Bug#1099277: marked as done (python-urllib3: FTBFS: E urllib3.exceptions.ProxySchemeUnsupported: TLS in TLS requires SSLContext.wrap_bio() which isn't available on non-native SSLContext)

Debian Bug Tracking System Wed, 12 Mar 2025 07:34:00 -0700

Your message dated Wed, 12 Mar 2025 11:35:41 +0000
with message-id <e1tsknb-009aaq...@fasolo.debian.org>
and subject line Bug#1099277: fixed in python-urllib3 2.3.0-2
has caused the Debian Bug report #1099277,
regarding python-urllib3: FTBFS: E           
urllib3.exceptions.ProxySchemeUnsupported: TLS in TLS requires 
SSLContext.wrap_bio() which isn't available on non-native SSLContext
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1099277: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099277
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: src:python-urllib3
Version: 2.3.0-1
Severity: serious
Tags: ftbfs trixie sid

Dear maintainer:

During a rebuild of all packages in unstable, your package failed to build:

--------------------------------------------------------------------------------
[...]
 debian/rules clean
dh clean --buildsystem=pybuild
   dh_auto_clean -O--buildsystem=pybuild
/usr/share/dh-python/dhpython/build/__init__.py:30: DeprecationWarning: 
glob.glob1 is deprecated and will be removed in Python 3.15. Use glob.glob and 
pass a directory to its root_dir argument instead.
  for i in sorted(i[7:-3] for i in glob1(dirname(__file__), 'plugin_*.py')):
/usr/share/dh-python/dhpython/build/base.py:136: DeprecationWarning: glob.glob1 
is deprecated and will be removed in Python 3.15. Use glob.glob and pass a 
directory to its root_dir argument instead.
  res = glob1(context['dir'], ftpl)
   dh_autoreconf_clean -O--buildsystem=pybuild
   debian/rules override_dh_clean
make[1]: Entering directory '/<<PKGBUILDDIR>>'
dh_clean
find . -type d -name .pytest_cache -exec rm -rf {} +
make[1]: Leaving directory '/<<PKGBUILDDIR>>'
 debian/rules binary

[... snipped ...]

E           urllib3.exceptions.ProxySchemeUnsupported: TLS in TLS requires 
SSLContext.wrap_bio() which isn't available on non-native SSLContext

urllib3/util/ssltransport.py:44: ProxySchemeUnsupported
---------------------------- Captured stderr setup -----------------------------
[2025-03-01 14:08:07 +0000] [45611] [INFO] Running on https://[::1]:36633 (CTRL 
+ C to quit)
[2025-03-01 14:08:07 +0000] [45611] [INFO] Running on https://127.0.0.1:36633 
(CTRL + C to quit)
[2025-03-01 14:08:07 +0000] [45611] [WARNING] ASGI Framework Lifespan error, 
continuing without Lifespan support
[2025-03-01 14:08:07 +0000] [45611] [INFO] Running on https://[::1]:37681 (CTRL 
+ C to quit)
[2025-03-01 14:08:07 +0000] [45611] [INFO] Running on https://127.0.0.1:37681 
(CTRL + C to quit)
------------------------------ Captured log setup ------------------------------
INFO     hypercorn.error:logging.py:106 Running on https://[::1]:36633 (CTRL + 
C to quit)
INFO     hypercorn.error:logging.py:106 Running on https://127.0.0.1:36633 
(CTRL + C to quit)
WARNING  hypercorn.error:logging.py:102 ASGI Framework Lifespan error, 
continuing without Lifespan support
INFO     hypercorn.error:logging.py:106 Running on https://[::1]:37681 (CTRL + 
C to quit)
INFO     hypercorn.error:logging.py:106 Running on https://127.0.0.1:37681 
(CTRL + C to quit)
____ TestHTTPSProxyVerification.test_https_proxy_assert_hostname[127.0.0.1] ____

self = <test.with_dummyserver.test_proxy_poolmanager.TestHTTPSProxyVerification 
object at 0x7f2bbc1a68b0>
san_proxy_with_server = (ServerConfig(scheme='https', host='127.0.0.1', 
port=43557, ca_certs='/tmp/pytest-of-buildd/pytest-0/certs28/ca.pem'), 
ServerConfig(scheme='https', host='localhost', port=36327, 
ca_certs='/tmp/pytest-of-buildd/pytest-0/certs28/ca.pem'))

    def test_https_proxy_assert_hostname(
        self, san_proxy_with_server: tuple[ServerConfig, ServerConfig]
    ) -> None:
        proxy, server = san_proxy_with_server
        destination_url = f"https://{server.host}:{server.port}";
    
        with proxy_from_url(
            proxy.base_url, ca_certs=proxy.ca_certs, 
proxy_assert_hostname=proxy.host
        ) as https:
>           https.request("GET", destination_url)

test/with_dummyserver/test_proxy_poolmanager.py:772: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
urllib3/_request_methods.py:135: in request
    return self.request_encode_url(
urllib3/_request_methods.py:182: in request_encode_url
    return self.urlopen(method, url, **extra_kw)
urllib3/poolmanager.py:633: in urlopen
    return super().urlopen(method, url, redirect=redirect, **kw)
urllib3/poolmanager.py:443: in urlopen
    response = conn.urlopen(method, u.request_uri, **kw)
urllib3/connectionpool.py:773: in urlopen
    self._prepare_proxy(conn)
urllib3/connectionpool.py:1042: in _prepare_proxy
    conn.connect()
urllib3/connection.py:741: in connect
    sock_and_verified = _ssl_wrap_socket_and_match_hostname(
urllib3/connection.py:920: in _ssl_wrap_socket_and_match_hostname
    ssl_sock = ssl_wrap_socket(
urllib3/util/ssl_.py:460: in ssl_wrap_socket
    ssl_sock = _ssl_wrap_socket_impl(sock, context, tls_in_tls, server_hostname)
urllib3/util/ssl_.py:501: in _ssl_wrap_socket_impl
    SSLTransport._validate_ssl_context_for_tls_in_tls(ssl_context)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

ssl_context = <urllib3.contrib.pyopenssl.PyOpenSSLContext object at 
0x7f2bb8c89050>

    @staticmethod
    def _validate_ssl_context_for_tls_in_tls(ssl_context: ssl.SSLContext) -> 
None:
        """
        Raises a ProxySchemeUnsupported if the provided ssl_context can't be 
used
        for TLS in TLS.
    
        The only requirement is that the ssl_context provides the 'wrap_bio'
        methods.
        """
    
        if not hasattr(ssl_context, "wrap_bio"):
>           raise ProxySchemeUnsupported(
                "TLS in TLS requires SSLContext.wrap_bio() which isn't "
                "available on non-native SSLContext"
            )
E           urllib3.exceptions.ProxySchemeUnsupported: TLS in TLS requires 
SSLContext.wrap_bio() which isn't available on non-native SSLContext

urllib3/util/ssltransport.py:44: ProxySchemeUnsupported
---------------------------- Captured stderr setup -----------------------------
[2025-03-01 14:08:10 +0000] [45611] [INFO] Running on https://[::1]:36327 (CTRL 
+ C to quit)
[2025-03-01 14:08:10 +0000] [45611] [INFO] Running on https://127.0.0.1:36327 
(CTRL + C to quit)
[2025-03-01 14:08:10 +0000] [45611] [WARNING] ASGI Framework Lifespan error, 
continuing without Lifespan support
[2025-03-01 14:08:10 +0000] [45611] [INFO] Running on https://127.0.0.1:43557 
(CTRL + C to quit)
------------------------------ Captured log setup ------------------------------
INFO     hypercorn.error:logging.py:106 Running on https://[::1]:36327 (CTRL + 
C to quit)
INFO     hypercorn.error:logging.py:106 Running on https://127.0.0.1:36327 
(CTRL + C to quit)
WARNING  hypercorn.error:logging.py:102 ASGI Framework Lifespan error, 
continuing without Lifespan support
INFO     hypercorn.error:logging.py:106 Running on https://127.0.0.1:43557 
(CTRL + C to quit)
_______ TestHTTPSProxyVerification.test_https_proxy_assert_hostname[::1] _______

self = <test.with_dummyserver.test_proxy_poolmanager.TestHTTPSProxyVerification 
object at 0x7f2bbbfbef90>
san_proxy_with_server = (ServerConfig(scheme='https', host='::1', port=34251, 
ca_certs='/tmp/pytest-of-buildd/pytest-0/certs29/ca.pem'), 
ServerConfig(scheme='https', host='localhost', port=41995, 
ca_certs='/tmp/pytest-of-buildd/pytest-0/certs29/ca.pem'))

    def test_https_proxy_assert_hostname(
        self, san_proxy_with_server: tuple[ServerConfig, ServerConfig]
    ) -> None:
        proxy, server = san_proxy_with_server
        destination_url = f"https://{server.host}:{server.port}";
    
        with proxy_from_url(
            proxy.base_url, ca_certs=proxy.ca_certs, 
proxy_assert_hostname=proxy.host
        ) as https:
>           https.request("GET", destination_url)

test/with_dummyserver/test_proxy_poolmanager.py:772: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
urllib3/_request_methods.py:135: in request
    return self.request_encode_url(
urllib3/_request_methods.py:182: in request_encode_url
    return self.urlopen(method, url, **extra_kw)
urllib3/poolmanager.py:633: in urlopen
    return super().urlopen(method, url, redirect=redirect, **kw)
urllib3/poolmanager.py:443: in urlopen
    response = conn.urlopen(method, u.request_uri, **kw)
urllib3/connectionpool.py:773: in urlopen
    self._prepare_proxy(conn)
urllib3/connectionpool.py:1042: in _prepare_proxy
    conn.connect()
urllib3/connection.py:741: in connect
    sock_and_verified = _ssl_wrap_socket_and_match_hostname(
urllib3/connection.py:920: in _ssl_wrap_socket_and_match_hostname
    ssl_sock = ssl_wrap_socket(
urllib3/util/ssl_.py:460: in ssl_wrap_socket
    ssl_sock = _ssl_wrap_socket_impl(sock, context, tls_in_tls, server_hostname)
urllib3/util/ssl_.py:501: in _ssl_wrap_socket_impl
    SSLTransport._validate_ssl_context_for_tls_in_tls(ssl_context)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

ssl_context = <urllib3.contrib.pyopenssl.PyOpenSSLContext object at 
0x7f2bb8bbb1d0>

    @staticmethod
    def _validate_ssl_context_for_tls_in_tls(ssl_context: ssl.SSLContext) -> 
None:
        """
        Raises a ProxySchemeUnsupported if the provided ssl_context can't be 
used
        for TLS in TLS.
    
        The only requirement is that the ssl_context provides the 'wrap_bio'
        methods.
        """
    
        if not hasattr(ssl_context, "wrap_bio"):
>           raise ProxySchemeUnsupported(
                "TLS in TLS requires SSLContext.wrap_bio() which isn't "
                "available on non-native SSLContext"
            )
E           urllib3.exceptions.ProxySchemeUnsupported: TLS in TLS requires 
SSLContext.wrap_bio() which isn't available on non-native SSLContext

urllib3/util/ssltransport.py:44: ProxySchemeUnsupported
---------------------------- Captured stderr setup -----------------------------
[2025-03-01 14:08:13 +0000] [45611] [INFO] Running on https://[::1]:41995 (CTRL 
+ C to quit)
[2025-03-01 14:08:13 +0000] [45611] [INFO] Running on https://127.0.0.1:41995 
(CTRL + C to quit)
[2025-03-01 14:08:13 +0000] [45611] [WARNING] ASGI Framework Lifespan error, 
continuing without Lifespan support
[2025-03-01 14:08:13 +0000] [45611] [INFO] Running on https://[::1]:34251 (CTRL 
+ C to quit)
------------------------------ Captured log setup ------------------------------
INFO     hypercorn.error:logging.py:106 Running on https://[::1]:41995 (CTRL + 
C to quit)
INFO     hypercorn.error:logging.py:106 Running on https://127.0.0.1:41995 
(CTRL + C to quit)
WARNING  hypercorn.error:logging.py:102 ASGI Framework Lifespan error, 
continuing without Lifespan support
INFO     hypercorn.error:logging.py:106 Running on https://[::1]:34251 (CTRL + 
C to quit)
_ TestHTTPSProxyVerification.test_https_proxy_assert_hostname_non_matching[::1] 
_

self = <test.with_dummyserver.test_proxy_poolmanager.TestHTTPSProxyVerification 
object at 0x7f2bbbcc4d50>
san_proxy_with_server = (ServerConfig(scheme='https', host='::1', port=33271, 
ca_certs='/tmp/pytest-of-buildd/pytest-0/certs32/ca.pem'), 
ServerConfig(scheme='https', host='localhost', port=36643, 
ca_certs='/tmp/pytest-of-buildd/pytest-0/certs32/ca.pem'))

    def test_https_proxy_assert_hostname_non_matching(
        self, san_proxy_with_server: tuple[ServerConfig, ServerConfig]
    ) -> None:
        proxy, server = san_proxy_with_server
        destination_url = f"https://{server.host}:{server.port}";
    
        proxy_hostname = "example.com"
        with proxy_from_url(
            proxy.base_url,
            ca_certs=proxy.ca_certs,
            proxy_assert_hostname=proxy_hostname,
        ) as https:
            with pytest.raises(MaxRetryError) as e:
                https.request("GET", destination_url)
    
            proxy_host = self._get_certificate_formatted_proxy_host(proxy.host)
            msg = f"hostname \\'{proxy_hostname}\\' doesn\\'t match 
\\'{proxy_host}\\'"
>           assert msg in str(e)
E           assert "hostname \\'example.com\\' doesn\\'t match 
\\'0:0:0:0:0:0:0:1\\'" in '<ExceptionInfo 
MaxRetryError(\'HTTPSConnectionPool(host=\\\'localhost\\\', port=36643): Max 
retries exceeded with url...t to proxy\\\', SSLError(CertificateError("hostname 
\\\'example.com\\\' doesn\\\'t match \\\'::1\\\'"))))\') tblen=10>'
E            +  where '<ExceptionInfo 
MaxRetryError(\'HTTPSConnectionPool(host=\\\'localhost\\\', port=36643): Max 
retries exceeded with url...t to proxy\\\', SSLError(CertificateError("hostname 
\\\'example.com\\\' doesn\\\'t match \\\'::1\\\'"))))\') tblen=10>' = 
str(<ExceptionInfo MaxRetryError('HTTPSConnectionPool(host=\'localhost\', 
port=36643): Max retries exceeded with url: / (C...able to connect to proxy\', 
SSLError(CertificateError("hostname \'example.com\' doesn\'t match 
\'::1\'"))))') tblen=10>)

test/with_dummyserver/test_proxy_poolmanager.py:791: AssertionError
---------------------------- Captured stderr setup -----------------------------
[2025-03-01 14:08:17 +0000] [45611] [INFO] Running on https://[::1]:36643 (CTRL 
+ C to quit)
[2025-03-01 14:08:17 +0000] [45611] [INFO] Running on https://127.0.0.1:36643 
(CTRL + C to quit)
[2025-03-01 14:08:17 +0000] [45611] [WARNING] ASGI Framework Lifespan error, 
continuing without Lifespan support
[2025-03-01 14:08:17 +0000] [45611] [INFO] Running on https://[::1]:33271 (CTRL 
+ C to quit)
------------------------------ Captured log setup ------------------------------
INFO     hypercorn.error:logging.py:106 Running on https://[::1]:36643 (CTRL + 
C to quit)
INFO     hypercorn.error:logging.py:106 Running on https://127.0.0.1:36643 
(CTRL + C to quit)
WARNING  hypercorn.error:logging.py:102 ASGI Framework Lifespan error, 
continuing without Lifespan support
INFO     hypercorn.error:logging.py:106 Running on https://[::1]:33271 (CTRL + 
C to quit)
------------------------------ Captured log call -------------------------------
WARNING  urllib3.connection:connection.py:986 Certificate did not match 
expected hostname: example.com. Certificate: {'subject': ((('commonName', 
None),),), 'subjectAltName': [('IP Address', '::1')]}
WARNING  urllib3.connectionpool:connectionpool.py:868 Retrying (Retry(total=2, 
connect=None, read=None, redirect=None, status=None)) after connection broken 
by 'CertificateError("hostname 'example.com' doesn't match '::1'")': /
WARNING  urllib3.connection:connection.py:986 Certificate did not match 
expected hostname: example.com. Certificate: {'subject': ((('commonName', 
None),),), 'subjectAltName': [('IP Address', '::1')]}
WARNING  urllib3.connectionpool:connectionpool.py:868 Retrying (Retry(total=1, 
connect=None, read=None, redirect=None, status=None)) after connection broken 
by 'CertificateError("hostname 'example.com' doesn't match '::1'")': /
WARNING  urllib3.connection:connection.py:986 Certificate did not match 
expected hostname: example.com. Certificate: {'subject': ((('commonName', 
None),),), 'subjectAltName': [('IP Address', '::1')]}
WARNING  urllib3.connectionpool:connectionpool.py:868 Retrying (Retry(total=0, 
connect=None, read=None, redirect=None, status=None)) after connection broken 
by 'CertificateError("hostname 'example.com' doesn't match '::1'")': /
WARNING  urllib3.connection:connection.py:986 Certificate did not match 
expected hostname: example.com. Certificate: {'subject': ((('commonName', 
None),),), 'subjectAltName': [('IP Address', '::1')]}
_____________ TestHTTPSProxyVerification.test_https_proxy_ipv4_san _____________

self = <test.with_dummyserver.test_proxy_poolmanager.TestHTTPSProxyVerification 
object at 0x7f2bbca53200>
ipv4_san_proxy_with_server = (ServerConfig(scheme='https', host='127.0.0.1', 
port=43385, ca_certs='/tmp/pytest-of-buildd/pytest-0/certs34/ca.pem'), 
ServerConfig(scheme='https', host='localhost', port=41353, 
ca_certs='/tmp/pytest-of-buildd/pytest-0/certs34/ca.pem'))

    def test_https_proxy_ipv4_san(
        self, ipv4_san_proxy_with_server: tuple[ServerConfig, ServerConfig]
    ) -> None:
        proxy, server = ipv4_san_proxy_with_server
        proxy_url = f"https://{proxy.host}:{proxy.port}";
        destination_url = f"https://{server.host}:{server.port}";
        with proxy_from_url(proxy_url, ca_certs=proxy.ca_certs) as https:
>           r = https.request("GET", destination_url)

test/with_dummyserver/test_proxy_poolmanager.py:829: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
urllib3/_request_methods.py:135: in request
    return self.request_encode_url(
urllib3/_request_methods.py:182: in request_encode_url
    return self.urlopen(method, url, **extra_kw)
urllib3/poolmanager.py:633: in urlopen
    return super().urlopen(method, url, redirect=redirect, **kw)
urllib3/poolmanager.py:443: in urlopen
    response = conn.urlopen(method, u.request_uri, **kw)
urllib3/connectionpool.py:773: in urlopen
    self._prepare_proxy(conn)
urllib3/connectionpool.py:1042: in _prepare_proxy
    conn.connect()
urllib3/connection.py:741: in connect
    sock_and_verified = _ssl_wrap_socket_and_match_hostname(
urllib3/connection.py:920: in _ssl_wrap_socket_and_match_hostname
    ssl_sock = ssl_wrap_socket(
urllib3/util/ssl_.py:460: in ssl_wrap_socket
    ssl_sock = _ssl_wrap_socket_impl(sock, context, tls_in_tls, server_hostname)
urllib3/util/ssl_.py:501: in _ssl_wrap_socket_impl
    SSLTransport._validate_ssl_context_for_tls_in_tls(ssl_context)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

ssl_context = <urllib3.contrib.pyopenssl.PyOpenSSLContext object at 
0x7f2bb8c884d0>

    @staticmethod
    def _validate_ssl_context_for_tls_in_tls(ssl_context: ssl.SSLContext) -> 
None:
        """
        Raises a ProxySchemeUnsupported if the provided ssl_context can't be 
used
        for TLS in TLS.
    
        The only requirement is that the ssl_context provides the 'wrap_bio'
        methods.
        """
    
        if not hasattr(ssl_context, "wrap_bio"):
>           raise ProxySchemeUnsupported(
                "TLS in TLS requires SSLContext.wrap_bio() which isn't "
                "available on non-native SSLContext"
            )
E           urllib3.exceptions.ProxySchemeUnsupported: TLS in TLS requires 
SSLContext.wrap_bio() which isn't available on non-native SSLContext

urllib3/util/ssltransport.py:44: ProxySchemeUnsupported
---------------------------- Captured stderr setup -----------------------------
[2025-03-01 14:08:17 +0000] [45611] [INFO] Running on https://[::1]:41353 (CTRL 
+ C to quit)
[2025-03-01 14:08:17 +0000] [45611] [INFO] Running on https://127.0.0.1:41353 
(CTRL + C to quit)
[2025-03-01 14:08:17 +0000] [45611] [WARNING] ASGI Framework Lifespan error, 
continuing without Lifespan support
[2025-03-01 14:08:17 +0000] [45611] [INFO] Running on https://127.0.0.1:43385 
(CTRL + C to quit)
------------------------------ Captured log setup ------------------------------
INFO     hypercorn.error:logging.py:106 Running on https://[::1]:41353 (CTRL + 
C to quit)
INFO     hypercorn.error:logging.py:106 Running on https://127.0.0.1:41353 
(CTRL + C to quit)
WARNING  hypercorn.error:logging.py:102 ASGI Framework Lifespan error, 
continuing without Lifespan support
INFO     hypercorn.error:logging.py:106 Running on https://127.0.0.1:43385 
(CTRL + C to quit)
_____________ TestHTTPSProxyVerification.test_https_proxy_ipv6_san _____________

self = <test.with_dummyserver.test_proxy_poolmanager.TestHTTPSProxyVerification 
object at 0x7f2bbca53020>
ipv6_san_proxy_with_server = (ServerConfig(scheme='https', host='::1', 
port=41983, ca_certs='/tmp/pytest-of-buildd/pytest-0/certs35/ca.pem'), 
ServerConfig(scheme='https', host='localhost', port=33097, 
ca_certs='/tmp/pytest-of-buildd/pytest-0/certs35/ca.pem'))

