Pfsense 2.5.2 and Python3.8 OpenSSL wrapper?

chofmeister

Hello all,

I have a string of code i have been trying to get working in python3.8 that utilizes SSL certs at some point and part of the script is down below that sets up the openssl wrapper for python but there is no package in pfsense for loading pyopenssl and i even tried to load it threw pip and it just throws out tons of errors and the " from OpenSSL" part just gets an error stating "No module named 'OpenSSL'"

So i need a way to call the function that involves OpenSSL for python3.8. Anyone know how this is done or if the package is just simply missing and if its missing when it will be brought back or if there is a specific way to load this wrapper.

try:
from OpenSSL import crypto, SSL
except ImportError:
print(subprocess.check_output(['pkg', 'install', '-y', 'pyopenssl']))
from OpenSSL import crypto, SSL

Gertjan

@chofmeister

The error says it all.

My pfSense says the same thing :

[2.5.2-RELEASE][admin@pfsense.my-network.net]/root: pkg install pyopenssl
Updating pfSense-core repository catalogue...
pkg: https://files01.netgate.com/pfSense_v2_5_2_amd64-core/packagesite.pkg: Not Found
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
pfSense repository is up to date.
All repositories are up to date.
pkg: No packages available to install matching 'pyopenssl' have been found in the repositories

So, for me, "pyopenssl" isn't a FreeBSD packake that's aviable for pfSense.
Keep in mind that the Netgate/FreeBSD repositry is used, not the the official FreeBSD repositry.
As "pfSense" is not "FreeBSD".

Or it's called differently.

chofmeister

Also doing a search for openssl or even py in pkg does not show a pyopenssl package or anything similar. I need to know if there is a way to load this package. Trying to load it with pip install pyopenssl does attempt to load it but fails with errors. Need to know if this package comes under a different name?

Gertjan

@chofmeister said in Pfsense 2.5.2 and Python3.8 OpenSSL wrapper?:

with pip install pyopenssl does attempt to load it but fails with errors

Dono who pip is, some python script installer ? but if it presumes that pfSense is FreeBSD then you probably brake your firewall.

Use the search function (forum).

Some one used

pip install .... pyOpenSSL .... 

but that was on a 2.2.2, way back, in a distant galaxy.

chofmeister

This is what was originally working below for python2.7 but i need to convert this to python 3

try:
from OpenSSL import crypto, SSL
except ImportError:
print(subprocess.check_output(['pkg', 'install', '-y', 'py27-openssl']))
from OpenSSL import crypto, SSL

if anyone knows if its possible it would be greatly appreciated......

chofmeister

I found a way to load the pyopenssl. At this time the latest Python version is 3.8

Anyone needing to do this will need to enable FreeBSD repo function as described here below.

https://docs.netgate.com/pfsense/en/latest/recipes/freebsd-pkg-repo.html

You will also need to reboot the firewall to enable the FreeBSD repo as it will reread the needed conf file to enable it.

Then you can run this.

pkg install py38-openssl

It will install 20 packages needed for this to work as well.

Once you are done with installing it is recommend to turn off the FreeBSD repo as having this enabled will effect future updates from Pfsense possibly overwriting the custom packages that is uses.

Hope this helps anyone in the future that is needing the openssl wrapper for Python.

Gertjan

@chofmeister said in Pfsense 2.5.2 and Python3.8 OpenSSL wrapper?:

It will install 20 packages needed for this to work as well.

Be aware that these packages are created for a native FreeBSD environment.
pfSense is not using the same layout / paths - it's based on FreeBSD.
It is very possible that pfSense core files got overwritten, or some settings got changed.

Once you are done with installing it is recommend to turn off the FreeBSD repo as having this enabled will effect future updates from Pfsense possibly overwriting the custom packages that is uses.

So, security issue or not, no more updates for these packages.

chofmeister

I doubt this is going to be a problem but i will list the packages that the py38-openssl needs to have.

pkg install py38-openssl
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
Updating pfSense-core repository catalogue...
pkg: https://files00.netgate.com/pfSense_v2_5_2_amd64-core/packagesite.pkg: Not
Found
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
pfSense repository is up to date.
All repositories are up to date.
The following 20 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
cyrus-sasl: 2.1.27_2 [FreeBSD]
fontconfig: 2.13.94,1 [FreeBSD]
freetype2: 2.10.4 [FreeBSD]
gmp: 6.2.1 [FreeBSD]
jbigkit: 2.1_1 [FreeBSD]
jpeg-turbo: 2.0.6 [FreeBSD]
libfontenc: 1.1.4 [FreeBSD]
libssh2: 1.9.0_3,3 [FreeBSD]
libunwind: 20201110 [FreeBSD]
lua53: 5.3.6 [FreeBSD]
nettle: 3.7.3 [FreeBSD]
pixman: 0.40.0_1 [FreeBSD]
png: 1.6.37_1 [FreeBSD]
py38-cffi: 1.14.6 [FreeBSD]
py38-cryptography: 3.3.2 [FreeBSD]
py38-openssl: 20.0.1 [FreeBSD]
py38-pycparser: 2.20 [FreeBSD]
py38-six: 1.16.0 [FreeBSD]
tcl86: 8.6.11_1 [FreeBSD]
zstd: 1.5.0 [FreeBSD]

Number of packages to be installed: 20

i don't believe that any of the packages listed here are already part of the standard pfsense repo and should be fine to have loaded in.