Title: SSL issues on "Ubuntu i386" buildbots
Type: Stage:
Components: Tests Versions: Python 3.2, Python 2.7
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: doko, pitrou
Priority: normal Keywords:

Created on 2010-07-29 11:33 by pitrou, last changed 2010-08-04 17:49 by pitrou. This issue is now closed.

Messages (6)
msg111911 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2010-07-29 11:33
The buildslaves "i386 Ubuntu" have been exhibiting some strange behaviour for some time now:

ERROR: test_protocol_sslv2 (test.test_ssl.ThreadedTests)
Connecting to an SSLv2 server with various client options
Traceback (most recent call last):
  File "/scratch/pybot-buildarea/2.7.klose-ubuntu-i386/build/Lib/test/", line 879, in test_protocol_sslv2
    try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv2, True)
  File "/scratch/pybot-buildarea/2.7.klose-ubuntu-i386/build/Lib/test/", line 751, in try_protocol_combo
    ciphers="ALL", chatty=False)
  File "/scratch/pybot-buildarea/2.7.klose-ubuntu-i386/build/Lib/test/", line 703, in server_params_test
    s.connect((HOST, server.port))
  File "/scratch/pybot-buildarea/2.7.klose-ubuntu-i386/build/Lib/", line 295, in connect
    self.ca_certs, self.ciphers)
SSLError: _ssl.c:312: Invalid SSL protocol variant specified.


ERROR: test_constructor (test.test_ssl.ContextTests)
Traceback (most recent call last):
  File "/scratch/pybot-buildarea/3.x.klose-ubuntu-i386/build/Lib/test/", line 179, in test_constructor
    ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv2)
  File "/scratch/pybot-buildarea/3.x.klose-ubuntu-i386/build/Lib/", line 96, in __new__
    return _SSLContext.__new__(cls, protocol)
ssl.SSLError: failed to allocate SSL context


Matthias, can you give us more information about the system setup on these buildbots? It seems its OpenSSL library refuses to allocate any SSL context for the SSL v2 protocol. Is it some kind of patch added by the Ubuntu OpenSSL maintainers in order to disable SSLv2 entirely?
msg112083 - (view) Author: Matthias Klose (doko) * (Python committer) Date: 2010-07-30 14:39
msg112084 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2010-07-30 14:47
> see

Why are they doing that? SSLv2 ciphers are disabled by default anyway
(in newer OpenSSL versions, that is).

If Ubuntu is adding hacks to the libraries they're packaging, I'm not
willing to add a workaround to the test suite in order for the tests to
msg112834 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2010-08-04 17:20
I'm trying to skip, rather brutally, the failing tests in r83727.
msg112837 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2010-08-04 17:40
Committed similar skips for 2.7 in r83728. Let's see what the buildbot says.
msg112842 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2010-08-04 17:49
Things are apparently fine now.
Date User Action Args
2010-08-04 17:49:52pitrousetstatus: open -> closed
resolution: fixed
messages: + msg112842
2010-08-04 17:40:33pitrousetmessages: + msg112837
2010-08-04 17:20:54pitrousetmessages: + msg112834
2010-07-30 14:47:41pitrousetmessages: + msg112084
2010-07-30 14:39:08dokosetmessages: + msg112083
2010-07-29 11:33:38pitroucreate