Issue 35045: test_min_max_version (test.test_ssl.ContextTests) fails on Fedora 29+ and openssl 1.1.1

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

This issue has been migrated to GitHub: https://github.com/python/cpython/issues/79226

classification

Title:	test_min_max_version (test.test_ssl.ContextTests) fails on Fedora 29+ and openssl 1.1.1
Type:		Stage:	resolved
Components:	SSL	Versions:	Python 3.8, Python 3.7

process

Status:	closed	Resolution:	fixed
Dependencies:		Superseder:
Assigned To:	christian.heimes	Nosy List:	christian.heimes, cstratak, jean-michel, miss-islington, terry.reedy, vstinner
Priority:	normal	Keywords:	patch, patch, patch

Created on 2018-10-22 14:30 by cstratak, last changed 2022-04-11 14:59 by admin. This issue is now closed.

Pull Requests
URL	Status	Linked	Edit
PR 11508	closed	vstinner, 2019-01-10 17:05
PR 11508	closed	vstinner, 2019-01-10 17:05
PR 11508	closed	vstinner, 2019-01-10 17:06
PR 11510	merged	christian.heimes, 2019-01-10 17:37
PR 11510	merged	christian.heimes, 2019-01-10 17:37
PR 11510	merged	christian.heimes, 2019-01-10 17:37
PR 11611	merged	miss-islington, 2019-01-18 15:09
PR 11611	merged	miss-islington, 2019-01-18 15:09
PR 11611	merged	miss-islington, 2019-01-18 15:09
PR 8050		Alan.Huang, 2019-01-26 04:57
PR 8050		Alan.Huang, 2019-01-26 04:57

Messages (8)
msg328255 - (view)	Author: Charalampos Stratakis (cstratak) *	Date: 2018-10-22 14:30
There is an Python test that checks the minimum TLS version - test_min_max_version (test.test_ssl.ContextTests). Fedora 29+ sets TLSv1 as explicit minimum version. Python's test suite assumes that the minimum protocol version is set to a magic marker. FAIL: test_min_max_version (test.test_ssl.ContextTests) ---------------------------------------------------------------------- Traceback (most recent call last): File "/builddir/build/BUILD/Python-3.7.0/Lib/test/test_ssl.py", line 1084, in test_min_max_version ctx.minimum_version, ssl.TLSVersion.MINIMUM_SUPPORTED AssertionError: <TLSVersion.TLSv1: 769> != <TLSVersion.MINIMUM_SUPPORTED: -2> We currently workaround the problem by setting: export OPENSSL_CONF=/non-existing-file
msg328592 - (view)	Author: Terry J. Reedy (terry.reedy) *	Date: 2018-10-26 18:59
I closed #35076 as a duplicate of this. The distribution was not specified. The version is 3.7.1 plus additional patches. A build log is attached.
msg328744 - (view)	Author: Terry J. Reedy (terry.reedy) *	Date: 2018-10-28 20:40
The OP for #35076 emailed me that the distribution is obarun, based on ArchLinux. with LibreSSL not officialy supported, but for the moment a personal work.
msg328752 - (view)	Author: Christian Heimes (christian.heimes) *	Date: 2018-10-28 21:01
By the way LibreSSL isn't offically supported by Python, either. It just happens to work most of the time. I regard LibreSSL as not supported, because no core developer or regular contributor has shown any interest to work on LibreSSL support. OpenSSL is used on almost all platforms (most Linux distros, Windows, macOS, FreeBSD) any way.
msg333974 - (view)	Author: STINNER Victor (vstinner) *	Date: 2019-01-18 15:09
New changeset 34de2d312b3687994ddbc29adb66e88f672034c7 by Victor Stinner (Christian Heimes) in branch 'master': bpo-35045: Accept TLSv1 default in min max test (GH-11510) https://github.com/python/cpython/commit/34de2d312b3687994ddbc29adb66e88f672034c7
msg333975 - (view)	Author: STINNER Victor (vstinner) *	Date: 2019-01-18 15:12
Python 2.7 is not affected: test_ssl doesn't test minimum_version.
msg333979 - (view)	Author: miss-islington (miss-islington)	Date: 2019-01-18 15:29
New changeset 6ca7183b3549d3eaa8a0c3b73255eeac24d7974d by Miss Islington (bot) in branch '3.7': bpo-35045: Accept TLSv1 default in min max test (GH-11510) https://github.com/python/cpython/commit/6ca7183b3549d3eaa8a0c3b73255eeac24d7974d
msg333981 - (view)	Author: STINNER Victor (vstinner) *	Date: 2019-01-18 15:30
Thanks Christian. I merged your PR. I like the simplicity of your fix ;-)

History
Date	User	Action	Args
2022-04-11 14:59:07	admin	set	github: 79226
2019-01-26 04:57:37	Alan.Huang	set	pull_requests: + pull_request11510
2019-01-26 04:57:24	Alan.Huang	set	pull_requests: + pull_request11509
2019-01-18 15:30:46	vstinner	set	status: open -> closed messages: + msg333981 keywords: patch, patch, patch resolution: fixed stage: patch review -> resolved
2019-01-18 15:29:12	miss-islington	set	nosy: + miss-islington messages: + msg333979
2019-01-18 15:21:55	vstinner	link	issue33995 superseder
2019-01-18 15:12:13	vstinner	set	keywords: patch, patch, patch messages: + msg333975
2019-01-18 15:10:07	miss-islington	set	pull_requests: + pull_request11344
2019-01-18 15:09:57	miss-islington	set	pull_requests: + pull_request11343
2019-01-18 15:09:45	miss-islington	set	pull_requests: + pull_request11342
2019-01-18 15:09:32	vstinner	set	messages: + msg333974
2019-01-10 17:37:54	christian.heimes	set	pull_requests: + pull_request11063
2019-01-10 17:37:47	christian.heimes	set	pull_requests: + pull_request11062
2019-01-10 17:37:40	christian.heimes	set	pull_requests: + pull_request11061
2019-01-10 17:06:10	vstinner	set	keywords: + patch stage: patch review pull_requests: + pull_request11057
2019-01-10 17:06:04	vstinner	set	keywords: + patch stage: (no value) pull_requests: + pull_request11056
2019-01-10 17:05:57	vstinner	set	keywords: + patch stage: (no value) pull_requests: + pull_request11055
2019-01-10 17:05:44	vstinner	set	versions: - Python 3.6
2019-01-10 16:59:42	vstinner	link	issue35709 superseder
2018-10-28 21:01:04	christian.heimes	set	messages: + msg328752
2018-10-28 20:40:29	terry.reedy	set	messages: + msg328744
2018-10-26 19:00:06	terry.reedy	set	nosy: + jean-michel
2018-10-26 18:59:39	terry.reedy	set	nosy: + terry.reedy messages: + msg328592
2018-10-26 18:57:58	terry.reedy	link	issue35076 superseder
2018-10-22 14:50:44	vstinner	set	nosy: + vstinner
2018-10-22 14:30:27	cstratak	create