classification
Title: test_min_max_version (test.test_ssl.ContextTests) fails on Fedora 29+ and openssl 1.1.1
Type: Stage: resolved
Components: SSL Versions: Python 3.8, Python 3.7
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: christian.heimes Nosy List: christian.heimes, cstratak, jean-michel, miss-islington, terry.reedy, vstinner
Priority: normal Keywords: patch, patch, patch

Created on 2018-10-22 14:30 by cstratak, last changed 2019-01-26 04:57 by Alan.Huang. This issue is now closed.

Pull Requests
URL Status Linked Edit
PR 11508 closed vstinner, 2019-01-10 17:05
PR 11508 closed vstinner, 2019-01-10 17:05
PR 11508 closed vstinner, 2019-01-10 17:06
PR 11510 merged christian.heimes, 2019-01-10 17:37
PR 11510 merged christian.heimes, 2019-01-10 17:37
PR 11510 merged christian.heimes, 2019-01-10 17:37
PR 11611 merged miss-islington, 2019-01-18 15:09
PR 11611 merged miss-islington, 2019-01-18 15:09
PR 11611 merged miss-islington, 2019-01-18 15:09
PR 8050 Alan.Huang, 2019-01-26 04:57
PR 8050 Alan.Huang, 2019-01-26 04:57
Messages (8)
msg328255 - (view) Author: Charalampos Stratakis (cstratak) * Date: 2018-10-22 14:30
There is an Python test that checks the minimum TLS version - test_min_max_version (test.test_ssl.ContextTests).

Fedora 29+ sets TLSv1 as explicit minimum version. Python's test suite assumes that the minimum protocol version is set to a magic marker.


FAIL: test_min_max_version (test.test_ssl.ContextTests)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/builddir/build/BUILD/Python-3.7.0/Lib/test/test_ssl.py", line 1084, in test_min_max_version
    ctx.minimum_version, ssl.TLSVersion.MINIMUM_SUPPORTED
AssertionError: <TLSVersion.TLSv1: 769> != <TLSVersion.MINIMUM_SUPPORTED: -2>


We currently workaround the problem by setting:

    export OPENSSL_CONF=/non-existing-file
msg328592 - (view) Author: Terry J. Reedy (terry.reedy) * (Python committer) Date: 2018-10-26 18:59
I closed #35076 as a duplicate of this.  The distribution was not specified.  The version is 3.7.1 plus additional patches.  A build log is attached.
msg328744 - (view) Author: Terry J. Reedy (terry.reedy) * (Python committer) Date: 2018-10-28 20:40
The OP for #35076 emailed me that the distribution is obarun, based on ArchLinux. with LibreSSL not officialy supported, but for the moment a personal work.
msg328752 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2018-10-28 21:01
By the way LibreSSL isn't offically supported by Python, either. It just happens to work most of the time. I regard LibreSSL as not supported, because no core developer or regular contributor has shown any interest to work on LibreSSL support. OpenSSL is used on almost all platforms (most Linux distros, Windows, macOS, FreeBSD) any way.
msg333974 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2019-01-18 15:09
New changeset 34de2d312b3687994ddbc29adb66e88f672034c7 by Victor Stinner (Christian Heimes) in branch 'master':
bpo-35045: Accept TLSv1 default in min max test (GH-11510)
https://github.com/python/cpython/commit/34de2d312b3687994ddbc29adb66e88f672034c7
msg333975 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2019-01-18 15:12
Python 2.7 is not affected: test_ssl doesn't test minimum_version.
msg333979 - (view) Author: miss-islington (miss-islington) Date: 2019-01-18 15:29
New changeset 6ca7183b3549d3eaa8a0c3b73255eeac24d7974d by Miss Islington (bot) in branch '3.7':
bpo-35045: Accept TLSv1 default in min max test (GH-11510)
https://github.com/python/cpython/commit/6ca7183b3549d3eaa8a0c3b73255eeac24d7974d
msg333981 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2019-01-18 15:30
Thanks Christian. I merged your PR.

I like the simplicity of your fix ;-)
History
Date User Action Args
2019-01-26 04:57:37Alan.Huangsetpull_requests: + pull_request11510
2019-01-26 04:57:24Alan.Huangsetpull_requests: + pull_request11509
2019-01-18 15:30:46vstinnersetstatus: open -> closed
messages: + msg333981

keywords: patch, patch, patch
resolution: fixed
stage: patch review -> resolved
2019-01-18 15:29:12miss-islingtonsetnosy: + miss-islington
messages: + msg333979
2019-01-18 15:21:55vstinnerlinkissue33995 superseder
2019-01-18 15:12:13vstinnersetkeywords: patch, patch, patch

messages: + msg333975
2019-01-18 15:10:07miss-islingtonsetpull_requests: + pull_request11344
2019-01-18 15:09:57miss-islingtonsetpull_requests: + pull_request11343
2019-01-18 15:09:45miss-islingtonsetpull_requests: + pull_request11342
2019-01-18 15:09:32vstinnersetmessages: + msg333974
2019-01-10 17:37:54christian.heimessetpull_requests: + pull_request11063
2019-01-10 17:37:47christian.heimessetpull_requests: + pull_request11062
2019-01-10 17:37:40christian.heimessetpull_requests: + pull_request11061
2019-01-10 17:06:10vstinnersetkeywords: + patch
stage: patch review
pull_requests: + pull_request11057
2019-01-10 17:06:04vstinnersetkeywords: + patch
stage: (no value)
pull_requests: + pull_request11056
2019-01-10 17:05:57vstinnersetkeywords: + patch
stage: (no value)
pull_requests: + pull_request11055
2019-01-10 17:05:44vstinnersetversions: - Python 3.6
2019-01-10 16:59:42vstinnerlinkissue35709 superseder
2018-10-28 21:01:04christian.heimessetmessages: + msg328752
2018-10-28 20:40:29terry.reedysetmessages: + msg328744
2018-10-26 19:00:06terry.reedysetnosy: + jean-michel
2018-10-26 18:59:39terry.reedysetnosy: + terry.reedy
messages: + msg328592
2018-10-26 18:57:58terry.reedylinkissue35076 superseder
2018-10-22 14:50:44vstinnersetnosy: + vstinner
2018-10-22 14:30:27cstratakcreate