    def test_https_proxy_ipv6_san(
        self, ipv6_san_proxy_with_server: tuple[ServerConfig, ServerConfig]
    ) -> None:
        proxy, server = ipv6_san_proxy_with_server
        proxy_url = f"https://[{proxy.host}]:{proxy.port}";
        destination_url = f"https://{server.host}:{server.port}";
        with proxy_from_url(proxy_url, ca_certs=proxy.ca_certs) as https:
>           r = https.request("GET", destination_url)

test/with_dummyserver/test_proxy_poolmanager.py:839: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
urllib3/_request_methods.py:135: in request
    return self.request_encode_url(
urllib3/_request_methods.py:182: in request_encode_url
    return self.urlopen(method, url, **extra_kw)
urllib3/poolmanager.py:633: in urlopen
    return super().urlopen(method, url, redirect=redirect, **kw)
urllib3/poolmanager.py:443: in urlopen
    response = conn.urlopen(method, u.request_uri, **kw)
urllib3/connectionpool.py:773: in urlopen
    self._prepare_proxy(conn)
urllib3/connectionpool.py:1042: in _prepare_proxy
    conn.connect()
urllib3/connection.py:741: in connect
    sock_and_verified = _ssl_wrap_socket_and_match_hostname(
urllib3/connection.py:920: in _ssl_wrap_socket_and_match_hostname
    ssl_sock = ssl_wrap_socket(
urllib3/util/ssl_.py:460: in ssl_wrap_socket
    ssl_sock = _ssl_wrap_socket_impl(sock, context, tls_in_tls, server_hostname)
urllib3/util/ssl_.py:501: in _ssl_wrap_socket_impl
    SSLTransport._validate_ssl_context_for_tls_in_tls(ssl_context)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

ssl_context = <urllib3.contrib.pyopenssl.PyOpenSSLContext object at 
0x7f2bba0428d0>

    @staticmethod
    def _validate_ssl_context_for_tls_in_tls(ssl_context: ssl.SSLContext) -> 
None:
        """
        Raises a ProxySchemeUnsupported if the provided ssl_context can't be 
used
        for TLS in TLS.
    
        The only requirement is that the ssl_context provides the 'wrap_bio'
        methods.
        """
    
        if not hasattr(ssl_context, "wrap_bio"):
>           raise ProxySchemeUnsupported(
                "TLS in TLS requires SSLContext.wrap_bio() which isn't "
                "available on non-native SSLContext"
            )
E           urllib3.exceptions.ProxySchemeUnsupported: TLS in TLS requires 
SSLContext.wrap_bio() which isn't available on non-native SSLContext

urllib3/util/ssltransport.py:44: ProxySchemeUnsupported
---------------------------- Captured stderr setup -----------------------------
[2025-03-01 14:08:20 +0000] [45611] [INFO] Running on https://[::1]:33097 (CTRL 
+ C to quit)
[2025-03-01 14:08:20 +0000] [45611] [INFO] Running on https://127.0.0.1:33097 
(CTRL + C to quit)
[2025-03-01 14:08:20 +0000] [45611] [WARNING] ASGI Framework Lifespan error, 
continuing without Lifespan support
[2025-03-01 14:08:20 +0000] [45611] [INFO] Running on https://[::1]:41983 (CTRL 
+ C to quit)
------------------------------ Captured log setup ------------------------------
INFO     hypercorn.error:logging.py:106 Running on https://[::1]:33097 (CTRL + 
C to quit)
INFO     hypercorn.error:logging.py:106 Running on https://127.0.0.1:33097 
(CTRL + C to quit)
WARNING  hypercorn.error:logging.py:102 ASGI Framework Lifespan error, 
continuing without Lifespan support
INFO     hypercorn.error:logging.py:106 Running on https://[::1]:41983 (CTRL + 
C to quit)
_ 
TestHTTPSProxyVerification.test_https_proxy_no_san_hostname_checks_common_name _

self = <test.with_dummyserver.test_proxy_poolmanager.TestHTTPSProxyVerification 
object at 0x7f2bbbe6f5f0>
no_san_proxy_with_server = (ServerConfig(scheme='https', host='localhost', 
port=42679, ca_certs='/tmp/pytest-of-buildd/pytest-0/certs38/ca.pem'), 
ServerConfig(scheme='https', host='localhost', port=39083, 
ca_certs='/tmp/pytest-of-buildd/pytest-0/certs38/ca.pem'))

    def test_https_proxy_no_san_hostname_checks_common_name(
        self, no_san_proxy_with_server: tuple[ServerConfig, ServerConfig]
    ) -> None:
        proxy, server = no_san_proxy_with_server
        proxy_url = f"https://{proxy.host}:{proxy.port}";
        destination_url = f"https://{server.host}:{server.port}";
    
        proxy_ctx = urllib3.util.ssl_.create_urllib3_context()
        try:
            proxy_ctx.hostname_checks_common_name = True
        # PyPy doesn't like us setting 'hostname_checks_common_name'
        # but also has it enabled by default so we need to handle that.
        except AttributeError:
            pass
        if getattr(proxy_ctx, "hostname_checks_common_name", False) is not True:
            pytest.skip("Test requires 
'SSLContext.hostname_checks_common_name=True'")
    
        with proxy_from_url(
            proxy_url, ca_certs=proxy.ca_certs, proxy_ssl_context=proxy_ctx
        ) as https:
>           https.request("GET", destination_url)

