TLS issue (unknown CA) on test_imaplib
Hi, test_imaplib is starting to fail randomly causing CI tests to fail and buildbots to fail randomly: http://bugs.python.org/issue30175 Can somone please take a look to help me to fix this issue which becomes blocking? test.test_imaplib.RemoteIMAP_SSLTest.test_logincapa_with_client_certfile() fails with: ssl.SSLError: [SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:749) RemoteIMAP_SSLTest uses the cyrus.andrew.cmu.edu server with the port 993. Certificate chain: 0 s:/C=US/postalCode=15213/ST=PA/L=Pittsburgh/street=5000 Forbes/O=Carnegie Mellon University/OU=Carnegie Mellon University/OU=Multi-Domain SSL/CN=cyrus.andrew.cmu.edu i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Organization Validation Secure Server CA 1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Organization Validation Secure Server CA i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority 2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root 3 s:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root Note: Would it be possible to setup an IMAP server on pythontest.net instead of using a server of an university? http://www.cmu.edu/ Victor
There's also a failure in test_nntplib: https://travis-ci.org/python/cpython/jobs/226384811#L3157-L3171 Regards Antoine. On Thu, 27 Apr 2017 14:50:43 +0200 Victor Stinner <victor.stinner@gmail.com> wrote:
Hi,
test_imaplib is starting to fail randomly causing CI tests to fail and buildbots to fail randomly: http://bugs.python.org/issue30175
Can somone please take a look to help me to fix this issue which becomes blocking?
test.test_imaplib.RemoteIMAP_SSLTest.test_logincapa_with_client_certfile() fails with:
ssl.SSLError: [SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:749)
RemoteIMAP_SSLTest uses the cyrus.andrew.cmu.edu server with the port 993.
Certificate chain:
0 s:/C=US/postalCode=15213/ST=PA/L=Pittsburgh/street=5000 Forbes/O=Carnegie Mellon University/OU=Carnegie Mellon University/OU=Multi-Domain SSL/CN=cyrus.andrew.cmu.edu i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Organization Validation Secure Server CA 1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Organization Validation Secure Server CA i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority 2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root 3 s:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
Note: Would it be possible to setup an IMAP server on pythontest.net instead of using a server of an university? http://www.cmu.edu/
Victor
2017-04-27 15:41 GMT+02:00 Antoine Pitrou <solipsis@pitrou.net>:
There's also a failure in test_nntplib: https://travis-ci.org/python/cpython/jobs/226384811#L3157-L3171
That's a different issue, unrelated to the SSL issue. EOFError is probably as old as test_nntplib, there are 2 open issues to track this bug: http://bugs.python.org/issue19613 http://bugs.python.org/issue19756 Victor
2017-04-27 15:46 GMT+02:00 Victor Stinner <victor.stinner@gmail.com>:
2017-04-27 15:41 GMT+02:00 Antoine Pitrou <solipsis@pitrou.net>:
There's also a failure in test_nntplib: https://travis-ci.org/python/cpython/jobs/226384811#L3157-L3171
That's a different issue, unrelated to the SSL issue.
EOFError is probably as old as test_nntplib, there are 2 open issues to track this bug:
Oh wait, it seems like nntplib now has a fail rate close to 100% :-/ I created http://bugs.python.org/issue30188 and wrote a fix. I included this nntplib fix in my imaplib PR... Victor
2017-04-27 17:16 GMT+02:00 Victor Stinner <victor.stinner@gmail.com>:
Oh wait, it seems like nntplib now has a fail rate close to 100% :-/ I created http://bugs.python.org/issue30188 and wrote a fix. I included this nntplib fix in my imaplib PR...
I have good news: * I pushed fixes for test_imaplib and test_nntplib in 3.5, 3.6 and master * I contacted the administrator of the NNTP server used by test_nntplib. I noticed a failure this morning (the server was unable to spawn new processes). He fixed the issue, the server should be back. I was aware that Python was using his server and doesn't seem to be annoyed by that. He wrote RFC 6048, RFC 8143, and co-authored the RFC 8054! Network News Transfer Protocol (NNTP) Additions to LIST Command https://tools.ietf.org/html/rfc6048 Using Transport Layer Security (TLS) with Network News Transfer Protocol (NNTP) https://tools.ietf.org/html/rfc8143 Network News Transfer Protocol (NNTP) Extension for Compression https://tools.ietf.org/html/rfc8054 He asked me if Python is going to support the last extension, Compression. I don't know nntplib, so I have to take a look. Victor
participants (2)
-
Antoine Pitrou -
Victor Stinner