classification
Title: test_ssl fails on OS X 10.10.2 with latest patch level of OpenSSL libs
Type: Stage: resolved
Components: Versions: Python 3.5, Python 3.4, Python 2.7
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: ned.deily, pitrou, python-dev
Priority: critical Keywords:

Created on 2015-01-29 02:04 by ned.deily, last changed 2015-02-05 06:28 by ned.deily. This issue is now closed.

Messages (6)
msg234935 - (view) Author: Ned Deily (ned.deily) * (Python committer) Date: 2015-01-29 02:04
With the latest maintenance release of OS X 10.10 (10.10.2), the OpenSSL libs have reached a patch level that fails the sanity test in test_ssl:

test_ssl: testing with 'OpenSSL 0.9.8zc 15 Oct 2014' (0, 9, 8, 28, 15)
          under Mac ('10.10.2', ('', '', ''), 'x86_64')
          HAS_SNI = True
          OP_ALL = 0x     7ff
[...]
======================================================================
FAIL: test_openssl_version (test.test_ssl.BasicSocketTests)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/py/dev/3x/source/Lib/test/test_ssl.py", line 309, in test_openssl_version
    self.assertLessEqual(patch, 26)
AssertionError: 28 not less than or equal to 26

Is there anything special about 26 or can the value just be bumped?
msg234956 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2015-01-29 09:21
The assumption was that the patch level represented a letter (from 'a' to 'z'), but we can certainly relax that.
msg234957 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2015-01-29 09:22
Er... OS X 10.10 ships OpenSSL 0.9.8??
msg234961 - (view) Author: Ned Deily (ned.deily) * (Python committer) Date: 2015-01-29 11:10
Yep, 0.9.8 is the newest and presumably last major of version of OpenSSL in OS X. OpenSSL has been officially deprecated by Apple in OS X since OS X 10.7; it's only there for third-party products shipped by Apple in OS X, like Python.  Their own apps use Apple's own frameworks like SecTransform and CommonCrypto.  (See, for example, http://rentzsch.tumblr.com/post/33696323211/wherein-i-write-apples-technote-about-openssl-on) Apple also ships 0.9.7 shared libs in 10.10 for really old applications.
msg235419 - (view) Author: Roundup Robot (python-dev) Date: 2015-02-05 06:25
New changeset 49f07942fbd7 by Ned Deily in branch '2.7':
Issue #23345: Prevent test_ssl failures with large OpenSSL patch level
https://hg.python.org/cpython/rev/49f07942fbd7

New changeset 52932cd7f003 by Ned Deily in branch '3.4':
Issue #23345: Prevent test_ssl failures with large OpenSSL patch level
https://hg.python.org/cpython/rev/52932cd7f003

New changeset 62b322b82f00 by Ned Deily in branch 'default':
Issue #23345: merge from 3.4
https://hg.python.org/cpython/rev/62b322b82f00
msg235420 - (view) Author: Ned Deily (ned.deily) * (Python committer) Date: 2015-02-05 06:28
Fixed for 2.7.10, 3.4.3, and 3.5.0.
History
Date User Action Args
2015-02-05 06:28:13ned.deilysetstatus: open -> closed
resolution: fixed
messages: + msg235420

stage: needs patch -> resolved
2015-02-05 06:25:45python-devsetnosy: + python-dev
messages: + msg235419
2015-01-29 11:10:55ned.deilysetmessages: + msg234961
2015-01-29 09:22:33pitrousetmessages: + msg234957
2015-01-29 09:21:45pitrousetmessages: + msg234956
2015-01-29 02:04:12ned.deilycreate