test/with_dummyserver/test_proxy_poolmanager.py:885: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
urllib3/_request_methods.py:135: in request
    return self.request_encode_url(
urllib3/_request_methods.py:182: in request_encode_url
    return self.urlopen(method, url, **extra_kw)
urllib3/poolmanager.py:633: in urlopen
    return super().urlopen(method, url, redirect=redirect, **kw)
urllib3/poolmanager.py:443: in urlopen
    response = conn.urlopen(method, u.request_uri, **kw)
urllib3/connectionpool.py:773: in urlopen
    self._prepare_proxy(conn)
urllib3/connectionpool.py:1042: in _prepare_proxy
    conn.connect()
urllib3/connection.py:741: in connect
    sock_and_verified = _ssl_wrap_socket_and_match_hostname(
urllib3/connection.py:920: in _ssl_wrap_socket_and_match_hostname
    ssl_sock = ssl_wrap_socket(
urllib3/util/ssl_.py:460: in ssl_wrap_socket
    ssl_sock = _ssl_wrap_socket_impl(sock, context, tls_in_tls, server_hostname)
urllib3/util/ssl_.py:501: in _ssl_wrap_socket_impl
    SSLTransport._validate_ssl_context_for_tls_in_tls(ssl_context)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

ssl_context = <urllib3.contrib.pyopenssl.PyOpenSSLContext object at 
0x7f2bba2f4f50>

    @staticmethod
    def _validate_ssl_context_for_tls_in_tls(ssl_context: ssl.SSLContext) -> 
None:
        """
        Raises a ProxySchemeUnsupported if the provided ssl_context can't be 
used
        for TLS in TLS.
    
        The only requirement is that the ssl_context provides the 'wrap_bio'
        methods.
        """
    
        if not hasattr(ssl_context, "wrap_bio"):
>           raise ProxySchemeUnsupported(
                "TLS in TLS requires SSLContext.wrap_bio() which isn't "
                "available on non-native SSLContext"
            )
E           urllib3.exceptions.ProxySchemeUnsupported: TLS in TLS requires 
SSLContext.wrap_bio() which isn't available on non-native SSLContext

urllib3/util/ssltransport.py:44: ProxySchemeUnsupported
---------------------------- Captured stderr setup -----------------------------
[2025-03-01 14:08:24 +0000] [45611] [INFO] Running on https://[::1]:39083 (CTRL 
+ C to quit)
[2025-03-01 14:08:24 +0000] [45611] [INFO] Running on https://127.0.0.1:39083 
(CTRL + C to quit)
[2025-03-01 14:08:24 +0000] [45611] [WARNING] ASGI Framework Lifespan error, 
continuing without Lifespan support
[2025-03-01 14:08:24 +0000] [45611] [INFO] Running on https://[::1]:42679 (CTRL 
+ C to quit)
[2025-03-01 14:08:24 +0000] [45611] [INFO] Running on https://127.0.0.1:42679 
(CTRL + C to quit)
------------------------------ Captured log setup ------------------------------
INFO     hypercorn.error:logging.py:106 Running on https://[::1]:39083 (CTRL + 
C to quit)
INFO     hypercorn.error:logging.py:106 Running on https://127.0.0.1:39083 
(CTRL + C to quit)
WARNING  hypercorn.error:logging.py:102 ASGI Framework Lifespan error, 
continuing without Lifespan support
INFO     hypercorn.error:logging.py:106 Running on https://[::1]:42679 (CTRL + 
C to quit)
INFO     hypercorn.error:logging.py:106 Running on https://127.0.0.1:42679 
(CTRL + C to quit)
=============================== warnings summary ===============================
test/contrib/test_pyopenssl.py: 15 warnings
test/with_dummyserver/test_socketlevel.py: 17 warnings
  
/<<PKGBUILDDIR>>/.pybuild/cpython3_3.13_urllib3/build/test/with_dummyserver/test_socketlevel.py:158:
 DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
    context = ssl.SSLContext(ssl_version)

test/contrib/test_socks.py: 17 warnings
  
/<<PKGBUILDDIR>>/.pybuild/cpython3_3.13_urllib3/build/dummyserver/socketserver.py:125:
 NoIPv6Warning: No IPv6 support. Falling back to IPv4.
    warnings.warn("No IPv6 support. Falling back to IPv4.", NoIPv6Warning)

test/contrib/test_socks.py::TestSOCKSWithTLS::test_basic_request
  
/<<PKGBUILDDIR>>/.pybuild/cpython3_3.13_urllib3/build/test/contrib/test_socks.py:745:
 DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
    context = better_ssl.SSLContext(ssl.PROTOCOL_SSLv23)  # type: ignore[misc]

test/test_ssl.py::TestSSL::test_create_urllib3_context_ssl_version_and_ssl_min_max_version_no_error[kwargs0]
test/test_ssl.py::TestSSL::test_create_urllib3_context_ssl_version_and_ssl_min_max_version_no_error[kwargs1]
test/test_ssl.py::TestSSL::test_create_urllib3_context_ssl_version_and_ssl_min_max_version_no_error[kwargs2]
  
/<<PKGBUILDDIR>>/.pybuild/cpython3_3.13_urllib3/build/urllib3/util/ssl_.py:291: 
DeprecationWarning: ssl.TLSVersion.TLSv1 is deprecated
    context.minimum_version = ssl_minimum_version

test/test_ssl.py::TestSSL::test_create_urllib3_context_ssl_version_and_ssl_min_max_version_no_error[kwargs0]
test/test_ssl.py::TestSSL::test_create_urllib3_context_ssl_version_and_ssl_min_max_version_no_error[kwargs1]
test/test_ssl.py::TestSSL::test_create_urllib3_context_ssl_version_and_ssl_min_max_version_no_error[kwargs2]
  
