test_ssl: failures on OpenBSD with LibreSSL #67366
Comments
|
(See also the issue bpo-21356.) http://buildbot.python.org/all/builders/x86%20OpenBSD%205.5%203.x/builds/1242/steps/test/logs/stdio ====================================================================== Traceback (most recent call last):
File "/home/python-builds/3.x.borja-openbsd-x86/build/Lib/test/test_ssl.py", line 764, in test_options
ctx.options)
AssertionError: -2130705409 != -2097150977====================================================================== Traceback (most recent call last):
File "/home/python-builds/3.x.borja-openbsd-x86/build/Lib/test/test_ssl.py", line 315, in test_openssl_version
(s, t))
AssertionError: False is not true : ('LibreSSL 2.1', (2, 0, 0, 0, 0)) |
|
changeset: 94041:87976d72fd5c |
|
It looks like OPENSSL_VERSION_NUMBER is consistent with OPENSSL_VERSION_INFO (version 2.1). But the OPENSSL_VERSION contains a different version (2.0). It looks like an issue in LibreSSL. ====================================================================== Traceback (most recent call last):
File "/home/python-builds/3.x.borja-openbsd-x86/build/Lib/test/test_ssl.py", line 315, in test_openssl_version
(s, t, hex(n)))
AssertionError: False is not true : ('LibreSSL 2.1', (2, 0, 0, 0, 0), '0x20000000') |
|
New changeset 05d7550bd2d9 by Victor Stinner in branch 'default': |
|
Note that the FreeBSD port modifies the OPENSSL_VERSION_NUMBER and sets the version number to 1.0.1g. |
Maybe we should remove the test on OPENSSL_VERSION (string) for LibreSSL? |
LibreSSL defines in opensslv.h
#define LIBRESSL_VERSION_NUMBER 0x20000000L
#define OPENSSL_VERSION_NUMBER 0x20000000L
And FreeBSD replaces
#define OPENSSL_VERSION_NUMBER 0x1000107fLProper way would be to check for LIBRESSL_VERSION_NUMBER string, FreeBSD modifies the OpenSSL version number to indicate its compatibility level (as stated in commit log) |
Please see the unit test: it checks that the version number and version string are consistent. It's not the case on OpenBSD with LibreSSL (2.0 vs 2.1) nor on FreeBSD (1.0 vs 2.1). |
|
_ssl cannot be compiled with LibreSSL anymore (on OpenBSD 5.5) because of ALPN: see issue bpo-23329. |
|
Hi, maybe we should add the LIBRESSL_ information available in opensslv.h (as it has be done for OpenSSL): $ grep LIBRESSL /usr/include/ssl/opensslv.h
#define LIBRESSL_VERSION_NUMBER 0x20030000L
#define LIBRESSL_VERSION_TEXT "LibreSSL 2.3.0"
#define OPENSSL_VERSION_TEXT LIBRESSL_VERSION_TEXTWhat do you think about that? Remi. |
|
I don't care so much of issues introduced by LibreSSL, I don't understand why they broke the API. For me, it doesn't seem right to have a version different if it's a number or if it's a string: OPENSSL_VERSION_NUMBER should be consistent with OPENSSL_VERSION_INFO. If you propose a patch for Python and it fixes test_ssl, I will apply it :-) |
|
I have fixed all libressl related test failures while I added support for OpenSSL 1.1.0. |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: