This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: test_ssl fails in the macos CI
Type: behavior Stage: patch review
Components: SSL, Tests Versions: Python 3.10
process
Status: open Resolution: fixed
Dependencies: Superseder:
Assigned To: christian.heimes Nosy List: christian.heimes, pablogsal
Priority: normal Keywords: patch

Created on 2021-04-26 12:53 by pablogsal, last changed 2022-04-11 14:59 by admin.

Pull Requests
URL Status Linked Edit
PR 25850 merged christian.heimes, 2021-05-03 13:13
Messages (6)
msg391914 - (view) Author: Pablo Galindo Salgado (pablogsal) * (Python committer) Date: 2021-04-26 12:53
Check out this build:

https://github.com/python/cpython/pull/25584/checks?check_run_id=2437718845

Here, test_ssl fails in the macos CI target:

1 test failed:
    test_ssl

20 tests skipped:
    test_devpoll test_epoll test_gdb test_idle test_ioctl test_msilib
    test_multiprocessing_fork test_ossaudiodev test_spwd
    test_startfile test_tcl test_tix test_tk test_ttk_guionly
    test_ttk_textonly test_turtle test_winconsoleio test_winreg
    test_winsound test_zipfile64
0:18:53 load avg: 3.12
0:18:53 load avg: 3.12 Re-running failed tests in verbose mode
0:18:53 load avg: 3.12 Re-running test_ssl in verbose mode
test_ssl: testing with 'OpenSSL 1.1.1k  25 Mar 2021' (1, 1, 1, 11, 15)
          under Mac ('10.15.7', ('', '', ''), 'x86_64')
          HAS_SNI = True
          OP_ALL = 0x80000054
          OP_NO_TLSv1_1 = 0x10000000
test__create_stdlib_context (test.test_ssl.ContextTests) ... ok
test_cert_store_stats (test.test_ssl.ContextTests) ... ok
test_check_hostname (test.test_ssl.ContextTests) ... ok
test_ciphers (test.test_ssl.ContextTests) ... ok
test_constructor (test.test_ssl.ContextTests) ... ok
test_context_client_server (test.test_ssl.ContextTests) ... ok
test_context_custom_class (test.test_ssl.ContextTests) ... ok
test_create_default_context (test.test_ssl.ContextTests) ... ok
test_get_ca_certs (test.test_ssl.ContextTests) ... ok
test_get_ciphers (test.test_ssl.ContextTests) ... ok
test_hostname_checks_common_name (test.test_ssl.ContextTests) ... ok
test_load_cert_chain (test.test_ssl.ContextTests) ... ok
test_load_default_certs (test.test_ssl.ContextTests) ... ok
test_load_default_certs_env (test.test_ssl.ContextTests) ... ok
test_load_default_certs_env_windows (test.test_ssl.ContextTests) ... skipped 'Windows specific'
test_load_dh_params (test.test_ssl.ContextTests) ... ok
test_load_verify_cadata (test.test_ssl.ContextTests) ... ok
test_load_verify_locations (test.test_ssl.ContextTests) ... ok
test_min_max_version (test.test_ssl.ContextTests) ... ok
test_num_tickest (test.test_ssl.ContextTests) ... ok
test_options (test.test_ssl.ContextTests) ... ok
test_python_ciphers (test.test_ssl.ContextTests) ... ok
test_security_level (test.test_ssl.ContextTests) ... ok
test_session_stats (test.test_ssl.ContextTests) ... ok
test_set_default_verify_paths (test.test_ssl.ContextTests) ... ok
test_set_ecdh_curve (test.test_ssl.ContextTests) ... ok
test_sni_callback (test.test_ssl.ContextTests) ... ok
test_sni_callback_refcycle (test.test_ssl.ContextTests) ... ok
test_verify_flags (test.test_ssl.ContextTests) ... ok
test_verify_mode_protocol (test.test_ssl.ContextTests) ... ok
test_DER_to_PEM (test.test_ssl.BasicSocketTests) ... ok
test_asn1object (test.test_ssl.BasicSocketTests) ... ok
test_cert_time_to_seconds (test.test_ssl.BasicSocketTests) ... ok
test_cert_time_to_seconds_locale (test.test_ssl.BasicSocketTests) ... skipped 'locale-specific month name needs to be different from C locale'
test_cert_time_to_seconds_timezone (test.test_ssl.BasicSocketTests) ... skipped 'local time needs to be different from UTC'
test_connect_ex_error (test.test_ssl.BasicSocketTests) ... ok
test_constants (test.test_ssl.BasicSocketTests) ... ok
test_dealloc_warn (test.test_ssl.BasicSocketTests) ... ok
test_empty_cert (test.test_ssl.BasicSocketTests)
Wrapping with an empty cert file ... ok
test_enum_certificates (test.test_ssl.BasicSocketTests) ... skipped 'Windows specific'
test_enum_crls (test.test_ssl.BasicSocketTests) ... skipped 'Windows specific'
test_errors_sslwrap (test.test_ssl.BasicSocketTests) ... ok
test_get_default_verify_paths (test.test_ssl.BasicSocketTests) ... ok
test_malformed_cert (test.test_ssl.BasicSocketTests)
Wrapping with a badly formatted certificate (syntax error) ... ok
test_malformed_key (test.test_ssl.BasicSocketTests)
Wrapping with a badly formatted key (syntax error) ... ok
test_match_hostname (test.test_ssl.BasicSocketTests) ... ok
test_openssl_version (test.test_ssl.BasicSocketTests) ... ok
test_parse_all_sans (test.test_ssl.BasicSocketTests) ... ok
test_parse_cert (test.test_ssl.BasicSocketTests) ... 
{'OCSP': ('http://ocsp.verisign.com',),
 'caIssuers': ('http://SVRIntl-G3-aia.verisign.com/SVRIntlG3.cer',),
 'crlDistributionPoints': ('http://SVRIntl-G3-crl.verisign.com/SVRIntlG3.crl',),
 'issuer': ((('countryName', 'US'),),
            (('organizationName', 'VeriSign, Inc.'),),
            (('organizationalUnitName', 'VeriSign Trust Network'),),
            (('organizationalUnitName',
              'Terms of use at https://www.verisign.com/rpa (c)10'),),
            (('commonName', 'VeriSign Class 3 International Server CA - G3'),)),
 'notAfter': 'Sep 20 23:59:59 2012 GMT',
 'notBefore': 'Sep 21 00:00:00 2011 GMT',
 'serialNumber': '2EE6EA7640A075CEE5005F4D7C79549A',
 'subject': ((('countryName', 'FI'),),
             (('stateOrProvinceName', 'Espoo'),),
             (('localityName', 'Espoo'),),
             (('organizationName', 'Nokia'),),
             (('organizationalUnitName', 'BI'),),
             (('commonName', 'projects.developer.nokia.com'),)),
 'subjectAltName': (('DNS', 'projects.developer.nokia.com'),
                    ('DNS', 'projects.forum.nokia.com')),
 'version': 3}
ok
test_parse_cert_CVE_2013_4238 (test.test_ssl.BasicSocketTests) ... 
{'issuer': ((('countryName', 'US'),),
            (('stateOrProvinceName', 'Oregon'),),
            (('localityName', 'Beaverton'),),
            (('organizationName', 'Python Software Foundation'),),
            (('organizationalUnitName', 'Python Core Development'),),
            (('commonName', 'null.python.org\x00example.org'),),
            (('emailAddress', 'python-dev@python.org'),)),
 'notAfter': 'Aug  7 13:12:52 2013 GMT',
 'notBefore': 'Aug  7 13:11:52 2013 GMT',
 'serialNumber': '00',
 'subject': ((('countryName', 'US'),),
             (('stateOrProvinceName', 'Oregon'),),
             (('localityName', 'Beaverton'),),
             (('organizationName', 'Python Software Foundation'),),
             (('organizationalUnitName', 'Python Core Development'),),
             (('commonName', 'null.python.org\x00example.org'),),
             (('emailAddress', 'python-dev@python.org'),)),
 'subjectAltName': (('DNS', 'altnull.python.org\x00example.com'),
                    ('email', 'null@python.org\x00user@example.org'),
                    ('URI', 'http://null.python.org\x00http://example.org'),
                    ('IP Address', '192.0.2.1'),
                    ('IP Address', '2001:DB8:0:0:0:0:0:1')),
 'version': 3}
ok
test_parse_cert_CVE_2019_5010 (test.test_ssl.BasicSocketTests) ... 
{'issuer': ((('countryName', 'UK'),), (('commonName', 'cody-ca'),)),
 'notAfter': 'Jun 14 18:00:58 2028 GMT',
 'notBefore': 'Jun 18 18:00:58 2018 GMT',
 'serialNumber': '02',
 'subject': ((('countryName', 'UK'),),
             (('commonName', 'codenomicon-vm-2.test.lal.cisco.com'),)),
 'subjectAltName': (('DNS', 'codenomicon-vm-2.test.lal.cisco.com'),),
 'version': 3}
ok
test_private_init (test.test_ssl.BasicSocketTests) ... ok
test_purpose_enum (test.test_ssl.BasicSocketTests) ... ok
test_random (test.test_ssl.BasicSocketTests) ... 
 RAND_status is 1 (sufficient randomness)
ok
test_read_write_zero (test.test_ssl.BasicSocketTests) ...  server:  new connection from ('127.0.0.1', 52385)
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
ok
test_refcycle (test.test_ssl.BasicSocketTests) ... ok
test_server_side (test.test_ssl.BasicSocketTests) ... ok
test_str_for_enums (test.test_ssl.BasicSocketTests) ... ok
test_timeout (test.test_ssl.BasicSocketTests) ... ok
test_tls_unique_channel_binding (test.test_ssl.BasicSocketTests) ... ok
test_unknown_channel_binding (test.test_ssl.BasicSocketTests) ... ok
test_unsupported_dtls (test.test_ssl.BasicSocketTests) ... ok
test_wrapped_unconnected (test.test_ssl.BasicSocketTests) ... ok
test_bad_server_hostname (test.test_ssl.SSLErrorTests) ... ok
test_lib_reason (test.test_ssl.SSLErrorTests) ... ok
test_str (test.test_ssl.SSLErrorTests) ... ok
test_subclass (test.test_ssl.SSLErrorTests) ... ok
test_buffer_types (test.test_ssl.MemoryBIOTests) ... ok
test_eof (test.test_ssl.MemoryBIOTests) ... ok
test_error_types (test.test_ssl.MemoryBIOTests) ... ok
test_pending (test.test_ssl.MemoryBIOTests) ... ok
test_read_write (test.test_ssl.MemoryBIOTests) ... ok
test_private_init (test.test_ssl.SSLObjectTests) ... ok
test_unwrap (test.test_ssl.SSLObjectTests) ... ok
test_bio_handshake (test.test_ssl.SimpleBackgroundTests) ...  server:  new connection from ('127.0.0.1', 52391)
Needed 2 calls to complete do_handshake().
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
Needed 3 calls to complete unwrap().
ok
test_bio_read_write_data (test.test_ssl.SimpleBackgroundTests) ...  server:  new connection from ('127.0.0.1', 52393)
Needed 2 calls to complete do_handshake().
Needed 1 calls to complete write().
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
Needed 4 calls to complete read().
Needed 2 calls to complete unwrap().
ok
test_ciphers (test.test_ssl.SimpleBackgroundTests) ...  server:  new connection from ('127.0.0.1', 52395)
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
 server:  new connection from ('127.0.0.1', 52396)
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
ok
test_connect (test.test_ssl.SimpleBackgroundTests) ...  server:  new connection from ('127.0.0.1', 52398)
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
 server:  new connection from ('127.0.0.1', 52399)
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
ok
test_connect_cadata (test.test_ssl.SimpleBackgroundTests) ...  server:  new connection from ('127.0.0.1', 52401)
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
 server:  new connection from ('127.0.0.1', 52402)
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
ok
test_connect_capath (test.test_ssl.SimpleBackgroundTests) ...  server:  new connection from ('127.0.0.1', 52404)

