From owner-freebsd-questions@freebsd.org  Mon Feb 22 18:16:22 2021
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id B44FD5493CD
 for <freebsd-questions@mailman.nyi.freebsd.org>;
 Mon, 22 Feb 2021 18:16:22 +0000 (UTC)
 (envelope-from dweimer@dweimer.net)
Received: from webmail.dweimer.net (024-240-198-186.biz.spectrum.com
 [24.240.198.186])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "dweimer.net", Issuer "R3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4Dkr3T71cHz4X0r
 for <freebsd-questions@freebsd.org>; Mon, 22 Feb 2021 18:16:21 +0000 (UTC)
 (envelope-from dweimer@dweimer.net)
Received-SPF: pass (webmail.dweimer.net: authenticated connection)
 receiver=webmail.dweimer.net; client-ip=10.9.5.1; helo=www.dweimer.net;
 envelope-from=dweimer@dweimer.net;
 x-software=spfmilter 2.001 http://www.acme.com/software/spfmilter/ with
 libspf2-1.2.10; 
Received: from www.dweimer.net (pfsense.dweimer.me [10.9.5.1])
 (authenticated bits=0)
 by webmail.dweimer.net (8.16.1/8.16.1) with ESMTPSA id 11MIGJkF064221
 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO);
 Mon, 22 Feb 2021 12:16:20 -0600 (CST)
 (envelope-from dweimer@dweimer.net)
MIME-Version: 1.0
Date: Mon, 22 Feb 2021 12:16:14 -0600
From: "Dean E. Weimer" <dweimer@dweimer.net>
To: Tim Daneliuk <tundra@tundraware.com>
Cc: freebsd-questions@freebsd.org
Subject: Re: Certbot crashes after update of python installed
Reply-To: dweimer@dweimer.net
In-Reply-To: <4e6bf84b-e68d-8506-281c-2810884cfee8@tundraware.com>
References: <018a01d70888$7b2fe5b0$718fb110$@seibercom.net>
 <20210221205146.364356E6BDB0@ary.qy>
 <6b735533-ad9a-441d-817f-afb4100b43bc@yggdrasil.evilham.com>
 <410a3440-45a2-cad8-b186-19e7e7945366@tundraware.com>
 <20210222105212.00004188@seibercom.net>
 <4e6bf84b-e68d-8506-281c-2810884cfee8@tundraware.com>
User-Agent: Roundcube Webmail/1.4.11
Message-ID: <cf62b748b2eac0cc4180c1cb40ece509@dweimer.net>
X-Sender: dweimer@dweimer.net
Organization: dweimer.net
Content-Type: text/plain; charset=US-ASCII;
 format=flowed
Content-Transfer-Encoding: 7bit
X-Rspamd-Queue-Id: 4Dkr3T71cHz4X0r
X-Spamd-Bar: ---
X-Spamd-Result: default: False [-4.00 / 15.00];
 HAS_REPLYTO(0.00)[dweimer@dweimer.net];
 RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[];
 R_SPF_ALLOW(-0.20)[+ip4:24.240.198.184/29];
 REPLYTO_ADDR_EQ_FROM(0.00)[]; HAS_ORG_HEADER(0.00)[];
 DKIM_TRACE(0.00)[dweimer.net:+]; RCPT_COUNT_TWO(0.00)[2];
 DMARC_POLICY_ALLOW(-0.50)[dweimer.net,reject];
 NEURAL_HAM_SHORT(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[];
 MIME_TRACE(0.00)[0:+];
 RBL_DBL_DONT_QUERY_IPS(0.00)[24.240.198.186:from];
 ASN(0.00)[asn:20115, ipnet:24.240.196.0/22, country:US];
 MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000];
 R_DKIM_ALLOW(-0.20)[dweimer.net:s=2017.01.31];
 FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000];
 MIME_GOOD(-0.10)[text/plain];
 SPAMHAUS_ZRD(0.00)[24.240.198.186:from:127.0.2.255];
 TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_COUNT_TWO(0.00)[2];
 RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-questions]
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Feb 2021 18:16:22 -0000

On 2021-02-22 11:49 am, Tim Daneliuk wrote:
> On 2/22/21 9:52 AM, Jerry wrote:
>> At the very least, there should be something in "UPDATING" that
>> references this problem, and a reasonable method to work around this
>> problem.
> 
> Well, Python 2.x has been noted as on its way to EOL for several years
> and FreeBSD explicitly notes it as so.  This seems like a non problem.
> 
> 
> I have Python software that depends on 2.x and 3.x.  To avoid having to
> fiddle with what version is used where, I make use of the pew-based
> solution which is simple puts what you need in distinct containers.

Its not a Python 2.x to 3.x issue, its the Certbot dependency on 
py-openssl, the update made on Feb 19th to version 20.0.1 of py-openssl, 
missed a dependency requirement. I had mine working with python 3.9 for 
a while. It had recently broke after some updates, but I hadn't had time 
to look into yet. Here is what I found.

from https://pypi.org/project/pyOpenSSL/

20.0.0 (2020-11-27)
Backward-incompatible changes:

     The minimum cryptography version is now 3.2.
     Remove deprecated OpenSSL.tsafe module.
     Removed deprecated OpenSSL.SSL.Context.set_npn_advertise_callback, 
OpenSSL.SSL.Context.set_npn_select_callback, and 
OpenSSL.SSL.Connection.get_next_proto_negotiated.
     Drop support for Python 3.4
     Drop support for OpenSSL 1.0.1 and 1.0.2


So the real issue is the py-openssl port, and it looks like someone has 
already filed a bug report.

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253711

-- 
Thanks,
    Dean E. Weimer
    http://www.dweimer.net/