New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
test_ssl: failures on OpenBSD with LibreSSL #67366
Comments
(See also the issue bpo-21356.) http://buildbot.python.org/all/builders/x86%20OpenBSD%205.5%203.x/builds/1242/steps/test/logs/stdio ====================================================================== Traceback (most recent call last):
File "/home/python-builds/3.x.borja-openbsd-x86/build/Lib/test/test_ssl.py", line 764, in test_options
ctx.options)
AssertionError: -2130705409 != -2097150977 ====================================================================== Traceback (most recent call last):
File "/home/python-builds/3.x.borja-openbsd-x86/build/Lib/test/test_ssl.py", line 315, in test_openssl_version
(s, t))
AssertionError: False is not true : ('LibreSSL 2.1', (2, 0, 0, 0, 0)) |
changeset: 94041:87976d72fd5c |
It looks like OPENSSL_VERSION_NUMBER is consistent with OPENSSL_VERSION_INFO (version 2.1). But the OPENSSL_VERSION contains a different version (2.0). It looks like an issue in LibreSSL. ====================================================================== Traceback (most recent call last):
File "/home/python-builds/3.x.borja-openbsd-x86/build/Lib/test/test_ssl.py", line 315, in test_openssl_version
(s, t, hex(n)))
AssertionError: False is not true : ('LibreSSL 2.1', (2, 0, 0, 0, 0), '0x20000000') |
New changeset 05d7550bd2d9 by Victor Stinner in branch 'default': |
Note that the FreeBSD port modifies the OPENSSL_VERSION_NUMBER and sets the version number to 1.0.1g. |
Maybe we should remove the test on OPENSSL_VERSION (string) for LibreSSL? |
LibreSSL defines in opensslv.h
#define LIBRESSL_VERSION_NUMBER 0x20000000L
#define OPENSSL_VERSION_NUMBER 0x20000000L
And FreeBSD replaces
#define OPENSSL_VERSION_NUMBER 0x1000107fL Proper way would be to check for LIBRESSL_VERSION_NUMBER string, FreeBSD modifies the OpenSSL version number to indicate its compatibility level (as stated in commit log) |
Please see the unit test: it checks that the version number and version string are consistent. It's not the case on OpenBSD with LibreSSL (2.0 vs 2.1) nor on FreeBSD (1.0 vs 2.1). |
_ssl cannot be compiled with LibreSSL anymore (on OpenBSD 5.5) because of ALPN: see issue bpo-23329. |
Hi, maybe we should add the LIBRESSL_ information available in opensslv.h (as it has be done for OpenSSL): $ grep LIBRESSL /usr/include/ssl/opensslv.h
#define LIBRESSL_VERSION_NUMBER 0x20030000L
#define LIBRESSL_VERSION_TEXT "LibreSSL 2.3.0"
#define OPENSSL_VERSION_TEXT LIBRESSL_VERSION_TEXT What do you think about that? Remi. |
I don't care so much of issues introduced by LibreSSL, I don't understand why they broke the API. For me, it doesn't seem right to have a version different if it's a number or if it's a string: OPENSSL_VERSION_NUMBER should be consistent with OPENSSL_VERSION_INFO. If you propose a patch for Python and it fixes test_ssl, I will apply it :-) |
I have fixed all libressl related test failures while I added support for OpenSSL 1.1.0. |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: