Likely due to libressl. Occurs regardless of libressl version. No error when downgrading to pyopenssl-19.1.0-r1. Reproducible: Always Steps to Reproduce: 1. emerge dev-python/pyopenssl-20.0.0 2. import OpenSSL in python 3. notice error Actual Results: ``` Traceback (most recent call last): File "test.py", line 1, in <module> import OpenSSL File "/usr/lib/python3.8/site-packages/OpenSSL/__init__.py", line 8, in <module> from OpenSSL import crypto, SSL File "/usr/lib/python3.8/site-packages/OpenSSL/SSL.py", line 149, in <module> OP_NO_TLSv1_3 = _lib.SSL_OP_NO_TLSv1_3 ``` Expected Results: No such error. libressl version 3.3.0, same issue with 3.2.1
Created attachment 675811 [details] emerge --info dev-python/pyopenssl
Could be. I can't deal with libressl issues right now, so the best I can do is to force openssl. I suppose that's not really what you'd like to see, though.
What's your cryptography version? I don't think it's relevant but let's clear all the doubts.
dev-python/cryptography-3.2.1 It looks like the minimum for pyopenssl-20.0.0 is cryptography-3.2. Cheers
Could you please attach the full build log too?
This patch https://github.com/pyca/pyopenssl/pull/861/commits/ecbd275386e5608f0f90d3536506d7f50026ffe6 fixes the issue for me. (it was reverted in 20.0.0) I don't know why TLSv1.3 is still disabled in opensslfeatures.h in LibreSSL. It is said that TLSv1.3 is implemented in LibreSSL for a few releases ago. I'll investigate it, but it's another issue.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ed217e133fe9313a47ef34da94239693ce72440c commit ed217e133fe9313a47ef34da94239693ce72440c Author: Stefan Strogin <steils@gentoo.org> AuthorDate: 2020-12-02 12:23:52 +0000 Commit: Stefan Strogin <steils@gentoo.org> CommitDate: 2020-12-02 12:25:42 +0000 dev-python/pyopenssl: add patch for LibreSSL Closes: https://bugs.gentoo.org/757738 Package-Manager: Portage-3.0.11, Repoman-3.0.2 Signed-off-by: Stefan Strogin <steils@gentoo.org> .../files/pyopenssl-20.0.0-libressl.patch | 30 ++++++++++++++++++++++ ...sl-20.0.0.ebuild => pyopenssl-20.0.0-r1.ebuild} | 2 ++ 2 files changed, 32 insertions(+)
(In reply to Stefan Strogin from comment #6) > I don't know why TLSv1.3 is still disabled in opensslfeatures.h in LibreSSL. > It is said that TLSv1.3 is implemented in LibreSSL for a few releases ago. > I'll investigate it, but it's another issue. Please have a look at my comments at https://bugs.gentoo.org/751634#c5 and further.
*** Bug 757936 has been marked as a duplicate of this bug. ***