New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
test_ssl handshake failure #65445
Comments
Not sure if this is related with issue bpo-13626 which is the only thing that Google knows about these handshake failures. In case it matters: $ openssl version
OpenSSL 1.0.1f 6 Jan 2014 == CPython 2.7.6 (default, Apr 14 2014, 15:12:21) [GCC 4.8.2] {'issuer': ((('countryName', u'US'),),
(('organizationName', u'VeriSign, Inc.'),),
(('organizationalUnitName', u'VeriSign Trust Network'),),
(('organizationalUnitName',
u'Terms of use at https://www.verisign.com/rpa (c)10'),),
(('commonName',
u'VeriSign Class 3 International Server CA - G3'),)),
'notAfter': 'Sep 20 23:59:59 2012 GMT',
'notBefore': 'Sep 21 00:00:00 2011 GMT',
'serialNumber': '2EE6EA7640A075CEE5005F4D7C79549A',
'subject': ((('countryName', u'FI'),),
(('stateOrProvinceName', u'Espoo'),),
(('localityName', u'Espoo'),),
(('organizationName', u'Nokia'),),
(('organizationalUnitName', u'BI'),),
(('commonName', u'projects.developer.nokia.com'),)),
'subjectAltName': (('DNS', 'projects.developer.nokia.com'),
('DNS', 'projects.forum.nokia.com')),
'version': 3}
ok
test_parse_cert_CVE_2013_4238 (test.test_ssl.BasicSocketTests) ...
{'issuer': ((('countryName', u'US'),),
(('stateOrProvinceName', u'Oregon'),),
(('localityName', u'Beaverton'),),
(('organizationName', u'Python Software Foundation'),),
(('organizationalUnitName', u'Python Core Development'),),
(('commonName', u'null.python.org\x00example.org'),),
(('emailAddress', u'python-dev@python.org'),)),
'notAfter': 'Aug 7 13:12:52 2013 GMT',
'notBefore': 'Aug 7 13:11:52 2013 GMT',
'serialNumber': '00',
'subject': ((('countryName', u'US'),),
(('stateOrProvinceName', u'Oregon'),),
(('localityName', u'Beaverton'),),
(('organizationName', u'Python Software Foundation'),),
(('organizationalUnitName', u'Python Core Development'),),
(('commonName', u'null.python.org\x00example.org'),),
(('emailAddress', u'python-dev@python.org'),)),
'subjectAltName': (('DNS', 'altnull.python.org\x00example.com'),
('email', 'null@python.org\x00user@example.org'),
('URI', 'http://null.python.org\x00http://example.org'),
('IP Address', '192.0.2.1'),
('IP Address', '2001:DB8:0:0:0:0:0:1\n')),
'version': 3}
ok
test_random (test.test_ssl.BasicSocketTests) ...
RAND_status is 1 (sufficient randomness)
ok
test_refcycle (test.test_ssl.BasicSocketTests) ... ok
test_wrapped_unconnected (test.test_ssl.BasicSocketTests) ... ok
test_algorithms (test.test_ssl.NetworkedTests) ... skipped 'remote host needs SNI, only available on Python 3.2+'
test_connect (test.test_ssl.NetworkedTests) ... ok
test_connect_ex (test.test_ssl.NetworkedTests) ... ok
test_connect_ex_error (test.test_ssl.NetworkedTests) ... ok
test_get_server_certificate (test.test_ssl.NetworkedTests) ... ERROR
test_makefile_close (test.test_ssl.NetworkedTests) ... ok
test_non_blocking_connect_ex (test.test_ssl.NetworkedTests) ... ok
test_non_blocking_handshake (test.test_ssl.NetworkedTests) ...
Needed 3 calls to do_handshake() to establish session.
ok
test_timeout_connect_ex (test.test_ssl.NetworkedTests) ... ok
test_asyncore_server (test.test_ssl.ThreadedTests)
Check the example asyncore integration. ...
server: new connection from 127.0.0.1:48912
client: sending 'TEST MESSAGE of mixed case\n'...
client: read 'test message of mixed case\n'
client: closing connection.
cleanup: stopping server.
cleanup: joining server thread.
server: closed connection <ssl.SSLSocket object at 0x2399140>
cleanup: successfully joined.
ok
test_default_ciphers (test.test_ssl.ThreadedTests) ... ok
test_echo (test.test_ssl.ThreadedTests)
Basic test of an SSL client connecting to a server ...
server: new connection from ('127.0.0.1', 43993)
server: connection cipher is now ('AES256-SHA', 'TLSv1/SSLv3', 256)
client: sending 'FOO\n'...
server: read 'FOO\n' (encrypted), sending back 'foo\n' (encrypted)...
client: read 'foo\n'
client: sending bytearray(b'FOO\n')...
server: read 'FOO\n' (encrypted), sending back 'foo\n' (encrypted)...
client: read 'foo\n'
client: sending <memory at 0x237f510>...
server: read 'FOO\n' (encrypted), sending back 'foo\n' (encrypted)...
client: read 'foo\n'
client: closing connection.
server: client closed connection
ok
test_empty_cert (test.test_ssl.ThreadedTests)
Connecting with an empty cert file ...
SSLError is _ssl.c:354: error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib
ok
test_getpeercert (test.test_ssl.ThreadedTests) ...
{'notAfter': 'Oct 5 23:01:56 2020 GMT',
'subject': ((('countryName', u'XY'),),
(('localityName', u'Castle Anthrax'),),
(('organizationName', u'Python Software Foundation'),),
(('commonName', u'localhost'),)),
'subjectAltName': (('DNS', 'localhost'),)}
Connection cipher is ('AES256-GCM-SHA384', 'TLSv1/SSLv3', 256).
ok
test_handshake_timeout (test.test_ssl.ThreadedTests) ... ok
test_malformed_cert (test.test_ssl.ThreadedTests)
Connecting with a badly formatted certificate (syntax error) ...
SSLError is _ssl.c:368: error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib
ok
test_malformed_key (test.test_ssl.ThreadedTests)
Connecting with a badly formatted key (syntax error) ...
SSLError is _ssl.c:354: error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib
ok
test_nonexisting_cert (test.test_ssl.ThreadedTests)
Connecting with a non-existing cert file ...
SSLError is _ssl.c:507: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
ok
test_protocol_sslv2 (test.test_ssl.ThreadedTests)
Connecting to an SSLv2 server with various client options ...
SSLv2->SSLv2 CERT_NONE
SSLv2->SSLv2 CERT_OPTIONAL
SSLv2->SSLv2 CERT_REQUIRED
SSLv23->SSLv2 CERT_NONE
{SSLv3->SSLv2} CERT_NONE
{TLSv1->SSLv2} CERT_NONE
ok
test_protocol_sslv23 (test.test_ssl.ThreadedTests)
Connecting to an SSLv23 server with various client options ...
SSLv3->SSLv23 CERT_NONE
SSLv23->SSLv23 CERT_NONE
TLSv1->SSLv23 CERT_NONE
SSLv3->SSLv23 CERT_OPTIONAL
SSLv23->SSLv23 CERT_OPTIONAL
TLSv1->SSLv23 CERT_OPTIONAL
SSLv3->SSLv23 CERT_REQUIRED
SSLv23->SSLv23 CERT_REQUIRED
TLSv1->SSLv23 CERT_REQUIRED
ok
test_protocol_sslv3 (test.test_ssl.ThreadedTests)
Connecting to an SSLv3 server with various client options ...
SSLv3->SSLv3 CERT_NONE
SSLv3->SSLv3 CERT_OPTIONAL
SSLv3->SSLv3 CERT_REQUIRED
{SSLv2->SSLv3} CERT_NONE
{TLSv1->SSLv3} CERT_NONE
ok
test_protocol_tlsv1 (test.test_ssl.ThreadedTests)
Connecting to a TLSv1 server with various client options ...
TLSv1->TLSv1 CERT_NONE
TLSv1->TLSv1 CERT_OPTIONAL
TLSv1->TLSv1 CERT_REQUIRED
{SSLv2->TLSv1} CERT_NONE
{SSLv3->TLSv1} CERT_NONE
ok
test_recv_send (test.test_ssl.ThreadedTests)
Test recv(), send() and friends. ...
server: new connection from ('127.0.0.1', 56710)
server: connection cipher is now ('AES256-SHA', 'TLSv1/SSLv3', 256)
ok
test_rude_shutdown (test.test_ssl.ThreadedTests)
A brutal shutdown of an SSL server should raise an IOError ... ok
test_socketserver (test.test_ssl.ThreadedTests)
Using a SocketServer to create and manage SSL connections. ...
server (('127.0.0.1', 42188):42188 ('AES256-GCM-SHA384', 'TLSv1/SSLv3', 256)):
[15/Apr/2014 14:14:53] "GET /keycert.pem HTTP/1.0" 200 -
client: read 1783 bytes from remote server '<SocketServerHTTPSServer <HTTPSServer localhost.localdomain:42188>>'
ok
test_starttls (test.test_ssl.ThreadedTests)
Switching from clear text to encrypted and back again. ...
client: sending 'msg 1'...
server: new connection from ('127.0.0.1', 50624)
server: read 'msg 1' (unencrypted), sending back 'msg 1' (unencrypted)...
client: read 'msg 1' from server
client: sending 'MSG 2'...
server: read 'MSG 2' (unencrypted), sending back 'msg 2' (unencrypted)...
client: read 'msg 2' from server
client: sending 'STARTTLS'...
server: read STARTTLS from client, sending OK...
client: read 'OK\n' from server, starting TLS...
client: sending 'MSG 3'...
server: read 'MSG 3' (encrypted), sending back 'msg 3' (encrypted)...
client: read 'msg 3' from server
client: sending 'msg 4'...
server: read 'msg 4' (encrypted), sending back 'msg 4' (encrypted)...
client: read 'msg 4' from server
client: sending 'ENDTLS'...
server: read ENDTLS from client, sending OK...
client: read 'OK\n' from server, ending TLS...
server: connection is now unencrypted...
client: sending 'msg 5'...
server: read 'msg 5' (unencrypted), sending back 'msg 5' (unencrypted)...
client: read 'msg 5' from server
client: sending 'msg 6'...
server: read 'msg 6' (unencrypted), sending back 'msg 6' (unencrypted)...
client: read 'msg 6' from server
client: closing connection.
server: client closed connection
ok
test_wrapped_accept (test.test_ssl.ThreadedTests)
Check the accept() method on SSL sockets. ... test test_ssl failed -- Traceback (most recent call last):
File "/glade/scratch/ddvento/build/Python-2.7.6/Lib/test/test_ssl.py", line 387, in test_get_server_certificate
pem = ssl.get_server_certificate(("svn.python.org", 443))
File "/glade/scratch/ddvento/build/Python-2.7.6/Lib/ssl.py", line 448, in get_server_certificate
s.connect(addr)
File "/glade/scratch/ddvento/build/Python-2.7.6/Lib/ssl.py", line 333, in connect
self._real_connect(addr, False)
File "/glade/scratch/ddvento/build/Python-2.7.6/Lib/ssl.py", line 323, in _real_connect
self.do_handshake()
File "/glade/scratch/ddvento/build/Python-2.7.6/Lib/ssl.py", line 305, in do_handshake
self._sslobj.do_handshake()
SSLError: [Errno 1] _ssl.c:507: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure server: wrapped server socket as <ssl.SSLSocket object at 0x2399140> ====================================================================== Traceback (most recent call last):
File "/glade/scratch/ddvento/build/Python-2.7.6/Lib/test/test_ssl.py", line 387, in test_get_server_certificate
pem = ssl.get_server_certificate(("svn.python.org", 443))
File "/glade/scratch/ddvento/build/Python-2.7.6/Lib/ssl.py", line 448, in get_server_certificate
s.connect(addr)
File "/glade/scratch/ddvento/build/Python-2.7.6/Lib/ssl.py", line 333, in connect
self._real_connect(addr, False)
File "/glade/scratch/ddvento/build/Python-2.7.6/Lib/ssl.py", line 323, in _real_connect
self.do_handshake()
File "/glade/scratch/ddvento/build/Python-2.7.6/Lib/ssl.py", line 305, in do_handshake
self._sslobj.do_handshake()
SSLError: [Errno 1] _ssl.c:507: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure Ran 37 tests in 4.950s FAILED (errors=1, skipped=1) |
Very old version of openssl? |
Despite this being Red Hat, this is not at all the case! OpenSSL 1.0.1f has been released on Jan 6th, 2014 at 15:39:19 -- see |
Just to make sure I'm using the right version: Python 2.7.6 (default, Apr 14 2014, 15:12:21)
[GCC 4.8.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import ssl
>>> ssl.OPENSSL_VERSION
'OpenSSL 1.0.1f 6 Jan 2014'
>>> On 04/16/2014 08:49 AM, Davide Del Vento wrote:
|
This was fixed in bpo-20896 by a certain Benjamin Peterson. |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: