Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

test_ssl (test_algorithms) failures on bolen-ubuntu slaves: sha256.tbs-internet.com unknown host #69860

Closed
db3l opened this issue Nov 19, 2015 · 8 comments
Assignees
Labels
3.7 (EOL) end of life tests Tests in the Lib/test dir topic-SSL type-bug An unexpected behavior, bug, or error

Comments

@db3l
Copy link
Contributor

db3l commented Nov 19, 2015

BPO 25674
Nosy @db3l, @pitrou, @giampaolo, @tiran, @alex, @zware, @dstufft
PRs
  • bpo-25674: remove sha256.tbs-internet.com ssl test #3297
  • [3.6] bpo-25674: remove sha256.tbs-internet.com ssl test (GH-3297) #3300
  • [2.7] bpo-25674: remove sha256.tbs-internet.com ssl test (GH-3297) #3301
  • Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = 'https://github.com/tiran'
    closed_at = <Date 2017-09-04.21:11:01.262>
    created_at = <Date 2015-11-19.21:54:38.335>
    labels = ['3.7', 'expert-SSL', 'type-bug', 'tests']
    title = 'test_ssl (test_algorithms) failures on bolen-ubuntu slaves: sha256.tbs-internet.com unknown host'
    updated_at = <Date 2017-09-04.21:11:01.261>
    user = 'https://github.com/db3l'

    bugs.python.org fields:

    activity = <Date 2017-09-04.21:11:01.261>
    actor = 'christian.heimes'
    assignee = 'christian.heimes'
    closed = True
    closed_date = <Date 2017-09-04.21:11:01.262>
    closer = 'christian.heimes'
    components = ['Tests', 'SSL']
    creation = <Date 2015-11-19.21:54:38.335>
    creator = 'db3l'
    dependencies = []
    files = []
    hgrepos = []
    issue_num = 25674
    keywords = ['buildbot']
    message_count = 8.0
    messages = ['254938', '254941', '254942', '301250', '301254', '301258', '301261', '301262']
    nosy_count = 8.0
    nosy_names = ['db3l', 'janssen', 'pitrou', 'giampaolo.rodola', 'christian.heimes', 'alex', 'zach.ware', 'dstufft']
    pr_nums = ['3297', '3300', '3301']
    priority = 'low'
    resolution = 'fixed'
    stage = 'resolved'
    status = 'closed'
    superseder = None
    type = 'behavior'
    url = 'https://bugs.python.org/issue25674'
    versions = ['Python 2.7', 'Python 3.6', 'Python 3.7']

    @db3l
    Copy link
    Contributor Author

    db3l commented Nov 19, 2015

    It appears that the test host (sha256.tbs-internet.com) used by test_algorithms in test_ssl.py no longer exists.

    It was showing up as a certificate failure in the test because it ended up falling back to a resolv.conf search path which yielded a host that did do SSL but obviously with the wrong certificate.

    db3l@buildbot-ubuntu:~$ host sha256.tbs-internet.com
    Host sha256.tbs-internet.com not found: 3(NXDOMAIN)

    db3l@buildbot-ubuntu:/tmp/python3.x/Lib/test$ dig +short ns tbs-internet.com
    NS1.tbs-internet.com.
    maj.pitux.com.
    ns2.atdynet.com.
    nsc.pitux.com.
    db3l@buildbot-ubuntu:
    /tmp/python3.x/Lib/test$ dig @ns1.tbs-internet.com sha256.tbs-internet.com

    ; <<>> DiG 9.9.5-3ubuntu0.5-Ubuntu <<>> @ns1.tbs-internet.com sha256.tbs-internet.com
    ; (2 servers found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 25154
    ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
    ;; WARNING: recursion requested but not available

    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;sha256.tbs-internet.com. IN A

    ;; AUTHORITY SECTION:
    tbs-internet.com. 3600 IN SOA ovh12.tbs-internet.com. hostmaster.tbs-internet.com. 2015110705 21600 3600 2419200 3600

    ;; Query time: 93 msec
    ;; SERVER: 2001:41d0:8:380d::1#53(2001:41d0:8:380d::1)
    ;; WHEN: Thu Nov 19 16:51:58 EST 2015
    ;; MSG SIZE rcvd: 105

    What I can't yet understand is why this is not causing issues on other slaves. I suppose some might be skipping the test if SNI was not supported, but surely not all of them?

    @db3l db3l added tests Tests in the Lib/test dir type-bug An unexpected behavior, bug, or error labels Nov 19, 2015
    @db3l
    Copy link
    Contributor Author

    db3l commented Nov 19, 2015

    Ah, it appears that the transient_internet context manager in the test causes it to be skipped if the host is unknown. So mine was just "lucky" in that it fell back to connecting somewhere else.

    I've removed my resolver search path on bolen-ubuntu which will resolve the test failures on that slave, but I presume test_algorithms is never being run by anyone at this point.

    @zware
    Copy link
    Member

    zware commented Nov 19, 2015

    So the mystery of that buildbot is solved, but I think that test needs some work.

    @tiran tiran added 3.7 (EOL) end of life topic-SSL labels Sep 8, 2016
    @tiran tiran self-assigned this Sep 15, 2016
    @tiran
    Copy link
    Member

    tiran commented Sep 4, 2017

    The sha256.tbs-internet.com has been down for a while and the DNS record is no longer available. Alex and I agreed that the test no longer makes sense, too. RSA certs with SHA-256 signatures are de-facto standard and supported by OpenSSL for a long time. We test SHA-256 certs with several other tests that talk to remote servers.

    I'm going to remove the test and sha256 cert.

    @tiran
    Copy link
    Member

    tiran commented Sep 4, 2017

    New changeset 002d640 by Christian Heimes in branch 'master':
    bpo-25674: remove sha256.tbs-internet.com ssl test (bpo-3297)
    002d640

    @tiran
    Copy link
    Member

    tiran commented Sep 4, 2017

    New changeset 4bc8ef0 by Christian Heimes in branch '3.6':
    [3.6] bpo-25674: remove sha256.tbs-internet.com ssl test (GH-3297) (bpo-3300)
    4bc8ef0

    @tiran
    Copy link
    Member

    tiran commented Sep 4, 2017

    New changeset 57d963b by Christian Heimes in branch '2.7':
    [2.7] bpo-25674: remove sha256.tbs-internet.com ssl test (GH-3297) (bpo-3301)
    57d963b

    @tiran
    Copy link
    Member

    tiran commented Sep 4, 2017

    I've removed the sha256.tbs-internet.com from 2.7, 3.6, and master. 3.5 and previous versions are in security fix-only mode.

    @tiran tiran closed this as completed Sep 4, 2017
    @ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Labels
    3.7 (EOL) end of life tests Tests in the Lib/test dir topic-SSL type-bug An unexpected behavior, bug, or error
    Projects
    None yet
    Development

    No branches or pull requests

    3 participants