Centos v1.8.8 Upgrade Fail - bcrypt — CyberPanel - WebHosting Control Panel for OpenLiteSpeed
CyberLoader

Centos v1.8.8 Upgrade Fail - bcrypt

Hi,

I just tried to perform an upgrade of CP to v1.8.8 I was on either 1.8.7 or 1.8.6 before. I receive the following errors:

phpunit/phpunit suggests installing phpunit/php-invoker (~1.1)
Package phpunit/phpunit-mock-objects is abandoned, you should avoid using it. No replacement was suggested.
Generating autoload files
Requirement already satisfied (use --upgrade to upgrade): tldextract in /usr/lib/python2.7/site-packages
Requirement already satisfied (use --upgrade to upgrade): requests-file>=1.4 in /usr/lib/python2.7/site-packages (from tldextract)
Requirement already satisfied (use --upgrade to upgrade): idna in /usr/lib/python2.7/site-packages (from tldextract)
Requirement already satisfied (use --upgrade to upgrade): setuptools in /usr/lib/python2.7/site-packages (from tldextract)
Requirement already satisfied (use --upgrade to upgrade): requests>=2.1.0 in /usr/lib/python2.7/site-packages (from tldextract)
Requirement already satisfied (use --upgrade to upgrade): six in /usr/lib/python2.7/site-packages (from requests-file>=1.4->tldextract)
Requirement already satisfied (use --upgrade to upgrade): chardet<3.1.0,>=3.0.2 in /usr/lib/python2.7/site-packages (from requests>=2.1.0->tldextract)
Requirement already satisfied (use --upgrade to upgrade): urllib3<1.23,>=1.21.1 in /usr/lib/python2.7/site-packages (from requests>=2.1.0->tldextract)
Requirement already satisfied (use --upgrade to upgrade): certifi>=2017.4.17 in /usr/lib/python2.7/site-packages (from requests>=2.1.0->tldextract)
From cffi callback :
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/OpenSSL/SSL.py", line 313, in wrapper
_lib.X509_up_ref(x509)
AttributeError: 'module' object has no attribute 'X509_up_ref'



[10-24-18-Thu-Aug-2019] #########################################################################

[10-24-18-Thu-Aug-2019] Install tldextract successful.

[10-24-18-Thu-Aug-2019] #########################################################################

Collecting bcrypt
From cffi callback :
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/OpenSSL/SSL.py", line 313, in wrapper
_lib.X509_up_ref(x509)
AttributeError: 'module' object has no attribute 'X509_up_ref'
Could not fetch URL https://pypi.python.org/simple/bcrypt/: There was a problem confirming the ssl certificate: ("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",) - skipping
Could not find a version that satisfies the requirement bcrypt (from versions: )
No matching distribution found for bcrypt
From cffi callback :
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/OpenSSL/SSL.py", line 313, in wrapper
_lib.X509_up_ref(x509)
AttributeError: 'module' object has no attribute 'X509_up_ref'

Looks like it can't verify the SSL cert to retrive the package. So upgrade script aborts.

Now I can't access CP on 8090, I get a 503 error every time. Tried rebooting the server and chmod 777 /tmp + service reboot lscpd. Still nothing.

tail -n 50 /home/cyberpanel/error-logs.txt doesn't show any errors for this timeframe just updating SSL certs earlier in the day.

Thankfully websites are up and mail is being received ok. Just no CP access.

Please can someone check and advise best course of action to fix CP access & update without failure as I tried the link: https://pypi.python.org/simple/bcrypt/ in a browser and it's SSL is configured fine.

Kind regards,

Richard
Tagged:
Tagged:

Comments

  • What happens if you run pip install bcrypt?
  • Thanks for the reply:

    Collecting bcrypt
    From cffi callback :
    Traceback (most recent call last):
    File "/usr/lib/python2.7/site-packages/OpenSSL/SSL.py", line 313, in wrapper
    _lib.X509_up_ref(x509)
    AttributeError: 'module' object has no attribute 'X509_up_ref'
    Could not fetch URL https://pypi.python.org/simple/bcrypt/: There was a problem confirming the ssl certificate: ("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",) - skipping
    Could not find a version that satisfies the requirement bcrypt (from versions: )
    No matching distribution found for bcrypt
    From cffi callback :
    Traceback (most recent call last):
    File "/usr/lib/python2.7/site-packages/OpenSSL/SSL.py", line 313, in wrapper
    _lib.X509_up_ref(x509)
    AttributeError: 'module' object has no attribute 'X509_up_ref'


    I could try updating pip, sure it's a much higher version number now.

    pip 8.1.2 from /usr/lib/python2.7/site-packages (python 2.7)
  • Tried some SSL3 tests:

    Looks like it's a problem with SSL3 vs TLS?

    [[email protected] ~]# curl https://pypi.python.org/simple/bcrypt/
    301 Moved Permanently

    301 Moved Permanently



    [[email protected] ~]# openssl s_client -connect pypi.python.org:443
    CONNECTED(00000003)
    depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA
    verify return:1
    ...
    Connected with TLS v1.2

    [[email protected] ~]# openssl s_client -connect pypi.python.org:443 -ssl3
    CONNECTED(00000003)
    140490371872656:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:s3_pkt.c:1493:SSL alert number 40
    140490371872656:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:s3_pkt.c:659:
    ---
    no peer certificate available
    ---
    No client certificate CA names sent
    ---
    SSL handshake has read 7 bytes and written 0 bytes
    ---
    New, (NONE), Cipher is (NONE)
    Secure Renegotiation IS NOT supported
    Compression: NONE
    Expansion: NONE
    No ALPN negotiated
    SSL-Session:
    Protocol : SSLv3
    Cipher : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    Key-Arg : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1564736189
    Timeout : 7200 (sec)
    Verify return code: 0 (ok)
    ---

    [[email protected] ~]# openssl s_client -connect www.google.com:443 -ssl3
    CONNECTED(00000003)
    140094844516240:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:365:

    [[email protected] ~]# openssl s_client -connect www.google.com:443
    CONNECTED(00000003)
    depth=2 OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign
    verify return:1
    ...
    Connects with TLS v1.2
  • Thank you for that, it took a little more messing about, but it certainly gave me the courage to poke away at trying to uninstall pip, pyOpenSSL & cryptography.

    Here's what I've done:

    yum remove pyOpenSSL
    pip uninstall cryptography

    ---- A message saying I can pip upgrade: before it said v8 was latest even trying to tell it to upgrade! ----

    pip install --upgrade pip
    pip install cryptography
    yum install pyOpenSSL

    pip install bcrypt

    bcrypt installs now!

    Repeat CP upgrade and it works.

    I know 100% that I had pip v19 installed, it's how I knew v8 looked really wrong. I seem to see this happen a couple of times now with upgrades of CP and PIP downgrading which is really strange, but never this issue before with SSL.

    Anyways, back up and running :wink:

  • Uggh just got a notification that email sign-in failed on my phone. I am going to assume this is the pw hashing issue others have had. I'll attempt password updates.
  • Just to follow up, password resets work, but all email accounts require it. Also, inbound email stopped working.

    https://forums.cyberpanel.net/discussion/1596/cannot-receive-emails-only-can-send-them#latest

    chmod 644 /etc/postfix/dynamicmaps.cf
    systemctl restart postfix

    Resolves this.

    Fingers crossed no more issues.
Sign In or Register to comment.
CyberPanel Discord

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!