This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Title: test_ssl (test_algorithms) failures on bolen-ubuntu slaves: unknown host
Type: behavior Stage: resolved
Components: SSL, Tests Versions: Python 3.7, Python 3.6, Python 2.7
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: christian.heimes Nosy List: alex, christian.heimes, db3l, dstufft, giampaolo.rodola, janssen, pitrou, zach.ware
Priority: low Keywords: buildbot

Created on 2015-11-19 21:54 by db3l, last changed 2022-04-11 14:58 by admin. This issue is now closed.

Pull Requests
URL Status Linked Edit
PR 3297 merged christian.heimes, 2017-09-04 20:06
PR 3300 merged christian.heimes, 2017-09-04 20:27
PR 3301 merged christian.heimes, 2017-09-04 20:31
Messages (8)
msg254938 - (view) Author: David Bolen (db3l) * Date: 2015-11-19 21:54
It appears that the test host ( used by test_algorithms in no longer exists.

It was showing up as a certificate failure in the test because it ended up falling back to a resolv.conf search path which yielded a host that did do SSL but obviously with the wrong certificate.

db3l@buildbot-ubuntu:~$ host
Host not found: 3(NXDOMAIN)

db3l@buildbot-ubuntu:~/tmp/python3.x/Lib/test$ dig +short ns
db3l@buildbot-ubuntu:~/tmp/python3.x/Lib/test$ dig

; <<>> DiG 9.9.5-3ubuntu0.5-Ubuntu <<>>
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 25154
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available

; EDNS: version: 0, flags:; udp: 4096
;	IN	A

;; AUTHORITY SECTION:	3600	IN	SOA 2015110705 21600 3600 2419200 3600

;; Query time: 93 msec
;; SERVER: 2001:41d0:8:380d::1#53(2001:41d0:8:380d::1)
;; WHEN: Thu Nov 19 16:51:58 EST 2015
;; MSG SIZE  rcvd: 105

What I can't yet understand is why this is not causing issues on other slaves.  I suppose some might be skipping the test if SNI was not supported, but surely not all of them?
msg254941 - (view) Author: David Bolen (db3l) * Date: 2015-11-19 22:43
Ah, it appears that the transient_internet context manager in the test causes it to be skipped if the host is unknown.  So mine was just "lucky" in that it fell back to connecting somewhere else.

I've removed my resolver search path on bolen-ubuntu which will resolve the test failures on that slave, but I presume test_algorithms is never being run by anyone at this point.
msg254942 - (view) Author: Zachary Ware (zach.ware) * (Python committer) Date: 2015-11-19 22:47
So the mystery of that buildbot is solved, but I think that test needs some work.
msg301250 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2017-09-04 19:59
The has been down for a while and the DNS record is no longer available. Alex and I agreed that the test no longer makes sense, too. RSA certs with SHA-256 signatures are de-facto standard and supported by OpenSSL for a long time. We test SHA-256 certs with several other tests that talk to remote servers.

I'm going to remove the test and sha256 cert.
msg301254 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2017-09-04 20:26
New changeset 002d64039b60c1a9289f981fe73a5cf91d082136 by Christian Heimes in branch 'master':
bpo-25674: remove ssl test (#3297)
msg301258 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2017-09-04 20:54
New changeset 4bc8ef0eeed191f9398a90e748f732cfba67546d by Christian Heimes in branch '3.6':
[3.6] bpo-25674: remove ssl test (GH-3297) (#3300)
msg301261 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2017-09-04 21:08
New changeset 57d963b0b559078ca419811d0d25fea27d42f30c by Christian Heimes in branch '2.7':
[2.7] bpo-25674: remove ssl test (GH-3297) (#3301)
msg301262 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2017-09-04 21:10
I've removed the from 2.7, 3.6, and master. 3.5 and previous versions are in security fix-only mode.
Date User Action Args
2022-04-11 14:58:24adminsetgithub: 69860
2017-09-04 21:11:01christian.heimessetstatus: open -> closed
resolution: fixed
stage: needs patch -> resolved
2017-09-04 21:10:34christian.heimessetmessages: + msg301262
2017-09-04 21:08:38christian.heimessetmessages: + msg301261
2017-09-04 20:54:49christian.heimessetmessages: + msg301258
2017-09-04 20:31:48christian.heimessetpull_requests: + pull_request3333
2017-09-04 20:27:09christian.heimessetpull_requests: + pull_request3332
2017-09-04 20:26:02christian.heimessetmessages: + msg301254
2017-09-04 20:06:30christian.heimessetpull_requests: + pull_request3331
2017-09-04 19:59:04christian.heimessetmessages: + msg301250
versions: - Python 3.5
2016-09-15 07:53:36christian.heimessetassignee: christian.heimes
components: + SSL
2016-09-08 15:33:53christian.heimessetpriority: normal -> low
versions: + Python 3.7, - Python 3.4
2015-11-19 22:47:36zach.waresetnosy: + janssen, pitrou, giampaolo.rodola, christian.heimes, alex, dstufft
messages: + msg254942

keywords: + buildbot
stage: needs patch
2015-11-19 22:43:00db3lsetmessages: + msg254941
2015-11-19 21:54:38db3lcreate