Aws-cli: Executing a script that is loading libcrypto in an unsafe way when running aws cli on macOS 10.15.1

You can fix this by upgrading to the latest awscli version.

I was running 1.16.31, which is over a year old. Upgrading to 1.16.290 made the warning disappear.

Let me know if you're still seeing this issue on the latest versions of the CLI.

You can fix this by upgrading to the latest awscli version.

I was running 1.16.31, which is over a year old. Upgrading to 1.16.290 made the warning disappear.

What version of Python are you running @szollo ?

Sadly upgrading awscli has had no effect on this error. I am now on 1.16.302 and the error remains:

aws --version
WARNING: Executing a script that is loading libcrypto in an unsafe way. This will fail in a future version of macOS. Set the LIBRESSL_REDIRECT_STUB_ABORT=1 in the environment to force this into an error.
aws-cli/1.16.302 Python/2.7.16 Darwin/19.0.0 botocore/1.13.38

My only hunch right now is that perhaps PyOpenSSL is getting loaded somehow which inturn loads from libcrypto. I can't think of anything off the top of my head that we depend on that would need libcrypto.

Could you set that LIBRESSL_REDIRECT_STUB_ABORT=1 and rerun the command with --debug? Perhaps that will give more information.

My only hunch right now is that perhaps PyOpenSSL is getting loaded somehow which inturn loads from libcrypto. I can't think of anything off the top of my head that we depend on that would need libcrypto.

Could you set that LIBRESSL_REDIRECT_STUB_ABORT=1 and rerun the command with --debug? Perhaps that will give more information.

Thanks for the suggestion. I added the env variable to my .zshenv:

echo 'export LIBRESSL_REDIRECT_STUB_ABORT=1' >> ~/.zshenv

and then ran it again with the debug flag, but it just aborts with no debug output.

aws --version --debug             
zsh: abort      aws --version --debug

aws --debug s3 ls s3://assets.crmpicco.co.uk/football/
zsh: abort      aws --debug s3 ls s3://assets.crmpicco.co.uk/football/

So no luck with that.

Ah, I was hoping that would give a stack trace and lead to where this is getting pulled in. Do you have pyOpenSSL installed in the same environment as your CLI install? Would it be possible to try installing the CLI in a fresh virtualenv and see if the problem still persists?

I had the same issue and tried upgrading awscli to 1.16.306 from 1.16.151, but still saw the following:

aws --version
WARNING: Executing a script that is loading libcrypto in an unsafe way. This will fail in a future version of macOS. Set the LIBRESSL_REDIRECT_STUB_ABORT=1 in the environment to force this into an error.
aws-cli/1.16.306 Python/2.7.16 Darwin/19.2.0 botocore/1.13.42

Based on the previous comments, I tried upgrading pyOpenSSL and that worked

sudo pip install --upgrade pyOpenSSL
Password:
WARNING: Executing a script that is loading libcrypto in an unsafe way. This will fail in a future version of macOS. Set the LIBRESSL_REDIRECT_STUB_ABORT=1 in the environment to force this into an error.
.
.
.
Collecting pyOpenSSL
  Downloading https://files.pythonhosted.org/packages/9e/de/f8342b68fa9e981d348039954657bdf681b2ab93de27443be51865ffa310/pyOpenSSL-19.1.0-py2.py3-none-any.whl (53kB)
    100% |████████████████████████████████| 61kB 4.5MB/s
Collecting cryptography>=2.8 (from pyOpenSSL)
  Downloading https://files.pythonhosted.org/packages/4d/0c/b630ae1d7bf5cb116a1c93d14017abece813eeb35b81f5baa4faad18fd1f/cryptography-2.8-cp27-cp27m-macosx_10_6_intel.whl (1.6MB)
    100% |████████████████████████████████| 1.6MB 6.7MB/s
Requirement already satisfied, skipping upgrade: six>=1.5.2 in /Library/Python/2.7/site-packages (from pyOpenSSL) (1.11.0)
Requirement already satisfied, skipping upgrade: enum34; python_version < "3" in /Library/Python/2.7/site-packages (from cryptography>=2.8->pyOpenSSL) (1.1.6)
Requirement already satisfied, skipping upgrade: cffi!=1.11.3,>=1.8 in /Library/Python/2.7/site-packages (from cryptography>=2.8->pyOpenSSL) (1.11.5)
Requirement already satisfied, skipping upgrade: ipaddress; python_version < "3" in /Library/Python/2.7/site-packages (from cryptography>=2.8->pyOpenSSL) (1.0.22)
Requirement already satisfied, skipping upgrade: pycparser in /Library/Python/2.7/site-packages (from cffi!=1.11.3,>=1.8->cryptography>=2.8->pyOpenSSL) (2.19)
Installing collected packages: cryptography, pyOpenSSL
  Found existing installation: cryptography 2.4.2
    Uninstalling cryptography-2.4.2:
      Successfully uninstalled cryptography-2.4.2
  Found existing installation: pyOpenSSL 18.0.0
    Uninstalling pyOpenSSL-18.0.0:
      Successfully uninstalled pyOpenSSL-18.0.0
Successfully installed cryptography-2.8 pyOpenSSL-19.1.0

Now I get

aws --version
aws-cli/1.16.306 Python/2.7.16 Darwin/19.2.0 botocore/1.13.42

I had the same issue and tried upgrading awscli to 1.16.306 from 1.16.151, but still saw the following:

aws --version
WARNING: Executing a script that is loading libcrypto in an unsafe way. This will fail in a future version of macOS. Set the LIBRESSL_REDIRECT_STUB_ABORT=1 in the environment to force this into an error.
aws-cli/1.16.306 Python/2.7.16 Darwin/19.2.0 botocore/1.13.42

Based on the previous comments, I tried upgrading pyOpenSSL and that worked

sudo pip install --upgrade pyOpenSSL
Password:
WARNING: Executing a script that is loading libcrypto in an unsafe way. This will fail in a future version of macOS. Set the LIBRESSL_REDIRECT_STUB_ABORT=1 in the environment to force this into an error.
.
.
.
Collecting pyOpenSSL
  Downloading https://files.pythonhosted.org/packages/9e/de/f8342b68fa9e981d348039954657bdf681b2ab93de27443be51865ffa310/pyOpenSSL-19.1.0-py2.py3-none-any.whl (53kB)
    100% |████████████████████████████████| 61kB 4.5MB/s
Collecting cryptography>=2.8 (from pyOpenSSL)
  Downloading https://files.pythonhosted.org/packages/4d/0c/b630ae1d7bf5cb116a1c93d14017abece813eeb35b81f5baa4faad18fd1f/cryptography-2.8-cp27-cp27m-macosx_10_6_intel.whl (1.6MB)
    100% |████████████████████████████████| 1.6MB 6.7MB/s
Requirement already satisfied, skipping upgrade: six>=1.5.2 in /Library/Python/2.7/site-packages (from pyOpenSSL) (1.11.0)
Requirement already satisfied, skipping upgrade: enum34; python_version < "3" in /Library/Python/2.7/site-packages (from cryptography>=2.8->pyOpenSSL) (1.1.6)
Requirement already satisfied, skipping upgrade: cffi!=1.11.3,>=1.8 in /Library/Python/2.7/site-packages (from cryptography>=2.8->pyOpenSSL) (1.11.5)
Requirement already satisfied, skipping upgrade: ipaddress; python_version < "3" in /Library/Python/2.7/site-packages (from cryptography>=2.8->pyOpenSSL) (1.0.22)
Requirement already satisfied, skipping upgrade: pycparser in /Library/Python/2.7/site-packages (from cffi!=1.11.3,>=1.8->cryptography>=2.8->pyOpenSSL) (2.19)
Installing collected packages: cryptography, pyOpenSSL
  Found existing installation: cryptography 2.4.2
    Uninstalling cryptography-2.4.2:
      Successfully uninstalled cryptography-2.4.2
  Found existing installation: pyOpenSSL 18.0.0
    Uninstalling pyOpenSSL-18.0.0:
      Successfully uninstalled pyOpenSSL-18.0.0
Successfully installed cryptography-2.8 pyOpenSSL-19.1.0

