had a problem upgrading to 1.1.2. I searched the web for solutions and found https://github.com/openssl/openssl/issues/1190 solution: recompiling =dev-libs/openssl-1.0.2h-r2[sslv2] solved the problem. please add sslv2 as a default use-flag to openssl or all profiles. or make a dependency to that useflag in the cryptography package.
If openssl is compiled with USE="sslv2" as proposed, then openssl becomes vulnerable to DROWN attack[1]. I think it is better that dev-python/cryptography is version bumped to 1.3.1 instead. [1] https://drownattack.com/ -- Regards, Mick
dev-python/cryptography-1.1.2 fails to build with openssl-1.0.2h-r2 for me. I agree that enabling sslv2 is not a good solution. I don't know why is it actually rebuilding, but I will try if keywording cryptography-1.3.1 helps. [ebuild rR ] dev-python/cryptography-1.1.2::gentoo USE="(-libressl) {-test}" PYTHON_TARGETS="python2_7 python3_4 (-pypy) -python3_3 (-python3_5)" 0 KiB <build log snippet> i686-pc-linux-gnu-gcc -O2 -pipe -march=native -fPIC -I/usr/include/python2.7 -c /tmp/portage/dev-python/cryptography-1.1.2/work/cryptography-1.1.2-python2_7/temp.linux-i686-2.7/_openssl.c -o /tmp/portage/dev-python/cryptography-1.1.2/work/cryptography-1.1.2-python2_7/temp.linux-i686-2.7/tmp/portage/dev-python/cryptography-1.1.2/work/cryptography-1.1.2-python2_7/temp.linux-i686-2.7/_openssl.o /tmp/portage/dev-python/cryptography-1.1.2/work/cryptography-1.1.2-python2_7/temp.linux-i686-2.7/_openssl.c:2096:15: error: 'SSLv2_method' redeclared as different kind of symbol SSL_METHOD* (*SSLv2_method)(void) = NULL; ^ In file included from /tmp/portage/dev-python/cryptography-1.1.2/work/cryptography-1.1.2-python2_7/temp.linux-i686-2.7/_openssl.c:520:0: /usr/include/openssl/ssl.h:2349:19: note: previous declaration of 'SSLv2_method' was here const SSL_METHOD *SSLv2_method(void); /* SSLv2 */ .. and similar for SSLv2_client_method and SSLv2_server_method </build log snippet>
I have tested with keyword dev-python/cryptography-1.3.1 ~x86 and it merges fine. Importing a module and calling a function seems to work as well.
See https://bugs.gentoo.org/show_bug.cgi?id=587240#c3 *** This bug has been marked as a duplicate of bug 584142 ***