classification
Title: _ssl module doesn't compile with OpenSSL 1.0.0d: SSLv2_method is missing
Type: Stage: resolved
Components: Extension Modules Versions: Python 3.3, Python 3.2, Python 3.1, Python 2.7
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: haypo Nosy List: eric.araujo, haypo, petere, pitrou, python-dev
Priority: normal Keywords: patch

Created on 2011-05-05 23:35 by haypo, last changed 2011-05-22 11:23 by haypo. This issue is now closed.

Files
File name Uploaded Description Edit
nosslv2-2.patch haypo, 2011-05-08 22:09 review
Messages (14)
msg135253 - (view) Author: STINNER Victor (haypo) * (Python committer) Date: 2011-05-05 23:35
It looks like OpenSSL can be compiled without SSLv2 (#ifdef OPENSSL_NO_SSL2). See this bug report:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=612780

When compiling Python, I get the following error:
/home/haypo/prog/HG/cpython/Modules/_ssl.c: In function 'context_new':
/home/haypo/prog/HG/cpython/Modules/_ssl.c:1451:9: warning: implicit declaration of function 'SSLv2_method'
/home/haypo/prog/HG/cpython/Modules/_ssl.c:1451:9: warning: passing argument 1 of 'SSL_CTX_new' makes pointer from integer without a cast
/usr/include/openssl/ssl.h:1469:10: note: expected 'const struct SSL_METHOD *' but argument is of type 'int'
*** WARNING: renaming "_ssl" since importing it failed: build/lib.linux-x86_64-3.3-pydebug/_ssl.cpython-33dm.so: undefined symbol: SSLv2_method

See also issue #9415.

---

Attached patch makes ssl.PROTOCOL_SSLv2 optional.

I don't know what to do with @skip_if_broken_ubuntu_ssl in test_ssl.py.
msg135273 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2011-05-06 10:10
Does this happen with a released build of OpenSSL? The Debian bug talks about experimental.

+try:
+    from _ssl import PROTOCOL_SSLv2
+    OPENSSL_NO_SSL2 = False
+except ImportError:
+    OPENSSL_NO_SSL2 = True

Please avoid "negative" constants. Calling it HAS_SSLv2 would be fine.

Also, there should be some doc update mentioning that PROTOCOL_SSLv2 is not always present.
msg135333 - (view) Author: √Čric Araujo (eric.araujo) * (Python committer) Date: 2011-05-06 17:10
The original bug requesting that SSLv2 be disabled is #589706; the updated openssl package with this change is in Debian unstable and testing now.
msg135424 - (view) Author: STINNER Victor (haypo) * (Python committer) Date: 2011-05-07 09:23
> Please avoid "negative" constants. Calling it HAS_SSLv2 would be fine.

I reused the term from ssl.h (#ifdef OPENSSL_NO_SSL2), but yes we can use a different name.

> Also, there should be some doc update mentioning that PROTOCOL_SSLv2
> is not always present.

Ok, I will do that.
msg135545 - (view) Author: STINNER Victor (haypo) * (Python committer) Date: 2011-05-08 22:09
Updated patch.

Note: I tried to keep the same enum values for py_ssl_version, it's maybe useless and so "=1" can be removed.
msg135546 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2011-05-08 22:13
> Updated patch.
> 
> Note: I tried to keep the same enum values for py_ssl_version, it's
> maybe useless and so "=1" can be removed.

Thank you! PROTOCOL_NAMES should stay private and therefore be named
_PROTOCOL_NAMES, IMHO.
Keeping the same enum values is worthwhile, I think.
msg135547 - (view) Author: Roundup Robot (python-dev) Date: 2011-05-08 22:43
New changeset 5296c3e2f166 by Victor Stinner in branch 'default':
Issue #12012: ssl.PROTOCOL_SSLv2 becomes optional
http://hg.python.org/cpython/rev/5296c3e2f166
msg135548 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2011-05-08 22:46
> New changeset 5296c3e2f166 by Victor Stinner in branch 'default':
> Issue #12012: ssl.PROTOCOL_SSLv2 becomes optional
> http://hg.python.org/cpython/rev/5296c3e2f166

Since it's a bugfix, it should probably go into all branches.
msg135663 - (view) Author: Roundup Robot (python-dev) Date: 2011-05-09 22:50
New changeset b7abf0590e1c by Victor Stinner in branch '3.1':
Issue #12012: ssl.PROTOCOL_SSLv2 becomes optional
http://hg.python.org/cpython/rev/b7abf0590e1c

New changeset 20beec22764f by Victor Stinner in branch '3.2':
(Merge 3.1) Issue #12012: ssl.PROTOCOL_SSLv2 becomes optional
http://hg.python.org/cpython/rev/20beec22764f
msg135666 - (view) Author: Roundup Robot (python-dev) Date: 2011-05-09 23:52
New changeset 3c87a13980be by Victor Stinner in branch '2.7':
(Merge 3.1) Issue #12012: ssl.PROTOCOL_SSLv2 becomes optional
http://hg.python.org/cpython/rev/3c87a13980be
msg135668 - (view) Author: STINNER Victor (haypo) * (Python committer) Date: 2011-05-09 23:53
> Since it's a bugfix, it should probably go into all branches.

Fixed in 2.7, 3.1, 3.2, 3.3.
msg136444 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2011-05-21 14:34
Victor, you broke the Solaris gcc buildbot on 2.7.
http://www.python.org/dev/buildbot/all/builders/sparc%20solaris10%20gcc%202.7/builds/837
msg136512 - (view) Author: Roundup Robot (python-dev) Date: 2011-05-22 11:23
New changeset d5771ed4ec4e by Victor Stinner in branch '2.7':
Issue #12012: test_ssl uses test_support.import_module()
http://hg.python.org/cpython/rev/d5771ed4ec4e
msg136513 - (view) Author: STINNER Victor (haypo) * (Python committer) Date: 2011-05-22 11:23
> Victor, you broke the Solaris gcc buildbot on 2.7.

It should be fixed by d5771ed4ec4e.
History
Date User Action Args
2011-05-22 11:23:52hayposetstatus: open -> closed

messages: + msg136513
2011-05-22 11:23:13python-devsetmessages: + msg136512
2011-05-21 14:34:28pitrousetstatus: closed -> open
assignee: haypo
messages: + msg136444

stage: patch review -> resolved
2011-05-09 23:53:28hayposetstatus: closed
resolution: fixed
messages: + msg135668
2011-05-09 23:52:29python-devsetmessages: + msg135666
2011-05-09 22:50:06python-devsetmessages: + msg135663
2011-05-08 22:54:24hayposetstatus: closed -> (no value)
resolution: fixed -> (no value)
2011-05-08 22:46:37pitrousetmessages: + msg135548
2011-05-08 22:44:51hayposetstatus: open -> closed
resolution: fixed
2011-05-08 22:43:45python-devsetnosy: + python-dev
messages: + msg135547
2011-05-08 22:13:43pitrousetmessages: + msg135546
2011-05-08 22:09:16hayposetfiles: - nosslv2.patch
2011-05-08 22:09:10hayposetfiles: + nosslv2-2.patch

messages: + msg135545
2011-05-07 19:56:39peteresetnosy: + petere
2011-05-07 09:23:07hayposetmessages: + msg135424
2011-05-06 17:10:10eric.araujosetmessages: + msg135333
2011-05-06 17:07:12eric.araujosetnosy: + eric.araujo
2011-05-06 10:11:48pitrousetstage: patch review
versions: + Python 3.1, Python 2.7, Python 3.2
2011-05-06 10:10:29pitrousetmessages: + msg135273
2011-05-05 23:35:39haypocreate