This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: test_ssl: skip tests for disabled TLS/SSL versions
Type: resource usage Stage: patch review
Components: Tests Versions: Python 3.9, Python 3.8, Python 3.7
process
Status: open Resolution:
Dependencies: Superseder:
Assigned To: christian.heimes Nosy List: christian.heimes, miss-islington, vstinner
Priority: normal Keywords: patch

Created on 2019-09-25 12:38 by christian.heimes, last changed 2022-04-11 14:59 by admin.

Pull Requests
URL Status Linked Edit
PR 16386 merged christian.heimes, 2019-09-25 12:42
PR 16425 merged christian.heimes, 2019-09-26 15:06
PR 16427 merged christian.heimes, 2019-09-26 15:13
PR 16428 merged christian.heimes, 2019-09-26 15:59
Messages (6)
msg353189 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2019-09-25 12:38
test_ssl has some checks for TLS/SSL versions that are not available or disabled during compile-time of Python and OpenSSL. It's missing run-time checks and checks for TLS 1.0 and 1.1. Several test scenarios assume that TLS 1.0 and 1.1 are always available and properly working. These tests fail when e.g. TLS 1.0 is disabled.

Further more compile-time checks for ssl.HAS_TLSv1 or ssl.PROTOCOL_TLSv1 are not sufficient. OpenSSL 1.1.0+ got more flexible. TLS/SSL versions can be disabled at runtime with a crypto policy. Recent Debian, Fedora, and RHEL 8 systems have TLS 1.0 and 1.1 disabled by default.
msg353315 - (view) Author: miss-islington (miss-islington) Date: 2019-09-26 15:03
New changeset df6ac7e2b82d921a6e9ff5571b40c6dbcf635581 by Miss Islington (bot) (Christian Heimes) in branch 'master':
bpo-38275: Skip ssl tests for disabled versions (GH-16386)
https://github.com/python/cpython/commit/df6ac7e2b82d921a6e9ff5571b40c6dbcf635581
msg353324 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2019-09-26 16:12
The change caused many buildbot failures, see examples from IRC logs below. I understand that PR 16428 will fix them.

17:22 < py-bb> Build s390x SLES 3.x #3824 is complete: Failure [failed test (failure)] - https://buildbot.python.org/all/#builders/16/builds/3824
17:23 < py-bb> Build AMD64 RHEL7 3.x #46 is complete: Failure [failed test (failure)] - https://buildbot.python.org/all/#builders/254/builds/46
17:24 < py-bb> Build s390x RHEL 3.x #3873 is complete: Failure [failed test (failure)] - https://buildbot.python.org/all/#builders/21/builds/3873
17:32 < py-bb> Build AMD64 RHEL7 LTO + PGO 3.x #46 is complete: Failure [failed test (failure)] - https://buildbot.python.org/all/#builders/258/builds/46
17:38 < py-bb> Build AMD64 RHEL7 LTO 3.x #47 is complete: Failure [failed test (failure)] - https://buildbot.python.org/all/#builders/283/builds/47
17:41 < py-bb> Build PPC64 Fedora 3.x #3789 is complete: Failure [failed test (failure)] - https://buildbot.python.org/all/#builders/53/builds/3789
17:53 < py-bb> Build x86 Gentoo Installed with X 3.x #3148 is complete: Failure [failed test (failure)] - https://buildbot.python.org/all/#builders/103/builds/3148
17:58 < py-bb> Build x86 Gentoo Non-Debug with X 3.x #3377 is complete: Failure [failed test (failure)] - https://buildbot.python.org/all/#builders/99/builds/3377
18:00 < py-bb> Build POWER6 AIX 3.x #1710 is complete: Failure [failed test (failure)] - https://buildbot.python.org/all/#builders/161/builds/1710
18:04 < py-bb> Build PPC64 AIX 3.x #3477 is complete: Failure [failed test (failure)] - https://buildbot.python.org/all/#builders/10/builds/3477
18:08 < py-bb> Build PPC64LE Fedora 3.x #3617 is complete: Failure [failed test (failure)] - https://buildbot.python.org/all/#builders/85/builds/3617
msg353326 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2019-09-26 16:23
New changeset 9f77268f901cc3e8874e5042361520a0e482476a by Christian Heimes in branch 'master':
bpo-38275: Fix test_ssl issue caused by GH-16386 (#16428)
https://github.com/python/cpython/commit/9f77268f901cc3e8874e5042361520a0e482476a
msg353337 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2019-09-26 20:53
New changeset 1931132db33dd002cef0b19b8eaa219c1757797e by Christian Heimes in branch '3.8':
[3.8] bpo-38275: Skip ssl tests for disabled versions (GH-16386) (GH-16425)
https://github.com/python/cpython/commit/1931132db33dd002cef0b19b8eaa219c1757797e
msg353338 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2019-09-26 20:54
New changeset 2c24f2cae00bbfe9af1e59778f6516d4c56ffc4e by Christian Heimes in branch '3.7':
[3.7] bpo-38275: Skip ssl tests for disabled versions (GH-16427)
https://github.com/python/cpython/commit/2c24f2cae00bbfe9af1e59778f6516d4c56ffc4e
History
Date User Action Args
2022-04-11 14:59:20adminsetgithub: 82456
2019-09-26 20:54:37christian.heimessetmessages: + msg353338
2019-09-26 20:53:17christian.heimessetmessages: + msg353337
2019-09-26 16:23:32christian.heimessetmessages: + msg353326
2019-09-26 16:12:23vstinnersetnosy: + vstinner
messages: + msg353324
2019-09-26 15:59:17christian.heimessetpull_requests: + pull_request16007
2019-09-26 15:13:30christian.heimessetpull_requests: + pull_request16006
2019-09-26 15:06:26christian.heimessetpull_requests: + pull_request16004
2019-09-26 15:03:02miss-islingtonsetnosy: + miss-islington
messages: + msg353315
2019-09-25 12:42:36christian.heimessetkeywords: + patch
stage: patch review
pull_requests: + pull_request15968
2019-09-25 12:38:51christian.heimescreate