 server:  bad connection attempt from ('127.0.0.1', 52404):
Traceback (most recent call last):
   File "/Users/runner/work/cpython/cpython/Lib/test/test_ssl.py", line 2347, in wrap_conn
    self.sslconn = self.server.context.wrap_socket(
   File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 518, in wrap_socket
    return self.sslsocket_class._create(
   File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 1070, in _create
    self.do_handshake()
   File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 1339, in do_handshake
    self._sslobj.do_handshake()
 OSError: [Errno 41] Protocol wrong type for socket
ERROR
test_connect_ex (test.test_ssl.SimpleBackgroundTests) ...  server:  new connection from ('127.0.0.1', 52407)
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
ok
test_connect_fail (test.test_ssl.SimpleBackgroundTests) ...  server:  new connection from ('127.0.0.1', 52409)

 server:  bad connection attempt from ('127.0.0.1', 52409):
Traceback (most recent call last):
   File "/Users/runner/work/cpython/cpython/Lib/test/test_ssl.py", line 2347, in wrap_conn
    self.sslconn = self.server.context.wrap_socket(
   File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 518, in wrap_socket
    return self.sslsocket_class._create(
   File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 1070, in _create
    self.do_handshake()
   File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 1339, in do_handshake
    self._sslobj.do_handshake()
 ssl.SSLError: [SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:969)
ok
test_connect_with_context (test.test_ssl.SimpleBackgroundTests) ...  server:  new connection from ('127.0.0.1', 52411)
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
 server:  new connection from ('127.0.0.1', 52412)
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
 server:  new connection from ('127.0.0.1', 52413)
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
ok
test_connect_with_context_fail (test.test_ssl.SimpleBackgroundTests) ...  server:  new connection from ('127.0.0.1', 52415)

 server:  bad connection attempt from ('127.0.0.1', 52415):
Traceback (most recent call last):
   File "/Users/runner/work/cpython/cpython/Lib/test/test_ssl.py", line 2347, in wrap_conn
    self.sslconn = self.server.context.wrap_socket(
   File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 518, in wrap_socket
    return self.sslsocket_class._create(
   File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 1070, in _create
    self.do_handshake()
   File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 1339, in do_handshake
    self._sslobj.do_handshake()
 ssl.SSLError: [SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:969)
ok
test_context_setget (test.test_ssl.SimpleBackgroundTests) ...  server:  new connection from ('127.0.0.1', 52417)
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
ok
test_get_ca_certs_capath (test.test_ssl.SimpleBackgroundTests) ...  server:  new connection from ('127.0.0.1', 52419)
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
ok
test_get_server_certificate (test.test_ssl.SimpleBackgroundTests) ...  server:  new connection from ('127.0.0.1', 52422)
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
 server:  new connection from ('127.0.0.1', 52424)

Verified certificate for localhost:52420 is
-----BEGIN CERTIFICATE-----
MIIF8TCCBFmgAwIBAgIJAMstgJlaaVJcMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNV
BAYTAlhZMSYwJAYDVQQKDB1QeXRob24gU29mdHdhcmUgRm91bmRhdGlvbiBDQTEW
MBQGA1UEAwwNb3VyLWNhLXNlcnZlcjAeFw0xODA4MjkxNDIzMTZaFw0zNzEwMjgx
NDIzMTZaMF8xCzAJBgNVBAYTAlhZMRcwFQYDVQQHDA5DYXN0bGUgQW50aHJheDEj
MCEGA1UECgwaUHl0aG9uIFNvZnR3YXJlIEZvdW5kYXRpb24xEjAQBgNVBAMMCWxv
Y2FsaG9zdDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAMW0s615CVCi
M3vO2S7HubSGYYqQ/WGHSFsqpNwPzuOQsCoDBlZ6eNkyMJttne8/4A5sIiRggrM9
djtiL4fkzc7aZcgPGgcaMv8Za2gTIM1e+b1QL4xG5I6rYxoscdAbRHHZPFxisxVQ
ztv3euk3UsZGsK/WAhJczgS8QmigBHsBp2PSkb+jR+oMB0WMfpBluGfWJmV754Zu
Nx92Af8fQXx2fU88ahWIdeJxuxDiQHrTTY9/5pc/hvZAoBt+XI0cQoc8cQ45NesW
Mx1z5uopbbh6kSwxkjn2rH2FT/hG+nf+/68TBMvs2buKWm3NmfZy8YJbf0sLSc1g
s7OQ7cfzHADvmHq7KR0H5Y7+/YIogr0z9k771A2uZqiR8oNqYKTf1vyGULA0voux
Wm93ddNLlafhhaf3YSqKW1Qkmg+julztVN1YKDjNUWfhDxmHg0U2f+pMHyUQyCuw
1NXlzJnvOGgGJQxI7jluajY2ycTtx78lSGWp7m6HQ9PUwgGBNX6gMwIDAQABo4IB
wDCCAbwwFAYDVR0RBA0wC4IJbG9jYWxob3N0MA4GA1UdDwEB/wQEAwIFoDAdBgNV
HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4E
FgQUhXUQJdAsgFAkGltXcN61y3GpO3swfQYDVR0jBHYwdIAUs4qgorpx8agkedSk
WyU2FR5JyM2hUaRPME0xCzAJBgNVBAYTAlhZMSYwJAYDVQQKDB1QeXRob24gU29m
dHdhcmUgRm91bmRhdGlvbiBDQTEWMBQGA1UEAwwNb3VyLWNhLXNlcnZlcoIJAMst
gJlaaVJbMIGDBggrBgEFBQcBAQR3MHUwPAYIKwYBBQUHMAKGMGh0dHA6Ly90ZXN0
Y2EucHl0aG9udGVzdC5uZXQvdGVzdGNhL3B5Y2FjZXJ0LmNlcjA1BggrBgEFBQcw
AYYpaHR0cDovL3Rlc3RjYS5weXRob250ZXN0Lm5ldC90ZXN0Y2Evb2NzcC8wQwYD
VR0fBDwwOjA4oDagNIYyaHR0cDovL3Rlc3RjYS5weXRob250ZXN0Lm5ldC90ZXN0
Y2EvcmV2b2NhdGlvbi5jcmwwDQYJKoZIhvcNAQELBQADggGBAJXzVrvVjHC90d7a
Y7Ap19tgJ9ZZ/WEbMMbQXXN9NOFo4yimieZgvYnTDvRyrXJ2+IYh/XU8+G2+nATh
ggNpbK7QVbpe8sr1D47W2Y3IVkb0+Kx0Khl7jkdwH/v7vWkCoaVKbiEcBBQVVb+/
JEPIFwO+Pizq28ivHf1S39YVSZ7CRGnv8UVDg7IezxQcEz/+nHHL5xsYVjanr0Tx
C6F5REb5Q0Yp2LDKSU1lYNP2jnS8Yp4ejUspmrQN8KJ3WzTkES+nJcXlB3YSrr51
cxXkCn1TOFY/eW1uyu2Aq1btfosc5+PUYjAicOcpsgM8/vo98DbATRGimdMpMSe4
xbgVozxPm3NeK7L7y/11R7gXvSHY5sG5/3OB2CUIbQheHKWDUN5n5trQjlrT8iqx
P7iAIQdqcRVtBetRs1mN1BVGfgKoEwEWmb0DzHBxKiMWeK/R1QGdBLRjk5oEOpIu
5n5zk6X+UJu9DupUhm985RR3/sIoWkoO1y2M6e1hKbJT/2wEvA==
-----END CERTIFICATE-----

 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
ok
test_get_server_certificate_fail (test.test_ssl.SimpleBackgroundTests) ...  server:  new connection from ('127.0.0.1', 52427)
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:969)

 server:  bad connection attempt from ('127.0.0.1', 52427):
Traceback (most recent call last):
   File "/Users/runner/work/cpython/cpython/Lib/test/test_ssl.py", line 2347, in wrap_conn
    self.sslconn = self.server.context.wrap_socket(
   File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 518, in wrap_socket
    return self.sslsocket_class._create(
   File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 1070, in _create
    self.do_handshake()
   File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 1339, in do_handshake
    self._sslobj.do_handshake()
 ssl.SSLError: [SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:969)
ok
test_get_server_certificate_sni (test.test_ssl.SimpleBackgroundTests) ...  server:  new connection from ('127.0.0.1', 52430)
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
 server:  new connection from ('127.0.0.1', 52432)

