[issue21308] PEP 466: backport ssl changes

Ned Deily report at bugs.python.org
Sun Jul 27 12:22:43 CEST 2014 

Ned Deily added the comment:

> did you apply the patch from http://bugs.python.org/issue22023 first?

Sorry, missed that.  Let's try again with that applied as well:

OS X 10.9.4 with Xcode 5.1.1 clang and openssl 1.0.1h from MacPorts

- Modules/_ssl.c:2861:52: warning: invalid conversion specifier 'R' (see above)

- test_poplib hangs, requiring ctrl-c interrupt (see above)

- certificate verify failed in test_algorithms of test_ssl

test_ssl: testing with 'OpenSSL 1.0.1h 5 Jun 2014' (1, 0, 1, 8, 15)
          under Mac ('10.9.4', ('', '', ''), 'x86_64')
          HAS_SNI = True
          OP_ALL = 0x800003ff
          OP_NO_TLSv1_1 = 0x10000000
[...]
======================================================================
ERROR: test_algorithms (test.test_ssl.NetworkedTests)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/py/dev/27/root/uxd_macports/lib/python2.7/test/test_ssl.py", line 1475, in test_algorithms
    s.connect(remote)
  File "/py/dev/27/root/uxd_macports/lib/python2.7/ssl.py", line 810, in connect
    self._real_connect(addr, False)
  File "/py/dev/27/root/uxd_macports/lib/python2.7/ssl.py", line 801, in _real_connect
    self.do_handshake()
  File "/py/dev/27/root/uxd_macports/lib/python2.7/ssl.py", line 774, in do_handshake
    self._sslobj.do_handshake()
SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)

----------------------------------------------------------------------
Ran 99 tests in 13.035s

FAILED (errors=1, skipped=4)

when built with Apple-supplied openssl 0.9.8y on OS X 10.9.4:

- test_algorithms does not fail:

test_ssl: testing with 'OpenSSL 0.9.8y 5 Feb 2013' (0, 9, 8, 25, 15)
          under Mac ('10.9.4', ('', '', ''), 'x86_64')
          HAS_SNI = True
          OP_ALL = 0x     7ff
[...]
test_algorithms (test.test_ssl.NetworkedTests) ...
Cipher with ('sha256.tbs-internet.com', 443) is ('RC4-SHA', 'TLSv1/SSLv3', 128)
Certificate is:
{'OCSP': (u'http://ocsp.tbs-x509.com',),
 'caIssuers': (u'http://crt.tbs-internet.com/TBSX509CASGC.crt',
               u'http://crt.tbs-x509.com/TBSX509CASGC.crt'),
 'crlDistributionPoints': (u'http://crl.tbs-internet.com/TBSX509CASGC.crl',
                           u'http://crl.tbs-x509.com/TBSX509CASGC.crl'),
[...]

- a non-fatal broken pipe exception is seen

test_nonblocking_send (test.test_ssl.ThreadedTests) ...  server:  new connection from ('127.0.0.1', 50583)
 server: connection cipher is now ('AES256-SHA', 'TLSv1/SSLv3', 256)
 server: selected protocol is now None
Exception in thread Thread-36:
Traceback (most recent call last):
  File "/py/dev/27/root/uxd/lib/python2.7/threading.py", line 810, in __bootstrap_inner
    self.run()
  File "/py/dev/27/root/uxd/lib/python2.7/test/test_ssl.py", line 1636, in run
    self.write(msg.lower())
  File "/py/dev/27/root/uxd/lib/python2.7/test/test_ssl.py", line 1581, in write
    return self.sslconn.write(bytes)
  File "/py/dev/27/root/uxd/lib/python2.7/ssl.py", line 622, in write
    return self._sslobj.write(data)
error: [Errno 32] Broken pipe

ok

on OS X 10.5.8 ppc with Apple-supplied openssl 0.9.7l:

- test_rude_shutdown fails

test_ssl: testing with 'OpenSSL 0.9.7l 28 Sep 2006' (0, 9, 7, 12, 15)
          under Mac ('10.5.8', ('', '', ''), 'PowerPC')
          HAS_SNI = False
          OP_ALL = 0x     7ff
[...]
======================================================================
ERROR: test_rude_shutdown (test.test_ssl.ThreadedTests)
A brutal shutdown of an SSL server should raise an OSError
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/Volumes/cache/py/pyb5g4/27/unix/root/lib/python2.7/test/test_ssl.py", line 2139, in test_rude_shutdown
    connector()
  File "/Volumes/cache/py/pyb5g4/27/unix/root/lib/python2.7/test/test_ssl.py", line 2130, in connector
    ssl_sock = ssl.wrap_socket(c)
  File "/Volumes/cache/py/pyb5g4/27/unix/root/lib/python2.7/ssl.py", line 868, in wrap_socket
    ciphers=ciphers)
  File "/Volumes/cache/py/pyb5g4/27/unix/root/lib/python2.7/ssl.py", line 561, in __init__
    self.do_handshake()
  File "/Volumes/cache/py/pyb5g4/27/unix/root/lib/python2.7/ssl.py", line 774, in do_handshake
    self._sslobj.do_handshake()
error: [Errno 54] Connection reset by peer

----------------------------------------------------------------------
Ran 99 tests in 14.843s

FAILED (errors=1, skipped=21)

- new test/capath directory needs to be added to LIBSUBDIRS in Makefile.pre.in

----------

_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue21308>
_______________________________________

More information about the Python-bugs-list mailing list