Message 265339 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	Bennet Fauber
Recipients	Bennet Fauber
Date	2016-05-11.19:23:16
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1462994596.94.0.421418085673.issue27003@psf.upfronthosting.co.za>
In-reply-to

Content
I downloaded the source tar file for Python 3.5.1 and compiled. Upon running make test, it fails at test_networked_good_cert (test_httplib.HTTPSTest) ... ERROR Abbreviated Traceback looks like: ====================================================================== ERROR: test_networked_good_cert (test_httplib.HTTPSTest) ---------------------------------------------------------------------- Traceback (most recent call last): File "/tmp/bennet/Python-3.5.1/Lib/test/test_httplib.py", line 1325, in test_networked_good_cert h.request('GET', '/') . . . . File "/tmp/local/python-3.5.1/lib/python3.5/ssl.py", line 628, in do_handshake self._sslobj.do_handshake() ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645) I have replicated this on CentOS 7, RHEL 6.5, and Ubuntu 16.04 Xenial with GCC versions 4.8.5, 4.8.5, and 5.3.1, respectively. There was a previous bug reported about expired certificates that was closed. It appears that it's using CERT_localhost, defined at the top to be keycert.pem, and that appears to be valid: [bennet@flux-build-centos7-dev test]$ openssl x509 -in keycert.pem -text Certificate: Data: Version: 3 (0x2) Serial Number: 15548457918976213582 (0xd7c7381919afc24e) . . . . Validity Not Before: Oct 8 23:01:56 2010 GMT Not After : Oct 5 23:01:56 2020 GMT I can replicate the test outside of make with the attached script. I tried to be complete reporting and searching for this first; I apologize if I missed an obvious solution.

I downloaded the source tar file for Python 3.5.1 and compiled.  Upon running make test, it fails at

test_networked_good_cert (test_httplib.HTTPSTest) ... ERROR

Abbreviated Traceback looks like:

======================================================================
ERROR: test_networked_good_cert (test_httplib.HTTPSTest)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/tmp/bennet/Python-3.5.1/Lib/test/test_httplib.py", line 1325, in test_networked_good_cert
    h.request('GET', '/')
. . . .
  File "/tmp/local/python-3.5.1/lib/python3.5/ssl.py", line 628, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)

I have replicated this on CentOS 7, RHEL 6.5, and Ubuntu 16.04 Xenial with GCC versions 4.8.5, 4.8.5, and 5.3.1, respectively.

There was a previous bug reported about expired certificates that was closed.  It appears that it's using CERT_localhost, defined at the top to be keycert.pem, and that appears to be valid:

[bennet@flux-build-centos7-dev test]$ openssl x509 -in keycert.pem -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 15548457918976213582 (0xd7c7381919afc24e)
. . . .
        Validity
            Not Before: Oct  8 23:01:56 2010 GMT
            Not After : Oct  5 23:01:56 2020 GMT

I can replicate the test outside of make with the attached script.

I tried to be complete reporting and searching for this first; I apologize if I missed an obvious solution.

History
Date	User	Action	Args
2016-05-11 19:23:16	Bennet Fauber	set	recipients: + Bennet Fauber
2016-05-11 19:23:16	Bennet Fauber	set	messageid: <1462994596.94.0.421418085673.issue27003@psf.upfronthosting.co.za>
2016-05-11 19:23:16	Bennet Fauber	link	issue27003 messages
2016-05-11 19:23:16	Bennet Fauber	create