Now I get

aws --version
aws-cli/1.16.306 Python/2.7.16 Darwin/19.2.0 botocore/1.13.42

Thanks for this information. It looks like that is my issue. I have tried to upgrade it, but get this error - https://github.com/pyca/pyopenssl/issues/886

I had the same issue and tried upgrading awscli to 1.16.306 from 1.16.151, but still saw the following:

aws --version
WARNING: Executing a script that is loading libcrypto in an unsafe way. This will fail in a future version of macOS. Set the LIBRESSL_REDIRECT_STUB_ABORT=1 in the environment to force this into an error.
aws-cli/1.16.306 Python/2.7.16 Darwin/19.2.0 botocore/1.13.42

Based on the previous comments, I tried upgrading pyOpenSSL and that worked

sudo pip install --upgrade pyOpenSSL
Password:
WARNING: Executing a script that is loading libcrypto in an unsafe way. This will fail in a future version of macOS. Set the LIBRESSL_REDIRECT_STUB_ABORT=1 in the environment to force this into an error.
.
.
.
Collecting pyOpenSSL
  Downloading https://files.pythonhosted.org/packages/9e/de/f8342b68fa9e981d348039954657bdf681b2ab93de27443be51865ffa310/pyOpenSSL-19.1.0-py2.py3-none-any.whl (53kB)
    100% |████████████████████████████████| 61kB 4.5MB/s
Collecting cryptography>=2.8 (from pyOpenSSL)
  Downloading https://files.pythonhosted.org/packages/4d/0c/b630ae1d7bf5cb116a1c93d14017abece813eeb35b81f5baa4faad18fd1f/cryptography-2.8-cp27-cp27m-macosx_10_6_intel.whl (1.6MB)
    100% |████████████████████████████████| 1.6MB 6.7MB/s
Requirement already satisfied, skipping upgrade: six>=1.5.2 in /Library/Python/2.7/site-packages (from pyOpenSSL) (1.11.0)
Requirement already satisfied, skipping upgrade: enum34; python_version < "3" in /Library/Python/2.7/site-packages (from cryptography>=2.8->pyOpenSSL) (1.1.6)
Requirement already satisfied, skipping upgrade: cffi!=1.11.3,>=1.8 in /Library/Python/2.7/site-packages (from cryptography>=2.8->pyOpenSSL) (1.11.5)
Requirement already satisfied, skipping upgrade: ipaddress; python_version < "3" in /Library/Python/2.7/site-packages (from cryptography>=2.8->pyOpenSSL) (1.0.22)
Requirement already satisfied, skipping upgrade: pycparser in /Library/Python/2.7/site-packages (from cffi!=1.11.3,>=1.8->cryptography>=2.8->pyOpenSSL) (2.19)
Installing collected packages: cryptography, pyOpenSSL
  Found existing installation: cryptography 2.4.2
    Uninstalling cryptography-2.4.2:
      Successfully uninstalled cryptography-2.4.2
  Found existing installation: pyOpenSSL 18.0.0
    Uninstalling pyOpenSSL-18.0.0:
      Successfully uninstalled pyOpenSSL-18.0.0
Successfully installed cryptography-2.8 pyOpenSSL-19.1.0

