Tests fail after 2030-01-12

[bmwiedemann]

While working on reproducible builds for openSUSE, I found that our thriftpy2-0.4.14 fails tests after 2030-01-12

Something about an expired SSL cert, but the ones I can find in tests/ssl/ are valid until 2049 via #91.

To reproduce on Debian or openSUSE:

apt install obs-build osc
osc co openSUSE:Factory/python-thriftpy2 && cd $_
osc build --build-opt=--vm-custom-opt="-rtc base=2030-01-13T00:00:00" --vm-type=kvm --noservice standard

produced here

 _____________________________ test_inet_ssl_socket _____________________________

 self = <thriftpy2.transport.sslsocket.TSSLSocket object at 0x7f30b40fdbe0>

     def open(self):
         self._init_sock()

         addr = self.unix_socket or (self.host, self.port)

         try:
             if self.connect_timeout:
                 self.sock.settimeout(self.connect_timeout)

 >           self.sock.connect(addr)

 ../../../BUILDROOT/python-thriftpy2-0.4.14-0.x86_64/usr/lib64/python3.6/site-packages/thriftpy2/transport/socket.py:96:
 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

 self = <ssl.SSLSocket [closed] fd=-1, family=AddressFamily.AF_INET, type=2049, proto=0>
 addr = ('localhost', 12345)

     def connect(self, addr):
         """Connects to remote ADDR, and then wraps the connection in
         an SSL channel."""
 >       self._real_connect(addr, False)

 /usr/lib64/python3.6/ssl.py:1109:
 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

 self = <ssl.SSLSocket [closed] fd=-1, family=AddressFamily.AF_INET, type=2049, proto=0>
 addr = ('localhost', 12345), connect_ex = False

     def _real_connect(self, addr, connect_ex):
         if self.server_side:
             raise ValueError("can't connect in server-side mode")
         # Here we assume that the socket is client-side, and not
         # connected at the time of the call.  We connect it, then wrap it.
         if self._connected:
             raise ValueError("attempt to connect already-connected SSLSocket!")
         sslobj = self.context._wrap_socket(self, False, self.server_hostname)
         self._sslobj = SSLObject(sslobj, owner=self,
                                  session=self._session)
         try:    
             if connect_ex:
                 rc = socket.connect_ex(self, addr)
             else:
                 rc = None
                 socket.connect(self, addr)
             if not rc:
                 self._connected = True
                 if self.do_handshake_on_connect:
 >                   self.do_handshake()

 /usr/lib64/python3.6/ssl.py:1100:
 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
         
 self = <ssl.SSLSocket [closed] fd=-1, family=AddressFamily.AF_INET, type=2049, proto=0>
 block = False   

     def do_handshake(self, block=False):
         """Perform a TLS/SSL handshake."""
         self._check_connected()
         timeout = self.gettimeout()
         try:
             if timeout == 0.0 and block:
                 self.settimeout(None)
 >           self._sslobj.do_handshake()
     
 /usr/lib64/python3.6/ssl.py:1077:
 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

 self = <ssl.SSLObject object at 0x7f30b422bef0>

     def do_handshake(self):
         """Start the SSL/TLS handshake."""
 >       self._sslobj.do_handshake()
 E       ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)

 /usr/lib64/python3.6/ssl.py:689: SSLError
         
 During handling of the above exception, another exception occurred:
         
     def test_inet_ssl_socket():
         server_socket = TSSLServerSocket(host="localhost", port=12345,
                                          certfile="ssl/server.pem")
         client_socket = TSSLSocket(
             host="localhost", port=12345,
             cafile="ssl/CA.pem", 
             certfile="ssl/client.crt", keyfile="ssl/client.key")
 >       _test_socket(server_socket, client_socket)

[...]

Exception in thread Thread-14:
 Traceback (most recent call last):
   File "/home/abuild/rpmbuild/BUILDROOT/python-thriftpy2-0.4.14-0.x86_64/usr/lib64/python3.6/site-packages/thriftpy2/transport/sslsocket.py", line 114, in accept
     ssl_sock = self.ssl_context.wrap_socket(sock, server_side=True)
   File "/usr/lib64/python3.6/ssl.py", line 407, in wrap_socket
     _context=self, _session=session)
   File "/usr/lib64/python3.6/ssl.py", line 817, in __init__
     self.do_handshake()
   File "/usr/lib64/python3.6/ssl.py", line 1077, in do_handshake
     self._sslobj.do_handshake()
   File "/usr/lib64/python3.6/ssl.py", line 689, in do_handshake
     self._sslobj.do_handshake()
 ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_EXPIRED] sslv3 alert certificate expired (_ssl.c:852)

 During handling of the above exception, another exception occurred:

 Traceback (most recent call last):
   File "/usr/lib64/python3.6/threading.py", line 916, in _bootstrap_inner
     self.run()
   File "/usr/lib64/python3.6/threading.py", line 864, in run
     self._target(*self._args, **self._kwargs)
   File "/home/abuild/rpmbuild/BUILD/thriftpy2-0.4.14/tests/test_sslsocket.py", line 16, in _echo_server
     c = sock.accept()
   File "/home/abuild/rpmbuild/BUILDROOT/python-thriftpy2-0.4.14-0.x86_64/usr/lib64/python3.6/site-packages/thriftpy2/transport/sslsocket.py", line 117, in accept
     sock.shutdown(socket.SHUT_RDWR)
 OSError: [Errno 9] Bad file descriptor