Message 409140 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	lkraav
Recipients	christian.heimes, lkraav
Date	2021-12-24.11:47:37
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1640346457.49.0.361362317214.issue46156@roundup.psfhosted.org>
In-reply-to

Content
> I need more information to diagnose the issue. Could you please provide: > - your operating system and vendor/distribution Gentoo, so rolling, but 20 years of maintenance experience. > - your OpenSSL version (ssl.OPENSSL_VERSION) $ python Python 3.9.9 (main, Dec 21 2021, 17:21:49) [GCC 10.3.0] on linux Type "help", "copyright", "credits" or "license" for more information. @>>> import ssl @>>> print(ssl.OPENSSL_VERSION) OpenSSL 1.1.1l 24 Aug 2021 > - how did you install Python (self-compiled, pyenv, system Python)? System Python. On Gentoo, features configuration revolve around USE flags, but I don't have anything curious built with "gdbm ncurses readline sqlite ssl xml" being active: $ eix dev-lang/python$ [U] dev-lang/python Available versions: ... (3.9) 3.9.9^t{xpak} ... {berkdb bluetooth build examples gdbm hardened libedit lto +ncurses pgo +readline +sqlite +ssl test tk verify-sig wininst +xml ELIBC="uclibc"} Installed versions: 3.9.9(3.9)^t{xpak}(17:22:24 21.12.2021)(gdbm ncurses readline sqlite ssl xml -bluetooth -build -examples -hardened -lto -pgo -test -tk -verify-sig -wininst) Homepage: https://www.python.org/ Description: An interpreted, interactive, object-oriented programming language > - how did you install PyOpenSSL and cryptography? Regular system package manager install $ eix pyopenssl [I] dev-python/pyopenssl Available versions: 20.0.1^t{xpak} {doc test PYTHON_TARGETS="pypy3 python3_8 python3_9 python3_10"} Installed versions: 20.0.1^t{xpak}(11:43:07 03.06.2021)(-doc -test PYTHON_TARGETS="python3_9 -pypy3 -python3_8 -python3_10") Homepage: https://www.pyopenssl.org/ https://pypi.org/project/pyOpenSSL/ https://github.com/pyca/pyopenssl/ Description: Python interface to the OpenSSL library $ eix cryptography [I] dev-python/cryptography Available versions: 3.4.7-r2^t{xpak} **36.0.0^t {debug test PYTHON_TARGETS="pypy3 python3_8 python3_9 python3_10"} Installed versions: 3.4.7-r2^t{xpak}(16:35:10 21.12.2021)(-test PYTHON_TARGETS="python3_9 -pypy3 -python3_8 -python3_10") Homepage: https://github.com/pyca/cryptography/ https://pypi.org/project/cryptography/ Description: Library providing cryptographic recipes and primitives > - the full output of: openssl s_client -connect webapi.remote:52100 $ openssl s_client -connect webapi.remote:52100 CONNECTED(00000003) depth=0 CN = webapi.remote verify error:num=18:self signed certificate verify return:1 depth=0 CN = webapi.remote verify return:1 --- Certificate chain 0 s:CN = webapi.remote i:CN = webapi.remote --- Server certificate -----BEGIN CERTIFICATE----- <cut> -----END CERTIFICATE----- subject=CN = webapi.remote issuer=CN = webapi.remote --- No client certificate CA names sent Peer signing digest: SHA1 Peer signature type: RSA Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 1254 bytes and written 502 bytes Verification error: self signed certificate --- New, TLSv1.2, Cipher is ECDHE-RSA-AES256-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-SHA384 Session-ID: 27060000127E5AA837E96D63F5DE532C53FAD1D5C034CBF3D305B7978E9636A0 Session-ID-ctx: Master-Key: FAE8DE30BF627E7F02F8B4AA856075675FAF3A92365A1E9E8041F799E29CE809749B35514065255C62F0D449405C02B8 PSK identity: None PSK identity hint: None SRP username: None Start Time: 1640346190 Timeout : 7200 (sec) Verify return code: 18 (self signed certificate) Extended master secret: yes --- DONE

> I need more information to diagnose the issue. Could you please provide:
> - your operating system and vendor/distribution

Gentoo, so rolling, but 20 years of maintenance experience.

> - your OpenSSL version (ssl.OPENSSL_VERSION)

$ python
Python 3.9.9 (main, Dec 21 2021, 17:21:49) 
[GCC 10.3.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
@>>> import ssl
@>>> print(ssl.OPENSSL_VERSION)
OpenSSL 1.1.1l  24 Aug 2021


> - how did you install Python (self-compiled, pyenv, system Python)?

System Python. On Gentoo, features configuration revolve around USE flags, but I don't have anything curious built with "gdbm ncurses readline sqlite ssl xml" being active:

$ eix dev-lang/python$
[U] dev-lang/python
     Available versions:  
     ...
     (3.9)  3.9.9^t{xpak}
     ...
       {berkdb bluetooth build examples gdbm hardened libedit lto +ncurses pgo +readline +sqlite +ssl test tk verify-sig wininst +xml ELIBC="uclibc"}
     Installed versions:  3.9.9(3.9)^t{xpak}(17:22:24 21.12.2021)(gdbm ncurses readline sqlite ssl xml -bluetooth -build -examples -hardened -lto -pgo -test -tk -verify-sig -wininst)
     Homepage:            https://www.python.org/
     Description:         An interpreted, interactive, object-oriented programming language


> - how did you install PyOpenSSL and cryptography?

Regular system package manager install

$ eix pyopenssl
[I] dev-python/pyopenssl
     Available versions:  20.0.1^t{xpak} {doc test PYTHON_TARGETS="pypy3 python3_8 python3_9 python3_10"}
     Installed versions:  20.0.1^t{xpak}(11:43:07 03.06.2021)(-doc -test PYTHON_TARGETS="python3_9 -pypy3 -python3_8 -python3_10")
     Homepage:            https://www.pyopenssl.org/ https://pypi.org/project/pyOpenSSL/ https://github.com/pyca/pyopenssl/
     Description:         Python interface to the OpenSSL library

$ eix cryptography
[I] dev-python/cryptography
     Available versions:  3.4.7-r2^t{xpak} **36.0.0^t {debug test PYTHON_TARGETS="pypy3 python3_8 python3_9 python3_10"}
     Installed versions:  3.4.7-r2^t{xpak}(16:35:10 21.12.2021)(-test PYTHON_TARGETS="python3_9 -pypy3 -python3_8 -python3_10")
     Homepage:            https://github.com/pyca/cryptography/ https://pypi.org/project/cryptography/
     Description:         Library providing cryptographic recipes and primitives

> - the full output of: openssl s_client -connect webapi.remote:52100

$ openssl s_client -connect webapi.remote:52100                                                                                                                                                   
CONNECTED(00000003)
depth=0 CN = webapi.remote
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = webapi.remote
verify return:1
---
Certificate chain
 0 s:CN = webapi.remote
   i:CN = webapi.remote
---
Server certificate
-----BEGIN CERTIFICATE-----
<cut>
-----END CERTIFICATE-----
subject=CN = webapi.remote

issuer=CN = webapi.remote

---
No client certificate CA names sent
Peer signing digest: SHA1
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 1254 bytes and written 502 bytes
Verification error: self signed certificate
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-SHA384
    Session-ID: 27060000127E5AA837E96D63F5DE532C53FAD1D5C034CBF3D305B7978E9636A0
    Session-ID-ctx: 
    Master-Key: FAE8DE30BF627E7F02F8B4AA856075675FAF3A92365A1E9E8041F799E29CE809749B35514065255C62F0D449405C02B8
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1640346190
    Timeout   : 7200 (sec)
    Verify return code: 18 (self signed certificate)
    Extended master secret: yes
---
DONE

History
Date	User	Action	Args
2021-12-24 11:47:37	lkraav	set	recipients: + lkraav, christian.heimes
2021-12-24 11:47:37	lkraav	set	messageid: <1640346457.49.0.361362317214.issue46156@roundup.psfhosted.org>
2021-12-24 11:47:37	lkraav	link	issue46156 messages
2021-12-24 11:47:37	lkraav	create