[issue41561] test_ssl fails in Ubuntu 20.04: test_min_max_version_mismatch
New submission from Bug Reporter :
FAIL: test_min_max_version_mismatch (test.test_ssl.ThreadedTests)
--
Traceback (most recent call last):
File "/home/vbk/Downloads/Python-3.8.5/Lib/test/test_ssl.py", line 217, in
wrapper
return func(*args, **kw)
File "/home/vbk/Downloads/Python-3.8.5/Lib/test/test_ssl.py", line 3841, in
test_min_max_version_mismatch
self.assertIn("alert", str(e.exception))
AssertionError: 'alert' not found in '[SSL: NO_PROTOCOLS_AVAILABLE] no
protocols available (_ssl.c:1123)'
--
assignee: christian.heimes
components: Build, SSL, Tests
messages: 375502
nosy: bugsrep, christian.heimes
priority: normal
severity: normal
status: open
title: test_ssl fails in Ubuntu 20.04: test_min_max_version_mismatch
type: compile error
versions: Python 3.8
___
Python tracker
<https://bugs.python.org/issue41561>
___
___
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue41561] test_ssl fails in Ubuntu 20.04: test_min_max_version_mismatch
Bug Reporter added the comment: I don't know if it matters, but I started having this problem when I switched from Ubuntu 18.04 (native python3.7) to 20.04 (native python3.8.2). I specify --prefix to a folder in my home directory, but while running make test Ubuntu gives a system error which refers to Ubuntu's python. I don't know exactly at what test it happens, approximately in the middle, but it should not happen at all because the tests should only call the python compiled by me. -- ___ Python tracker <https://bugs.python.org/issue41561> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue41561] test_ssl fails in Ubuntu 20.04: test_min_max_version_mismatch
Bug Reporter added the comment: I followed Vladyslav Bondar's 2020-09-11 09:10:30 recommendations and it worked: Tests result: SUCCESS Thank you. It is not clear though how Canonical built its python-3.8.2 which comes with Ubuntu-20.04. Does anyone know someone at Canonical to ask this question? -- versions: +Python 3.8 -Python 3.10 ___ Python tracker <https://bugs.python.org/issue41561> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue41561] test_ssl fails in Ubuntu 20.04: test_min_max_version_mismatch
Bug Reporter added the comment: Can test_ssl script determine which TLS versions are enabled in a particular Linux distribution and run tests only for enabled versions? -- ___ Python tracker <https://bugs.python.org/issue41561> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue41561] test_ssl fails in Ubuntu 20.04: test_min_max_version_mismatch
Bug Reporter added the comment: I confirm that Tal Einat's workaround also works. -- versions: -Python 3.10, Python 3.9 ___ Python tracker <https://bugs.python.org/issue41561> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue41561] test_ssl fails in Ubuntu 20.04: test_min_max_version_mismatch
Bug Reporter added the comment: I think it is not a real solution, just a workaround. What do you think the solution should be? -- ___ Python tracker <https://bugs.python.org/issue41561> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue41561] test_ssl fails in Ubuntu 20.04: test_min_max_version_mismatch
Bug Reporter added the comment:
On my system, it still fails.
Here is the content of modified Lib/test/test_ssl.py:
3827 @requires_minimum_version
3828 @requires_tls_version('TLSv1_2')
3829 @requires_tls_version('TLSv1')
3830 def test_min_max_version_mismatch(self):
3831 client_context, server_context, hostname = testing_context()
3832 # client 1.0, server 1.2 (mismatch)
3833 server_context.maximum_version = ssl.TLSVersion.TLSv1_2
3834 server_context.minimum_version = ssl.TLSVersion.TLSv1_2
3835 client_context.maximum_version = ssl.TLSVersion.TLSv1
3836 client_context.minimum_version = ssl.TLSVersion.TLSv1
3837 with ThreadedEchoServer(context=server_context) as server:
3838 with client_context.wrap_socket(socket.socket(),
3839 server_hostname=hostname) as s:
3840 with self.assertRaises(ssl.SSLError) as e:
3841 s.connect((HOST, server.port))
3842 self.assertIn("alert", str(e.exception))
3843
3844 @requires_minimum_version
3845 @requires_tls_version('SSLv3')
--
___
Python tracker
<https://bugs.python.org/issue41561>
___
___
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue41561] test_ssl fails in Ubuntu 20.04: test_min_max_version_mismatch
Bug Reporter added the comment:
https://www.python.org/ftp/python/3.8.5/Python-3.8.5.tar.xz
...
==
ERROR: test_protocol_tlsv1 (test.test_ssl.ThreadedTests)
Connecting to a TLSv1 server with various client options
--
Traceback (most recent call last):
File "/home/bugrep/Downloads/Python-3.8.5/Lib/test/test_ssl.py", line 217, in
wrapper
return func(*args, **kw)
File "/home/bugrep/Downloads/Python-3.8.5/Lib/test/test_ssl.py", line 3286,
in test_protocol_tlsv1
try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1, 'TLSv1')
File "/home/bugrep/Downloads/Python-3.8.5/Lib/test/test_ssl.py", line 2780,
in try_protocol_combo
stats = server_params_test(client_context, server_context,
File "/home/bugrep/Downloads/Python-3.8.5/Lib/test/test_ssl.py", line 2695,
in server_params_test
s.connect((HOST, server.port))
File "/home/bugrep/Downloads/Python-3.8.5/Lib/ssl.py", line 1342, in connect
self._real_connect(addr, False)
File "/home/bugrep/Downloads/Python-3.8.5/Lib/ssl.py", line 1333, in
_real_connect
self.do_handshake()
File "/home/bugrep/Downloads/Python-3.8.5/Lib/ssl.py", line 1309, in
do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL] internal error (_ssl.c:1123)
==
ERROR: test_protocol_tlsv1_1 (test.test_ssl.ThreadedTests)
Connecting to a TLSv1.1 server with various client options.
--
Traceback (most recent call last):
File "/home/bugrep/Downloads/Python-3.8.5/Lib/test/test_ssl.py", line 217, in
wrapper
return func(*args, **kw)
File "/home/bugrep/Downloads/Python-3.8.5/Lib/test/test_ssl.py", line 3302,
in test_protocol_tlsv1_1
try_protocol_combo(ssl.PROTOCOL_TLSv1_1, ssl.PROTOCOL_TLSv1_1, 'TLSv1.1')
File "/home/bugrep/Downloads/Python-3.8.5/Lib/test/test_ssl.py", line 2780,
in try_protocol_combo
stats = server_params_test(client_context, server_context,
File "/home/bugrep/Downloads/Python-3.8.5/Lib/test/test_ssl.py", line 2695,
in server_params_test
s.connect((HOST, server.port))
File "/home/bugrep/Downloads/Python-3.8.5/Lib/ssl.py", line 1342, in connect
self._real_connect(addr, False)
File "/home/bugrep/Downloads/Python-3.8.5/Lib/ssl.py", line 1333, in
_real_connect
self.do_handshake()
File "/home/bugrep/Downloads/Python-3.8.5/Lib/ssl.py", line 1309, in
do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL] internal error (_ssl.c:1123)
==
FAIL: test_min_max_version_mismatch (test.test_ssl.ThreadedTests)
--
Traceback (most recent call last):
File "/home/bugrep/Downloads/Python-3.8.5/Lib/test/test_ssl.py", line 217, in
wrapper
return func(*args, **kw)
File "/home/bugrep/Downloads/Python-3.8.5/Lib/test/test_ssl.py", line 217, in
wrapper
return func(*args, **kw)
File "/home/bugrep/Downloads/Python-3.8.5/Lib/test/test_ssl.py", line 3842,
in test_min_max_version_mismatch
self.assertIn("alert", str(e.exception))
AssertionError: 'alert' not found in '[SSL: NO_PROTOCOLS_AVAILABLE] no
protocols available (_ssl.c:1123)'
--
___
Python tracker
<https://bugs.python.org/issue41561>
___
___
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue41561] test_ssl fails in Ubuntu 20.04: test_min_max_version_mismatch
Bug Reporter added the comment: (True, True, True, True) TLSVersion.MAXIMUM_SUPPORTED TLSVersion.MINIMUM_SUPPORTED -- ___ Python tracker <https://bugs.python.org/issue41561> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue41561] test_ssl fails in Ubuntu 20.04: test_min_max_version_mismatch
Bug Reporter added the comment: In case it's needed: TLSVersion.MAXIMUM_SUPPORTED == -1 TLSVersion.MINIMUM_SUPPORTED == -2 -- ___ Python tracker <https://bugs.python.org/issue41561> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue41561] test_ssl fails in Ubuntu 20.04: test_min_max_version_mismatch
Bug Reporter added the comment:
I added client_context.set_ciphers("@SECLEVEL=1:HIGH"), then added
server_context.set_ciphers("@SECLEVEL=1:HIGH"). The test failed in both cases.
I did not have problem with python 3.7.x. in Ubuntu 18.04. I have just tried
compiling 3.7.5 in Ubuntu 20.04 and test_ssl failed.
I also remember downloading openssl source code, compiling it, and using
--with-openssl=DIR option with python 3.8.x in Ubuntu 20.04. I tried different
versions of openssl (I did not edit any config files, just compiled) and
test_ssl failed with all of them. Does it mean that Ubuntu's config files were
still used even in this case?
--
___
Python tracker
<https://bugs.python.org/issue41561>
___
___
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue41561] test_ssl fails in Ubuntu 20.04: test_min_max_version_mismatch
Bug Reporter added the comment: 1) I downloaded openssl-1.1.1g source code, compiled, exported LD_LIBRARY_PATH, did sudo ldconfig - ./python Lib/test/test_ssl.py now passes. If LD_LIBRARY_PATH is unset, it fails. Thank you for advice. 2) Tried the following independently from (1) ./configure make ./python Tools/ssl/multissltests.py --openssl=1.1.1g == Tests result: SUCCESS == All 15 tests OK. Total duration: 1 min 21 sec Tests result: SUCCESS *** INFO Tests finished in 0:05:52.488541 Python: 3.8.5 (default, Sep 21 2020, 23:02:31) [GCC 9.3.0] Executed all SSL tests. OpenSSL / LibreSSL versions: * OpenSSL 1.1.1g -- ___ Python tracker <https://bugs.python.org/issue41561> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue41561] test_ssl fails in Ubuntu 20.04: test_min_max_version_mismatch
Bug Reporter added the comment: Is it worth comparing openssl vanilla code and configs with Ubuntu's version? -- ___ Python tracker <https://bugs.python.org/issue41561> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue41561] test_ssl fails in Ubuntu 20.04: test_min_max_version_mismatch
Bug Reporter added the comment: I downloaded Ubuntu's openssl_1.1.1f.orig.tar.gz and openssl_1.1.1f-1ubuntu2.debian.tar.xz from https://launchpad.net/ubuntu/+source/openssl/1.1.1f-1ubuntu2, but I did not know how to apply patches. In addition, too many files differ, so I could not understand what makes test_ssl fail. So I took a different approach. In Ubuntu-20.04, "apt policy openssl" returned the version of the installed library: 1.1.1f-1ubuntu2. I ran "apt source openssl" to downloade the source code from Ubuntu. I compiled, tested and installed it. If LD_LIBRARY_PATH is not set, ldd returns this: libssl.so.1.1 => /usr/lib/x86_64-linux-gnu/libssl.so.1.1 libcrypto.so.1.1 => /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 make test TESTOPTS="-v test_ssl": FAILED (errors=6, skipped=11) If LD_LIBRARY_PATH is set to compiled openssl-1.1.1f-1ubuntu2: libssl.so.1.1 => /home/bugsrep/openssl-ubuntu2/lib/libssl.so.1.1 libcrypto.so.1.1 => /home/bugsrep/openssl-ubuntu2/lib/libcrypto.so.1.1 make test TESTOPTS="-v test_ssl": OK (skipped=11) == Tests result: SUCCESS == 1 test OK. -- ___ Python tracker <https://bugs.python.org/issue41561> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue41561] test_ssl fails in Ubuntu 20.04: test_min_max_version_mismatch
Bug Reporter added the comment: Please note that test_ssl also passes if /etc/ssl/openssl.conf is modified per msg376705 by Vladyslav Bondar (with /usr/lib/x86_64-linux-gnu/libssl.so.1.1) -- ___ Python tracker <https://bugs.python.org/issue41561> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue41561] test_ssl fails in Ubuntu 20.04: test_min_max_version_mismatch
Bug Reporter added the comment: Just tested python 3.9.0 - same issue. -- versions: +Python 3.9 ___ Python tracker <https://bugs.python.org/issue41561> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue41561] test_ssl fails in Ubuntu 20.04: test_min_max_version_mismatch
Bug Reporter added the comment: I started by asking a question at https://askubuntu.com/questions/1281942/pythons-test-ssl-fails-starting-from-ubuntu-20-04-i-need-to-find-a-person-at-c -- ___ Python tracker <https://bugs.python.org/issue41561> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue41561] test_ssl fails in Ubuntu 20.04: test_min_max_version_mismatch
Bug Reporter added the comment: I got an advice and posted the question at https://answers.launchpad.net/ubuntu/+source/openssl/+question/693423 -- ___ Python tracker <https://bugs.python.org/issue41561> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue41561] test_ssl fails in Ubuntu 20.04: test_min_max_version_mismatch
Bug Reporter added the comment: I reported a bug at https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1899878 -- ___ Python tracker <https://bugs.python.org/issue41561> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