Verified certificate for localhost:52428 is
-----BEGIN CERTIFICATE-----
MIIF8TCCBFmgAwIBAgIJAMstgJlaaVJcMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNV
BAYTAlhZMSYwJAYDVQQKDB1QeXRob24gU29mdHdhcmUgRm91bmRhdGlvbiBDQTEW
MBQGA1UEAwwNb3VyLWNhLXNlcnZlcjAeFw0xODA4MjkxNDIzMTZaFw0zNzEwMjgx
NDIzMTZaMF8xCzAJBgNVBAYTAlhZMRcwFQYDVQQHDA5DYXN0bGUgQW50aHJheDEj
MCEGA1UECgwaUHl0aG9uIFNvZnR3YXJlIEZvdW5kYXRpb24xEjAQBgNVBAMMCWxv
Y2FsaG9zdDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAMW0s615CVCi
M3vO2S7HubSGYYqQ/WGHSFsqpNwPzuOQsCoDBlZ6eNkyMJttne8/4A5sIiRggrM9
djtiL4fkzc7aZcgPGgcaMv8Za2gTIM1e+b1QL4xG5I6rYxoscdAbRHHZPFxisxVQ
ztv3euk3UsZGsK/WAhJczgS8QmigBHsBp2PSkb+jR+oMB0WMfpBluGfWJmV754Zu
Nx92Af8fQXx2fU88ahWIdeJxuxDiQHrTTY9/5pc/hvZAoBt+XI0cQoc8cQ45NesW
Mx1z5uopbbh6kSwxkjn2rH2FT/hG+nf+/68TBMvs2buKWm3NmfZy8YJbf0sLSc1g
s7OQ7cfzHADvmHq7KR0H5Y7+/YIogr0z9k771A2uZqiR8oNqYKTf1vyGULA0voux
Wm93ddNLlafhhaf3YSqKW1Qkmg+julztVN1YKDjNUWfhDxmHg0U2f+pMHyUQyCuw
1NXlzJnvOGgGJQxI7jluajY2ycTtx78lSGWp7m6HQ9PUwgGBNX6gMwIDAQABo4IB
wDCCAbwwFAYDVR0RBA0wC4IJbG9jYWxob3N0MA4GA1UdDwEB/wQEAwIFoDAdBgNV
HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4E
FgQUhXUQJdAsgFAkGltXcN61y3GpO3swfQYDVR0jBHYwdIAUs4qgorpx8agkedSk
WyU2FR5JyM2hUaRPME0xCzAJBgNVBAYTAlhZMSYwJAYDVQQKDB1QeXRob24gU29m
dHdhcmUgRm91bmRhdGlvbiBDQTEWMBQGA1UEAwwNb3VyLWNhLXNlcnZlcoIJAMst
gJlaaVJbMIGDBggrBgEFBQcBAQR3MHUwPAYIKwYBBQUHMAKGMGh0dHA6Ly90ZXN0
Y2EucHl0aG9udGVzdC5uZXQvdGVzdGNhL3B5Y2FjZXJ0LmNlcjA1BggrBgEFBQcw
AYYpaHR0cDovL3Rlc3RjYS5weXRob250ZXN0Lm5ldC90ZXN0Y2Evb2NzcC8wQwYD
VR0fBDwwOjA4oDagNIYyaHR0cDovL3Rlc3RjYS5weXRob250ZXN0Lm5ldC90ZXN0
Y2EvcmV2b2NhdGlvbi5jcmwwDQYJKoZIhvcNAQELBQADggGBAJXzVrvVjHC90d7a
Y7Ap19tgJ9ZZ/WEbMMbQXXN9NOFo4yimieZgvYnTDvRyrXJ2+IYh/XU8+G2+nATh
ggNpbK7QVbpe8sr1D47W2Y3IVkb0+Kx0Khl7jkdwH/v7vWkCoaVKbiEcBBQVVb+/
JEPIFwO+Pizq28ivHf1S39YVSZ7CRGnv8UVDg7IezxQcEz/+nHHL5xsYVjanr0Tx
C6F5REb5Q0Yp2LDKSU1lYNP2jnS8Yp4ejUspmrQN8KJ3WzTkES+nJcXlB3YSrr51
cxXkCn1TOFY/eW1uyu2Aq1btfosc5+PUYjAicOcpsgM8/vo98DbATRGimdMpMSe4
xbgVozxPm3NeK7L7y/11R7gXvSHY5sG5/3OB2CUIbQheHKWDUN5n5trQjlrT8iqx
P7iAIQdqcRVtBetRs1mN1BVGfgKoEwEWmb0DzHBxKiMWeK/R1QGdBLRjk5oEOpIu
5n5zk6X+UJu9DupUhm985RR3/sIoWkoO1y2M6e1hKbJT/2wEvA==
-----END CERTIFICATE-----

 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
ok
test_get_server_certificate_timeout (test.test_ssl.SimpleBackgroundTests) ...  server:  new connection from ('127.0.0.1', 52435)

 server:  bad connection attempt from ('127.0.0.1', 52435):
Traceback (most recent call last):
   File "/Users/runner/work/cpython/cpython/Lib/test/test_ssl.py", line 2347, in wrap_conn
    self.sslconn = self.server.context.wrap_socket(
   File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 518, in wrap_socket
    return self.sslsocket_class._create(
   File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 1070, in _create
    self.do_handshake()
   File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 1339, in do_handshake
    self._sslobj.do_handshake()
 ssl.SSLEOFError: EOF occurred in violation of protocol (_ssl.c:969)
ok
test_makefile_close (test.test_ssl.SimpleBackgroundTests) ...  server:  new connection from ('127.0.0.1', 52437)
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
ok
test_non_blocking_connect_ex (test.test_ssl.SimpleBackgroundTests) ...  server:  new connection from ('127.0.0.1', 52439)
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
ok
test_non_blocking_handshake (test.test_ssl.SimpleBackgroundTests) ...  server:  new connection from ('127.0.0.1', 52441)

Needed 2 calls to do_handshake() to establish session.
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
ok
test_PROTOCOL_TLS (test.test_ssl.ThreadedTests)
Connecting to an SSLv23 server with various client options ... 
 PROTOCOL_TLS->PROTOCOL_TLS CERT_NONE
 PROTOCOL_TLSv1->PROTOCOL_TLS CERT_NONE
 PROTOCOL_TLS->PROTOCOL_TLS CERT_OPTIONAL
 PROTOCOL_TLSv1->PROTOCOL_TLS CERT_OPTIONAL
 PROTOCOL_TLS->PROTOCOL_TLS CERT_REQUIRED
 PROTOCOL_TLSv1->PROTOCOL_TLS CERT_REQUIRED
 PROTOCOL_TLS->PROTOCOL_TLS CERT_NONE
 {PROTOCOL_TLSv1->PROTOCOL_TLS} CERT_NONE
ok
test_alpn_protocols (test.test_ssl.ThreadedTests) ...  server:  new connection from ('127.0.0.1', 52459)
 client:  sending b'FOO\n'...
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
 client:  read b'foo\n'
 client:  sending b'FOO\n'...
 client:  read b'foo\n'
 client:  sending b'FOO\n'...
 client:  read b'foo\n'
 client:  closing connection.
 server:  new connection from ('127.0.0.1', 52461)
 client:  sending b'FOO\n'...
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
 client:  read b'foo\n'
 client:  sending b'FOO\n'...
 client:  read b'foo\n'
 client:  sending b'FOO\n'...
 client:  read b'foo\n'
 client:  closing connection.
 server:  new connection from ('127.0.0.1', 52463)
 client:  sending b'FOO\n'...
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
 client:  read b'foo\n'
 client:  sending b'FOO\n'...
 client:  read b'foo\n'
 client:  sending b'FOO\n'...
 client:  read b'foo\n'
 client:  closing connection.
 server:  new connection from ('127.0.0.1', 52465)
 client:  sending b'FOO\n'...
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
 client:  read b'foo\n'
 client:  sending b'FOO\n'...
 client:  read b'foo\n'
 client:  sending b'FOO\n'...
 client:  read b'foo\n'
 client:  closing connection.
ok
test_asyncore_server (test.test_ssl.ThreadedTests)
Check the example asyncore integration. ... 
 server:  new connection from 127.0.0.1:52467
 client:  sending b'FOO\n'...
 server:  read b'FOO\n' from client
 client:  read b'foo\n'
 client:  closing connection.
 client:  connection closed.
 cleanup: stopping server.
 server:  read b'over\n' from client
 cleanup: joining server thread.
 server:  closed connection <ssl.SSLSocket [closed] fd=-1, family=AF_INET, type=SOCK_STREAM, proto=0>
 server:  read b'' from client
 cleanup: successfully joined.
ok
test_check_hostname (test.test_ssl.ThreadedTests) ... 
 server:  new connection from ('127.0.0.1', 52469)
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
 server:  new connection from ('127.0.0.1', 52471)

