Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

test_min_max_version (test.test_ssl.ContextTests) fails on Fedora 29+ and openssl 1.1.1 #79226

Closed
stratakis mannequin opened this issue Oct 22, 2018 · 8 comments
Closed
Assignees
Labels
3.7 (EOL) end of life 3.8 only security fixes topic-SSL

Comments

@stratakis
Copy link
Mannequin

stratakis mannequin commented Oct 22, 2018

BPO 35045
Nosy @terryjreedy, @vstinner, @tiran, @stratakis, @miss-islington, @Yann-Kaelig
PRs
  • bpo-35045: Fix test_ssl.test_min_max_version() #11508
  • bpo-35045: Fix test_ssl.test_min_max_version() #11508
  • bpo-35045: Fix test_ssl.test_min_max_version() #11508
  • bpo-35045: Accept TLSv1 default in min max test #11510
  • bpo-35045: Accept TLSv1 default in min max test #11510
  • bpo-35045: Accept TLSv1 default in min max test #11510
  • [3.7] bpo-35045: Accept TLSv1 default in min max test (GH-11510) #11611
  • [3.7] bpo-35045: Accept TLSv1 default in min max test (GH-11510) #11611
  • [3.7] bpo-35045: Accept TLSv1 default in min max test (GH-11510) #11611
  • bpo-33995: fix ssl tests when built with LibreSSL #8050
  • bpo-33995: fix ssl tests when built with LibreSSL #8050
  • Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = 'https://github.com/tiran'
    closed_at = <Date 2019-01-18.15:30:46.945>
    created_at = <Date 2018-10-22.14:30:27.894>
    labels = ['expert-SSL', '3.7', '3.8']
    title = 'test_min_max_version (test.test_ssl.ContextTests) fails on Fedora 29+ and openssl 1.1.1'
    updated_at = <Date 2019-01-26.04:57:25.802>
    user = 'https://github.com/stratakis'

    bugs.python.org fields:

    activity = <Date 2019-01-26.04:57:25.802>
    actor = 'Alan.Huang'
    assignee = 'christian.heimes'
    closed = True
    closed_date = <Date 2019-01-18.15:30:46.945>
    closer = 'vstinner'
    components = ['SSL']
    creation = <Date 2018-10-22.14:30:27.894>
    creator = 'cstratak'
    dependencies = []
    files = []
    hgrepos = []
    issue_num = 35045
    keywords = ['patch', 'patch', 'patch']
    message_count = 8.0
    messages = ['328255', '328592', '328744', '328752', '333974', '333975', '333979', '333981']
    nosy_count = 6.0
    nosy_names = ['terry.reedy', 'vstinner', 'christian.heimes', 'cstratak', 'miss-islington', 'jean-michel']
    pr_nums = ['11508', '11508', '11508', '11510', '11510', '11510', '11611', '11611', '11611', '8050', '8050']
    priority = 'normal'
    resolution = 'fixed'
    stage = 'resolved'
    status = 'closed'
    superseder = None
    type = None
    url = 'https://bugs.python.org/issue35045'
    versions = ['Python 3.7', 'Python 3.8']

    @stratakis
    Copy link
    Mannequin Author

    stratakis mannequin commented Oct 22, 2018

    There is an Python test that checks the minimum TLS version - test_min_max_version (test.test_ssl.ContextTests).

    Fedora 29+ sets TLSv1 as explicit minimum version. Python's test suite assumes that the minimum protocol version is set to a magic marker.

    FAIL: test_min_max_version (test.test_ssl.ContextTests)
    ----------------------------------------------------------------------

    Traceback (most recent call last):
      File "/builddir/build/BUILD/Python-3.7.0/Lib/test/test_ssl.py", line 1084, in test_min_max_version
        ctx.minimum_version, ssl.TLSVersion.MINIMUM_SUPPORTED
    AssertionError: <TLSVersion.TLSv1: 769> != <TLSVersion.MINIMUM_SUPPORTED: -2>

    We currently workaround the problem by setting:

    export OPENSSL_CONF=/non-existing-file
    

    @stratakis stratakis mannequin added 3.7 (EOL) end of life 3.8 only security fixes labels Oct 22, 2018
    @stratakis stratakis mannequin assigned tiran Oct 22, 2018
    @stratakis stratakis mannequin added the topic-SSL label Oct 22, 2018
    @terryjreedy
    Copy link
    Member

    I closed bpo-35076 as a duplicate of this. The distribution was not specified. The version is 3.7.1 plus additional patches. A build log is attached.

    @terryjreedy
    Copy link
    Member

    The OP for bpo-35076 emailed me that the distribution is obarun, based on ArchLinux. with LibreSSL not officialy supported, but for the moment a personal work.

    @tiran
    Copy link
    Member

    tiran commented Oct 28, 2018

    By the way LibreSSL isn't offically supported by Python, either. It just happens to work most of the time. I regard LibreSSL as not supported, because no core developer or regular contributor has shown any interest to work on LibreSSL support. OpenSSL is used on almost all platforms (most Linux distros, Windows, macOS, FreeBSD) any way.

    @vstinner
    Copy link
    Member

    New changeset 34de2d3 by Victor Stinner (Christian Heimes) in branch 'master':
    bpo-35045: Accept TLSv1 default in min max test (GH-11510)
    34de2d3

    @vstinner
    Copy link
    Member

    Python 2.7 is not affected: test_ssl doesn't test minimum_version.

    @miss-islington
    Copy link
    Contributor

    New changeset 6ca7183 by Miss Islington (bot) in branch '3.7':
    bpo-35045: Accept TLSv1 default in min max test (GH-11510)
    6ca7183

    @vstinner
    Copy link
    Member

    Thanks Christian. I merged your PR.

    I like the simplicity of your fix ;-)

    @ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Labels
    3.7 (EOL) end of life 3.8 only security fixes topic-SSL
    Projects
    None yet
    Development

    No branches or pull requests

    4 participants