This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: test_ssl: 2 tests fail on cstratak-CentOS9-fips-x86_64
Type: behavior Stage:
Components: SSL, Tests Versions: Python 3.11, Python 3.10, Python 3.9
process
Status: open Resolution:
Dependencies: Superseder:
Assigned To: Nosy List: christian.heimes, cstratak, vstinner
Priority: normal Keywords:

Created on 2022-02-04 09:54 by vstinner, last changed 2022-04-11 14:59 by admin.

Messages (2)
msg412497 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2022-02-04 09:54
test_load_verify_cadata() and test_connect_cadata() of test_ssl fail on cstratak-CentOS9-fips-x86_64 (with OpenSSL FIPS mode enabled):
https://buildbot.python.org/all/#builders/828/builds/63

test.pythoninfo:

fips.linux_crypto_fips_enabled: 1
fips.openssl_fips_mode: 1
ssl.OPENSSL_VERSION: OpenSSL 3.0.1 14 Dec 2021
ssl.OPENSSL_VERSION_INFO: (3, 0, 0, 1, 0)

Logs:

======================================================================
ERROR: test_load_verify_cadata (test.test_ssl.ContextTests)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/buildbot/buildarea/3.x.cstratak-CentOS9-fips-x86_64.no-builtin-hashes-except-blake2/build/Lib/test/test_ssl.py", line 1494, in test_load_verify_cadata
    ctx.load_verify_locations(cadata=cacert_der)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
ssl.SSLError: [EVP] unsupported (_ssl.c:3998)

======================================================================
ERROR: test_connect_cadata (test.test_ssl.SimpleBackgroundTests)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/buildbot/buildarea/3.x.cstratak-CentOS9-fips-x86_64.no-builtin-hashes-except-blake2/build/Lib/test/test_ssl.py", line 2138, in test_connect_cadata
    ctx.load_verify_locations(cadata=der)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
ssl.SSLError: [EVP] unsupported (_ssl.c:3998)

Stdout:
 server:  new connection from ('127.0.0.1', 49102)
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
msg413740 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2022-02-22 18:58
Same on AMD64 CentOS9 FIPS Only Blake2 Builtin Hash 3.x:
https://buildbot.python.org/all/#/builders/828/builds/196

test.pythoninfo:

fips.linux_crypto_fips_enabled: 1
fips.openssl_fips_mode: 1
ssl.OPENSSL_VERSION: OpenSSL 3.0.1 14 Dec 2021
ssl.OPENSSL_VERSION_INFO: (3, 0, 0, 1, 0)

======================================================================
ERROR: test_load_verify_cadata (test.test_ssl.ContextTests)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/buildbot/buildarea/3.x.cstratak-CentOS9-fips-x86_64.no-builtin-hashes-except-blake2/build/Lib/test/test_ssl.py", line 1494, in test_load_verify_cadata
    ctx.load_verify_locations(cadata=cacert_der)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
ssl.SSLError: [EVP] unsupported (_ssl.c:4009)

======================================================================
ERROR: test_connect_cadata (test.test_ssl.SimpleBackgroundTests)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/buildbot/buildarea/3.x.cstratak-CentOS9-fips-x86_64.no-builtin-hashes-except-blake2/build/Lib/test/test_ssl.py", line 2138, in test_connect_cadata
    ctx.load_verify_locations(cadata=der)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
ssl.SSLError: [EVP] unsupported (_ssl.c:4009)

Stdout:
 server:  new connection from ('127.0.0.1', 38484)
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
History
Date User Action Args
2022-04-11 14:59:55adminsetgithub: 90790
2022-02-22 18:58:00vstinnersetmessages: + msg413740
2022-02-05 13:40:17christian.heimessetassignee: christian.heimes ->
type: behavior
versions: + Python 3.9, Python 3.10
2022-02-04 09:55:31vstinnersetnosy: + cstratak
2022-02-04 09:54:45vstinnercreate