When starting the Yubikey Manager (ykman-gui) on my PC today I noticed that it did not recognized my Yubikey. First I'd figure it's an issue with my USB key, but this was not the case as it was recognized just fine. Then I thought it was an issue with permissions, so tried running the app as root. This still did not resolve the issue, until I ran ykman from the CLI which produced an error (see actual results). Reproducible: Always Steps to Reproduce: 1.Start Yubikey-Manager when openssl is compiled without the sslv3 USE flag. Actual Results: A Yubikey Manager that displays a GUI where nothing happens or a CLI (using ykman) that throws the following error: Traceback (most recent call last): File "/usr/lib/python-exec/python3.7/ykman", line 33, in <module> sys.exit(load_entry_point('yubikey-manager==3.1.2', 'console_scripts', 'ykman')()) File "/usr/lib/python-exec/python3.7/ykman", line 25, in importlib_load_entry_point return next(matches).load() File "/home/nvanaert/.local/lib/python3.7/site-packages/importlib_metadata/__init__.py", line 166, in load module = import_module(match.group('module')) File "/usr/lib/python3.7/importlib/__init__.py", line 127, in import_module return _bootstrap._gcd_import(name[level:], package, level) File "<frozen importlib._bootstrap>", line 1006, in _gcd_import File "<frozen importlib._bootstrap>", line 983, in _find_and_load File "<frozen importlib._bootstrap>", line 967, in _find_and_load_unlocked File "<frozen importlib._bootstrap>", line 677, in _load_unlocked File "<frozen importlib._bootstrap_external>", line 728, in exec_module File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed File "/usr/lib/python3.7/site-packages/ykman/cli/__main__.py", line 34, in <module> from ..util import TRANSPORT, Cve201715361VulnerableError, YUBIKEY File "/usr/lib/python3.7/site-packages/ykman/util.py", line 41, in <module> from OpenSSL import crypto File "/usr/lib/python3.7/site-packages/OpenSSL/__init__.py", line 8, in <module> from OpenSSL import crypto, SSL File "/usr/lib/python3.7/site-packages/OpenSSL/crypto.py", line 17, in <module> from OpenSSL._util import ( File "/usr/lib/python3.7/site-packages/OpenSSL/_util.py", line 6, in <module> from cryptography.hazmat.bindings.openssl.binding import Binding File "/usr/lib/python3.7/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 14, in <module> from cryptography.hazmat.bindings._openssl import ffi, lib ImportError: /usr/lib/python3.7/site-packages/cryptography/hazmat/bindings/_openssl.abi3.so: undefined symbol: SSLv3_method, version OPENSSL_1_1_0 Expected Results: A working yubikey-manager
Oh, this seems kind of nasty. Can you try 4.0.0?
This works for me for now. I decided t that I'll just leave the sslv3 USE flag enabled. I don't know whether the USE flag is going to be deprecated soon, because then it might need further investigation but this is solved as in; works for me.
I can't reproduce this. I have openssl with USE='-sslv3' and ykman works for me: $ ykman list YubiKey NEO [FIDO+CCID] Serial: #### ykman-gui works as well. Looks like this is originating from dev-python/cryptography, as yubikey-manager doesn't directly depend on openssl itself. CC'ing @python
I suppose it could have been caused by emerging cryptography against openssl[sslv3], then replacing it with openssl[-sslv3]. I'll try to reproduce it later.
Yep, confirmed that's the problem. The workaround is to rebuild cryptography after rebuilding openssl. I'll look into forcing SSLv3 off, like we do in dev-lang/python.
Oops, accidentally referenced the other bug. *** This bug has been marked as a duplicate of bug 803887 ***
