Issue using decentriq_platform in docker image due to openssl version mismatch

[vemonet]

Hi, I am facing an issue when trying to import decentriq_platform in a python:3.10 debian-based docker image, where openssl version is 3.0.11 by default

I have no issue importing and using decentriq_platform outside of docker on my local Ubuntu 20.04 where openssl version is 3.0.2

I am using decentriq_platform >=0.24.2

I am getting this error:

root@6ef1192cf91d:/app# pip list | grep crypto
asn1crypto              1.5.1
cryptography            41.0.7
oscrypto                1.3.0
root@6ef1192cf91d:/app# python
Python 3.10.13 (main, Feb 13 2024, 10:33:32) [GCC 12.2.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import decentriq_platform as dq
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/lib/python3.10/site-packages/decentriq_platform/__init__.py", line 40, in <module>
    from .client import Client, create_client, Session
  File "/usr/local/lib/python3.10/site-packages/decentriq_platform/client.py", line 9, in <module>
    from .endorsement import Endorser
  File "/usr/local/lib/python3.10/site-packages/decentriq_platform/endorsement.py", line 9, in <module>
    from .session import Session
  File "/usr/local/lib/python3.10/site-packages/decentriq_platform/session.py", line 87, in <module>
    from .verification import QuoteBody, Verification
  File "/usr/local/lib/python3.10/site-packages/decentriq_platform/verification.py", line 7, in <module>
    from oscrypto import asymmetric
  File "/usr/local/lib/python3.10/site-packages/oscrypto/asymmetric.py", line 19, in <module>
    from ._asymmetric import _unwrap_private_key_info
  File "/usr/local/lib/python3.10/site-packages/oscrypto/_asymmetric.py", line 27, in <module>
    from .kdf import pbkdf1, pbkdf2, pkcs12_kdf
  File "/usr/local/lib/python3.10/site-packages/oscrypto/kdf.py", line 9, in <module>
    from .util import rand_bytes
  File "/usr/local/lib/python3.10/site-packages/oscrypto/util.py", line 14, in <module>
    from ._openssl.util import rand_bytes
  File "/usr/local/lib/python3.10/site-packages/oscrypto/_openssl/util.py", line 6, in <module>
    from ._libcrypto import libcrypto, libcrypto_version_info, handle_openssl_error
  File "/usr/local/lib/python3.10/site-packages/oscrypto/_openssl/_libcrypto.py", line 9, in <module>
    from ._libcrypto_cffi import (
  File "/usr/local/lib/python3.10/site-packages/oscrypto/_openssl/_libcrypto_cffi.py", line 44, in <module>
    raise LibraryNotFoundError('Error detecting the version of libcrypto')
oscrypto.errors.LibraryNotFoundError: Error detecting the version of libcrypto

I fixed it by compiling openssl 3.0.2 from source in the Dockerfile, cf. https://github.com/MaastrichtU-IDS/cohort-explorer/blob/main/backend/Dockerfile but ideally we should not have to do this (it multiply the build time wait)

It is really common for people to use containers to run code. And decentriq_platform is a python SDK, so as a developer I expect I should be able to use easily with the official python docker image.

From a dev user point of view, ideally there should be basic testing in place to check if decentriq_platform compiles properly in the latest python docker image (1 dockerfile + 1 github action yaml file, that also helps users to find guaranteed working example when they setup decentriq in their stack). And if decentriq_platform requires additional setup in the Dockerfile to work, it should be documented in the SDK docs

[choco]

Hello @vemonet, thanks for using the SDK! I think you're running into this issue wbond/oscrypto#78 .
We just migrated away from that crypto library to solve the issue and released a new version 0.24.4. Can you check if that solves the issue for you?

Thanks for the suggestion, we'll definitely try to integrate more testing in common environments where the SDK is probably gonna be used!

[vemonet]

Thanks @choco that was fast! 0.24.4 solves the issue for us, no need for any tweak in the docker container