Obnoxious CryptographyDeprecationWarning because of missing hmac.compare_time function everywhere

瘦欲@ 提交于 2019-12-19 07:20:27

问题


Things were running along fine until one of my projects started printing this everywhere, at the top of every execution, at least once:

local/lib/python2.7/site-packages/cryptography/hazmat/primitives/constant_time.py:26: CryptographyDeprecationWarning: Support for your Python version is deprecated. The next version of cryptography will remove support. Please upgrade to a 2.7.x release that supports hmac.compare_digest as soon as possible.

I have no idea why it started and it's disrupting the applications'/tools' output, especially when it's being captured and consumed by other tools. Like many difficulties throughout time, I'm fairly certain it is related to urllib and, by association, requests. Worse, I have so many projects and cross-dependencies that I can't possibly update all of the imports and branches with the call to warnings.filterwarnings() to suppress the warning.

I have Python 2.7.6 . Apparently this goes away in 2.7.7 . Only, I have some systems that have 2.7.6 where I do not see the warnings. So, something may or may not be disabling them in one version and I might've inadvertently replaced it with another version.

My Ubuntu, Python, urllib, requests (with the security option), cryptography, and hmac are all identical versions/builds on systems that do print the warning and systems that do not.

There appears to be no relevant warnings or announcements online and it seems like any related project is static/stable by this point (even though 'hmac' can be installed via PIP, it hasn't changed in eight years).


回答1:


I hit this error for quite sometime. For my environment, it was a pain to upgrade Python to a higher version than 2.7.6. The easier solution was to downgrade cryptography module using pip:

pip2.7 install cryptography==2.2.2

I think the best solution is to upgrade your python version though




回答2:


This answer is for Python3

I got here by looking for an answer while using Paramiko. For those still looking for a simple answer. I got these CryptographyDeprecationWarning suppresed with the these lines of code before importing Paramiko:

import warnings 
warnings.filterwarnings(action='ignore',module='.*paramiko.*')

I hope this helps




回答3:


I started getting this warning for a straightforward requests.get call. This warning is printed when the module cryptography.hazmat.primitives.constant_time is loaded, and so this should typically only come once per Python program. If you are seeing it many times, it must be because a Python program (like a utility) is getting executed multiple times. You just have to identify that program and add the below code to the main entry point:

import cryptography
from cryptography import utils
with warnings.catch_warnings():
    warnings.simplefilter('ignore', cryptography.utils.DeprecatedIn23)
    import cryptography.hazmat.primitives.constant_time



回答4:


For Python3 only:

Per an apparent Paramiko update this worked for me and solve the similar problem/symptoms I was experiencing:

pip3 install --upgrade paramiko

This installed paramiko 2.6.0 on my system, replacing 2.4.2:

$ pip3 install --upgrade paramiko
[...]
Installing collected packages: paramiko
  Found existing installation: paramiko 2.4.2
    Uninstalling paramiko-2.4.2:
      Successfully uninstalled paramiko-2.4.2
Successfully installed paramiko-2.6.0
$

My Python2 environment appears to be messed up, so I'm not able to test this on Python2.




回答5:


When you do pip2.7 install cryptography==2.2.2, it appears the error might still occur. I believe you need also sudo pip2.7 install --upgrade pip Aso, as of 5/5/19 the newest appears to be cryptography=2.6.1



来源:https://stackoverflow.com/questions/51778764/obnoxious-cryptographydeprecationwarning-because-of-missing-hmac-compare-time-fu

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!