Maniphest T52507

Python uses old openssl version on OSX
Closed, Archived
Actions

Assigned To
Arto Kitula (akitula)
Authored By
Rob Haarsma (phaseIV)
Aug 23 2017, 3:20 PM
Tags
  • BF Blender
Subscribers
Arto Kitula (akitula)
Brecht Van Lommel (brecht)
Sergey Sharybin (sergey)

Description

System Information
macOS Sierra 10.12.5

Blender Version
Works: Blender 2.79 RC2 WIN 10
Fails: Blender 2.79 RC2 OSX

Short description of error
The user script Blender-Navcam-Importer loads external data from the NASA PDS website. This website recently switched from http to https. Running the script on Windows works OK while the OSX version fails with error message: <urlopen error [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure>.

This answer on StackOverflow suggests that the culprit is an outdated OpenSSL version. I tested this with both os's and found indeed that the Windows version of Blender uses OpenSSL 1.0.2h while the OSX version uses OpenSSL 0.9.8zh.

Exact steps for others to reproduce the error
Run 'import ssl' and 'print(ssl.OPENSSL_VERSION)' in Blender console. I believe that the failing script will work again on OSX once the OpenSSL version is updated.
Thank you!

Related Objects

Event Timeline

Rob Haarsma (phaseIV) created this task.Aug 23 2017, 3:20 PM
Rob Haarsma (phaseIV) updated the task description.Aug 23 2017, 3:28 PM
Rob Haarsma (phaseIV) updated the task description.
Arto Kitula (akitula) added subscribers: Brecht Van Lommel (brecht), Arto Kitula (akitula).Aug 23 2017, 4:19 PM

MacOS has indeed OpenSSL 0.9.8 @Brecht Van Lommel (brecht) what if we just add homebrew ssl to that 10.6 build? (and you do it or me?)

Brecht Van Lommel (brecht) lowered the priority of this task from 90 to Normal.Aug 23 2017, 4:57 PM

@Arto Kitula (akitula) I'm not going to update 10.6 libraries anymore, but if you want to do it go ahead.

I'm not sure that a homebrew library will be compatible with 10.6 though, unless there's some homebrew option for deployment targets? I guess we need to build our own static OpenSSL library for Python to link to.

Arto Kitula (akitula) added a comment.Aug 23 2017, 5:41 PM

@Rob Haarsma (phaseIV) Seems that script isn't updated for a while on github, so I didn't try it. But you could try my build that has OpenSSL 1.0.2l, if it works.

Rob Haarsma (phaseIV) added a comment.Aug 23 2017, 6:23 PM

Wow, thank you Arto! The script works perfectly with your build, no more handshake issues. Seems the Stackoverflow poster was right about the SSL versioning. Thanks for your efforts!

Arto Kitula (akitula) added a comment.Aug 23 2017, 9:45 PM

@Rob Haarsma (phaseIV) make note that that is build from today and might have some unexpected behavior. For official version you'll need to wait until 2.79 release.

Rob Haarsma (phaseIV) added a comment.Aug 23 2017, 10:23 PM

No worries, I understand. The bug is solved and OpenSSL 1.0.2l is hopefully included in the upcoming OSX release, so the script will continue to work properly and that's the most important thing.
Thanks again!

Rob Haarsma (phaseIV) added a comment.Sep 13 2017, 3:17 PM

So the update to version OpenSSL 1.0.2l for Mac/OSX didn't make it in 2.79. That's too bad...
Hope this gets fixed in the next version of Blender.
Thank you.

Arto Kitula (akitula) claimed this task.Sep 26 2017, 1:54 PM
Rob Haarsma (phaseIV) added a comment.Feb 5 2018, 4:58 PM

I found that the release candidate version of Blender (2.79a) is still using OpenSSL 0.9.8zh for Mac/OSX.
Maybe now it is the time to update OpenSSL to a newer version?
Thank you.

Sergey Sharybin (sergey) changed the task status from Unknown Status to Unknown Status.Feb 27 2018, 4:57 PM
Sergey Sharybin (sergey) added a subscriber: Sergey Sharybin (sergey).

We do not perform any libraries updates for corrective releases (such as 'a'). This is far too dangerous and often breaks compatibility with some platforms.

Those libraries are at their EOL, next major release will use 10.9 libraries. Buildbot is already moved to new libraries.

Arto Kitula (akitula) mentioned this in T54158: Build python with a more recent version of openssl.Feb 27 2018, 5:25 PM
Rob Haarsma (phaseIV) added a comment.EditedFeb 27 2018, 5:28 PM
This comment has been deleted.
Rob Haarsma (phaseIV) removed a subscriber: Rob Haarsma (phaseIV).Feb 27 2018, 6:35 PM
Rob Haarsma (phaseIV) added a comment.EditedJun 8 2018, 1:32 PM

For future reference, if any, there is a workaround for downloading files through python on Blender 2.79/OSX.
See this forumpost for details.