Python_ss 报错

问题描述：

本文适用于解决 openssl 升级到 1.1.0 以上版本，导致 shadowsocks2.8.2 启动报 undefined symbol: EVP_CIPHER_CTX_cleanup 错误

解决方法：

最近将 openssl 升级到了 1.1.0b 版本，编译之后 shadowsocks 无法启动，报错如下：

1
2
3
4
5
6
7
8
9
10
11
12
13
14

Traceback (most recent call last):
    File "/usr/bin/ssserver", line 9, in load_entry_point('shadowsocks==2.8.2', 'console_scripts', 'ssserver')()
	File "/usr/lib/python2.7/site-packages/shadowsocks/server.py", line 34, in main config = shell.get_config(False)
    File "/usr/lib/python2.7/site-packages/shadowsocks/shell.py", line 262, in get_config check_config(config, is_local)
    File "/usr/lib/python2.7/site-packages/shadowsocks/shell.py", line 124, in check_config encrypt.try_cipher(config['password'], config['method'])
    File "/usr/lib/python2.7/site-packages/shadowsocks/encrypt.py", line 44, in try_cipher Encryptor(key, method)
    File "/usr/lib/python2.7/site-packages/shadowsocks/encrypt.py", line 83, in __init__ random_string(self._method_info[1]))
    File "/usr/lib/python2.7/site-packages/shadowsocks/encrypt.py", line 109, in get_cipher return m[2](method, key, iv, op)
    File "/usr/lib/python2.7/site-packages/shadowsocks/crypto/openssl.py", line 76, in __init__ load_openssl()
    File "/usr/lib/python2.7/site-packages/shadowsocks/crypto/openssl.py", line 52, in load_openssl libcrypto.EVP_CIPHER_CTX_cleanup.argtypes = (c_void_p,)
    File "/usr/lib64/python2.7/ctypes/__init__.py", line 373, in __getattr__ func = self.__getitem__(name)
    File "/usr/lib64/python2.7/ctypes/__init__.py", line 378, in __getitem__ func = self._FuncPtr((name_or_ordinal, self))
AttributeError: /usr/local/ssl/lib/libcrypto.so.1.1: undefined symbol: EVP_CIPHER_CTX_cleanup
shadowsocks start failed

这个问题是由于在 openssl1.1.0 版本中，废弃了 EVP_CIPHER_CTX_cleanup 函数，如官网中所说：

EVP_CIPHER_CTX was made opaque in OpenSSL 1.1.0. As a result, EVP_CIPHER_CTX_reset() appeared and EVP_CIPHER_CTX_cleanup() disappeared. EVP_CIPHER_CTX_init() remains as an alias for EVP_CIPHER_CTX_reset().

EVP_CIPHER_CTX_reset 函数替代了 EVP_CIPHER_CTX_cleanup 函数
EVP_CIPHER_CTX_reset 函数说明：

EVP_CIPHER_CTX_reset() clears all information from a cipher context and free up any allocated memory associate with it, except the ctx itself. This function should be called anytime ctx is to be reused for another EVP_CipherInit() / EVP_CipherUpdate() / EVP_CipherFinal() series of calls.

EVP_CIPHER_CTX_cleanup 函数说明：

EVP_CIPHER_CTX_cleanup() clears all information from a cipher context and free up any allocated memory associate with it. It should be called after all operations using a cipher are complete so sensitive information does not remain in memory.

可以看出，二者功能基本上相同，都是释放内存，只是应该调用的时机稍有不同，所以用 reset 代替 cleanup 问题不大。

修改方法：

1. 用 vi 打开文件：vi /usr/local/lib/python2.7/dist-packages/shadowsocks/crypto/openssl.py
2. 跳转到 52 行（shadowsocks2.8.2 版本，其他版本搜索一下 cleanup）
3. 进入编辑模式
4. 将第 52 行 libcrypto.EVP_CIPHER_CTX_cleanup.argtypes = (c_void_p,)
5. 改为 libcrypto.EVP_CIPHER_CTX_reset.argtypes = (c_void_p,)
6. 再次搜索 cleanup（全文件共 2 处，此处位于 111 行），将 libcrypto.EVP_CIPHER_CTX_cleanup(self._ctx)
7. 改为 libcrypto.EVP_CIPHER_CTX_reset(self._ctx)
8. 保存并退出
9. 启动 shadowsocks 服务：service shadowsocks start

提示：

1. openssl1.1.0 目前兼容性很不好，大部分的软件都不支持
2. 目前支持的有 nginx-1.11.5、curl-7.50.3
3. 不支持的有 PHP-7.0.12、openssh-7.3p1

所以如果决定使用 openssl1.1.0 需要考虑很多兼容问题，必须保留 1.0.2 或 1.0.1(不推荐，存在一些已知漏洞，最重要的是如果服务器要开 http2，由于新版 chrome 必须使用 ALPN 的限制，只有 1.0.2 版本支持 ALPN，所以必须升级到 1.0.2)版本以便编译其他程序。

either I will find a way, or I will make one.