Hi,
Thanks for the report.
I filed the following upstream report:
https://github.com/pyca/cryptography/issues/4588
And pinged if the 'no-psk' openssl configuration is really needed:
https://github.com/alpinelinux/aports/commit/abe1dc5988d12f5aca771605b109390f33ce7519#commitcomment-31279291
Timo
On Tue, 13 Nov 2018 10:12:41 +0100
Marian Buschsieweke <marian.buschsieweke@ovgu.de> wrote:
> Hi,
>
> here is how to reproduce the problem: Start gajim, which depends on
> py3-cryptography and py3-openssl:
>
> $ gajim
> ===============================================================================
> PyOpenSSL not found, falling back to Python builtin SSL objects
> (insecure).
> ===============================================================================
> Traceback (most recent call last): File
> "/usr/lib/python3.6/site-packages/gajim/gajim.py", line 267, in
> _activate from gajim.gui_interface import Interface File
> "/usr/lib/python3.6/site-packages/gajim/gui_interface.py", line 73,
> in <module> from gajim.groupchat_control import GroupchatControl File
> "/usr/lib/python3.6/site-packages/gajim/groupchat_control.py", line
> 44, in <module> from gajim import config File
> "/usr/lib/python3.6/site-packages/gajim/config.py", line 58, in
> <module> from gajim.common import connection File
> "/usr/lib/python3.6/site-packages/gajim/common/connection.py", line
> 64, in <module> from gajim.common import check_X509 File
> "/usr/lib/python3.6/site-packages/gajim/common/check_X509.py", line
> 4, in <module> import OpenSSL.SSL File
> "/usr/lib/python3.6/site-packages/OpenSSL/__init__.py", line 8, in
> <module> from OpenSSL import crypto, SSL File
> "/usr/lib/python3.6/site-packages/OpenSSL/crypto.py", line 16, in
> <module> from OpenSSL._util import ( File
> "/usr/lib/python3.6/site-packages/OpenSSL/_util.py", line 6, in
> <module> from cryptography.hazmat.bindings.openssl.binding import
> Binding File
> "/usr/lib/python3.6/site-packages/cryptography/hazmat/bindings/openssl/binding.py",
> line 14, in <module> from cryptography.hazmat.bindings._openssl
> import ffi, lib ImportError: Error
> relocating /usr/lib/python3.6/site-packages/cryptography/hazmat/bindings/_openssl.abi3.so:
> SSL_CTX_set_psk_client_callback: symbol not found
>
> The affected file is owned by py3-cryptography. When compiled against
> libressl, this problem does not occur.
>
> Kind regards,
> Marian
>
> -------------------------------------------------------------
> M.Sc. Marian Buschsieweke
> Dept. Communication and Networked Systems (ComSys)
> Institute for Intelligent Cooperating Systems (IKS)
> Otto-von-Guericke-University of Magdeburg
> Universitätsplatz 2, Building 29, Room 314
> 39106 Magdeburg
> Germany
>
> http://www.comsys.ovgu.de/Team/Marian+Buschsieweke.html
> Tel.: +49 - 391 - 67 - 52673
> Fax: +49 - 391 - 67 - 41161
>
> -------------------------------------------------------------
>
> On Mon, 12 Nov 2018 10:34:16 +0200
> Timo Teras <timo.teras@iki.fi> wrote:
>
> > On Mon, 12 Nov 2018 09:30:40 +0100
> > Marian Buschsieweke <marian.buschsieweke@ovgu.de> wrote:
> >
> > > Also replaced dependency "openssl-dev" by "libressl-dev".
> >
> > Why? Edge has been migrated to openssl.1.1. We are trying to get
> > rid of libressl.
> >
> > See the discussion threads:
> > http://lists.alpinelinux.org/alpine-devel/6308.html
> > http://lists.alpinelinux.org/alpine-devel/6334.html
> >
> > Timo
> >
> > > ---
> > > main/py-cryptography/APKBUILD | 8 ++++----
> > > 1 file changed, 4 insertions(+), 4 deletions(-)
> > >
> > > diff --git a/main/py-cryptography/APKBUILD
> > > b/main/py-cryptography/APKBUILD index 6fa72d66b1..3847713f20
> > > 100644 --- a/main/py-cryptography/APKBUILD
> > > +++ b/main/py-cryptography/APKBUILD
> > > @@ -2,14 +2,14 @@
> > > # Maintainer: August Klein <amatcoder@gmail.com>
> > > pkgname=py-cryptography
> > > _pkgname=${pkgname#py-}
> > > -pkgver=2.3.1
> > > -pkgrel=1
> > > +pkgver=2.4.1
> > > +pkgrel=0
> > > pkgdesc="A package which provides cryptographic recipes and
> > > primitives" url="https://pypi.python.org/pypi/cryptography"
> > > arch="all"
> > > license="Apache-2.0"
> > > depends="py-cffi py-idna py-asn1crypto py-six"
> > > -makedepends="python2-dev python3-dev py-setuptools libffi-dev
> > > openssl-dev" +makedepends="python2-dev python3-dev py-setuptools
> > > libffi-dev libressl-dev" subpackages="py3-$_pkgname:_py3
> > > py2-$_pkgname:_py2"
> > > source="https://files.pythonhosted.org/packages/source/${_pkgname:0:1}/$_pkgname/$_pkgname-$pkgver.tar.gz"
> > > builddir="$srcdir/$_pkgname-$pkgver" @@ -51,4 +51,4 @@ _py3() {
> > > _py python3
> > > }
> > >
> > > -sha512sums="384581238b5669dbf31fd1b1385ec2ff9c6d76e2b7612efb15f255e17a11a38474f84668e62ceaa39a146260f46cac743575c0a8ffedc1e40c7b2f90d7cb00b1
> > > cryptography-2.3.1.tar.gz"
> > > +sha512sums="dd018fca4b3dbc2c576f643df0df2a534f9fdd4af464ae6ee77b0702bfd4dfa7e89943a89fe5126094f7f23e349a32774e91bb074735014efa49fe5390cc6b4c
> > > cryptography-2.4.1.tar.gz"
> >
>