Bug 273508 - dns/py-dnspython: RuntimeError: OpenSSL 3.0's legacy provider failed to load.
Summary: dns/py-dnspython: RuntimeError: OpenSSL 3.0's legacy provider failed to load.
Status: Closed Overcome By Events
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: amd64 Any
: --- Affects Some People
Assignee: Muhammad Moinur Rahman
URL:
Keywords:
Depends on: 254853
Blocks:
  Show dependency treegraph
 
Reported: 2023-09-02 04:27 UTC by Dan Kotowski
Modified: 2023-09-28 18:58 UTC (History)
4 users (show)

See Also:
bugzilla: maintainer-feedback? (bofh)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Dan Kotowski 2023-09-02 04:27:30 UTC 
Something about the OpenSSL 3.0 upgrade and this is causing downstream fallout (see 273146)

$ pkg query "%o %v" | grep dnspython
dns/py-dnspython 2.4.2,1

$ python3 -c "import dns.resolver" && echo ok
Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "/usr/local/lib/python3.9/site-packages/dns/resolver.py", line 30, in <module>
    import dns._ddr
  File "/usr/local/lib/python3.9/site-packages/dns/_ddr.py", line 12, in <module>
    import dns.nameserver
  File "/usr/local/lib/python3.9/site-packages/dns/nameserver.py", line 5, in <module>
    import dns.asyncquery
  File "/usr/local/lib/python3.9/site-packages/dns/asyncquery.py", line 32, in <module>
    import dns.quic
  File "/usr/local/lib/python3.9/site-packages/dns/quic/__init__.py", line 4, in <module>
    import aioquic.quic.configuration  # type: ignore
  File "/usr/local/lib/python3.9/site-packages/aioquic/quic/configuration.py", line 6, in <module>
    from ..tls import (
  File "/usr/local/lib/python3.9/site-packages/aioquic/tls.py", line 40, in <module>
    from OpenSSL import crypto
  File "/usr/local/lib/python3.9/site-packages/OpenSSL/__init__.py", line 8, in <module>
    from OpenSSL import SSL, crypto
  File "/usr/local/lib/python3.9/site-packages/OpenSSL/SSL.py", line 9, in <module>
    from OpenSSL._util import (
  File "/usr/local/lib/python3.9/site-packages/OpenSSL/_util.py", line 6, in <module>
    from cryptography.hazmat.bindings.openssl.binding import Binding
  File "/usr/local/lib/python3.9/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 167, in <module>
    Binding.init_static_locks()
  File "/usr/local/lib/python3.9/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 134, in init_static_locks
    cls._ensure_ffi_initialized()
  File "/usr/local/lib/python3.9/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 123, in _ensure_ffi_initialized
    _legacy_provider_error(cls._legacy_provider_loaded)
  File "/usr/local/lib/python3.9/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 43, in _legacy_provider_error
    raise RuntimeError(
RuntimeError: OpenSSL 3.0's legacy provider failed to load. This is a fatal error by default, but cryptography supports running without legacy algorithms by setting the environment variable CRYPTOGRAPHY_OPENSSL_NO_LEGACY. If you did not expect this error, you have likely made a mistake with your OpenSSL configuration.

$ env CRYPTOGRAPHY_OPENSSL_NO_LEGACY=1 python3 -c "import dns.resolver" && echo ok
ok
Comment 1 Dan Kotowski 2023-09-02 04:29:42 UTC 
Built with src@8ed0ecf8024d and ports@fa4045fd3e14
Comment 2 Mark Millard 2023-09-02 06:44:10 UTC 
See also:

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=273506