You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A simple 'import' test of py3-cryptography will fail with a stacktrace shown below.
# apk list --installed py3-cryptography
py3-cryptography-42.0.8-r0 x86_64 {py3-cryptography} (Apache-2.0 OR BSD-3-Clause) [installed]
# python3 -c 'from cryptography.hazmat.primitives.asymmetric.ec import EllipticCurve'
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "/usr/lib/python3.12/site-packages/cryptography/hazmat/primitives/asymmetric/ec.py", line 11, in <module>
from cryptography.hazmat._oid import ObjectIdentifier
File "/usr/lib/python3.12/site-packages/cryptography/hazmat/_oid.py", line 7, in <module>
from cryptography.hazmat.bindings._rust import (
RuntimeError: OpenSSL 3.0's legacy provider failed to load.
This is a fatal error by default, but cryptography supports running without
legacy algorithms by setting the environment variable
CRYPTOGRAPHY_OPENSSL_NO_LEGACY. If you did not expect this error, you have
likely made a mistake with your OpenSSL configuration.
ok, bad. imho we shouldn't require legacy cryptography out of the box or use it by default.
and i hate need for environment variable to be secure, i'd rather that be automatic (try, but don't fail, upon missing legacy provider). Or we need to add py3-cryptography dependency on openssl-provider-legacy. Or we need to build it differently / patch it / contact upstream.
i think for now, we should add runtime dep on openssl-provider-legacy as otherwise this is like a hidden pit-fall / trap for now.
The text was updated successfully, but these errors were encountered:
smoser
changed the title
py3-cryptography does not indicate dependency on openssl-provider-legacy or needs CRYPTOGRAPHY_OPENSSL_NO_LEGACYpy3-cryptography does not indicate dependency on openssl-provider-legacy or needs CRYPTOGRAPHY_OPENSSL_NO_LEGACYJul 11, 2024
A simple 'import' test of
py3-cryptography
will fail with a stacktrace shown below.In discussions, @xnox says:
The text was updated successfully, but these errors were encountered: