AttributeError: module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK'

Question

So recently I had to reinstall python due to corrupt executable. This made one of our python scripts bomb with the following error:

AttributeError: module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK'

The line of code that caused it to bomb was:

from apiclient.discovery import build

I tried pip uninstalling and pip upgrading the google-api-python-client but I cant seem to find any information on this particular error.

For what it is worth - I am trying to pull google analytics info down via API call.

here is an output of the command prompt error

  File "C:\Analytics\Puritan_GoogleAnalytics\Google_Conversions\mcfTest.py", line 1, in <module>
    from apiclient.discovery import build
  File "C:\ProgramData\Anaconda3\lib\site-packages\apiclient\__init__.py", line 3, in <module>
    from googleapiclient import channel, discovery, errors, http, mimeparse, model
  File "C:\ProgramData\Anaconda3\lib\site-packages\googleapiclient\discovery.py", line 57, in <module>
    from googleapiclient import _auth, mimeparse
  File "C:\ProgramData\Anaconda3\lib\site-packages\googleapiclient\_auth.py", line 34, in <module>
    import oauth2client.client
  File "C:\ProgramData\Anaconda3\lib\site-packages\oauth2client\client.py", line 45, in <module>
    from oauth2client import crypt
  File "C:\ProgramData\Anaconda3\lib\site-packages\oauth2client\crypt.py", line 45, in <module>
    from oauth2client import _openssl_crypt
  File "C:\ProgramData\Anaconda3\lib\site-packages\oauth2client\_openssl_crypt.py", line 16, in <module>
    from OpenSSL import crypto
  File "C:\ProgramData\Anaconda3\lib\site-packages\OpenSSL\__init__.py", line 8, in <module>
    from OpenSSL import crypto, SSL
  File "C:\ProgramData\Anaconda3\lib\site-packages\OpenSSL\crypto.py", line 1517, in <module>
    class X509StoreFlags(object):
  File "C:\ProgramData\Anaconda3\lib\site-packages\OpenSSL\crypto.py", line 1537, in X509StoreFlags
    CB_ISSUER_CHECK = _lib.X509_V_FLAG_CB_ISSUER_CHECK
AttributeError: module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK'

Have you followed [Google analytics python quickstart?](https://developers.google.com/analytics/devguides/config/mgmt/v3/quickstart/service-py) for service accounts? or [QuickStart python](https://developers.google.com/analytics/devguides/config/mgmt/v3/quickstart/installed-py) for installed app — Linda Lawton - DaImTo, Sep 23 '22 at 16:23
@Daimto I did in fact. My posting here was to see if someone had an idea of what packages I could verify if there were version differences I was fighting with. I at least assume thats the issue based on my small research since this happened. — Doug Coats, Sep 23 '22 at 16:27
X509 implies to me that you are still using the p12 certificate for the service account instead of the json key file for the service account. If that is infact true. Then i would advice you to fix the code so you are using the json key file instead of the p12 file. "Its just easer and causes less errors" — Linda Lawton - DaImTo, Sep 23 '22 at 17:05
@Daimto I am using the json file. After a few trials and error I did find that the error was due to conflicting cryptography versions. I was able to get it up and running. Woohoo! — Doug Coats, Sep 23 '22 at 17:10

Robin Sving · Accepted Answer · 2023-03-17T15:13:18.670

169

Edit the crypto.py file mentioned in the stacktrace and remove the offending line by commenting it out with a #

Then upgrade latest version of PyOpenSSL.

pip install pip --upgrade
pip install pyopenssl --upgrade

Now you can re-add the commented line again and it should be working

edited Mar 17 '23 at 15:13

answered Oct 03 '22 at 08:05

Robin Sving

1,902
1
12
10

22

If you are like me, be sure not to read over this part: "Edit the crypto.py file and remove the offending line by commenting it out with a #" – sgdesmet Oct 21 '22 at 15:30
what's the difference between using pip and pip3 here? should I do pip3 if using python3 and rpi4? – Damandroid Oct 21 '22 at 16:46
1

Sorry it took so long to give you the deserved feedback. thanks! – Doug Coats Nov 03 '22 at 14:59
where is the crypto.py file located? – James Draper Nov 09 '22 at 22:26
4

@JamesDraper just check the stacktrace and you should see the path to the crypto.py – Robin Sving Nov 11 '22 at 13:03
Unfortunately pip is also failing with this error – Kjeld Flarup Nov 15 '22 at 09:19
22

I found it better to remove OpenSSL package entirely: `rm -rf /site-packages/OpenSSL` and then doing `pip install -U pyopenssl` – user13451415 Nov 16 '22 at 01:03
**Commenting-out** the offending line or **deleting the whole package** seems harsh, but in this case they are **perfect**. The other options will probably cause more harm and may also trash the Python installation completely. – Gonen Dec 07 '22 at 08:00
1

very bad advice to modify library. – Phyo Arkar Lwin Dec 26 '22 at 08:55
what crypto.py file? – Rebroad Dec 31 '22 at 09:16
The upgrade seemed to work for me, but I'm not sure if this is a stab in the dark that happened to work. Does this happen for specific versions of `pyopenssl`? – icedwater Jan 17 '23 at 04:50
4

Yeah not clear on where that file is. What OP should have said is "After encountering this error, look at the trace back report (The error message displayed) at the very bottom it should show the file path" like this ` File "/usr/lib/python3/dist-packages/OpenSSL/crypto.py", line 3126, in ` or if you need to you can try and find it like this `sudo find / -name "crypto.py" -type f 2>/dev/null`. Also after doing this it does not fix the issue for me. – Dave Jan 17 '23 at 14:00
DId not work for me. I had to recreate a new venv . – Aseem Feb 08 '23 at 09:15
I just upgraded pyopenssl in the python install referenced in the stacktrace and the error went away. Did not need to edit any files manually. – Sankalp Jun 24 '23 at 09:16
For me, I had an offending `cryptograph` package in `~/.local/lib/python3.9/site-packages`. Removing that fixed it. I installed `nostr-relay` which brought an other version in causing the conflict. – Roland Jul 31 '23 at 10:52

score 89 · Answer 2 · answered Nov 15 '22 at 09:38

89

As all the above failed for me i used the trick here: https://askubuntu.com/a/1433089/497392

sudo apt remove python3-pip 
wget https://bootstrap.pypa.io/get-pip.py
sudo python3 get-pip.py

And then after a reboot:

pip install pyopenssl --upgrade

answered Nov 15 '22 at 09:38

Kjeld Flarup

1,471
10
15

4

Logged in just to upvote you! Thanks – Jesse Reich Nov 17 '22 at 03:15
4

This is the only thing that worked for me as well; Ubuntu 20 – elkd Dec 20 '22 at 12:22
WARNING: Running pip as the 'root' user can result in broken permissions and conflicting behaviour with the system package manager. It is recommended to use a virtual environment instead: https://pip.pypa.io/warnings/venv – Rebroad Dec 31 '22 at 09:18
Works like a charm, this saved us so much time, thank you so much! – George Chalhoub Jul 23 '23 at 10:32
Had to login to upvote thanks! – Bilaal Abdel Hassan Aug 02 '23 at 21:21
Works for me. Thanks for the solution. – Rajesh Aug 30 '23 at 06:25

score 41 · Answer 3 · answered Jan 31 '23 at 10:37

41

I also encountered this error while installing Flask and firebase-admin on Ubuntu 20.04. The following commands solved my problem. First I removed OpenSSL using this command.

sudo rm -rf /usr/lib/python3/dist-packages/OpenSSL
sudo pip3 install pyopenssl
sudo pip3 install pyopenssl --upgrade

answered Jan 31 '23 at 10:37

bonifacio_kid

633
5
8

2

This solution worked for me, while other answers did not. – Craig S. Anderson Mar 06 '23 at 17:35
Just need to replace the path for OpenSSL folder to the one on your file system. In my case, it was inside- /Users//anaconda3/lib/python3.7/site-packages/OpenSSL – Manish Paul Mar 16 '23 at 02:51
This fixed it, thank you! One extra note, if you're using venv, you'd want to delete the OpenSSL directory from /venv/lib/python/site-packages/OpenSSL rather than /usr/lib. – mire May 11 '23 at 16:55

score 27 · Answer 4 · edited Jun 06 '23 at 21:29

27

pip3 install pyOpenSSL --upgrade

solved all my issues.

edited Jun 06 '23 at 21:29

Zags

37,389
14
105
140

answered Dec 12 '22 at 10:53

hightest

395
5
15

5

When I tried this, I got an exception backtrace: `CB_ISSUER_CHECK = _lib.X509_V_FLAG_CB_ISSUER_CHECK AttributeError: module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK'` Which is what we are trying to solve. – Craig S. Anderson Mar 06 '23 at 17:22

score 13 · Answer 5 · answered Feb 06 '23 at 14:40

13

sudo apt remove python3-openssl

answered Feb 06 '23 at 14:40

mtwebster

149
1
3

1

Hey mtwebster, thank you for your answer! The community would appreciate if you would provide more context to your answer -- for example, how exactly `python3-openssl` package might be related to the problems described in the question, and how it's uninstallation can help with it. Also, while it's clear from the question that the author uses Windows environment, so your answer is probably not helpful to them, I appreciate it can be useful to Linux users (whom distributives are APT-based), if it would be more elaborate in explaining what the issue is and why it can be addressed this way. – mingaleg Feb 06 '23 at 21:41
This does work to fix the broken package situation where pip commands give the original error. – Craig S. Anderson Mar 06 '23 at 17:26
this did help resolve the error, but as @mingaleg suggested, whats the reason behind this? how does uninstalling python3-openssl get around this issue? – ades May 05 '23 at 15:39

score 10 · Answer 6 · answered Oct 12 '22 at 08:16

10

on my ubuntu "20.04.5" I manage solving the error:

CB_ISSUER_CHECK = _lib.X509_V_FLAG_CB_ISSUER_CHECK\r

by re-installing the following packages:

apt-get --reinstall install python-apt
apt-get --reinstall install apt-transport-https
apt-get install build-essential libssl-dev libffi-dev python-dev

I do not use pip as I received this error message using ansible playbook and wasn't able to reach the servers anymore.

Hope it helps somebody on day.

answered Oct 12 '22 at 08:16

Orsius

830
1
11
18

After re-installation I needed to upgrade pyOpenSSL and cryptography as in [answer by @Robin Sving](https://stackoverflow.com/a/73932621/3123501) and it worked – Liz Oct 17 '22 at 20:12
This is more likely for python2 – Y Y Dec 22 '22 at 15:11
python-dev wasn't a package – Rebroad Dec 31 '22 at 09:20

score 9 · Answer 7 · edited Feb 24 '23 at 09:32

9

For me, earlier answers can't help me as I meet this problem for all pip commands, even pip3 -V. But I solved it by:

Get url from https://pypi.org/project/pyOpenSSL/#files , if you need the latest version.

wget https://files.pythonhosted.org/packages/00/3f/ea5cfb789dddb327e6d2cf9377c36d9d8607af85530af0e7001165587ae7/pyOpenSSL-22.1.0-py3-none-any.whl

Install pyOpenSSL from whl file.

python3 -m easy_install pyOpenSSL-22.1.0-py3-none-any.whl

Thanks https://askubuntu.com/a/1429674

edited Feb 24 '23 at 09:32

Chu-Siang Lai

2,658
1
24
21

answered Oct 29 '22 at 05:56

yxzlwz

156
5

2

Please try the "sort by" feature of StackOverflow and reconsider the phrasing "above". – Yunnosch Oct 29 '22 at 06:12
1

The other solutions' commands didn't resolve the issue, and `pip3 --version` was also broken with stacktrace output in the same way. I see the "offending" `crypto.py` at `~/.local/lib/python3.8/site-packages/localstack/utils/crypto.py` but didn't think that commenting out a line was a proper solution. This solution seems like the actual fix. – Steve Goossens Nov 08 '22 at 15:00
Interesting trick, however easy_install was not installed on my system :-( – Kjeld Flarup Nov 15 '22 at 09:32

score 5 · Answer 8 · answered Jan 12 '23 at 09:17

I stumbled into this problem this morning trying to install weasyprint after a system update and restart. Commenting out the line containing

X509_V_FLAG_CB_ISSUER_CHECK

in /usr/lib/python3/dist-packages/OpenSSL/crypto.py resulted in a further error

AttributeError: module 'lib' has no attribute 'OpenSSL_add_all_algorithms'

None of the suggested fixes would work for me.

sudo apt remove python3-pip followed by sudo apt install python3-pip
sudo pip install pyopenssl --upgrade
sudo python3 -m easy_install pyOpenSSL-22.0.0-py2.py3-none-any.whl
sudo pip install --force-reinstall "cryptography==38.0.4"

I found this module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK' but it didn't add to anything I already knew. I found this AttributeError: module 'lib' has no attribute 'OpenSSL_add_all_algorithms' but it comes with WARNINGS for people running on desktops and it causing significant system wide issues.

I tried upgrading OpenSSL via easy_install but the wheel could not be found and there was a depreciation warning. Eventually I came back to the comment by @Alexandr who said just remove OpenSSL with rm.

sudo rm -rf /usr/lib/python3/dist-packages/OpenSSL

From here I attempted to reinstall OpenSSL but found it was already statisfied. Maybe an older package was blocking and this was the root of the problem?

sudo pip install pyopenssl
Requirement already satisfied: pyopenssl in /usr/lib/python3/dist-packages (19.0.0)

I then upgraded pip and was able to install WeasyPrint which I hope confirms I have solved this issue.

pip install pip --upgrade
Successfully installed pip-22.3.1

pip install weasyprint
Successfully installed Pyphen-0.13.2 ... weasyprint-57.2 zopfli-0.2.2

Nishant Kabariya · Answer 9 · 2023-01-09T08:16:35.237

3

Below commands worked for me...

sudo pip3 install pyopenssl

sudo pip3 install pyopenssl --upgrade

edited Jan 09 '23 at 08:16

answered Jan 09 '23 at 08:16

Nishant Kabariya

31
3

Your answer could be improved with additional supporting information. Please [edit] to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Jan 09 '23 at 13:20

score 1 · Answer 10 · answered Oct 23 '22 at 12:23

1

If you have pip completely broken, as @sgdesmet propose in a comment, the only option to resolve this issue is

"Edit the crypto.py file and remove the offending line by commenting it out with a #"

No other solutions work with me.

answered Oct 23 '22 at 12:23

DarkSkull

1,041
3
13
23

Alexandr · Answer 11 · 2022-11-16T13:09:58.710

1

I've tried upgrading pip and installing another version of pyOpenSSL from whl file, but that didn't work. The only thing that helped is removing the entire folder with OpenSSL module like that rm -rf ...python-3.8.10/lib/python3.8/site-packages/OpenSSL and then doing all the thing you need.

edited Nov 16 '22 at 13:09

answered Nov 16 '22 at 13:09

Alexandr

11
2

This is what worked for me. I tried all the other answers. – Jon_the_developer Jul 11 '23 at 14:40

Stefan · Answer 12 · 2023-06-22T11:08:02.340

1

If you don't have sudo rights the --user option might do the trick:

wget https://bootstrap.pypa.io/get-pip.py && python3 get-pip.py --user
python3 -m pip install pyopenssl --upgrade --user

edited Jun 22 '23 at 11:08

answered Jun 22 '23 at 10:43

Stefan

10,010
7
61
117

score 0 · Answer 13 · answered Nov 12 '22 at 05:18

If pip / pip3 is completely broken and nothing of the other option work (as described by @DarkSkull), then the line in the crypto.py file that's causing the issue has to be deleted or commented out.

Here's an automated way of doing it:

python_openssl_crypto_file="/usr/lib/python3/dist-packages/OpenSSL/crypto.py"
search_term="CB_ISSUER_CHECK = _lib.X509_V_FLAG_CB_ISSUER_CHECK"
cb_issuer_check_line_number="$(awk "/$search_term/ {print FNR}" $python_openssl_crypto_file)"
sed -i "${cb_issuer_check_line_number}s/.*/    # $search_term/" $python_openssl_crypto_file

JDogMcSteezy · Answer 14 · 2022-12-16T22:40:16.727

0

Thanks to the answers above I was able to solve the same problem. I use pipenv to manage my environment. The issue arose after upgrading my cryptography module.

The fix (for me):

pipenv update pyOpenSSL

edited Dec 16 '22 at 22:40

answered Dec 16 '22 at 00:33

JDogMcSteezy

260
2
7

hell yeah dude, thats awesome – Doug Coats Dec 16 '22 at 04:40

score 0 · Answer 15 · answered Mar 13 '23 at 12:00

0

For me, issue resolved by changing snowflake-connector-python package version from 2.7.1 to latest version in requirements.txt file of Azure function app.

answered Mar 13 '23 at 12:00

Sudha

1

score 0 · Answer 16 · answered Jul 24 '23 at 10:53

0

I got the same issue using Certbot, the right version was not the latest, so : pip3 install pyOpenSSL==23.1.1

answered Jul 24 '23 at 10:53

Loenix

1,057
1
10
23

score 0 · Answer 17 · edited Aug 03 '23 at 02:39

0

if you got this error when using pip, try this

rm -rf <python_path>/site-packages/OpenSSL

the problem will be solved.

edited Aug 03 '23 at 02:39

Sadeed_pv

513
1
9
22

answered Jul 29 '23 at 02:13

G D

1
1

AttributeError: module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK'

17 Answers17

Linked

Related