$ certbot Traceback (most recent call last): File "/usr/lib/python-exec/python3.9/certbot", line 33, in <module> sys.exit(load_entry_point('certbot==1.18.0', 'console_scripts', 'certbot')()) File "/usr/lib/python-exec/python3.9/certbot", line 25, in importlib_load_entry_point return next(matches).load() File "/usr/lib/python3.9/importlib/metadata.py", line 77, in load module = import_module(match.group('module')) File "/usr/lib/python3.9/importlib/__init__.py", line 127, in import_module return _bootstrap._gcd_import(name[level:], package, level) File "<frozen importlib._bootstrap>", line 1030, in _gcd_import File "<frozen importlib._bootstrap>", line 1007, in _find_and_load File "<frozen importlib._bootstrap>", line 986, in _find_and_load_unlocked File "<frozen importlib._bootstrap>", line 680, in _load_unlocked File "<frozen importlib._bootstrap_external>", line 850, in exec_module File "<frozen importlib._bootstrap>", line 228, in _call_with_frames_removed File "/usr/lib/python3.9/site-packages/certbot/main.py", line 2, in <module> from certbot._internal import main as internal_main File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 17, in <module> import josepy as jose File "/usr/lib/python3.9/site-packages/josepy/__init__.py", line 41, in <module> from josepy.interfaces import JSONDeSerializable File "/usr/lib/python3.9/site-packages/josepy/interfaces.py", line 6, in <module> from josepy import errors, util File "/usr/lib/python3.9/site-packages/josepy/util.py", line 4, in <module> import OpenSSL File "/usr/lib/python3.9/site-packages/OpenSSL/__init__.py", line 8, in <module> from OpenSSL import crypto, SSL File "/usr/lib/python3.9/site-packages/OpenSSL/crypto.py", line 17, in <module> from OpenSSL._util import ( File "/usr/lib/python3.9/site-packages/OpenSSL/_util.py", line 6, in <module> from cryptography.hazmat.bindings.openssl.binding import Binding File "/usr/lib/python3.9/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 14, in <module> from cryptography.hazmat.bindings._openssl import ffi, lib ImportError: /usr/lib/python3.9/site-packages/cryptography/hazmat/bindings/_openssl.abi3.so: undefined symbol: FIPS_mode_set
$ python -m OpenSSL Traceback (most recent call last): File "/usr/lib/python3.9/runpy.py", line 188, in _run_module_as_main mod_name, mod_spec, code = _get_module_details(mod_name, _Error) File "/usr/lib/python3.9/runpy.py", line 147, in _get_module_details return _get_module_details(pkg_main_name, error) File "/usr/lib/python3.9/runpy.py", line 111, in _get_module_details __import__(pkg_name) File "/usr/lib/python3.9/site-packages/OpenSSL/__init__.py", line 8, in <module> from OpenSSL import crypto, SSL File "/usr/lib/python3.9/site-packages/OpenSSL/crypto.py", line 17, in <module> from OpenSSL._util import ( File "/usr/lib/python3.9/site-packages/OpenSSL/_util.py", line 6, in <module> from cryptography.hazmat.bindings.openssl.binding import Binding File "/usr/lib/python3.9/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 14, in <module> from cryptography.hazmat.bindings._openssl import ffi, lib ImportError: /usr/lib/python3.9/site-packages/cryptography/hazmat/bindings/_openssl.abi3.so: undefined symbol: FIPS_mode_set
Created attachment 743943 [details, diff] cryptography-3.4.x-py310_openssl30.patch
(In reply to Perfect Gentleman from comment #2) > Created attachment 743943 [details, diff] [details, diff] > cryptography-3.4.x-py310_openssl30.patch Please link to where patches are from. Note that there's no need to just repost/attach ones which are already linked.
https://github.com/pyca/cryptography/pull/6000 - from here, but it's needed to be modified a little.
*** Bug 823852 has been marked as a duplicate of this bug. ***
Bump to 37.x sorted this: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=00718fc85ce502b2fce3df4b453b104c04649b63. Need to see about doing the backport though for 3.4.x for non-Rust arches.
(In reply to Sam James from comment #6) > Bump to 37.x sorted this: > https://gitweb.gentoo.org/repo/gentoo.git/commit/ > ?id=00718fc85ce502b2fce3df4b453b104c04649b63. > > Need to see about doing the backport though for 3.4.x for non-Rust arches. (Perfect Gentleman has posted it, just need to check it over)
FTR, I'd prefer if someone forked cryptography and tagged the updated version rather than keeping large patches in FILESDIR.
This version is no longer in tree. See also: https://archives.gentoo.org/gentoo-dev/message/19bd6c2f413cf21cb25b67aaf3aa8107