 server:  bad connection attempt from ('127.0.0.1', 52471):
Traceback (most recent call last):
   File "/Users/runner/work/cpython/cpython/Lib/test/test_ssl.py", line 2347, in wrap_conn
    self.sslconn = self.server.context.wrap_socket(
   File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 518, in wrap_socket
    return self.sslsocket_class._create(
   File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 1070, in _create
    self.do_handshake()
   File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 1339, in do_handshake
    self._sslobj.do_handshake()
 ssl.SSLError: [SSL: SSLV3_ALERT_BAD_CERTIFICATE] sslv3 alert bad certificate (_ssl.c:969)
ok
test_check_hostname_idn (test.test_ssl.ThreadedTests) ... 
 server:  new connection from ('127.0.0.1', 52474)
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
 server:  new connection from ('127.0.0.1', 52476)
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
 server:  new connection from ('127.0.0.1', 52478)
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
 server:  new connection from ('127.0.0.1', 52480)
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
 server:  new connection from ('127.0.0.1', 52482)
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
 server:  new connection from ('127.0.0.1', 52484)
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
 server:  new connection from ('127.0.0.1', 52486)
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
 server:  new connection from ('127.0.0.1', 52488)
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
 server:  new connection from ('127.0.0.1', 52490)

 server:  bad connection attempt from ('127.0.0.1', 52490):
Traceback (most recent call last):
   File "/Users/runner/work/cpython/cpython/Lib/test/test_ssl.py", line 2347, in wrap_conn
    self.sslconn = self.server.context.wrap_socket(
   File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 518, in wrap_socket
    return self.sslsocket_class._create(
   File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 1070, in _create
    self.do_handshake()
   File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 1339, in do_handshake
    self._sslobj.do_handshake()
 ssl.SSLError: [SSL: SSLV3_ALERT_BAD_CERTIFICATE] sslv3 alert bad certificate (_ssl.c:969)
ok
test_compression (test.test_ssl.ThreadedTests) ...  server:  new connection from ('127.0.0.1', 52492)
 client:  sending b'FOO\n'...
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
 client:  read b'foo\n'
 client:  sending b'FOO\n'...
 client:  read b'foo\n'
 client:  sending b'FOO\n'...
 client:  read b'foo\n'
 client:  closing connection.
 got compression: None
ok
test_compression_disabled (test.test_ssl.ThreadedTests) ...  server:  new connection from ('127.0.0.1', 52494)
 client:  sending b'FOO\n'...
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
 client:  read b'foo\n'
 client:  sending b'FOO\n'...
 client:  read b'foo\n'
 client:  sending b'FOO\n'...
 client:  read b'foo\n'
 client:  closing connection.
ok
test_crl_check (test.test_ssl.ThreadedTests) ... 
 server:  new connection from ('127.0.0.1', 52496)
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
 server:  new connection from ('127.0.0.1', 52498)

 server:  bad connection attempt from ('127.0.0.1', 52498):
Traceback (most recent call last):
   File "/Users/runner/work/cpython/cpython/Lib/test/test_ssl.py", line 2347, in wrap_conn
    self.sslconn = self.server.context.wrap_socket(
   File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 518, in wrap_socket
    return self.sslsocket_class._create(
   File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 1070, in _create
    self.do_handshake()
   File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 1339, in do_handshake
    self._sslobj.do_handshake()
 ssl.SSLError: [SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:969)
 server:  new connection from ('127.0.0.1', 52500)
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
ok
test_default_ecdh_curve (test.test_ssl.ThreadedTests) ...  server:  new connection from ('127.0.0.1', 52502)
 server: connection cipher is now ('ECDHE-RSA-AES256-GCM-SHA384', 'TLSv1.2', 256)
ok
test_dh_params (test.test_ssl.ThreadedTests) ...  server:  new connection from ('127.0.0.1', 52504)
 server: connection cipher is now ('DHE-RSA-AES256-GCM-SHA384', 'TLSv1.2', 256)
 client:  sending b'FOO\n'...
 client:  read b'foo\n'
 client:  sending b'FOO\n'...
 client:  read b'foo\n'
 client:  sending b'FOO\n'...
 client:  read b'foo\n'
 client:  closing connection.
ok
test_do_handshake_enotconn (test.test_ssl.ThreadedTests) ... ok
test_dual_rsa_ecc (test.test_ssl.ThreadedTests) ...  server:  new connection from ('127.0.0.1', 52506)
 server: connection cipher is now ('ECDHE-ECDSA-AES256-GCM-SHA384', 'TLSv1.2', 256)
ok
test_ecc_cert (test.test_ssl.ThreadedTests) ...  server:  new connection from ('127.0.0.1', 52508)
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
ok
test_ecdh_curve (test.test_ssl.ThreadedTests) ...  server:  new connection from ('127.0.0.1', 52510)
 client:  sending b'FOO\n'...
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
 client:  read b'foo\n'
 client:  sending b'FOO\n'...
 client:  read b'foo\n'
 client:  sending b'FOO\n'...
 client:  read b'foo\n'
 client:  closing connection.
 server:  new connection from ('127.0.0.1', 52512)
 client:  sending b'FOO\n'...
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
 client:  read b'foo\n'
 client:  sending b'FOO\n'...
 client:  read b'foo\n'
 client:  sending b'FOO\n'...
 client:  read b'foo\n'
 client:  closing connection.
 server:  new connection from ('127.0.0.1', 52514)

 server:  bad connection attempt from ('127.0.0.1', 52514):
Traceback (most recent call last):
   File "/Users/runner/work/cpython/cpython/Lib/test/test_ssl.py", line 2347, in wrap_conn
    self.sslconn = self.server.context.wrap_socket(
   File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 518, in wrap_socket
    return self.sslsocket_class._create(
   File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 1070, in _create
    self.do_handshake()
   File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 1339, in do_handshake
    self._sslobj.do_handshake()
 ssl.SSLError: [SSL: NO_SUITABLE_KEY_SHARE] no suitable key share (_ssl.c:969)
ok
test_echo (test.test_ssl.ThreadedTests)
Basic test of an SSL client connecting to a server ... 
 server:  new connection from ('127.0.0.1', 52516)
 client:  sending b'FOO\n'...
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
 client:  read b'foo\n'
 client:  sending b'FOO\n'...
 client:  read b'foo\n'
 client:  sending b'FOO\n'...
 client:  read b'foo\n'
 client:  closing connection.
 server:  new connection from ('127.0.0.1', 52518)

 server:  bad connection attempt from ('127.0.0.1', 52518):
Traceback (most recent call last):
   File "/Users/runner/work/cpython/cpython/Lib/test/test_ssl.py", line 2347, in wrap_conn
    self.sslconn = self.server.context.wrap_socket(
   File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 518, in wrap_socket
    return self.sslsocket_class._create(
   File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 1070, in _create
    self.do_handshake()
   File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 1339, in do_handshake
    self._sslobj.do_handshake()
 ssl.SSLError: [SSL] called a function you should not call (_ssl.c:969)
 server:  new connection from ('127.0.0.1', 52520)

 server:  bad connection attempt from ('127.0.0.1', 52520):
Traceback (most recent call last):
   File "/Users/runner/work/cpython/cpython/Lib/test/test_ssl.py", line 2347, in wrap_conn
    self.sslconn = self.server.context.wrap_socket(
   File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 518, in wrap_socket
    return self.sslsocket_class._create(
   File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 1070, in _create
    self.do_handshake()
   File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 1339, in do_handshake
    self._sslobj.do_handshake()
 ssl.SSLEOFError: EOF occurred in violation of protocol (_ssl.c:969)
 server:  new connection from ('127.0.0.1', 52522)