Now I get

aws --version
aws-cli/1.16.306 Python/2.7.16 Darwin/19.2.0 botocore/1.13.42

This did not worked for me, was getting following error

[~] 2020-01-03 10:55:24 [42]$  pip install --upgrade pyOpenSSL
DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. A future version of pip will drop support for Python 2.7.
Collecting pyOpenSSL
  Downloading https://files.pythonhosted.org/packages/9e/de/f8342b68fa9e981d348039954657bdf681b2ab93de27443be51865ffa310/pyOpenSSL-19.1.0-py2.py3-none-any.whl (53kB)
     |████████████████████████████████| 61kB 422kB/s
Requirement already satisfied, skipping upgrade: cryptography>=2.8 in /Library/Python/2.7/site-packages (from pyOpenSSL) (2.8)
Requirement already satisfied, skipping upgrade: six>=1.5.2 in ./Library/Python/2.7/lib/python/site-packages (from pyOpenSSL) (1.12.0)
Requirement already satisfied, skipping upgrade: enum34; python_version < "3" in /Library/Python/2.7/site-packages (from cryptography>=2.8->pyOpenSSL) (1.1.6)
Requirement already satisfied, skipping upgrade: cffi!=1.11.3,>=1.8 in /Library/Python/2.7/site-packages (from cryptography>=2.8->pyOpenSSL) (1.11.5)
Requirement already satisfied, skipping upgrade: ipaddress; python_version < "3" in /Library/Python/2.7/site-packages (from cryptography>=2.8->pyOpenSSL) (1.0.22)
Requirement already satisfied, skipping upgrade: pycparser in /Library/Python/2.7/site-packages (from cffi!=1.11.3,>=1.8->cryptography>=2.8->pyOpenSSL) (2.18)
Installing collected packages: pyOpenSSL
  Found existing installation: pyOpenSSL 19.0.0
    Uninstalling pyOpenSSL-19.0.0:
ERROR: Could not install packages due to an EnvironmentError: [('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/OpenSSL/version.py', '/private/var/folders/sb/dctwwlp17290sg7qsb3m2yzw0000gn/T/pip-uninstall-jOSJKh/version.py', "[Errno 1] Operation not permitted: '/private/var/folders/sb/dctwwlp17290sg7qsb3m2yzw0000gn/T/pip-uninstall-jOSJKh/version.py'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/OpenSSL/crypto.pyc', '/private/var/folders/sb/dctwwlp17290sg7qsb3m2yzw0000gn/T/pip-uninstall-jOSJKh/crypto.pyc', "[Errno 1] Operation not permitted: '/private/var/folders/sb/dctwwlp17290sg7qsb3m2yzw0000gn/T/pip-uninstall-jOSJKh/crypto.pyc'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/OpenSSL/debug.pyc', '/private/var/folders/sb/dctwwlp17290sg7qsb3m2yzw0000gn/T/pip-uninstall-jOSJKh/debug.pyc', "[Errno 1] Operation not permitted: '/private/var/folders/sb/dctwwlp17290sg7qsb3m2yzw0000gn/T/pip-uninstall-jOSJKh/debug.pyc'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/OpenSSL/__init__.py', '/private/var/folders/sb/dctwwlp17290sg7qsb3m2yzw0000gn/T/pip-uninstall-jOSJKh/__init__.py', "[Errno 1] Operation not permitted: '/private/var/folders/sb/dctwwlp17290sg7qsb3m2yzw0000gn/T/pip-uninstall-jOSJKh/__init__.py'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/OpenSSL/tsafe.py', '/private/var/folders/sb/dctwwlp17290sg7qsb3m2yzw0000gn/T/pip-uninstall-jOSJKh/tsafe.py', "[Errno 1] Operation not permitted: '/private/var/folders/sb/dctwwlp17290sg7qsb3m2yzw0000gn/T/pip-uninstall-jOSJKh/tsafe.py'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/OpenSSL/rand.pyc', '/private/var/folders/sb/dctwwlp17290sg7qsb3m2yzw0000gn/T/pip-uninstall-jOSJKh/rand.pyc', "[Errno 1] Operation not permitted: '/private/var/folders/sb/dctwwlp17290sg7qsb3m2yzw0000gn/T/pip-uninstall-jOSJKh/rand.pyc'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/OpenSSL/rand.py', '/private/var/folders/sb/dctwwlp17290sg7qsb3m2yzw0000gn/T/pip-uninstall-jOSJKh/rand.py', "[Errno 1] Operation not permitted: '/private/var/folders/sb/dctwwlp17290sg7qsb3m2yzw0000gn/T/pip-uninstall-jOSJKh/rand.py'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/OpenSSL/tsafe.pyc', '/private/var/folders/sb/dctwwlp17290sg7qsb3m2yzw0000gn/T/pip-uninstall-jOSJKh/tsafe.pyc', "[Errno 1] Operation not permitted: '/private/var/folders/sb/dctwwlp17290sg7qsb3m2yzw0000gn/T/pip-uninstall-jOSJKh/tsafe.pyc'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/OpenSSL/crypto.py', '/private/var/folders/sb/dctwwlp17290sg7qsb3m2yzw0000gn/T/pip-uninstall-jOSJKh/crypto.py', "[Errno 1] Operation not permitted: '/private/var/folders/sb/dctwwlp17290sg7qsb3m2yzw0000gn/T/pip-uninstall-jOSJKh/crypto.py'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/OpenSSL/_util.pyc', '/private/var/folders/sb/dctwwlp17290sg7qsb3m2yzw0000gn/T/pip-uninstall-jOSJKh/_util.pyc', "[Errno 1] Operation not permitted: '/private/var/folders/sb/dctwwlp17290sg7qsb3m2yzw0000gn/T/pip-uninstall-jOSJKh/_util.pyc'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/OpenSSL/debug.py', '/private/var/folders/sb/dctwwlp17290sg7qsb3m2yzw0000gn/T/pip-uninstall-jOSJKh/debug.py', "[Errno 1] Operation not permitted: '/private/var/folders/sb/dctwwlp17290sg7qsb3m2yzw0000gn/T/pip-uninstall-jOSJKh/debug.py'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/OpenSSL/_util.py', '/private/var/folders/sb/dctwwlp17290sg7qsb3m2yzw0000gn/T/pip-uninstall-jOSJKh/_util.py', "[Errno 1] Operation not permitted: '/private/var/folders/sb/dctwwlp17290sg7qsb3m2yzw0000gn/T/pip-uninstall-jOSJKh/_util.py'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/OpenSSL/SSL.pyc', '/private/var/folders/sb/dctwwlp17290sg7qsb3m2yzw0000gn/T/pip-uninstall-jOSJKh/SSL.pyc', "[Errno 1] Operation not permitted: '/private/var/folders/sb/dctwwlp17290sg7qsb3m2yzw0000gn/T/pip-uninstall-jOSJKh/SSL.pyc'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/OpenSSL/version.pyc', '/private/var/folders/sb/dctwwlp17290sg7qsb3m2yzw0000gn/T/pip-uninstall-jOSJKh/version.pyc', "[Errno 1] Operation not permitted: '/private/var/folders/sb/dctwwlp17290sg7qsb3m2yzw0000gn/T/pip-uninstall-jOSJKh/version.pyc'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/OpenSSL/__init__.pyc', '/private/var/folders/sb/dctwwlp17290sg7qsb3m2yzw0000gn/T/pip-uninstall-jOSJKh/__init__.pyc', "[Errno 1] Operation not permitted: '/private/var/folders/sb/dctwwlp17290sg7qsb3m2yzw0000gn/T/pip-uninstall-jOSJKh/__init__.pyc'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/OpenSSL/SSL.py', '/private/var/folders/sb/dctwwlp17290sg7qsb3m2yzw0000gn/T/pip-uninstall-jOSJKh/SSL.py', "[Errno 1] Operation not permitted: '/private/var/folders/sb/dctwwlp17290sg7qsb3m2yzw0000gn/T/pip-uninstall-jOSJKh/SSL.py'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/OpenSSL', '/private/var/folders/sb/dctwwlp17290sg7qsb3m2yzw0000gn/T/pip-uninstall-jOSJKh', "[Errno 1] Operation not permitted: '/private/var/folders/sb/dctwwlp17290sg7qsb3m2yzw0000gn/T/pip-uninstall-jOSJKh'")]

WARNING: You are using pip version 19.1.1, however version 19.3.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
[~] 2020-01-03 10:55:33 [43]$

It's got addressed by pip install --user --upgrade pyOpenSSL, Thanks to this answer.

[~]2020-01-03 10:58:54 [46]$ aws --version --debug
aws-cli/1.16.310 Python/2.7.16 Darwin/19.2.0 botocore/1.13.46

[~]

Are you still running into issues with this?

For what it's worth we recently GA'd CLI V2 which has a PKG installer for macOS that includes Python and all dependencies. Perhaps this might work instead of trying to install v1 through pip.
https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html

There's a handful of breaking changes between v1 and v2 but they're relatively minor:
https://docs.aws.amazon.com/cli/latest/userguide/cliv2-migration.html

Not getting as of now.

$ aws --version
aws-cli/1.16.310 Python/2.7.16 Darwin/19.2.0 botocore/1.12.253

This issue has been automatically closed because there has been no response to our request for more information from the original author. With only the information that is currently in the issue, we don't have enough information to take action. Please reach out if you have or find the answers we need so that we can investigate further.

So, in my case:

# aws --version
WARNING: Executing a script that is loading libcrypto in an unsafe way. This will fail in a future version of macOS. Set the LIBRESSL_REDIRECT_STUB_ABORT=1 in the environment to force this into an error.
aws-cli/1.18.132 Python/2.7.16 Darwin/19.6.0 botocore/1.17.55

# sudo pip install --upgrade cryptography==2.8
...
Installing collected packages: cryptography
  Attempting uninstall: cryptography
    Found existing installation: cryptography 2.2.2
    Uninstalling cryptography-2.2.2:
      Successfully uninstalled cryptography-2.2.2
Successfully installed cryptography-2.8

# sudo pip install --upgrade pyOpenSSL==19.1.0
Requirement already up-to-date: pyOpenSSL==19.1.0 in /Users/axel/Library/Python/2.7/lib/python/site-packages (19.1.0)
Requirement already satisfied, skipping upgrade: six>=1.5.2 in /Users/axel/Library/Python/2.7/lib/python/site-packages (from pyOpenSSL==19.1.0) (1.15.0)
Requirement already satisfied, skipping upgrade: cryptography>=2.8 in /Library/Python/2.7/site-packages (from pyOpenSSL==19.1.0) (2.8)
Requirement already satisfied, skipping upgrade: cffi!=1.11.3,>=1.8 in /Users/axel/Library/Python/2.7/lib/python/site-packages (from cryptography>=2.8->pyOpenSSL==19.1.0) (1.12.3)
Requirement already satisfied, skipping upgrade: enum34; python_version < "3" in /Library/Python/2.7/site-packages (from cryptography>=2.8->pyOpenSSL==19.1.0) (1.1.6)
Requirement already satisfied, skipping upgrade: ipaddress; python_version < "3" in /Users/axel/Library/Python/2.7/lib/python/site-packages (from cryptography>=2.8->pyOpenSSL==19.1.0) (1.0.22)
Requirement already satisfied, skipping upgrade: pycparser in /Users/axel/Library/Python/2.7/lib/python/site-packages (from cffi!=1.11.3,>=1.8->cryptography>=2.8->pyOpenSSL==19.1.0) (2.19)

# aws --version
aws-cli/1.18.132 Python/2.7.16 Darwin/19.6.0 botocore/1.17.55

fixed the issue 🎉 😎