Bug 1334409

Summary: The 0.13 update had an API change that breaks pyOpenSSL
Product: [Fedora] Fedora Reporter: James Hogarth <james.hogarth>
Component: pyOpenSSLAssignee: Tomas Mraz <tmraz>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 24CC: cheimes, itamar, jlieskov, mcepl, mcepl, nick, npmccallum, terrycwk1994, tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: pyOpenSSL-16.0.0-1.fc24 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-05-14 23:28:19 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description James Hogarth 2016-05-09 14:29:20 UTC 
Description of problem:
0.13 was recently built for F24 and rawhide.

This is breaking pyOpenSSL due to a way in which the key is read:
https://github.com/pyca/cryptography/issues/2837

Can you please unpush form rawhide/f24 until the pyOpenSSL update is in place.

Version-Release number of selected component (if applicable):
1.3.1-1.fc25 and 1.3.1-1.fc24

How reproducible:
Always (upstream bug)



Steps to Reproduce:
1. Attempt to access a key type in pyOpenSSL

Actual results:
======================================================================
ERROR: test_valid_true (certbot.tests.crypto_util_test.ValidPrivkeyTest)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/builddir/build/BUILD/certbot-38d7503f0f27686997ece77a25834f6387f47e47/certbot/tests/crypto_util_test.py", line 162, in test_valid_true
    self.assertTrue(self._call(RSA256_KEY))
  File "/builddir/build/BUILD/certbot-38d7503f0f27686997ece77a25834f6387f47e47/certbot/tests/crypto_util_test.py", line 159, in _call
    return valid_privkey(privkey)
  File "/builddir/build/BUILD/certbot-38d7503f0f27686997ece77a25834f6387f47e47/certbot/crypto_util.py", line 200, in valid_privkey
    OpenSSL.crypto.FILETYPE_PEM, privkey).check()
  File "/usr/lib/python2.7/site-packages/OpenSSL/crypto.py", line 243, in check
    if _lib.EVP_PKEY_type(self._pkey.type) != _lib.EVP_PKEY_RSA:
AttributeError: '_cffi_backend.CDataGCP' object has no attribute 'type'


Expected results:
Acquire key type

Additional info:
Upstream python-cryptography issue: https://github.com/pyca/cryptography/issues/2837
Upstream pyOpenSSL issue: https://github.com/pyca/pyopenssl/issues/407
Comment 1 Matěj Cepl 2016-05-09 14:36:16 UTC 
From the upstream bug (https://github.com/pyca/cryptography/issues/2837#issuecomment-198688885):

16.0.0 is now out so the solution is to upgrade. Thanks for the report!

https://github.com/pyca/pyopenssl/releases/tag/16.0.0
Comment 2 James Hogarth 2016-05-09 14:41:20 UTC 
*** Bug 1334410 has been marked as a duplicate of this bug. ***
Comment 3 Fedora Update System 2016-05-10 12:39:11 UTC 
pyOpenSSL-16.0.0-1.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-26cc377f05
Comment 4 Fedora Update System 2016-05-12 09:43:18 UTC 
pyOpenSSL-16.0.0-1.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-26cc377f05
Comment 5 Fedora Update System 2016-05-14 23:28:16 UTC 
pyOpenSSL-16.0.0-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.