Author ddvento@ucar.edu
Recipients ddvento@ucar.edu
Date 2014-04-15.20:22:26
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1397593348.91.0.829573885546.issue21246@psf.upfronthosting.co.za>
In-reply-to
Content
Not sure if this is related with issue #13626 which is the only thing that Google knows about these handshake failures. In case it matters:

$ openssl version
OpenSSL 1.0.1f 6 Jan 2014

== CPython 2.7.6 (default, Apr 14 2014, 15:12:21) [GCC 4.8.2]
==   Linux-2.6.32-358.el6.x86_64-x86_64-with-redhat-6.4-Santiago little-endian
==   /glade/scratch/ddvento/build/Python-2.7.6/build/test_python_18521
Testing with flags: sys.flags(debug=0, py3k_warning=0, division_warning=0, division_new=0, inspect=0, interactive=0, optimize=0, dont_write_bytecode=0, no_user_site=0, no_site=0, ignore_environment=0, tabcheck=0, verbose=0, unicode=0, bytes_warning=0, hash_randomization=0)
test_ssl
test_sslwrap_simple (test.test_ssl.BasicTests) ... ok
test_DER_to_PEM (test.test_ssl.BasicSocketTests) ... ok
test_ciphers (test.test_ssl.BasicSocketTests) ... ok
test_constants (test.test_ssl.BasicSocketTests) ... ok
test_openssl_version (test.test_ssl.BasicSocketTests) ... ok
test_parse_cert (test.test_ssl.BasicSocketTests) ... 
{'notAfter': 'Oct  5 23:01:56 2020 GMT',
 'subject': ((('countryName', u'XY'),),
             (('localityName', u'Castle Anthrax'),),
             (('organizationName', u'Python Software Foundation'),),
             (('commonName', u'localhost'),)),
 'subjectAltName': (('DNS', 'localhost'),)}

