New submission from Ronald Oussoren:
On my laptop (running OSX 10.8, but I have noticed the same on earlier OSX
releases) test_ssl fails:
======================================================================
FAIL: test_connect (test.test_ssl.NetworkedTests)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/Users/ronald/Projects/python/rw/default/Lib/test/test_ssl.py", line
650, in test_connect
s.connect, ("svn.python.org", 443))
AssertionError: SSLError not raised by connect
======================================================================
FAIL: test_connect_with_context (test.test_ssl.NetworkedTests)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/Users/ronald/Projects/python/rw/default/Lib/test/test_ssl.py", line
743, in test_connect_with_context
s.connect, ("svn.python.org", 443))
AssertionError: SSLError not raised by connect
======================================================================
FAIL: test_get_server_certificate (test.test_ssl.NetworkedTests)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/Users/ronald/Projects/python/rw/default/Lib/test/test_ssl.py", line
848, in test_get_server_certificate
_test_get_server_certificate('svn.python.org', 443,
SVN_PYTHON_ORG_ROOT_CERT)
File "/Users/ronald/Projects/python/rw/default/Lib/test/test_ssl.py", line
840, in _test_get_server_certificate
self.fail("Got server certificate %s for %s:%s!" % (pem, host, port))
AssertionError: Got server certificate -----BEGIN CERTIFICATE-----
MIIEmTCCAoGgAwIBAgIDCyOkMA0GCSqGSIb3DQEBBQUAMHkxEDAOBgNVBAoTB1Jv
b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
dEBjYWNlcnQub3JnMB4XDTExMTIyNTIxMzIxNVoXDTEzMTIyNDIxMzIxNVowGTEX
MBUGA1UEAxMOc3ZuLnB5dGhvbi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQDM6un3wTW9+HVJ7KC+/GwL0KAxehug0tw2YoSSX+TGxLyr9AUtBHQk
hCNWhRLewa0WMOY6hxIIQY1Hp6vreDiCbBehjVkEAydlKBzaAsgYCEbCC/ZaMzhv
aaFAiLVeaxAKJsBGUJNz5hGgzd67A6SGz+XK7qDWig4NR5eFrsr3DvjyEM7txMiG
gftGWLkadOuqUQsI20AykBGi+RxmrQIwqO2svGmje89DsWVILdP37PssM2zqRonh
4fUKooei3L43tXbTdHayXc9NtFS7q8T4eUlyWaD+BtP80QQOQFFvi+qZpme9bmYI
7YPX+e86lZtxAKM9nWrP93qc+2nS0MsHAgMBAAGjgYkwgYYwDAYDVR0TAQH/BAIw
ADA0BgNVHSUELTArBggrBgEFBQcDAgYIKwYBBQUHAwEGCWCGSAGG+EIEAQYKKwYB
BAGCNwoDAzALBgNVHQ8EBAMCBaAwMwYIKwYBBQUHAQEEJzAlMCMGCCsGAQUFBzAB
hhdodHRwOi8vb2NzcC5jYWNlcnQub3JnLzANBgkqhkiG9w0BAQUFAAOCAgEAEsw6
TMEXRn8ex1feaSNB5r2/aCLKE33ssGTp5HAyFo04YF2WaGK8HgjEg/fqrGUaSORw
P1ikBNTAUiaKbRQtcIvQPg8Zk4lSiQZ7m6ePs4hKdFVKeOpykwQyTsm+NaGk4xtM
Zk0XsWkzFntG676MT2FGvDCn0XhtdpAGJy59FXQ1mto9j99AvXpcl9Ja7tRYI/mI
goq3Gu6lwIoYSnslOtIWgsj9Wog1Kug7zoGscxY6z2lk15wbQlQbXbdAbVW7RZry
07eGwROLpE8tydRvvCbJp3P7FE+aAk1D3fQi09G0dUJWRmvBoFOVZCfHmGx23Mpz
YTVgGP1bydjjzzhNAqaKctLf6g3UuUwsOJ1pso4Cr/00EDWG1JsRb4wtlpAEPSnb
vjr/TqHMfefeQf4DmgWo1DutKhUBur5t+VukVCN1z44VtKeu8zaNaA3vR2Q+jArl
YxIFGUTuBcDHBx5Zl0Wcauoe3IbIBckBk2+WOBXVAdj00a46XJ4OHesft63HVOLn
vsKqAhwHPgsH0iTrgbO6ky0Xk573aJWz5wrlYin2FzHXsfJkA7U0wesrG4AFdeAm
zICOAFz9bOhyi6t5c0whF6L0W6Gt4cW+tERG+CD++2svdh8JP9QgozoSKd9N33bg
q5qGifkRs3lTJQGn2wDkgepX1vtshWgRXR9QTRw=
-----END CERTIFICATE-----
for svn.python.org:443!
This machine has the cacert root certificate as a trusted key in the system
keychain.
This is using Apple's copy of OpenSSL, I haven't tested yet if the test failure
is also present with the upstream edition of OpenSSL.
The failure seems to occur because the test assumes that the OpenSSL library
either won't load a CA list at all when ca_cert is not specified, or that the
default CA list doesn't contain the cacert.org one.
I can avoid the test failures by always specifying ca_certs in these tests, but
point the argument to an empty file. That's probably not the right solution
though, hence I haven't included this as a patch.
----------
assignee: ronaldoussoren
components: Library (Lib), Macintosh, Tests
messages: 168661
nosy: ronaldoussoren
priority: normal
severity: normal
status: open
title: test_ssl failure when cacert.org CA cert in system keychain on OSX
versions: Python 3.2, Python 3.3
_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue15740>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
