New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Let's update ssl error codes #84134
Comments
Let's consider ssl error It was introduced into openssl 2 years ago: openssl/openssl@358ffa0 The documentation states: The define SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY 291The master branch of openssl contains this definition too: But what does Python say? What's KRB5? It supposedly stands for Kerberos5, and it too is seemingly present in openssl header file: Moreover, cpython source code contains a fallback, should this value not be defined:
https://github.com/python/cpython/blob/master/Modules/_ssl_data.h
#ifdef SSL_R_KRB5_S_INIT
{"KRB5_S_INIT", ERR_LIB_SSL, SSL_R_KRB5_S_INIT},
#else
{"KRB5_S_INIT", ERR_LIB_SSL, 291},
#endif Thus, today, Python reports an error with wrong *label* but correct *text*: The label and text don't match each other, because... well... I guess that's why we should fix it :) |
Got some compiling error of _ssl extension module in my vm after PR19082 merged: |
The PR broke backwards compatibility with OpenSSL 1.0.2 and LibreSSL. OpenSSL 1.1.x introduced new error codes or reused existing numbers for different errors codes. Although OpenSSL 1.0.2 has reached EOL we should keep keep Python 3.8 and 3.9 compatible with the API. |
Sorry, I thought I had tested with multissl. On Sun, Apr 12, 2020, at 06:22, Christian Heimes wrote:
|
this is still broken even with the latest patch: https://bugs.python.org/issue40266 |
Could you please give me a chance to review PRs for the SSL module? Python is still failing to compile with OpenSSL 1.0.2 and LibreSSL. The new table contains also wrong values for LibreSSL and OpenSSL 1.0.2. |
On Mon, Apr 13, 2020, at 17:54, Christian Heimes wrote:
The original PR was open for 23 days before I merged it. I happy to here feedback at any point during the lifetime of a change, though. |
Do I need to open a new issue? This breaks building _ssl on AIX. building '_ssl' extension commit 909b87d
commit 3e0dd37
commit 173ad83
commit f7338f6
$ |
Also checking with gcc: get the following messages: Failed to build these modules: Could not build the ssl module! messages: |
And when I use a standard OpenSSL library (on AIX): building '_ssl' extension $ lslpp -L | grep openssl
aixtools.openssl.rte 1.0.2.16 C F aixtools openssl 27-Aug-2018
openssl.base 1.0.1.515 CE F Open Secure Socket Layer
openssl.man.en_US 1.0.1.515 C F Open Secure Socket Layer
openssl 1.1.0g-1withsslv2 C R Secure Sockets Layer and
openssl-devel 1.1.0g-1withsslv2 C R Secure Sockets Layer and +++ FYI +++ The "aixtools" fileset is 1.0.2p (p == 16th character of alphabet). In any case - the test for X509_VERIFY_PARAM_set1_host() has been passing. |
Michael, could you try with the latest fix in 584a3cf? |
I did update, and saw that there was one more patch applied. I think that fixed the define issues, but there may be a new concern. Ran out of time to document it today. Will post tomorrow. Sent from my iPhone
|
Checked with latest version - and working as expected. Sorry for the noise. On 15/04/2020 17:53, SilentGhost wrote:
|
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: