# Python OpenSSL versioning issue



## jbo (Nov 11, 2016)

Hello folks,
I'm trying to run security/py-certbot on a FreeBSD 10.3 stable jail. When I try to launch it I get the following messages:

```
root@nope:~ # certbot
Traceback (most recent call last):
  File "/usr/local/bin/certbot", line 11, in <module>
    load_entry_point('certbot==0.9.3', 'console_scripts', 'certbot')()
  File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 567, in load_entry_point
    return get_distribution(dist).load_entry_point(group, name)
  File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2604, in load_entry_point
    return ep.load()
  File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2264, in load
    return self.resolve()
  File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2270, in resolve
    module = __import__(self.module_name, fromlist=['__name__'], level=0)
  File "/usr/local/lib/python2.7/site-packages/certbot/main.py", line 14, in <module>
    from acme import jose
  File "/usr/local/lib/python2.7/site-packages/acme/jose/__init__.py", line 37, in <module>
    from acme.jose.interfaces import JSONDeSerializable
  File "/usr/local/lib/python2.7/site-packages/acme/jose/interfaces.py", line 9, in <module>
    from acme.jose import util
  File "/usr/local/lib/python2.7/site-packages/acme/jose/util.py", line 5, in <module>
    import OpenSSL
  File "/usr/local/lib/python2.7/site-packages/OpenSSL/__init__.py", line 8, in <module>
    from OpenSSL import rand, crypto, SSL
  File "/usr/local/lib/python2.7/site-packages/OpenSSL/rand.py", line 12, in <module>
    from OpenSSL._util import (
  File "/usr/local/lib/python2.7/site-packages/OpenSSL/_util.py", line 6, in <module>
    from cryptography.hazmat.bindings.openssl.binding import Binding
  File "/usr/local/lib/python2.7/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 250, in <module>
    _verify_openssl_version(Binding.lib.SSLeay())
  File "/usr/local/lib/python2.7/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 230, in _verify_openssl_version
    "You are linking against OpenSSL 0.9.8, which is no longer "
RuntimeError: You are linking against OpenSSL 0.9.8, which is no longer support by the OpenSSL project. You need to upgrade to a newer version of OpenSSL.
```
However, running `pkg info` I can see that I am running OpenSSL version 1.0.2j_1,1:

```
root@nope:~ # pkg info openssl
openssl-1.0.2j_1,1
Name           : openssl
Version        : 1.0.2j_1,1
Installed on   : Fri Nov 11 20:13:52 2016 CET
Origin         : security/openssl
Architecture   : freebsd:9:x86:64
Prefix         : /usr/local
Categories     : security devel
Licenses       : OpenSSL
Maintainer     : brnrd@FreeBSD.org
WWW            : http://www.openssl.org/
Comment        : SSL and crypto library
```
I'm a bit lost here - apparently python is accessing a different version of OpenSSL from somewhere.
I'd be thankful for any kind of guidance, tips & help in general to resolve this issue.


----------



## kpa (Nov 11, 2016)

Your set up is strictly speaking an unsupported one. Your host is FreeBSD 9.X (9.3?) and the jail is newer 10.3. If you build packages for 9.X with the default settings on the host they will be linked against the 0.9.8 version of OpenSSL and if you try to run those binaries inside the 10.3 jail they won't work because the 0.9.8 OpenSSL libraries are no longer in the 10.3 base system.

Upgrade the host to at least 10.3.


----------



## jbo (Nov 11, 2016)

Thank you for your reply.

My host is on 10.3. It's a FreeNAS machine:

```
[root@silo ~]# uname -a                                                                                                           
FreeBSD silo.local 10.3-STABLE FreeBSD 10.3-STABLE #0 455d13d(9.10-STABLE): Sun Jun 26 22:47:03 PDT 2016     root@build.ixsystems.co
m:/tank/home/nightlies/build-freenas9/_BE/objs/tank/home/nightlies/build-freenas9/_BE/trueos/sys/FreeNAS.amd64  amd64
```
Note that FreeNAS 9.10 actually "uses" FreeBSD 10.3.

The jail:

```
root@gogs_1:~ # uname -a
FreeBSD gogs_1 10.3-STABLE FreeBSD 10.3-STABLE #0 455d13d(9.10-STABLE): Sun Jun 26 22:47:03 PDT 2016     root@build.ixsystems.com:/tank/home/nightlies/build-freenas9/_BE/objs/tank/home/nightlies/build-freenas9/_BE/trueos/sys/FreeNAS.amd64  amd64
```


----------



## kpa (Nov 11, 2016)

Your security/openssl package is for the wrong version of FreeBSD:


```
...
freebsd:9:x86:64
...
```

No idea how you've been able to use that but I'm not familiar with FreeNAS.


----------

