Opened 5 months ago

Last modified 4 months ago

#9121 defect new

Twisted 17.1.0 tls fails on python 2.7.5 due missing OP_NO_TLSv1_1

Reported by: Andrej Rode Owned by:
Priority: normal Milestone:
Component: core Keywords:
Cc: Branch:
Author:

Description

I'm trying to run a twisted application on a CentOS7 container with necessary deps installed.

All deps are istalled from the official CentOS7 repo

  • OpenSSL version: 1.0.1e
  • Python version: 2.7.5

If I downgrade to Twisted 16.0.0 everything works fine.

[buildbot@86134cdfec09 buildbot]$ twistd -ny buildbot.tac 
Unhandled Error
Traceback (most recent call last):
  File "/usr/lib64/python2.7/site-packages/twisted/application/app.py", line 662, in run
    runApp(config)
  File "/usr/lib64/python2.7/site-packages/twisted/scripts/twistd.py", line 25, in runApp
    _SomeApplicationRunner(config).run()
  File "/usr/lib64/python2.7/site-packages/twisted/application/app.py", line 380, in run
    self.application = self.createOrGetApplication()
  File "/usr/lib64/python2.7/site-packages/twisted/application/app.py", line 445, in createOrGetApplication
    application = getApplication(self.config, passphrase)
--- <exception caught here> ---
  File "/usr/lib64/python2.7/site-packages/twisted/application/app.py", line 456, in getApplication
    application = service.loadApplication(filename, style, passphrase)
  File "/usr/lib64/python2.7/site-packages/twisted/application/service.py", line 413, in loadApplication
    passphrase)
  File "/usr/lib64/python2.7/site-packages/twisted/persisted/sob.py", line 223, in loadValueFromFile
    eval(codeObj, d, d)
  File "buildbot.tac", line 9, in <module>
    from buildbot_worker.bot import Worker
  File "/usr/lib/python2.7/site-packages/buildbot_worker/bot.py", line 19, in <module>
    from buildbot_worker.null import LocalWorker
  File "/usr/lib/python2.7/site-packages/buildbot_worker/null.py", line 21, in <module>
    from buildbot_worker.base import WorkerBase
  File "/usr/lib/python2.7/site-packages/buildbot_worker/base.py", line 26, in <module>
    from twisted.internet import reactor
  File "/usr/lib64/python2.7/site-packages/twisted/internet/reactor.py", line 38, in <module>
    from twisted.internet import default
  File "/usr/lib64/python2.7/site-packages/twisted/internet/default.py", line 56, in <module>
    install = _getInstallFunction(platform)
  File "/usr/lib64/python2.7/site-packages/twisted/internet/default.py", line 44, in _getInstallFunction
    from twisted.internet.epollreactor import install
  File "/usr/lib64/python2.7/site-packages/twisted/internet/epollreactor.py", line 24, in <module>
    from twisted.internet import posixbase
  File "/usr/lib64/python2.7/site-packages/twisted/internet/posixbase.py", line 18, in <module>
    from twisted.internet import error, udp, tcp
  File "/usr/lib64/python2.7/site-packages/twisted/internet/tcp.py", line 28, in <module>
    from twisted.internet._newtls import (
  File "/usr/lib64/python2.7/site-packages/twisted/internet/_newtls.py", line 21, in <module>
    from twisted.protocols.tls import TLSMemoryBIOFactory, TLSMemoryBIOProtocol
  File "/usr/lib64/python2.7/site-packages/twisted/protocols/tls.py", line 63, in <module>
    from twisted.internet._sslverify import _setAcceptableProtocols
  File "/usr/lib64/python2.7/site-packages/twisted/internet/_sslverify.py", line 38, in <module>
    TLSVersion.TLSv1_1: SSL.OP_NO_TLSv1_1,
exceptions.AttributeError: 'module' object has no attribute 'OP_NO_TLSv1_1'


Failed to load application: 'module' object has no attribute 'OP_NO_TLSv1_1'

Change History (6)

comment:1 Changed 5 months ago by Jean-Paul Calderone

It's more likely this has to do with the version of OpenSSL or pyOpenSSL rather than the version of Python. It's pyOpenSSL that exports this constant (from OpenSSL, via cryptography) for Twisted.

comment:2 Changed 5 months ago by Jean-Paul Calderone

#9123 was a duplicate of this.

comment:4 Changed 4 months ago by Jean-Paul Calderone

Type: defectrelease blocker: regression

comment:5 Changed 4 months ago by Jean-Paul Calderone

Milestone: 17.1.1

comment:6 Changed 4 months ago by Glyph

Milestone: 17.1.1
Type: release blocker: regressiondefect

This should definitely be addressed in some way, but it doesn't rise to the level of a spot-fix regression; the error only occurs on unsupported versions of pyOpenSSL. See discussion on #9115 for more information.

In the meanwhile, pip install twisted[tls] will fix the problem for you, by telling pip that not only do you need Twisted installed, you need the bits of Twisted that can do TLS installed, which includes a recent-enough version of pyOpenSSL.

Note: See TracTickets for help on using tickets.