{'issuer': ((('countryName', u'US'),),
            (('organizationName', u'VeriSign, Inc.'),),
            (('organizationalUnitName', u'VeriSign Trust Network'),),
            (('organizationalUnitName',
              u'Terms of use at https://www.verisign.com/rpa (c)10'),),
            (('commonName',
              u'VeriSign Class 3 International Server CA - G3'),)),
 'notAfter': 'Sep 20 23:59:59 2012 GMT',
 'notBefore': 'Sep 21 00:00:00 2011 GMT',
 'serialNumber': '2EE6EA7640A075CEE5005F4D7C79549A',
 'subject': ((('countryName', u'FI'),),
             (('stateOrProvinceName', u'Espoo'),),
             (('localityName', u'Espoo'),),
             (('organizationName', u'Nokia'),),
             (('organizationalUnitName', u'BI'),),
             (('commonName', u'projects.developer.nokia.com'),)),
 'subjectAltName': (('DNS', 'projects.developer.nokia.com'),
                    ('DNS', 'projects.forum.nokia.com')),
 'version': 3}
ok
test_parse_cert_CVE_2013_4238 (test.test_ssl.BasicSocketTests) ... 
{'issuer': ((('countryName', u'US'),),
            (('stateOrProvinceName', u'Oregon'),),
            (('localityName', u'Beaverton'),),
            (('organizationName', u'Python Software Foundation'),),
            (('organizationalUnitName', u'Python Core Development'),),
            (('commonName', u'null.python.org\x00example.org'),),
            (('emailAddress', u'python-dev@python.org'),)),
 'notAfter': 'Aug  7 13:12:52 2013 GMT',
 'notBefore': 'Aug  7 13:11:52 2013 GMT',
 'serialNumber': '00',
 'subject': ((('countryName', u'US'),),
             (('stateOrProvinceName', u'Oregon'),),
             (('localityName', u'Beaverton'),),
             (('organizationName', u'Python Software Foundation'),),
             (('organizationalUnitName', u'Python Core Development'),),
             (('commonName', u'null.python.org\x00example.org'),),
             (('emailAddress', u'python-dev@python.org'),)),
 'subjectAltName': (('DNS', 'altnull.python.org\x00example.com'),
                    ('email', 'null@python.org\x00user@example.org'),
                    ('URI', 'http://null.python.org\x00http://example.org'),
                    ('IP Address', '192.0.2.1'),
                    ('IP Address', '2001:DB8:0:0:0:0:0:1\n')),
 'version': 3}
ok
test_random (test.test_ssl.BasicSocketTests) ... 
 RAND_status is 1 (sufficient randomness)
ok
test_refcycle (test.test_ssl.BasicSocketTests) ... ok
test_wrapped_unconnected (test.test_ssl.BasicSocketTests) ... ok
test_algorithms (test.test_ssl.NetworkedTests) ... skipped 'remote host needs SNI, only available on Python 3.2+'
test_connect (test.test_ssl.NetworkedTests) ... ok
test_connect_ex (test.test_ssl.NetworkedTests) ... ok
test_connect_ex_error (test.test_ssl.NetworkedTests) ... ok
test_get_server_certificate (test.test_ssl.NetworkedTests) ... ERROR
test_makefile_close (test.test_ssl.NetworkedTests) ... ok
test_non_blocking_connect_ex (test.test_ssl.NetworkedTests) ... ok
test_non_blocking_handshake (test.test_ssl.NetworkedTests) ... 
Needed 3 calls to do_handshake() to establish session.
ok
test_timeout_connect_ex (test.test_ssl.NetworkedTests) ... ok
test_asyncore_server (test.test_ssl.ThreadedTests)
Check the example asyncore integration. ... 
 server:  new connection from 127.0.0.1:48912
 client:  sending 'TEST MESSAGE of mixed case\n'...
 client:  read 'test message of mixed case\n'
 client:  closing connection.
 cleanup: stopping server.
 cleanup: joining server thread.
 server:  closed connection <ssl.SSLSocket object at 0x2399140>
 cleanup: successfully joined.
ok
test_default_ciphers (test.test_ssl.ThreadedTests) ... ok
test_echo (test.test_ssl.ThreadedTests)
Basic test of an SSL client connecting to a server ... 
 server:  new connection from ('127.0.0.1', 43993)
 server: connection cipher is now ('AES256-SHA', 'TLSv1/SSLv3', 256)
 client:  sending 'FOO\n'...
 server: read 'FOO\n' (encrypted), sending back 'foo\n' (encrypted)...
 client:  read 'foo\n'
 client:  sending bytearray(b'FOO\n')...
 server: read 'FOO\n' (encrypted), sending back 'foo\n' (encrypted)...
 client:  read 'foo\n'
 client:  sending <memory at 0x237f510>...
 server: read 'FOO\n' (encrypted), sending back 'foo\n' (encrypted)...
 client:  read 'foo\n'
 client:  closing connection.
 server: client closed connection
ok
test_empty_cert (test.test_ssl.ThreadedTests)
Connecting with an empty cert file ... 
SSLError is _ssl.c:354: error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib
ok
test_getpeercert (test.test_ssl.ThreadedTests) ... 
{'notAfter': 'Oct  5 23:01:56 2020 GMT',
 'subject': ((('countryName', u'XY'),),
             (('localityName', u'Castle Anthrax'),),
             (('organizationName', u'Python Software Foundation'),),
             (('commonName', u'localhost'),)),
