr/local/lib/python2.7/dist-packages/OpenSSL/rand.pyc matches /usr/local/lib/python2.7/dist-packages/OpenSSL/rand.py
import OpenSSL.rand # precompiled from /usr/local/lib/python2.7/dist-packages/OpenSSL/rand.pyc
# /usr/lib/python2.7/functools.pyc matches /usr/lib/python2.7/functools.py
import functools # precompiled from /usr/lib/python2.7/functools.pyc
import _functools # builtin
# /usr/local/lib/python2.7/dist-packages/six.pyc matches /usr/local/lib/python2.7/dist-packages/six.py
import six # precompiled from /usr/local/lib/python2.7/dist-packages/six.pyc
# /usr/lib/python2.7/__future__.pyc matches /usr/lib/python2.7/__future__.py
import __future__ # precompiled from /usr/lib/python2.7/__future__.pyc
import itertools # builtin
import operator # builtin
# /usr/lib/python2.7/StringIO.pyc matches /usr/lib/python2.7/StringIO.py
import StringIO # precompiled from /usr/lib/python2.7/StringIO.pyc
# /usr/local/lib/python2.7/dist-packages/OpenSSL/_util.pyc matches /usr/local/lib/python2.7/dist-packages/OpenSSL/_util.py
import OpenSSL._util # precompiled from /usr/local/lib/python2.7/dist-packages/OpenSSL/_util.pyc
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/lib/python2.7/dist-packages/OpenSSL/__init__.py", line 8, in <module>
from OpenSSL import rand, crypto, SSL
  File "/usr/local/lib/python2.7/dist-packages/OpenSSL/rand.py", line 11, in <module>
from OpenSSL._util import (
  File "/usr/local/lib/python2.7/dist-packages/OpenSSL/_util.py", line 3, in <module>
from cryptography.hazmat.bindings.openssl.binding import Binding
ImportError: No module named cryptography.hazmat.bindings.openssl.binding

Steve Robillard · Accepted Answer · 2015-08-20T21:59:51.620

8

You can satisfy the missing dependency by doing the following:

install the libffi libraries needed by cryptography

sudo pip install libffi-dev

or

sudo apt-get install libffi-dev

then install cryptography:

pip install cryptography

edited Aug 20 '15 at 21:59

answered Mar 01 '15 at 05:28

Steve Robillard

34,988
18
106
110

score 2 · Answer 2 · edited Jul 27 '16 at 15:38

2

I needed to reinstall the packages:

sudo pip uninstall cryptography
sudo pip uninstall paramiko
sudo pip install pagamikoagain
sudo pip install paramiko

then it started to work for me.

edited Jul 27 '16 at 15:38

Jacobm001

11,904
7
47
58

answered Jul 27 '16 at 08:19

user50069

21
1

score 1 · Answer 3 · edited May 23 '17 at 12:37

I just tried this on a B+ ; seems to work for me:

user@beeplus ~ $ openssl version
OpenSSL 1.0.1e 11 Feb 2013

Python 2.7.3 (default, Mar 18 2014, 05:13:23)
[GCC 4.6.3] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import OpenSSL
>>>

I didn't run an 'apt-get install openssl' though - just one for 'python-openssl'. My Python version appears to be identical to yours : what version of openssl is reported back to you ?

The stack trace you report (at least the last few lines) appears else where on the web. For instance: https://mail.python.org/pipermail/python-bugs-list/2014-March/235055.html - no response on there though :-(

Maybe try the imports that apparently cause an error, one at a time like this - these work on my system:

Python 2.7.3 (default, Mar 18 2014, 05:13:23)
[GCC 4.6.3] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> from OpenSSL import rand
>>> from OpenSSL import crypto
>>>

However I tried the other import that is mentioned last in the stack, and this DOES error when I try and directly import it:

>>> from cryptography.hazmat.bindings.openssl.binding import Binding
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
ImportError: No module named cryptography.hazmat.bindings.openssl.binding

Additionally: this StackOverflow link appears to be about the same thing (in a different context) - and has a solution which apparently worked: https://stackoverflow.com/questions/24338840/installing-package-dependencies-for-scrapy

Taking the approach from this StackOverFlow post : https://stackoverflow.com/questions/7332299/trace-python-imports

Try running python with a '-v' flag:

I get the following for comparision:

>>> import OpenSSL
import OpenSSL # directory /usr/lib/pymodules/python2.7/OpenSSL
# /usr/lib/pymodules/python2.7/OpenSSL/__init__.pyc matches /usr/lib/pymodules/python2.7/OpenSSL/__init__.py
import OpenSSL # precompiled from /usr/lib/pymodules/python2.7/OpenSSL/__init__.pyc
# /usr/lib/python2.7/plat-linux2/DLFCN.pyc matches /usr/lib/python2.7/plat-linux2/DLFCN.py
import DLFCN # precompiled from /usr/lib/python2.7/plat-linux2/DLFCN.pyc
dlopen("/usr/lib/pymodules/python2.7/OpenSSL/crypto.so", 102);
import OpenSSL.crypto # dynamically loaded from /usr/lib/pymodules/python2.7/OpenSSL/crypto.so
dlopen("/usr/lib/pymodules/python2.7/OpenSSL/rand.so", 2);
import OpenSSL.rand # dynamically loaded from /usr/lib/pymodules/python2.7/OpenSSL/rand.so
dlopen("/usr/lib/pymodules/python2.7/OpenSSL/SSL.so", 2);
import OpenSSL.SSL # dynamically loaded from /usr/lib/pymodules/python2.7/OpenSSL/SSL.so
# /usr/lib/pymodules/python2.7/OpenSSL/version.pyc matches /usr/lib/pymodules/python2.7/OpenSSL/version.py
import OpenSSL.version # precompiled from /usr/lib/pymodules/python2.7/OpenSSL/version.pyc

And here's the SHA1 of the files being refered to here:

user@beeplus /usr/lib/pymodules/python2.7/OpenSSL $ shasum *
46ef76e58b652dc3a604299a9a7af1e46f6b2d0b  crypto.so
775a319724acbfbb10bd708e35178fa72d9afcc1  __init__.py
b69a3f5e97fc540bc05eb1f25d115d2dff14327b  __init__.pyc
0c5742e81de0d00c3d135bf287aa057052a592f2  rand.so
f5c3532c6f5bef71f664b17be07e506152d7368c  SSL.so
shasum: test:
77e453b9076e9d17f0234097b737b87f08182a29  tsafe.py
aa605271b940aba6f538c0810ad616f5948eb868  tsafe.pyc
b1d283eb33e173e10703cac2140718efa88929e4  version.py
696e2c15eba578b0f305f1822a080379e4d26279  version.pyc

Maybe the *.so files are missing/wrong on your system ?

EDIT: it looks like my environment is loading from a different directory structure from yours.

Is this a 'virtual env' : https://virtualenv.pypa.io/en/latest/ ? If so, that might account for the difference ? I don't really have a good understanding of how Python manages it's libraries to be honest - you'll need a Python expert to ship in !

Additionally (to answer your comment about SHA1) - I can't remember if I had to install a particular package to get the 'shasum' tool - it's a Perl Script apparently. But anything that can generate a checksum (or even at a push just do an 'ls -l') will do I guess.

One final bit of information, in case its helps anyone narrow down the issue

$ uname -a
Linux beeplus 3.18.8+ #761 PREEMPT Fri Feb 27 15:43:30 GMT 2015 armv6l GNU/Linux

score 1 · Answer 4 · edited Apr 09 '15 at 06:38

I have just had a very similar issue on a Pi(B).

import OpenSSL was resulting in exactly the same erroneous response. Running pip list showed pyOpenSSL as v 0.14.

After exhausting all other ideas I removed pyOpenSSL using sudo pip uninstall pyOpenSSL

pip list then showed pyOpenSSL as v0.13. I did sudo pip uninstall pyOpenSSL 2 or 3 more times but pip list still shows pyOpenSSL (0.13)

Then I found that the import OpenSSL did not show an issue as before. Also initial issue I had been troubleshooting magically disappeared.

Hope this helps.

score 0 · Answer 5 · answered Feb 28 '15 at 22:32

No problem on a Pi2B.

paul /ram $ sudo apt-get install openssl
Reading package lists... Done
Building dependency tree       
Reading state information... Done
openssl is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
paul /ram $ sudo apt-get install python-openssl
Reading package lists... Done
Building dependency tree       
Reading state information... Done
python-openssl is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
paul /ram $ python
Python 2.7.3 (default, Mar 18 2014, 05:13:23) 
[GCC 4.6.3] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import OpenSSL
>>> 
paul /ram $ pydoc OpenSSL

Help on package OpenSSL:

NAME
    OpenSSL - pyOpenSSL - A simple wrapper around the OpenSSL library

FILE
    /usr/lib/pymodules/python2.7/OpenSSL/__init__.py

PACKAGE CONTENTS
    SSL
    crypto
    rand
    test (package)
    tsafe
    version

DATA
    __all__ = ['rand', 'crypto', 'SSL', 'tsafe', '__version__']
    __version__ = '0.13'

VERSION
    0.13
:

score 0 · Answer 6 · answered Jan 20 '17 at 15:29

0

This worked for me!

rm -rf /usr/local/lib/python2.7/dist-packages/fabric/fabric-home-assistant

sudo apt-get install libffi-dev libssl-dev

sudo pip install cryptography --force-reinstall

answered Jan 20 '17 at 15:29

JayB

1
1
2

Python and OpenSSL error on import

6 Answers6