Thank you very much, Dimitri -- I am interested in this also.

I tested that PPA on a test web server running nginx, uwsgi, uwsgi-
plugin-python3, Django 1.11(.16), and a Python 3.6 'pyvenv' virtual
environment using 'psycopg2' to connect to a PostgreSQL 10 server via
the pre-built Python wheel for 'psycopg2_binary' version 2.7.5.

I could immediately connect to nginx over TLS 1.3 without any problems,
and the Qualys SSL Labs scan also reported that all was well with TLS
1.3.

However, the web app under uwsgi crashed (segfaulted) on any request,
with a stack trace at https://pastebin.com/DLGiuKfR

I was relatively surprised that the 'psycopg2_binary' Python wheel
seemed to bundle its own version of libssl-8bb9b3dd.so.1.0.2o -- and it
looks like there's some incompatibility with this build of Python and
OpenSSL 1.1.1. I removed this Python package and installed 'psycopg2'
instead, and saw the same behavior.

I was able to fix this by reinstalling psycopg2 from source with 'pip
install --no-binary=":all:" psycopg2', and now everything works well
with the web app.

I'm not sure how much of a problem this is at this stage, or who has the
responsibility to address it (Ubuntu developers or whoever built the
psycopg2 wheel), but I figured I may as well mention this anyway.

It's great that everything was fine with nginx without any effort on my
part; thanks!

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1797386

Title:
  [SRU] OpenSSL 1.1.1 to 18.04 LTS

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1797386/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to