 'subjectAltName': (('DNS', 'localhost'),)}
Connection cipher is ('AES256-GCM-SHA384', 'TLSv1/SSLv3', 256).
ok
test_handshake_timeout (test.test_ssl.ThreadedTests) ... ok
test_malformed_cert (test.test_ssl.ThreadedTests)
Connecting with a badly formatted certificate (syntax error) ... 
SSLError is _ssl.c:368: error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib
ok
test_malformed_key (test.test_ssl.ThreadedTests)
Connecting with a badly formatted key (syntax error) ... 
SSLError is _ssl.c:354: error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib
ok
test_nonexisting_cert (test.test_ssl.ThreadedTests)
Connecting with a non-existing cert file ... 
SSLError is _ssl.c:507: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
ok
test_protocol_sslv2 (test.test_ssl.ThreadedTests)
Connecting to an SSLv2 server with various client options ... 
 SSLv2->SSLv2 CERT_NONE
 SSLv2->SSLv2 CERT_OPTIONAL
 SSLv2->SSLv2 CERT_REQUIRED
 SSLv23->SSLv2 CERT_NONE
 {SSLv3->SSLv2} CERT_NONE
 {TLSv1->SSLv2} CERT_NONE
ok
test_protocol_sslv23 (test.test_ssl.ThreadedTests)
Connecting to an SSLv23 server with various client options ... 
 SSLv3->SSLv23 CERT_NONE
 SSLv23->SSLv23 CERT_NONE
 TLSv1->SSLv23 CERT_NONE
 SSLv3->SSLv23 CERT_OPTIONAL
 SSLv23->SSLv23 CERT_OPTIONAL
 TLSv1->SSLv23 CERT_OPTIONAL
 SSLv3->SSLv23 CERT_REQUIRED
 SSLv23->SSLv23 CERT_REQUIRED
 TLSv1->SSLv23 CERT_REQUIRED
ok
test_protocol_sslv3 (test.test_ssl.ThreadedTests)
Connecting to an SSLv3 server with various client options ... 
 SSLv3->SSLv3 CERT_NONE
 SSLv3->SSLv3 CERT_OPTIONAL
 SSLv3->SSLv3 CERT_REQUIRED
 {SSLv2->SSLv3} CERT_NONE
 {TLSv1->SSLv3} CERT_NONE
ok
test_protocol_tlsv1 (test.test_ssl.ThreadedTests)
Connecting to a TLSv1 server with various client options ... 
 TLSv1->TLSv1 CERT_NONE
 TLSv1->TLSv1 CERT_OPTIONAL
 TLSv1->TLSv1 CERT_REQUIRED
 {SSLv2->TLSv1} CERT_NONE
 {SSLv3->TLSv1} CERT_NONE
ok
test_recv_send (test.test_ssl.ThreadedTests)
Test recv(), send() and friends. ... 
 server:  new connection from ('127.0.0.1', 56710)
 server: connection cipher is now ('AES256-SHA', 'TLSv1/SSLv3', 256)
ok
test_rude_shutdown (test.test_ssl.ThreadedTests)
A brutal shutdown of an SSL server should raise an IOError ... ok
test_socketserver (test.test_ssl.ThreadedTests)
Using a SocketServer to create and manage SSL connections. ... 
 server (('127.0.0.1', 42188):42188 ('AES256-GCM-SHA384', 'TLSv1/SSLv3', 256)):
   [15/Apr/2014 14:14:53] "GET /keycert.pem HTTP/1.0" 200 -
 client: read 1783 bytes from remote server '<SocketServerHTTPSServer <HTTPSServer localhost.localdomain:42188>>'
ok
test_starttls (test.test_ssl.ThreadedTests)
Switching from clear text to encrypted and back again. ... 
 client:  sending 'msg 1'...
 server:  new connection from ('127.0.0.1', 50624)
 server: read 'msg 1' (unencrypted), sending back 'msg 1' (unencrypted)...
 client:  read 'msg 1' from server
 client:  sending 'MSG 2'...
 server: read 'MSG 2' (unencrypted), sending back 'msg 2' (unencrypted)...
 client:  read 'msg 2' from server
 client:  sending 'STARTTLS'...
 server: read STARTTLS from client, sending OK...
 client:  read 'OK\n' from server, starting TLS...
 client:  sending 'MSG 3'...
 server: read 'MSG 3' (encrypted), sending back 'msg 3' (encrypted)...
 client:  read 'msg 3' from server
 client:  sending 'msg 4'...
 server: read 'msg 4' (encrypted), sending back 'msg 4' (encrypted)...
 client:  read 'msg 4' from server
 client:  sending 'ENDTLS'...
 server: read ENDTLS from client, sending OK...
 client:  read 'OK\n' from server, ending TLS...
 server: connection is now unencrypted...
 client:  sending 'msg 5'...
 server: read 'msg 5' (unencrypted), sending back 'msg 5' (unencrypted)...
 client:  read 'msg 5' from server
 client:  sending 'msg 6'...
 server: read 'msg 6' (unencrypted), sending back 'msg 6' (unencrypted)...
 client:  read 'msg 6' from server
 client:  closing connection.
 server: client closed connection
ok
test_wrapped_accept (test.test_ssl.ThreadedTests)
Check the accept() method on SSL sockets. ... test test_ssl failed -- Traceback (most recent call last):
  File "/glade/scratch/ddvento/build/Python-2.7.6/Lib/test/test_ssl.py", line 387, in test_get_server_certificate
    pem = ssl.get_server_certificate(("svn.python.org", 443))
  File "/glade/scratch/ddvento/build/Python-2.7.6/Lib/ssl.py", line 448, in get_server_certificate
    s.connect(addr)
  File "/glade/scratch/ddvento/build/Python-2.7.6/Lib/ssl.py", line 333, in connect
    self._real_connect(addr, False)
  File "/glade/scratch/ddvento/build/Python-2.7.6/Lib/ssl.py", line 323, in _real_connect
    self.do_handshake()
  File "/glade/scratch/ddvento/build/Python-2.7.6/Lib/ssl.py", line 305, in do_handshake
    self._sslobj.do_handshake()
SSLError: [Errno 1] _ssl.c:507: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure


 server:  wrapped server socket as <ssl.SSLSocket object at 0x2399140>
 client:  sending 'FOO\n'...
 server:  new connection from ('127.0.0.1', 40291)
 client cert is {'notAfter': 'Oct  5 23:01:56 2020 GMT',
 'subject': ((('countryName', u'XY'),),
             (('localityName', u'Castle Anthrax'),),
             (('organizationName', u'Python Software Foundation'),),
             (('commonName', u'localhost'),)),
 'subjectAltName': (('DNS', 'localhost'),)}
 cert binary is 600 bytes
 server: connection cipher is now ('AES256-GCM-SHA384', 'TLSv1/SSLv3', 256)
 server: read 'FOO\n' (encrypted), sending back 'foo\n' (encrypted)...
 client:  read 'foo\n'
 client:  sending bytearray(b'FOO\n')...
 server: read 'FOO\n' (encrypted), sending back 'foo\n' (encrypted)...
 client:  read 'foo\n'
 client:  sending <memory at 0x240ecc8>...
 server: read 'FOO\n' (encrypted), sending back 'foo\n' (encrypted)...
 client:  read 'foo\n'
 client:  closing connection.
 server: client closed connection
ok

======================================================================
ERROR: test_get_server_certificate (test.test_ssl.NetworkedTests)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/glade/scratch/ddvento/build/Python-2.7.6/Lib/test/test_ssl.py", line 387, in test_get_server_certificate
    pem = ssl.get_server_certificate(("svn.python.org", 443))
  File "/glade/scratch/ddvento/build/Python-2.7.6/Lib/ssl.py", line 448, in get_server_certificate
    s.connect(addr)
  File "/glade/scratch/ddvento/build/Python-2.7.6/Lib/ssl.py", line 333, in connect
    self._real_connect(addr, False)
  File "/glade/scratch/ddvento/build/Python-2.7.6/Lib/ssl.py", line 323, in _real_connect
    self.do_handshake()
  File "/glade/scratch/ddvento/build/Python-2.7.6/Lib/ssl.py", line 305, in do_handshake
    self._sslobj.do_handshake()
SSLError: [Errno 1] _ssl.c:507: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure

----------------------------------------------------------------------
Ran 37 tests in 4.950s

FAILED (errors=1, skipped=1)
1 test failed:
    test_ssl
History
Date User Action Args
2014-04-15 20:22:28ddvento@ucar.edusetrecipients: + ddvento@ucar.edu
2014-04-15 20:22:28ddvento@ucar.edusetmessageid: <1397593348.91.0.829573885546.issue21246@psf.upfronthosting.co.za>
2014-04-15 20:22:28ddvento@ucar.edulinkissue21246 messages
2014-04-15 20:22:26ddvento@ucar.educreate