Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense 2.5.2 and Python3.8 OpenSSL wrapper?

    Scheduled Pinned Locked Moved General pfSense Questions
    8 Posts 2 Posters 1.0k Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C Offline
      chofmeister
      last edited by chofmeister

      Hello all,

      I have a string of code i have been trying to get working in python3.8 that utilizes SSL certs at some point and part of the script is down below that sets up the openssl wrapper for python but there is no package in pfsense for loading pyopenssl and i even tried to load it threw pip and it just throws out tons of errors and the " from OpenSSL" part just gets an error stating "No module named 'OpenSSL'"

      So i need a way to call the function that involves OpenSSL for python3.8. Anyone know how this is done or if the package is just simply missing and if its missing when it will be brought back or if there is a specific way to load this wrapper.

      try:
      from OpenSSL import crypto, SSL
      except ImportError:
      print(subprocess.check_output(['pkg', 'install', '-y', 'pyopenssl']))
      from OpenSSL import crypto, SSL

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG Offline
        Gertjan @chofmeister
        last edited by

        @chofmeister

        The error says it all.

        My pfSense says the same thing :

        [2.5.2-RELEASE][admin@pfsense.my-network.net]/root: pkg install pyopenssl
        Updating pfSense-core repository catalogue...
        pkg: https://files01.netgate.com/pfSense_v2_5_2_amd64-core/packagesite.pkg: Not Found
        pfSense-core repository is up to date.
        Updating pfSense repository catalogue...
        pfSense repository is up to date.
        All repositories are up to date.
        pkg: No packages available to install matching 'pyopenssl' have been found in the repositories
        

        So, for me, "pyopenssl" isn't a FreeBSD packake that's aviable for pfSense.
        Keep in mind that the Netgate/FreeBSD repositry is used, not the the official FreeBSD repositry.
        As "pfSense" is not "FreeBSD".

        Or it's called differently.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 1
        • C Offline
          chofmeister
          last edited by

          Also doing a search for openssl or even py in pkg does not show a pyopenssl package or anything similar. I need to know if there is a way to load this package. Trying to load it with pip install pyopenssl does attempt to load it but fails with errors. Need to know if this package comes under a different name?

          GertjanG 1 Reply Last reply Reply Quote 0
          • GertjanG Offline
            Gertjan @chofmeister
            last edited by

            @chofmeister said in Pfsense 2.5.2 and Python3.8 OpenSSL wrapper?:

            with pip install pyopenssl does attempt to load it but fails with errors

            Dono who pip is, some python script installer ? but if it presumes that pfSense is FreeBSD then you probably brake your firewall.

            Use the search function (forum).

            Some one used

            pip install .... pyOpenSSL .... 
            

            but that was on a 2.2.2, way back, in a distant galaxy.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            C 1 Reply Last reply Reply Quote 1
            • C Offline
              chofmeister @Gertjan
              last edited by

              This is what was originally working below for python2.7 but i need to convert this to python 3

              try:
              from OpenSSL import crypto, SSL
              except ImportError:
              print(subprocess.check_output(['pkg', 'install', '-y', 'py27-openssl']))
              from OpenSSL import crypto, SSL

              if anyone knows if its possible it would be greatly appreciated......

              1 Reply Last reply Reply Quote 0
              • C Offline
                chofmeister
                last edited by

                I found a way to load the pyopenssl. At this time the latest Python version is 3.8

                Anyone needing to do this will need to enable FreeBSD repo function as described here below.

                https://docs.netgate.com/pfsense/en/latest/recipes/freebsd-pkg-repo.html

                You will also need to reboot the firewall to enable the FreeBSD repo as it will reread the needed conf file to enable it.

                Then you can run this.

                pkg install py38-openssl

                It will install 20 packages needed for this to work as well.

                Once you are done with installing it is recommend to turn off the FreeBSD repo as having this enabled will effect future updates from Pfsense possibly overwriting the custom packages that is uses.

                Hope this helps anyone in the future that is needing the openssl wrapper for Python.

                GertjanG 1 Reply Last reply Reply Quote 0
                • GertjanG Offline
                  Gertjan @chofmeister
                  last edited by

                  @chofmeister said in Pfsense 2.5.2 and Python3.8 OpenSSL wrapper?:

                  It will install 20 packages needed for this to work as well.

                  Be aware that these packages are created for a native FreeBSD environment.
                  pfSense is not using the same layout / paths - it's based on FreeBSD.
                  It is very possible that pfSense core files got overwritten, or some settings got changed.

                  Once you are done with installing it is recommend to turn off the FreeBSD repo as having this enabled will effect future updates from Pfsense possibly overwriting the custom packages that is uses.

                  So, security issue or not, no more updates for these packages.

                  No "help me" PM's please. Use the forum, the community will thank you.
                  Edit : and where are the logs ??

                  1 Reply Last reply Reply Quote 0
                  • C Offline
                    chofmeister
                    last edited by

                    I doubt this is going to be a problem but i will list the packages that the py38-openssl needs to have.

                    pkg install py38-openssl
                    Updating FreeBSD repository catalogue...
                    FreeBSD repository is up to date.
                    Updating pfSense-core repository catalogue...
                    pkg: https://files00.netgate.com/pfSense_v2_5_2_amd64-core/packagesite.pkg: Not
                    Found
                    pfSense-core repository is up to date.
                    Updating pfSense repository catalogue...
                    pfSense repository is up to date.
                    All repositories are up to date.
                    The following 20 package(s) will be affected (of 0 checked):

                    New packages to be INSTALLED:
                    cyrus-sasl: 2.1.27_2 [FreeBSD]
                    fontconfig: 2.13.94,1 [FreeBSD]
                    freetype2: 2.10.4 [FreeBSD]
                    gmp: 6.2.1 [FreeBSD]
                    jbigkit: 2.1_1 [FreeBSD]
                    jpeg-turbo: 2.0.6 [FreeBSD]
                    libfontenc: 1.1.4 [FreeBSD]
                    libssh2: 1.9.0_3,3 [FreeBSD]
                    libunwind: 20201110 [FreeBSD]
                    lua53: 5.3.6 [FreeBSD]
                    nettle: 3.7.3 [FreeBSD]
                    pixman: 0.40.0_1 [FreeBSD]
                    png: 1.6.37_1 [FreeBSD]
                    py38-cffi: 1.14.6 [FreeBSD]
                    py38-cryptography: 3.3.2 [FreeBSD]
                    py38-openssl: 20.0.1 [FreeBSD]
                    py38-pycparser: 2.20 [FreeBSD]
                    py38-six: 1.16.0 [FreeBSD]
                    tcl86: 8.6.11_1 [FreeBSD]
                    zstd: 1.5.0 [FreeBSD]

                    Number of packages to be installed: 20

                    i don't believe that any of the packages listed here are already part of the standard pfsense repo and should be fine to have loaded in.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.