/<<PKGBUILDDIR>>/.pybuild/cpython3_3.13_urllib3/build/urllib3/util/ssl_.py:296: 
DeprecationWarning: ssl.TLSVersion.TLSv1 is deprecated
    context.maximum_version = ssl_maximum_version

test/with_dummyserver/test_connectionpool.py::TestConnectionPool::test_source_address
  
/<<PKGBUILDDIR>>/.pybuild/cpython3_3.13_urllib3/build/test/with_dummyserver/test_connectionpool.py:814:
 NoIPv6Warning: No IPv6 support: skipping.
    warnings.warn("No IPv6 support: skipping.", NoIPv6Warning)

-- Docs: https://docs.pytest.org/en/stable/how-to/capture-warnings.html
=========================== short test summary info ============================
FAILED 
test/with_dummyserver/test_proxy_poolmanager.py::TestHTTPProxyManager::test_https_proxy
 - assert 500 == 200
 +  where 500 = <urllib3.response.HTTPResponse object at 0x7f2bba09f820>.status
FAILED 
test/with_dummyserver/test_proxy_poolmanager.py::TestHTTPProxyManager::test_is_verified_https_proxy_to_http_target
 - assert 500 == 200
 +  where 500 = <urllib3.response.HTTPResponse object at 0x7f2bb9f17130>.status
FAILED 
test/with_dummyserver/test_proxy_poolmanager.py::TestHTTPProxyManager::test_http_and_https_kwarg_ca_cert_data_proxy
 - assert 500 == 200
 +  where 500 = <urllib3.response.HTTPResponse object at 0x7f2bb9f170d0>.status
FAILED 
test/with_dummyserver/test_proxy_poolmanager.py::TestHTTPProxyManager::test_https_proxy_with_proxy_ssl_context
 - assert 500 == 200
 +  where 500 = <urllib3.response.HTTPResponse object at 0x7f2bba09dc60>.status
FAILED 
test/with_dummyserver/test_proxy_poolmanager.py::TestHTTPProxyManager::test_https_proxy_pyopenssl_not_supported
 - assert 500 == 200
 +  where 500 = <urllib3.response.HTTPResponse object at 0x7f2bba09ecb0>.status
FAILED 
test/with_dummyserver/test_proxy_poolmanager.py::TestHTTPProxyManager::test_https_proxy_forwarding_for_https
 - assert 500 == 200
 +  where 500 = <urllib3.response.HTTPResponse object at 0x7f2bba09da50>.status
FAILED 
test/with_dummyserver/test_proxy_poolmanager.py::TestHTTPProxyManager::test_https_headers
 - json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
FAILED 
test/with_dummyserver/test_proxy_poolmanager.py::TestHTTPProxyManager::test_https_headers_forwarding_for_https
 - json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
FAILED 
test/with_dummyserver/test_proxy_poolmanager.py::TestHTTPSProxyVerification::test_https_proxy_assert_fingerprint_md5
 - urllib3.exceptions.ProxySchemeUnsupported: TLS in TLS requires 
SSLContext.wrap_bio() which isn't available on non-native SSLContext
FAILED 
test/with_dummyserver/test_proxy_poolmanager.py::TestHTTPSProxyVerification::test_https_proxy_assert_hostname[localhost]
 - urllib3.exceptions.ProxySchemeUnsupported: TLS in TLS requires 
SSLContext.wrap_bio() which isn't available on non-native SSLContext
FAILED 
test/with_dummyserver/test_proxy_poolmanager.py::TestHTTPSProxyVerification::test_https_proxy_assert_hostname[127.0.0.1]
 - urllib3.exceptions.ProxySchemeUnsupported: TLS in TLS requires 
SSLContext.wrap_bio() which isn't available on non-native SSLContext
FAILED 
test/with_dummyserver/test_proxy_poolmanager.py::TestHTTPSProxyVerification::test_https_proxy_assert_hostname[::1]
 - urllib3.exceptions.ProxySchemeUnsupported: TLS in TLS requires 
SSLContext.wrap_bio() which isn't available on non-native SSLContext
FAILED 
test/with_dummyserver/test_proxy_poolmanager.py::TestHTTPSProxyVerification::test_https_proxy_assert_hostname_non_matching[::1]
 - assert "hostname \\'example.com\\' doesn\\'t match \\'0:0:0:0:0:0:0:1\\'" in 
'<ExceptionInfo MaxRetryError(\'HTTPSConnectionPool(host=\\\'localhost\\\', 
port=36643): Max retries exceeded with url...t to proxy\\\', 
SSLError(CertificateError("hostname \\\'example.com\\\' doesn\\\'t match 
\\\'::1\\\'"))))\') tblen=10>'
 +  where '<ExceptionInfo 
MaxRetryError(\'HTTPSConnectionPool(host=\\\'localhost\\\', port=36643): Max 
retries exceeded with url...t to proxy\\\', SSLError(CertificateError("hostname 
\\\'example.com\\\' doesn\\\'t match \\\'::1\\\'"))))\') tblen=10>' = 
str(<ExceptionInfo MaxRetryError('HTTPSConnectionPool(host=\'localhost\', 
port=36643): Max retries exceeded with url: / (C...able to connect to proxy\', 
SSLError(CertificateError("hostname \'example.com\' doesn\'t match 
\'::1\'"))))') tblen=10>)
FAILED 
test/with_dummyserver/test_proxy_poolmanager.py::TestHTTPSProxyVerification::test_https_proxy_ipv4_san
 - urllib3.exceptions.ProxySchemeUnsupported: TLS in TLS requires 
SSLContext.wrap_bio() which isn't available on non-native SSLContext
FAILED 
test/with_dummyserver/test_proxy_poolmanager.py::TestHTTPSProxyVerification::test_https_proxy_ipv6_san
 - urllib3.exceptions.ProxySchemeUnsupported: TLS in TLS requires 
SSLContext.wrap_bio() which isn't available on non-native SSLContext
FAILED 
test/with_dummyserver/test_proxy_poolmanager.py::TestHTTPSProxyVerification::test_https_proxy_no_san_hostname_checks_common_name
 - urllib3.exceptions.ProxySchemeUnsupported: TLS in TLS requires 
SSLContext.wrap_bio() which isn't available on non-native SSLContext
= 16 failed, 1808 passed, 279 skipped, 41 deselected, 4 xfailed, 57 warnings in 
68.12s (0:01:08) =
E: pybuild pybuild:389: test: plugin pyproject failed with: exit code=1: cd 
/<<PKGBUILDDIR>>/.pybuild/cpython3_3.13_urllib3/build; python3.13 -m pytest -k 
"not requires_network and not test_recent_date"
dh_auto_test: error: pybuild --test -i python{version} -p 3.13 returned exit 
code 13
make[1]: *** [debian/rules:24: override_dh_auto_test] Error 25
make[1]: Leaving directory '/<<PKGBUILDDIR>>'
make: *** [debian/rules:17: binary] Error 2
dpkg-buildpackage: error: debian/rules binary subprocess returned exit status 2
--------------------------------------------------------------------------------

The above is just how the build ends and not necessarily the most relevant part.
If required, the full build log is available here:

https://people.debian.org/~sanvila/build-logs/202503/

About the archive rebuild: The build was made on virtual machines from AWS,
using sbuild and a reduced chroot with only build-essential packages.

If you could not reproduce the bug please contact me privately, as I
am willing to provide ssh access to a virtual machine where the bug is
fully reproducible.

If this is really a bug in one of the build-depends, please use
reassign and add an affects on src:python-urllib3, so that this is still
visible in the BTS web page for this package.

Thanks.

--- End Message ---

--- Begin Message ---

Source: python-urllib3
Source-Version: 2.3.0-2
Done: Colin Watson <cjwat...@debian.org>

We believe that the bug you reported is fixed in the latest version of
python-urllib3, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1099...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwat...@debian.org> (supplier of updated python-urllib3 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 12 Mar 2025 11:20:41 +0000
Source: python-urllib3
Architecture: source
Version: 2.3.0-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team <team+pyt...@tracker.debian.org>
Changed-By: Colin Watson <cjwat...@debian.org>
Closes: 1099277
Changes:
 python-urllib3 (2.3.0-2) unstable; urgency=medium
 .
   * Team upload.
   * Ensure compatibility with httpx>=0.28 (closes: #1099277).
Checksums-Sha1:
 75d43258d79860c0778d0734ad585b0f164b1467 2869 python-urllib3_2.3.0-2.dsc
 48f468a54253f18861e4c2942311c2c886c7778e 38536 
python-urllib3_2.3.0-2.debian.tar.xz
Checksums-Sha256:
 63cbe99c6f4f3cd601e72079fb76f1ed047caaef8aae75b10ae69cf5e4425bc7 2869 
python-urllib3_2.3.0-2.dsc
 e83c84ebb717f3ca27b22e899b3e771e4375b7bcf3115569ad6bf713bafc37ba 38536 
python-urllib3_2.3.0-2.debian.tar.xz
Files:
 9549d8352caaa82cca7c9f9aaf575fd0 2869 python optional 
python-urllib3_2.3.0-2.dsc
 029dc14d51b6f1b4f4f00783903b9851 38536 python optional 
python-urllib3_2.3.0-2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAmfRbigACgkQOTWH2X2G
UAtrkA/9HRABOhufhY3yIyHgQAHmgcDOs4O6dwEwIT2DsH8QU97KGFmAhgNdB5yd
v+TFB4sORM8DzIRgvvKPbZhMPUhKphx0ZOt/Y+tDM+sCNeh7v02enyrJ5Zsq27TB
l/dTbQvPKJSpwmOCBWBiaPHbhJCPmHpVb/ZDDHKbwZywCcCoNF0dYCy15sVEQQxT
2fO+Jl31CJUBN7jbxQKcpwrcMg2VnW6FSoaiI0R2acGNpKI0cyHnQ21WiPf1PhD7
GQj1Kn92LOzOVq0WCncAq89fsy07+7xqxW5npx+GpufS7ZvwMdJUHiV/ihJEBZI6
0rFJD0eVGIlQhmjabrIAKMhQY8gv+9pIgKocXDq2Ul7UtpgzewbIVd+0dCSvy1BB
jJjSPAuiOoqscSixOs+wUnIF25UiPQVy+ULXIi2b1COBHWBCRc4HVWE4hAgN7fGm
qURALnauHvfx3xw2eTpSatuk2lEO9dgwpk+q2wle5H90Uj7I24pthvvEEd+4mOZS
Rn5+SSxyoJIli5SDGmlnMv3iuY0FjRd3eR+X0KxYElltATfaLW6au3eN0uuRsrDX
LNOBqEKZQGV08mkHQpm+sslMN812skNVrr7TCy6A0EhUP2+pa7jr4J62P3hv8pG8
+mUKGk4mjFx+ODFxp62MJhKS8xFmIQSUs4sZ6MjHq3gA4Vioz0Y=
=zw6V
-----END PGP SIGNATURE-----

pgpfVf8aaYZgI.pgp
Description: PGP signature

--- End Message ---

Bug#1099277: marked as done (python-urllib3: FTBFS: E urllib3.exceptions.ProxySchemeUnsupported: TLS in TLS requires SSLContext.wrap_bio() which isn't available on non-native SSLContext)

Reply via email to