Python referencing old SSL version
I have a Dropbox upload script on an old nas box I have, recently I've been getting the following error
SSL certificate error: [Errno 1] _ssl.c:504: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm
I think this is due to openssl being out of date on the box
So I download openssl, built it from source and installed it, now when I run the following it appears to be updated correctly.
openssl version
OpenSSL 1.0.1h 5 Jun 2014
But it would appear Python is still referencing an old version, how would I update this?
python -c "import ssl; print ssl.OPENSSL_VERSION"
OpenSSL 0.9.7m 23 Feb 2007
Solution 1:
Got this working after several days. MAC OS X El Captian or greater
sudo rm -rf /Library/Frameworks/Python.framework/Versions/2.7
sudo rm -rf "/Applications/Python 2.7"
cd /usr/local/bin/
ls -l /usr/local/bin | grep '../Library/Frameworks/Python.framework/Versions/2.7' | awk '{print $9}' | tr -d @ | xargs rm
brew uninstall python
brew uninstall openssl
brew link --force openssl
Now install python and openssl again using brew.
brew install openssl
brew install python --with-brewed-openssl
Add the following to the PATH in ~/.bash_profile on your MAC
vi ~/.bash_profile
export PATH=/usr/local/opt/openssl/bin:/usr/local/opt/python/libexec/bin:$PATH
restart the terminal
python --version (verify if it is picking up the right version)
openssl version -a (verify if it is picking up the right version)
python -c "import ssl; print ssl.OPENSSL_VERSION"
(note: if you installed Python3, you'll have to update the print
syntax in the inline compiler step)
python -c "import ssl; print(ssl.OPENSSL_VERSION)"
should give you the latest version OPEN SSL version
Solution 2:
2018 on MacOS
I tried with the other answers without success:
- The
--with-brewed-openssl
option givesWarning: python: this formula has no --with-brewed-openssl option so it will be ignored!
- and the command
brew link openssl --force
givesWarning: Refusing to link: openssl
I got it working with
brew install openssl
brew install python@2
Then
openssl version
and
python -c "import ssl; print ssl.OPENSSL_VERSION"
gave me the same OpenSSL version.
Solution 3:
Please refer to http://rkulla.blogspot.kr/2014/03/the-path-to-homebrew.html.
I got the same issue like you, and so I have searched several answers but it didn't help me.
- Updating openssl in python 2.7
- Update OpenSSL on OS X with Homebrew
- https://apple.stackexchange.com/questions/126830/how-to-upgrade-openssl-in-os-x
After upgrading openssl to 1.0.1j by homebrew on MAC, but system python still referred to old version 0.9.8. It turned out the python referred to openssl. So I have installed new python with brewed openssl and finished this issue on Mac, not yet Ubuntu.
On Mac OS X version 10.10 and system python version 2.7.6, my procedure is as follows.
-
$ brew update
-
$ brew install openssl.
Then you can see openssl version 1.0.1j. -
$ brew link openssl --force
-
$ brew install python --with-brewed-openssl.
You have to install new python with brewed openssl. Then, you can see /usr/local/Cellar/python/2.7.8_2/bin/python. -
$ sudo ln -s /usr/local/Cellar/python/2.7.8_2/bin/python /usr/local/bin/python.
Of course, /usr/local/* should be owned by $USER, not root, which is told by Ryan, but I used 'sudo'. And, before this instruction, I didn't have /usr/local/bin/python. After this instruction, you can use python version 2.7.8 not 2.7.6.
Finally, you can see as belows;
$ python --version
Python 2.7.8
$ python -c "import ssl; print ssl.OPENSSL_VERSION"
OpenSSL 1.0.1j 15 Oct 2014
Till now, I'm working on it on Ubuntu 12.04. If I have a solution for Ubuntu 12.04, then I will update my answer. I hope this procedure help you.
Solution 4:
I found I had to change the PATH to use the system (upgraded) SSL:
$ pip install --editable .
Obtaining file:///Users/jhlynch/Projects/flaskr
Collecting flask (from flaskr==0.0.0)
Could not fetch URL https://pypi.python.org/simple/flask/: There was a problem confirming the ssl certificate: [SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version (_ssl.c:661) - skipping
Could not find a version that satisfies the requirement flask (from flaskr==0.0.0) (from versions: )
No matching distribution found for flask (from flaskr==0.0.0)
$ python -c "import ssl; print(ssl.OPENSSL_VERSION)"
OpenSSL 0.9.8zh 14 Jan 2016 <<< note older version
$ echo $PATH
/Library/Frameworks/Python.framework/Versions/2.7/bin:/Library/Frameworks/Python.framework/Versions/3.6/bin:/Users/jhlynch/.nix-profile/bin:/Users/jhlynch/.nix-profile/sbin:/Users/jhlynch/.nix-profile/lib/kde4/libexec:/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/nix/var/nix/profiles/default/lib/kde4/libexec:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
$ PATH="/usr/local/bin:/usr/local/sbin:${PATH}"
$ export PATH
$ python -c "import ssl; print(ssl.OPENSSL_VERSION)"
OpenSSL 1.0.2o 27 Mar 2018 <<< note newer version
$ pip install --editable .
Obtaining file:///Users/jhlynch/Projects/flaskr
Collecting flask (from flaskr==0.0.0)
Downloading https://files.pythonhosted.org/packages/77/32/e3597cb19ffffe724ad4bf0beca4153419918e7fa4ba6a34b04ee4da3371/Flask-0.12.2-py2.py3-none-any.whl (83kB)
... <<< works this time!