boto3
boto3 copied to clipboard
boto
PyOpenSSL version needs to be more restrictive
Describe the bug
There is a missing pyopenssl restriction somewhere.
After installing boto3 and trying to import (import boto3), I get an error.
Expected Behavior
No error
Current Behavior
I got:
script.py:11: in <module>
import boto3
/root/miniconda3/lib/python3.10/site-packages/boto3/__init__.py:17: in <module>
from boto3.session import Session
/root/miniconda3/lib/python3.10/site-packages/boto3/session.py:17: in <module>
import botocore.session
/root/miniconda3/lib/python3.10/site-packages/botocore/session.py:26: in <module>
import botocore.client
/root/miniconda3/lib/python3.10/site-packages/botocore/client.py:15: in <module>
from botocore import waiter, xform_name
/root/miniconda3/lib/python3.10/site-packages/botocore/waiter.py:18: in <module>
from botocore.docs.docstring import WaiterDocstring
/root/miniconda3/lib/python3.10/site-packages/botocore/docs/__init__.py:15: in <module>
from botocore.docs.service import ServiceDocumenter
/root/miniconda3/lib/python3.10/site-packages/botocore/docs/service.py:14: in <module>
from botocore.docs.client import ClientDocumenter, ClientExceptionsDocumenter
/root/miniconda3/lib/python3.10/site-packages/botocore/docs/client.py:14: in <module>
from botocore.docs.example import ResponseExampleDocumenter
/root/miniconda3/lib/python3.10/site-packages/botocore/docs/example.py:13: in <module>
from botocore.docs.shape import ShapeDocumenter
/root/miniconda3/lib/python3.10/site-packages/botocore/docs/shape.py:19: in <module>
from botocore.utils import is_json_value_header
/root/miniconda3/lib/python3.10/site-packages/botocore/utils.py:37: in <module>
import botocore.httpsession
/root/miniconda3/lib/python3.10/site-packages/botocore/httpsession.py:46: in <module>
from urllib3.contrib.pyopenssl import (
/root/miniconda3/lib/python3.10/site-packages/urllib3/contrib/pyopenssl.py:50: in <module>
import OpenSSL.crypto
/root/miniconda3/lib/python3.10/site-packages/OpenSSL/__init__.py:8: in <module>
from OpenSSL import crypto, SSL
/root/miniconda3/lib/python3.10/site-packages/OpenSSL/crypto.py:1556: in <module>
class X509StoreFlags(object):
/root/miniconda3/lib/python3.10/site-packages/OpenSSL/crypto.py:1577: in X509StoreFlags
CB_ISSUER_CHECK = _lib.X509_V_FLAG_CB_ISSUER_CHECK
E AttributeError: module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK'
Reproduction Steps
Not sure, since I already fixed it, probably old python environment with old pyopenssl version.
Possible Solution
pip install -U pyopenssl>=23 fixed it for me
Additional Information/Context
No response
SDK version used
1.26.60
Environment details (OS name and version, etc.)
Python 3.10.8
Hi @Rizhiy,
Thanks for the report! Boto3 doesn't actually use pyOpenSSL. In fact, we'd actively discourage for most use cases in favor of the ssl module that's present in all supported versions of Python.
What we're hitting here is urllib3 accessing code within pyopenssl that may not have bindings available. Depending on which version of urllib3 you're using, it typically supports pyOpenSSL>=0.14.0. It looks like that may not be accurate on every system (or PyOpenSSL has released some breaking changes in some versions).
From Boto3's side, we can expand our exception handling to deal with the AttributeError that will hopefully help prevent this edge case. I'll leave this marked as a bug while we're working on a patch.
I'm hitting this too, attribute error brought in by an old version of pyOpenSSL
