Erro after updating python-pyOpenSSL and/or python3-pyOpenSSL: "AttributeError: type object 'X509' has no attribute '_from_raw_x509_ptr'"

This document (7023582) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Server 12 Service Pack 3 (SLES 12 SP3)
SUSE Manager 3.2
SUSE Manager 3.1

Situation

Situation can be found in any SLES 12 SP3 server, not necessarily being a SUSE Manager server (it could be a client as well, or not even that).

Version of packages python-pyOpenSSL and python3-pyOpenSSL 16.0.0-4.11.3 was released with that bug.
The error inside a SUSE Manager is mainly affecting the osa-dispatcher service, checking its status will show this output:

vm-leberkaese:~ # systemctl -l status osa-dispatcher.service 
● osa-dispatcher.service - OSA Dispatcher daemon
   Loaded: loaded (/usr/lib/systemd/system/osa-dispatcher.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since mar 2018-12-11 08:20:43 CET; 1h 34min ago
 Main PID: 2283 (code=killed, signal=TERM)

dic 11 08:20:43 vm-leberkaese osa-dispatcher[18742]: Traceback (most recent call last):
dic 11 08:20:43 vm-leberkaese osa-dispatcher[18742]:   File "/usr/lib/python2.7/site-packages/OpenSSL/SSL.py", line 215, in wrapper
dic 11 08:20:43 vm-leberkaese osa-dispatcher[18742]:     cert = X509._from_raw_x509_ptr(x509)
dic 11 08:20:43 vm-leberkaese osa-dispatcher[18742]: AttributeError: type object 'X509' has no attribute '_from_raw_x509_ptr'
dic 11 08:20:43 vm-leberkaese osa-dispatcher[18742]: SUSE Manager 18742 2018/12/11 08:20:43 +02:00: ('Traceback caught:',)
dic 11 08:20:43 vm-leberkaese osa-dispatcher[18742]: SUSE Manager 18742 2018/12/11 08:20:43 +02:00: ('Traceback (most recent call last):\n  File "/usr/share/rhn/osad/jabber_lib.py", line 662, in connect\n    ssl.do_handshake()\n  File "/usr/lib/python2.7/site-packages/OpenSSL/SSL.py", line 1444, in do_handshake\n    self._raise_ssl_error(self._ssl, result)\n  File "/usr/lib/python2.7/site-packages/OpenSSL/SSL.py", line 1192, in _raise_ssl_error\n    _raise_current_error()\n  File "/usr/lib/python2.7/site-packages/OpenSSL/_util.py", line 48, in exception_from_error_queue\n    raise exception_type(errors)\nError: [(\'SSL routines\', \'ssl3_get_server_certificate\', \'certificate verify failed\')]\n',)
dic 11 08:20:43 vm-leberkaese systemd[1]: osa-dispatcher.service: Control process exited, code=exited status=1
dic 11 08:20:43 vm-leberkaese systemd[1]: Failed to start OSA Dispatcher daemon.
dic 11 08:20:43 vm-leberkaese systemd[1]: osa-dispatcher.service: Unit entered failed state.
dic 11 08:20:43 vm-leberkaese systemd[1]: osa-dispatcher.service: Failed with result 'exit-code'.

And in a regular SLES server (possibly connected to the SUSE Manager):

Problem retrieving the repository index file for service 'spacewalk': [spacewalk|file:/usr/lib/zypp/plugins/services/spacewalk]
From cffi callback <function ssl_verify_callback at 0x7f207f2f5d70>: Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/OpenSSL/SSL.py", line 215, in wrapper cert = X509._from_raw_x509_ptr(x509) AttributeError: type object 'X509' has no attribute '_from_raw_x509_ptr'
Warning: Skipping service 'spacewalk' because of the above error.
Loading repository data... Reading installed packages...

Resolution

The latest update of the affected packages, python-cryptography python-pyOpenSSL1.3.1-7.13.4 and python3-pyOpenSSL, which are 1.3.1-7.13.4 (python-cryptography) and 16.0.0-4.14.1 (*pyOpenSSL), should be installed:

#zypper ref && zypper up python-pyOpenSSL python3-pyOpenSSL python-cryptography

or if otherwise desired (recommended), install all missing patches in the system:

#zypper ref && zypper patch && zypper patch

After the installation, nothing else is needed in a regular SLES 12 SP3.

In a SUSE Manager, a restart of the osa-dispatcher service will be needed:

systemctl restart osa-dispatcher.service

Cause

There was a missing patch in the affected version, which was included in the newest update.

Additional Information

Should for any reason an update of the version not be possible, a rollback to previous version would be another option. Previous version is: 16.0.0-4.3.4:

#zypper in --oldpackage python-pyOpenSSL=16.0.0-4.3.4 python3-pyOpenSSL=16.0.0-4.3.4

The rest of the instructions would be the same. In this situation, there might be no repositories at all, so copying the rpm's and installing them manually would also be possible.

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7023582
  • Creation Date: 13-Dec-2018
  • Modified Date:03-Mar-2020
    • SUSE Linux Enterprise Server
    • SUSE Manager

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback@suse.com

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.


SUSE Customer Support Quick Reference Guide SUSE Technical Support Handbook Update Advisories
Support FAQ

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center