| Alex Stapleton | c5fffd3 | 2014-03-18 15:29:00 +0000 | [diff] [blame] | 1 | Frequently asked questions |
| Alex Gaynor | de06b29 | 2014-02-18 16:40:09 -0800 | [diff] [blame] | 2 | ========================== |
| 3 | |
| Alex Gaynor | 59a6bc6 | 2014-02-18 18:13:48 -0800 | [diff] [blame] | 4 | How does ``cryptography`` compare to NaCl (Networking and Cryptography Library)? |
| Alex Gaynor | de06b29 | 2014-02-18 16:40:09 -0800 | [diff] [blame] | 5 | -------------------------------------------------------------------------------- |
| 6 | |
| 7 | While ``cryptography`` and `NaCl`_ both share the goal of making cryptography |
| 8 | easier, and safer, to use for developers, ``cryptography`` is designed to be a |
| Alex Gaynor | c37adab | 2014-02-18 16:46:58 -0800 | [diff] [blame] | 9 | general purpose library, interoperable with existing systems, while NaCl |
| 10 | features a collection of hand selected algorithms. |
| Alex Gaynor | de06b29 | 2014-02-18 16:40:09 -0800 | [diff] [blame] | 11 | |
| Alex Gaynor | 5809d48 | 2014-02-19 13:33:18 -0800 | [diff] [blame] | 12 | ``cryptography``'s :ref:`recipes <cryptography-layout>` layer has similar goals |
| 13 | to NaCl. |
| Alex Gaynor | de06b29 | 2014-02-18 16:40:09 -0800 | [diff] [blame] | 14 | |
| 15 | If you prefer NaCl's design, we highly recommend `PyNaCl`_. |
| 16 | |
| Alex Gaynor | c77db59 | 2016-03-09 07:12:06 -0500 | [diff] [blame] | 17 | Compiling ``cryptography`` on OS X produces a ``fatal error: 'openssl/aes.h' file not found`` error |
| Alex Gaynor | 6a070e2 | 2016-03-09 09:07:14 -0500 | [diff] [blame] | 18 | --------------------------------------------------------------------------------------------------- |
| Alex Gaynor | c77db59 | 2016-03-09 07:12:06 -0500 | [diff] [blame] | 19 | |
| 20 | This happens because OS X 10.11 no longer includes a copy of OpenSSL. |
| 21 | ``cryptography`` now provides wheels which include a statically linked copy of |
| 22 | OpenSSL. You're seeing this error because your copy of pip is too old to find |
| 23 | our wheel files. Upgrade your copy of pip with ``pip install -U pip`` and then |
| 24 | try install ``cryptography`` again. |
| Alex Gaynor | 0fa997b | 2016-03-09 07:13:04 -0500 | [diff] [blame] | 25 | |
| Paul Kehrer | fcf6fca | 2016-03-12 16:21:24 -0400 | [diff] [blame] | 26 | Starting ``cryptography`` using ``mod_wsgi`` produces an ``InternalError`` during a call in ``_register_osrandom_engine`` |
| 27 | ------------------------------------------------------------------------------------------------------------------------- |
| 28 | |
| 29 | This happens because ``mod_wsgi`` uses sub-interpreters, which can cause a |
| 30 | problem during initialization of the OpenSSL backend. To resolve this set the |
| 31 | `WSGIApplicationGroup`_ to ``%{GLOBAL}`` in the ``mod_wsgi`` configuration. |
| 32 | |
| 33 | ``cryptography`` raised an ``InternalError`` and I'm not sure what to do? |
| 34 | ------------------------------------------------------------------------- |
| 35 | |
| 36 | Frequently ``InternalError`` is raised when there are errors on the OpenSSL |
| 37 | error stack that were placed there by other libraries that are also using |
| 38 | OpenSSL. Try removing the other libraries and see if the problem persists. |
| Paul Kehrer | 4e9bd8c | 2016-03-12 16:33:39 -0400 | [diff] [blame] | 39 | If you have no other libraries using OpenSSL in your process, or they do not |
| 40 | appear to be at fault, it's possible that this is a bug in ``cryptography``. |
| 41 | Please file an `issue`_ with instructions on how to reproduce it. |
| Paul Kehrer | fcf6fca | 2016-03-12 16:21:24 -0400 | [diff] [blame] | 42 | |
| Alex Gaynor | 5d38206 | 2016-03-19 12:02:14 -0400 | [diff] [blame^] | 43 | Importing cryptography causes a ``RuntimeError`` about OpenSSL 0.9.8 |
| 44 | -------------------------------------------------------------------- |
| 45 | |
| 46 | The OpenSSL project has dropped support for the 0.9.8 release series. Since it |
| 47 | is no longer receiving security patches from upstream, ``cryptography`` is also |
| 48 | dropping support for it. To fix this issue you should upgrade to a newer |
| 49 | version of OpenSSL (1.0.1 or later), this may require you to upgrade to a newer |
| 50 | operating system. |
| 51 | |
| 52 | For the 1.4 release, you can set the ``CRYPTOGRAPHY_ALLOW_OPENSSL_098`` |
| 53 | environment variable. Please note that this is *temporary* and will be removed |
| 54 | in ``cryptography`` 1.5. |
| 55 | |
| Alex Gaynor | 0fa997b | 2016-03-09 07:13:04 -0500 | [diff] [blame] | 56 | .. _`NaCl`: https://nacl.cr.yp.to/ |
| 57 | .. _`PyNaCl`: https://pynacl.readthedocs.org |
| Paul Kehrer | fcf6fca | 2016-03-12 16:21:24 -0400 | [diff] [blame] | 58 | .. _`WSGIApplicationGroup`: https://modwsgi.readthedocs.org/en/develop/configuration-directives/WSGIApplicationGroup.html |
| Paul Kehrer | 4e9bd8c | 2016-03-12 16:33:39 -0400 | [diff] [blame] | 59 | .. _`issue`: https://github.com/pyca/cryptography/issues |