 server:  bad connection attempt from ('127.0.0.1', 52522):
Traceback (most recent call last):
   File "/Users/runner/work/cpython/cpython/Lib/test/test_ssl.py", line 2347, in wrap_conn
    self.sslconn = self.server.context.wrap_socket(
   File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 518, in wrap_socket
    return self.sslsocket_class._create(
   File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 1070, in _create
    self.do_handshake()
   File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 1339, in do_handshake
    self._sslobj.do_handshake()
 ssl.SSLError: [SSL] called a function you should not call (_ssl.c:969)
ok
test_getpeercert (test.test_ssl.ThreadedTests) ... 
{'OCSP': ('http://testca.pythontest.net/testca/ocsp/',),
 'caIssuers': ('http://testca.pythontest.net/testca/pycacert.cer',),
 'crlDistributionPoints': ('http://testca.pythontest.net/testca/revocation.crl',),
 'issuer': ((('countryName', 'XY'),),
            (('organizationName', 'Python Software Foundation CA'),),
            (('commonName', 'our-ca-server'),)),
 'notAfter': 'Oct 28 14:23:16 2037 GMT',
 'notBefore': 'Aug 29 14:23:16 2018 GMT',
 'serialNumber': 'CB2D80995A69525C',
 'subject': ((('countryName', 'XY'),),
             (('localityName', 'Castle Anthrax'),),
             (('organizationName', 'Python Software Foundation'),),
             (('commonName', 'localhost'),)),
 'subjectAltName': (('DNS', 'localhost'),),
 'version': 3}
Connection cipher is ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256).
ok
test_getpeercert_enotconn (test.test_ssl.ThreadedTests) ... ok
test_handshake_timeout (test.test_ssl.ThreadedTests) ... ok
test_hostname_checks_common_name (test.test_ssl.ThreadedTests) ...  server:  new connection from ('127.0.0.1', 52529)
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
 server:  new connection from ('127.0.0.1', 52531)

 server:  bad connection attempt from ('127.0.0.1', 52531):
Traceback (most recent call last):
   File "/Users/runner/work/cpython/cpython/Lib/test/test_ssl.py", line 2347, in wrap_conn
    self.sslconn = self.server.context.wrap_socket(
   File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 518, in wrap_socket
    return self.sslsocket_class._create(
   File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 1070, in _create
    self.do_handshake()
   File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 1339, in do_handshake
    self._sslobj.do_handshake()
 ssl.SSLError: [SSL: SSLV3_ALERT_BAD_CERTIFICATE] sslv3 alert bad certificate (_ssl.c:969)
ok
test_min_max_version_mismatch (test.test_ssl.ThreadedTests) ...  server:  new connection from ('127.0.0.1', 52533)

 server:  bad connection attempt from ('127.0.0.1', 52533):
Traceback (most recent call last):
   File "/Users/runner/work/cpython/cpython/Lib/test/test_ssl.py", line 2347, in wrap_conn
    self.sslconn = self.server.context.wrap_socket(
   File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 518, in wrap_socket
    return self.sslsocket_class._create(
   File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 1070, in _create
    self.do_handshake()
   File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 1339, in do_handshake
    self._sslobj.do_handshake()
 ssl.SSLError: [SSL: UNSUPPORTED_PROTOCOL] unsupported protocol (_ssl.c:969)
ok
test_min_max_version_sslv3 (test.test_ssl.ThreadedTests) ... skipped 'SSLv3 is not available.'
test_min_max_version_tlsv1_1 (test.test_ssl.ThreadedTests) ...  server:  new connection from ('127.0.0.1', 52535)
 server: connection cipher is now ('ECDHE-RSA-AES256-SHA', 'TLSv1.0', 256)
ok
test_min_max_version_tlsv1_2 (test.test_ssl.ThreadedTests) ...  server:  new connection from ('127.0.0.1', 52537)
 server: connection cipher is now ('ECDHE-RSA-AES256-GCM-SHA384', 'TLSv1.2', 256)
ok
test_no_shared_ciphers (test.test_ssl.ThreadedTests) ...  server:  new connection from ('127.0.0.1', 52539)

 server:  bad connection attempt from ('127.0.0.1', 52539):
Traceback (most recent call last):
   File "/Users/runner/work/cpython/cpython/Lib/test/test_ssl.py", line 2347, in wrap_conn
    self.sslconn = self.server.context.wrap_socket(
   File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 518, in wrap_socket
    return self.sslsocket_class._create(
   File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 1070, in _create
    self.do_handshake()
   File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 1339, in do_handshake
    self._sslobj.do_handshake()
 ssl.SSLError: [SSL: NO_SHARED_CIPHER] no shared cipher (_ssl.c:969)
ok
test_nonblocking_send (test.test_ssl.ThreadedTests) ...  server:  new connection from ('127.0.0.1', 52541)
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
Test server failure:
Traceback (most recent call last):
   File "/Users/runner/work/cpython/cpython/Lib/test/test_ssl.py", line 2491, in run
    self.write(msg.lower())
   File "/Users/runner/work/cpython/cpython/Lib/test/test_ssl.py", line 2410, in write
    return self.sslconn.write(bytes)
   File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 1148, in write
    return self._sslobj.write(data)
 ssl.SSLEOFError: EOF occurred in violation of protocol (_ssl.c:2286)
ok
test_npn_protocols (test.test_ssl.ThreadedTests) ... ok
test_protocol_sslv2 (test.test_ssl.ThreadedTests)
Connecting to an SSLv2 server with various client options ... skipped 'SSLv2 is not available.'
test_protocol_sslv3 (test.test_ssl.ThreadedTests)
Connecting to an SSLv3 server with various client options ... skipped 'SSLv3 is not available.'
test_protocol_tlsv1 (test.test_ssl.ThreadedTests)
Connecting to a TLSv1 server with various client options ... 
 PROTOCOL_TLSv1->PROTOCOL_TLSv1 CERT_NONE
 PROTOCOL_TLSv1->PROTOCOL_TLSv1 CERT_OPTIONAL
 PROTOCOL_TLSv1->PROTOCOL_TLSv1 CERT_REQUIRED
 {PROTOCOL_TLS->PROTOCOL_TLSv1} CERT_NONE
ok
test_protocol_tlsv1_1 (test.test_ssl.ThreadedTests)
Connecting to a TLSv1.1 server with various client options. ... 
 PROTOCOL_TLSv1_1->PROTOCOL_TLSv1_1 CERT_NONE
 {PROTOCOL_TLS->PROTOCOL_TLSv1_1} CERT_NONE
 PROTOCOL_TLSv1_1->PROTOCOL_TLS CERT_NONE
 {PROTOCOL_TLSv1_2->PROTOCOL_TLSv1_1} CERT_NONE
 {PROTOCOL_TLSv1_1->PROTOCOL_TLSv1_2} CERT_NONE
ok
test_protocol_tlsv1_2 (test.test_ssl.ThreadedTests)
Connecting to a TLSv1.2 server with various client options. ... 
 PROTOCOL_TLSv1_2->PROTOCOL_TLSv1_2 CERT_NONE
 {PROTOCOL_TLS->PROTOCOL_TLSv1_2} CERT_NONE
 PROTOCOL_TLSv1_2->PROTOCOL_TLS CERT_NONE
 {PROTOCOL_TLSv1->PROTOCOL_TLSv1_2} CERT_NONE
 {PROTOCOL_TLSv1_2->PROTOCOL_TLSv1} CERT_NONE
 {PROTOCOL_TLSv1_1->PROTOCOL_TLSv1_2} CERT_NONE
 {PROTOCOL_TLSv1_2->PROTOCOL_TLSv1_1} CERT_NONE
ok
test_read_write_after_close_raises_valuerror (test.test_ssl.ThreadedTests) ... ok
test_recv_send (test.test_ssl.ThreadedTests)
Test recv(), send() and friends. ... 
 server:  new connection from ('127.0.0.1', 52577)
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
ok
test_recv_zero (test.test_ssl.ThreadedTests) ...  server:  new connection from ('127.0.0.1', 52580)
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
ok
test_rude_shutdown (test.test_ssl.ThreadedTests)
A brutal shutdown of an SSL server should raise an OSError ... ok
test_selected_alpn_protocol (test.test_ssl.ThreadedTests) ...  server:  new connection from ('127.0.0.1', 52584)
 client:  sending b'FOO\n'...
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
 client:  read b'foo\n'
 client:  sending b'FOO\n'...
 client:  read b'foo\n'
 client:  sending b'FOO\n'...
 client:  read b'foo\n'
 client:  closing connection.
ok
test_selected_alpn_protocol_if_server_uses_alpn (test.test_ssl.ThreadedTests) ...  server:  new connection from ('127.0.0.1', 52586)
 client:  sending b'FOO\n'...
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
 client:  read b'foo\n'
 client:  sending b'FOO\n'...
 client:  read b'foo\n'
 client:  sending b'FOO\n'...
 client:  read b'foo\n'
 client:  closing connection.
ok
test_sendfile (test.test_ssl.ThreadedTests) ... ok
test_server_accept (test.test_ssl.ThreadedTests) ... ok
test_session (test.test_ssl.ThreadedTests) ...  server:  new connection from ('127.0.0.1', 52592)
 server: connection cipher is now ('ECDHE-RSA-AES256-GCM-SHA384', 'TLSv1.2', 256)
 server:  new connection from ('127.0.0.1', 52594)
 server: connection cipher is now ('ECDHE-RSA-AES256-GCM-SHA384', 'TLSv1.2', 256)
 server:  new connection from ('127.0.0.1', 52596)
 server: connection cipher is now ('ECDHE-RSA-AES256-GCM-SHA384', 'TLSv1.2', 256)
 server:  new connection from ('127.0.0.1', 52598)
 server: connection cipher is now ('ECDHE-RSA-AES256-GCM-SHA384', 'TLSv1.2', 256)
ok
test_session_handling (test.test_ssl.ThreadedTests) ... ok
test_shared_ciphers (test.test_ssl.ThreadedTests) ...  server:  new connection from ('127.0.0.1', 52604)
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
ok
test_sni_callback (test.test_ssl.ThreadedTests) ...  server:  new connection from ('127.0.0.1', 52606)
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
 server:  new connection from ('127.0.0.1', 52608)
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
 server:  new connection from ('127.0.0.1', 52610)
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
ok
test_sni_callback_alert (test.test_ssl.ThreadedTests) ... ok
test_sni_callback_raising (test.test_ssl.ThreadedTests) ... ok
test_sni_callback_wrong_return_type (test.test_ssl.ThreadedTests) ... ok
test_socketserver (test.test_ssl.ThreadedTests)
Using socketserver to create and manage SSL connections. ... 
 server (('127.0.0.1', 52617):52617 ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)):
   [26/Apr/2021 11:43:19] "GET /keycert.pem HTTP/1.1" 200 -
 client: read 4058 bytes from remote server '<HTTPSServerThread <HTTPSServer 1.0.0.127.in-addr.arpa:52617>>'
stopping HTTPS server
joining HTTPS thread
ok
test_ssl_cert_verify_error (test.test_ssl.ThreadedTests) ... 
 server:  new connection from ('127.0.0.1', 52621)

 server:  bad connection attempt from ('127.0.0.1', 52621):
Traceback (most recent call last):
   File "/Users/runner/work/cpython/cpython/Lib/test/test_ssl.py", line 2347, in wrap_conn
    self.sslconn = self.server.context.wrap_socket(
   File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 518, in wrap_socket
    return self.sslsocket_class._create(
   File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 1070, in _create
    self.do_handshake()
   File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 1339, in do_handshake
    self._sslobj.do_handshake()
 ssl.SSLError: [SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:969)
ok
test_starttls (test.test_ssl.ThreadedTests)
Switching from clear text to encrypted and back again. ... 
 client:  sending b'msg 1'...
 server:  new connection from ('127.0.0.1', 52623)
 server: read b'msg 1' (unencrypted), sending back b'msg 1' (unencrypted)...
 client:  read b'msg 1' from server
 client:  sending b'MSG 2'...
 server: read b'MSG 2' (unencrypted), sending back b'msg 2' (unencrypted)...
 client:  read b'msg 2' from server
 client:  sending b'STARTTLS'...
 server: read STARTTLS from client, sending OK...
 client:  read b'ok' from server, starting TLS...
 client:  sending b'MSG 3'...
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
 server: read b'MSG 3' (encrypted), sending back b'msg 3' (encrypted)...
 client:  read b'msg 3' from server
 client:  sending b'msg 4'...
 server: read b'msg 4' (encrypted), sending back b'msg 4' (encrypted)...
 client:  read b'msg 4' from server
 client:  sending b'ENDTLS'...
 server: read ENDTLS from client, sending OK...
 client:  read b'ok' from server, ending TLS...
 client:  sending b'msg 5'...
 server: connection is now unencrypted...
 server: read b'msg 5' (unencrypted), sending back b'msg 5' (unencrypted)...
 client:  read b'msg 5' from server
 client:  sending b'msg 6'...
 server: read b'msg 6' (unencrypted), sending back b'msg 6' (unencrypted)...
 client:  read b'msg 6' from server
 client:  closing connection.
 server: client closed connection
ok
test_tls1_3 (test.test_ssl.ThreadedTests) ...  server:  new connection from ('127.0.0.1', 52625)
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
ok
test_tls_unique_channel_binding (test.test_ssl.ThreadedTests)
Test tls-unique channel binding. ... 
 server:  new connection from ('127.0.0.1', 52627)
 got channel binding data: b'\xb6\xc4\x94=\xb1\xc0\xe1\x05\xbd\x803\xd1\xec\x14,\x95\x8d\xbe!\xbf\xa6\x93\x06)\xc0(U\r\x8d\xdcA\xe9\xa2\xef\xae*6\xa8\xb5~;\x8f\xd9\xa6\x141x\xa2'
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
 server:  new connection from ('127.0.0.1', 52628)
got another channel binding data: b'N1\xb3OAX\xaa\x05dD/~\x8a\xcbM\xf3\x1b\x1a<\x98:\xb9\x80\xf6b\xe3\x1a\x0e\x9e\xf6\x87\xde\xfc\xfc\xc4\x93t\x90a\xb7\xa6O\xdf\xcc\x10\xdf?y'
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
ok
test_version_basic (test.test_ssl.ThreadedTests)
Basic tests for SSLSocket.version(). ... ok
test_wrong_cert_tls12 (test.test_ssl.ThreadedTests)
Connecting when the server rejects the client's certificate ...  server:  new connection from ('127.0.0.1', 52632)

