A major task I was given this week was to figure out why pgAdmin wasn't working. So that task was on the high-priority list, because without it, our database administrator wouldn't be able to work. While investigating the problem, I ran into these errors:
File "/usr/lib64/python3.9/random.py", line 61, in <module>
from _sha512 import sha512 as _sha512
ModuleNotFoundError: No module named '_sha512'
File "/usr/lib64/python3.9/random.py", line 64, in <module>
from hashlib import sha512 as _sha512
File "/usr/lib64/python3.9/hashlib.py", line 77, in <module>
import _hashlib
ImportError: /lib64/libcrypto.so.3: version `OPENSSL_3.4.0' not found (required by /usr/lib64/python3.9/lib-dynload/_hashlib.cpython-39-x86_64-linux-gnu.so)
There was something preventing mod_wsgi, which is an Apache module for running Python web apps,from running. At first thought, it was incompatible OpenSSL version with the server. I checked, and we had version 3.5. Maybe somebody updated it recently and it caused problems. But that can't be verified. I also tried importing the library by hand using the command below. It was working fine.
python3 -c 'from hashlib import sha512 as _sha512;print("OK")'Another way to test it was to run a test script through Apache, testssl.wsgi:
import sys
import platform
try:
import ssl
ssl_info = ssl.OPENSSL_VERSION
except Exception as e:
ssl_info = f"FAILED: {e}"
def application(environ, start_response):
start_response('200 OK', [('Content-Type','text/plain')])
return [
f"Python version: {platform.python_version()}\n".encode(),
f"Python executable: {sys.executable}\n".encode(),
f"SSL: {ssl_info}\n".encode(),
]It also failed right at the ssl part. A check using ldd /usr/lib64/python3.9/lib-dynload/_hashlib*.so
revealed that it was using libcrypto.so.3, which linked to /lib64/libcrypto.so.3. libcrypto is
how Python gets its hash algorithms, and it is loading fine otherwise, but not inside Apache.
I was considering reinstalling Python 3. But it was too drastic as it would affect everything inside the OS. A lot of services depends on Python and it is working fine, except for this Apache incident. So I was left with two more options:
- Reinstall mod_wsgi
- Use Gunicorn to run pgAdmin, which is reversed proxy from Apache I worked with the sysadmin to get a snapshot of the system before proceeding. I reinstalled mod_wsgi, and wouldn't you know it? It worked flawlessly again. Lucky I didn't have to reinstall Python.