Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to fix OpenSSL error with AWS CLI IoT API?

I am trying to run the AWS CLI on a Mac. I am trying to read/write shadow state using the iot-data API. The command is actually working correctly, but it throws an OpenSSL/TLS error every time.

$ aws iot-data get-thing-shadow --thing-name "my-thing-20160209" my-thing-20160209.json

/usr/local/Cellar/awscli/1.10.1/libexec/vendor/lib/python2.7/site-packages/botocore/handlers.py:574: UnsupportedTLSVersionWarning: Currently installed openssl version: OpenSSL 0.9.8zg 14 July 2015 does not support TLS 1.2, which is required for use of iot-data. Please use python installed with openssl version 1.0.1 or higher.
  UnsupportedTLSVersionWarning

Here is the AWS version.

aws-cli/1.10.1 Python/2.7.10 Darwin/14.5.0 botocore/1.3.23

As you can see, I used Homebrew to install all. OpenSSL and Python are linked correctly. I can find nothing on my system referencing OpenSSL 0.9.8zg, and Python loads the correct OpenSSL version.

$ python -c 'import ssl; print ssl.OPENSSL_VERSION'
OpenSSL 1.0.2f  28 Jan 2016

There is some indication that other factors may be triggering the error: https://forums.aws.amazon.com/thread.jspa?messageID=690051#690051

However, since I can actually retrieve shadow state the error must be due to something else.

Any ideas what could be causing this error?

UPDATED: 2016-09-15 Including Python info

$ head $(which aws)
#!/bin/bash
PYTHONPATH="/usr/local/Cellar/awscli/1.10.51/libexec/lib/python2.7/site-packages:/usr/local/Cellar/awscli/1.10.51/libexec/vendor/lib/python2.7/site-packages" exec "/usr/local/Cellar/awscli/1.10.51/libexec/bin/aws" "$@"
like image 838
jedatu Avatar asked Feb 18 '16 04:02

jedatu


1 Answers

Since OS X has its own python and openssl lib, it appears that awscli is referencing them instead of your brewed versions. I'd guess that (a) home-brew's sym links really aren't correct or (b) the home-brew python is not tied to the brewed openssl version (so the awscli picks up the system openssl lib, but when you manually import the lib, you get the more up to date version).

I'd update OpenSSL, force its links and re-install python like so:

brew update
brew install openssl
brew link openssl --force 

brew install python --with-brewed-openssl
like image 144
gregory Avatar answered Oct 06 '22 01:10

gregory