SSLError is SSLError(1, '[SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:969)')

 server:  bad connection attempt from ('127.0.0.1', 52632):
Traceback (most recent call last):
   File "/Users/runner/work/cpython/cpython/Lib/test/test_ssl.py", line 2347, in wrap_conn
    self.sslconn = self.server.context.wrap_socket(
   File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 518, in wrap_socket
    return self.sslsocket_class._create(
   File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 1070, in _create
    self.do_handshake()
   File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 1339, in do_handshake
    self._sslobj.do_handshake()
 ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:969)
ok
test_wrong_cert_tls13 (test.test_ssl.ThreadedTests) ...  server:  new connection from ('127.0.0.1', 52634)

SSLError is SSLError(1, '[SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:2438)')

 server:  bad connection attempt from ('127.0.0.1', 52634):
Traceback (most recent call last):
   File "/Users/runner/work/cpython/cpython/Lib/test/test_ssl.py", line 2347, in wrap_conn
    self.sslconn = self.server.context.wrap_socket(
   File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 518, in wrap_socket
    return self.sslsocket_class._create(
   File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 1070, in _create
    self.do_handshake()
   File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 1339, in do_handshake
    self._sslobj.do_handshake()
 ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:969)
ok
test_bpo37428_pha_cert_none (test.test_ssl.TestPostHandshakeAuth) ... ok
test_pha_no_pha_client (test.test_ssl.TestPostHandshakeAuth) ... ok
test_pha_no_pha_server (test.test_ssl.TestPostHandshakeAuth) ... ok
test_pha_not_tls13 (test.test_ssl.TestPostHandshakeAuth) ... ok
test_pha_optional (test.test_ssl.TestPostHandshakeAuth) ... 
ok
test_pha_optional_nocert (test.test_ssl.TestPostHandshakeAuth) ... 
ok
test_pha_required (test.test_ssl.TestPostHandshakeAuth) ... ok
test_pha_required_nocert (test.test_ssl.TestPostHandshakeAuth) ...  server:  new connection from ('127.0.0.1', 52650)
 client cert is None
 client did not provide a cert
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
TLS: (<ssl.SSLSocket fd=7, family=AF_INET, type=SOCK_STREAM, proto=0, laddr=('127.0.0.1', 52649), raddr=('127.0.0.1', 52650)>, 'write', TLSVersion.TLSv1_3, _TLSContentType.ALERT, _TLSAlertType.CERTIFICATE_REQUIRED, b'\x02t')
TLS: (<ssl.SSLSocket fd=6, family=AF_INET, type=SOCK_STREAM, proto=0, laddr=('127.0.0.1', 52650), raddr=('127.0.0.1', 52649)>, 'read', TLSVersion.TLSv1_3, _TLSContentType.ALERT, _TLSAlertType.CERTIFICATE_REQUIRED, b'\x02t')
Test server failure:
Traceback (most recent call last):
   File "/Users/runner/work/cpython/cpython/Lib/test/test_ssl.py", line 2427, in run
    msg = self.read()
   File "/Users/runner/work/cpython/cpython/Lib/test/test_ssl.py", line 2404, in read
    return self.sslconn.read()
   File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 1131, in read
    return self._sslobj.read(len)
 ssl.SSLError: [SSL: PEER_DID_NOT_RETURN_A_CERTIFICATE] peer did not return a certificate (_ssl.c:2438)
ok
test_pha_setter (test.test_ssl.TestPostHandshakeAuth) ... ok
test_keylog_defaults (test.test_ssl.TestSSLDebug) ... ok
test_keylog_env (test.test_ssl.TestSSLDebug) ... skipped 'test is not compatible with ignore_environment'
test_keylog_filename (test.test_ssl.TestSSLDebug) ... ok
test_msg_callback (test.test_ssl.TestSSLDebug) ... ok
test_msg_callback_deadlock_bpo43577 (test.test_ssl.TestSSLDebug) ... ok
test_msg_callback_tls12 (test.test_ssl.TestSSLDebug) ... ok
test_get_server_certificate_ipv6 (test.test_ssl.NetworkedTests) ... skipped "Resource 'ipv6.google.com' is not available"
test test_ssl failed
test_timeout_connect_ex (test.test_ssl.NetworkedTests) ... ok

======================================================================
ERROR: test_connect_capath (test.test_ssl.SimpleBackgroundTests)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/Users/runner/work/cpython/cpython/Lib/test/test_ssl.py", line 2045, in test_connect_capath
    s.connect(self.server_addr)
  File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 1372, in connect
    self._real_connect(addr, False)
  File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 1363, in _real_connect
    self.do_handshake()
  File "/Users/runner/work/cpython/cpython/Lib/ssl.py", line 1339, in do_handshake
    self._sslobj.do_handshake()
ConnectionResetError: [Errno 54] Connection reset by peer

----------------------------------------------------------------------

Ran 164 tests in 29.112s

FAILED (errors=1, skipped=10)
1 test failed again:
    test_ssl
msg391923 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2021-04-26 13:22
I have seen the test fail before. It seems to be flaky on macOS but it fails only very rarely.
msg391927 - (view) Author: Pablo Galindo Salgado (pablogsal) * (Python committer) Date: 2021-04-26 13:37
> it fails only very rarely.

Unfortunately, in https://github.com/python/cpython/pull/25584 it has failed 3 times in a row. That's why I decided to open the issue.

Let me re-run again.
msg392805 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2021-05-03 13:17
I'm still unsure why tests are sometimes failing. Test fail rarely on macOS and Windows. When tests are failing it's usually a bunch of tests that fail with "connection reset by peer". I suspect that the listener backlog and timeout of the server socket is too aggressive.
msg392816 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2021-05-03 15:45
New changeset c715b524210050bdd2a2e233817246d443bbb236 by Christian Heimes in branch 'master':
bpo-43943: ssl tests: Increase server socket timeout, backlog, debugging (GH-25850)
https://github.com/python/cpython/commit/c715b524210050bdd2a2e233817246d443bbb236
msg392818 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2021-05-03 15:47
fingers crossed!
History
Date User Action Args
2022-04-11 14:59:44adminsetstatus: pending -> open
github: 88109
2021-05-03 16:53:23christian.heimessetstatus: open -> pending
assignee: christian.heimes
components: + Tests, SSL, - Installation
2021-05-03 16:52:09mohansaisetnosy: - ronaldoussoren, ned.deily
components: + Installation, - macOS
2021-05-03 16:49:30mohansaisetstatus: pending -> open
nosy: + ronaldoussoren, ned.deily
components: + macOS
2021-05-03 15:47:53christian.heimessetstatus: open -> pending
type: behavior
resolution: fixed
messages: + msg392818
2021-05-03 15:45:09christian.heimessetmessages: + msg392816
2021-05-03 13:17:42christian.heimessetmessages: + msg392805
2021-05-03 13:13:00christian.heimessetkeywords: + patch
stage: patch review
pull_requests: + pull_request24533
2021-04-26 13:37:41pablogsalsetmessages: + msg391927
2021-04-26 13:22:22christian.heimessetmessages: + msg391923
2021-04-26 12:53:27pablogsalcreate