Debian 的 python3-openssl v19.0.0-1 中的错误补丁

Table of Content

2021 年 3 月 17 日时, Debian 系统中使用 certbot 时出现错误信息:

2021-03-17 08:39:45,569:WARNING:certbot.renewal:Attempting to renew cert ( from /etc/letsencrypt/renewal/ produced an unexpected error: module 'lib' has no attribute 'X509_getm_notAfter'. Skipping.
2021-03-17 08:39:45,576:DEBUG:certbot.renewal:Traceback was:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/", line 450, in handle_renewal_request
    if should_renew(lineage_config, renewal_candidate):
  File "/usr/lib/python3/dist-packages/certbot/", line 281, in should_renew
    if lineage.should_autorenew():
  File "/usr/lib/python3/dist-packages/certbot/", line 944, in should_autorenew
    "cert", self.latest_common_version()))
  File "/usr/lib/python3/dist-packages/certbot/", line 418, in notAfter
    return _notAfterBefore(cert_path, crypto.X509.get_notAfter)
  File "/usr/lib/python3/dist-packages/certbot/", line 437, in _notAfterBefore
    timestamp = method(x509)
  File "/usr/local/lib/python3.7/dist-packages/OpenSSL/", line 1417, in get_notAfter
    return self._get_boundary_time(_lib.X509_getm_notAfter)
AttributeError: module 'lib' has no attribute 'X509_getm_notAfter'

打开查看文件 /usr/local/lib/python3.7/dist-packages/OpenSSL/ 的内容发现有这样子一行.

    return self._get_boundary_time(_lib.X509_getm_notAfter)

我们查询这条语句的引入时间发现是在 这个 commit 中, 引入时间是 2020 年 8 月, 而我们发现 v19.0.0-1 版本应该在 2019 年 11 月份引入, 所以初步认为是包管理维护者的错误打补丁行为.

故我们将这一次 commit 的修改撤销, 即可修复上述错误.

Leave a Reply

Your email address will not be published. Required fields are marked *

Enter Captcha Here :