Community
Fusion API and Scripts
Got a new add-in to share? Need something specialized to be scripted? Ask questions or share what you’ve discovered with the community.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

[Python] Outdated version of OpenSSL on Mac ?

7 REPLIES 7
Reply
Message 1 of 8
JeromeBriot
2643 Views, 7 Replies

[Python] Outdated version of OpenSSL on Mac ?

Hello,

I was working on my contribution Github2Fusion360 and I faced a problem to access Github server on Mac :

Fail to reach a server
[SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version (_ssl.c:720)


I tried to use PROTOCOL_TLSv1_1 but it didn't work. This protocol is only available with OpenSSL version 1.0.1+ and Fusion 360 works with OpenSSL 0.9.8 on Mac

On Windows :

>>> import ssl
>>> ssl.OPENSSL_VERSION
OpenSSL 1.0.2j  26 Sep 2016


On Mac :

>>> import ssl
>>> ssl.OPENSSL_VERSION
OpenSSL 0.9.8zh 14 Jan 2016


It seems to be a mistake during compilation because Fusion 360 is distributed with the same file "ssl.py" on Windows and on Mac

Thanks

7 REPLIES 7
Message 2 of 8
JeromeBriot
in reply to: JeromeBriot

Here is a small code to reproduce the error on Mac :

 

import traceback
import urllib

def run(context):

    try:

        url = 'https://github.com/caseycrogers/Dogbone/blob/master/Dogbone.manifest'

        request = urllib.request.Request(url)

        # Check if the URL is reachable
        try:

            urllib.request.urlopen(request)

        except urllib.error.HTTPError as e:
            print('The server couldn\'t fulfill the request.\n{}'.format(e))
            return

        except urllib.error.URLError as e:
            print('Fail to reach a server.\n{}'.format(e.reason))
            return

        print("Succeed")

    except:
        print('Failed:\n{}'.format(traceback.format_exc()))

 

Message 3 of 8
marshaltu
in reply to: JeromeBriot

Hello,

 

I can reproduce the issue you mentioned. Unfortunately it seemed that we have to upgrade the version of Python(3.5.3) which Fusion 360 is using to solve the issue according to the thread as below.

 

https://stackoverflow.com/questions/44316292/ssl-sslerror-tlsv1-alert-protocol-version?rq=1

 

I will create UP-38248 to track the issue in our internal system. 

 

Thanks,

Marshal



Marshal Tu
Fusion 360 Developer
Autodesk, Inc.

Message 4 of 8
JeromeBriot
in reply to: marshaltu

Hello,

 

I digged into the source of Python 3.5.3 and found a file "build-installer.py" ("Mac\BuildScript" folder) where we can read:

 

        # The OpenSSL libs shipped with OS X 10.5 and earlier are
        # hopelessly out-of-date and do not include Apple's tie-in to
        # the root certificates in the user and system keychains via TEA
        # that was introduced in OS X 10.6.  Note that this applies to
        # programs built and linked with a 10.5 SDK even when run on
        # newer versions of OS X.
        #
        # Dealing with CAs is messy.  For now, just supply a
        # local libssl and libcrypto for the older installer variants
        # (e.g. the python.org 10.5+ 32-bit-only installer) that use the
        # same default ssl certfile location as the system libs do:
        #   /System/Library/OpenSSL/cert.pem
        # Then at least TLS connections can be negotiated with sites that
        # use sha-256 certs like python.org, assuming the proper CA certs
        # have been supplied.  The default CA cert management issues for
        # 10.5 and earlier builds are the same as before, other than it is
        # now more obvious with cert checking enabled by default in the
        # standard library.
        #
        # For builds with 10.6 through 10.9 SDKs,
        # continue to use the deprecated but
        # less out-of-date Apple 0.9.8 libs for now.  While they are less
        # secure than using an up-to-date 1.0.1 version, doing so
        # avoids the big problems of forcing users to have to manage
        # default CAs themselves, thanks to the Apple libs using private TEA
        # APIs for cert validation from keychains if validation using the
        # standard OpenSSL locations (/System/Library/OpenSSL, normally empty)
        # fails.
        #
        # Since Apple removed the header files for the deprecated system
        # OpenSSL as of the Xcode 7 release (for OS X 10.10+), we do not
        # have much choice but to build our own copy here, too.

        result.extend([
          dict(
              name="OpenSSL 1.0.2j",
              url="https://www.openssl.org/source/openssl-1.0.2j.tar.gz",
              checksum='96322138f0b69e61b7212bc53d5e912b',
              patches=[
                  "openssl_sdk_makedepend.patch",
                   ],
              buildrecipe=build_universal_openssl,
              configure=None,
              install=None,
          ),
        ])

So it should be possible to patch the installation with the file "openssl_sdk_makedepend.patch". Maybe someone at Autodesk could tell us more about that ?

 

Note that people had the same problem with the Blender software: Python uses old openssl version on OSX

Message 5 of 8
marshaltu
in reply to: JeromeBriot

Hello,

 

I added your notes to the bug item tracked in our internal system. 

 

Thanks,

Marshal



Marshal Tu
Fusion 360 Developer
Autodesk, Inc.

Message 6 of 8
JeromeBriot
in reply to: marshaltu

I found a workaround to download files via Python on Mac.

 

The solution is to use the subprocess module to call curl as an external command (Is every Mac has cURL pre-installed?)

 

Here is the idea:

 

import adsk.core, traceback
import subprocess
import os

def run(context):
    ui = None
    try:
        app = adsk.core.Application.get()
        ui  = app.userInterface

        master_zip = 'https://github.com/caseycrogers/Dogbone/archive/master.zip'
        local_zip = '/'.join([os.getenv('HOME'), 'Desktop', 'master.zip'])

        try:

        	# Check if the URL is reachable
        	out = subprocess.check_output(['curl', '-I', master_zip])
        	if out.decode().find('Status: 302 Found') > 0:
        		# Download the master zip file in the temporary folder
        		subprocess.call(['curl', '-o', local_zip, '-L', master_zip])
        	else:
        		ui.messageBox('Fail to reach a server.\n\n{}'.format(out.decode()))

        except subprocess.CalledProcessError as e:
        	ui.messageBox('Subprocess failed:\nReturncode: {}\n\nOutput:{}'.format(e.returncode, e.output))

    except:
        if ui:
            ui.messageBox('Failed:\n{}'.format(traceback.format_exc()))

 

 

Message 7 of 8

@marshaltu 

 

I am running in the same issue with my Add In on MacOS.

 

Are there any news on the Support Ticket/ Bug UP-38248. it has been already more than half a year and nothing has changed?

 

Greets Fabi

Message 8 of 8

Because it seems like nobody cares here. I created a new topic under support for this issue. 

 

https://forums.autodesk.com/t5/fusion-360-support/update-web-browser-coming-with-fusion-360/td-p/861...

Can't find what you're looking for? Ask the community or share your knowledge.

Post to forums  

Autodesk DevCon in Munich May 28-29th


Autodesk Design & Make Report