Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove support for SSLv2 in test suite #39183

Merged
merged 1 commit into from May 25, 2018
Merged

Remove support for SSLv2 in test suite #39183

merged 1 commit into from May 25, 2018

Conversation

Spredzy
Copy link
Contributor

@Spredzy Spredzy commented Apr 23, 2018

SUMMARY

When running the test test/units/module_utils/urls/test_open_url.py
test_open_url_no_validate_certs, the test fails because of the SSLv2
check. (Fedora 27/OpenSSL 1.1.0g)

By reading the openssl man page[1], one can see that support for SSLv2
has been removed.

Support for SSLv2 and the corresponding SSLv2_method(),
SSLv2_server_method() and SSLv2_client_method() functions where removed
in OpenSSL 1.1.0.

SSLv23_method(), SSLv23_server_method() and SSLv23_client_method() were
deprecated and the preferred TLS_method(), TLS_server_method() and
TLS_client_method() functions were introduced in OpenSSL 1.1.0.

Hence this commit remove the uses of this flag.

[1] https://www.openssl.org/docs/man1.1.0/ssl/SSLv23_method.html

ISSUE TYPE
  • Bugfix Pull Request
COMPONENT NAME
  • tests
ANSIBLE VERSION
  • devel
ADDITIONAL INFORMATION
  • N/A

@ansibot ansibot added bug This issue/PR relates to a bug. needs_triage Needs a first human triage before being processed. support:core This issue/PR relates to code supported by the Ansible Engineering Team. test This PR relates to tests. labels Apr 23, 2018
@sivel
Copy link
Member

sivel commented Apr 23, 2018
edited

I don't think we can straight up remove this. We likely need to validate the value of ssl.OP_NO_SSLv2, and only utilize in tests if not 0.

@sivel sivel removed the needs_triage Needs a first human triage before being processed. label Apr 23, 2018
@ansibot ansibot added the needs_revision This PR fails CI tests or a maintainer has requested a review/revision of the PR. label Apr 23, 2018
@Spredzy
Remove support for SSLv2 in test suite when not defined.
36de106 
When running the test test/units/module_utils/urls/test_open_url.py
test_open_url_no_validate_certs, the test fails because of the SSLv2
check.

Test is run on a machine using openssl 1.1.0g. By reading the openssl
man page[1], one can see that support for SSLv2 has been removed.

> Support for SSLv2 and the corresponding SSLv2_method(),
> SSLv2_server_method() and SSLv2_client_method() functions where removed
> in OpenSSL 1.1.0.
>
> SSLv23_method(), SSLv23_server_method() and SSLv23_client_method() were
> deprecated and the preferred TLS_method(), TLS_server_method() and
> TLS_client_method() functions were introduced in OpenSSL 1.1.0.

Hence this commit remove the uses of this flag when it is not defined.

[1] https://www.openssl.org/docs/man1.1.0/ssl/SSLv23_method.html
@Spredzy
Copy link
Contributor Author

Spredzy commented Apr 24, 2018

@sivel done

@Spredzy Spredzy closed this Apr 24, 2018
@Spredzy Spredzy reopened this Apr 24, 2018
@Spredzy
Copy link
Contributor Author

Spredzy commented Apr 24, 2018

Unless I am mistaken, I think the CI fails for unrelated reasons to this patch.

@mattclay
Copy link
Member

I've restarted CI for this PR.

@ansibot ansibot removed the needs_revision This PR fails CI tests or a maintainer has requested a review/revision of the PR. label Apr 26, 2018
@ansibot ansibot added the stale_ci This PR has been tested by CI more than one week ago. Close and re-open this PR to get it retested. label May 4, 2018
@ansibot ansibot added the affects_2.6 This issue/PR affects Ansible v2.6 label May 20, 2018
@maxamillion
Copy link
Contributor

rebuild_merge

@maxamillion maxamillion merged commit 496d10f into ansible:devel May 25, 2018
gothicx pushed a commit to gothicx/ansible that referenced this pull request Jun 9, 2018
@Spredzy @gothicx
Remove support for SSLv2 in test suite when not defined. (ansible#39183)
a04cc62 
When running the test test/units/module_utils/urls/test_open_url.py
test_open_url_no_validate_certs, the test fails because of the SSLv2
check.

Test is run on a machine using openssl 1.1.0g. By reading the openssl
man page[1], one can see that support for SSLv2 has been removed.

> Support for SSLv2 and the corresponding SSLv2_method(),
> SSLv2_server_method() and SSLv2_client_method() functions where removed
> in OpenSSL 1.1.0.
>
> SSLv23_method(), SSLv23_server_method() and SSLv23_client_method() were
> deprecated and the preferred TLS_method(), TLS_server_method() and
> TLS_client_method() functions were introduced in OpenSSL 1.1.0.

Hence this commit remove the uses of this flag when it is not defined.

[1] https://www.openssl.org/docs/man1.1.0/ssl/SSLv23_method.html
jacum pushed a commit to jacum/ansible that referenced this pull request Jun 26, 2018
@Spredzy
Remove support for SSLv2 in test suite when not defined. (ansible#39183)
830ba91 
When running the test test/units/module_utils/urls/test_open_url.py
test_open_url_no_validate_certs, the test fails because of the SSLv2
check.

Test is run on a machine using openssl 1.1.0g. By reading the openssl
man page[1], one can see that support for SSLv2 has been removed.

> Support for SSLv2 and the corresponding SSLv2_method(),
> SSLv2_server_method() and SSLv2_client_method() functions where removed
> in OpenSSL 1.1.0.
>
> SSLv23_method(), SSLv23_server_method() and SSLv23_client_method() were
> deprecated and the preferred TLS_method(), TLS_server_method() and
> TLS_client_method() functions were introduced in OpenSSL 1.1.0.

Hence this commit remove the uses of this flag when it is not defined.

[1] https://www.openssl.org/docs/man1.1.0/ssl/SSLv23_method.html
@dagwieers dagwieers added the crypto Crypto community (ACME, openssl, letsencrypt) label Feb 7, 2019
@ansible ansible locked and limited conversation to collaborators May 29, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
affects_2.6 This issue/PR affects Ansible v2.6 bug This issue/PR relates to a bug. crypto Crypto community (ACME, openssl, letsencrypt) stale_ci This PR has been tested by CI more than one week ago. Close and re-open this PR to get it retested. support:core This issue/PR relates to code supported by the Ansible Engineering Team. test This PR relates to tests.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@Spredzy @sivel @mattclay @maxamillion @dagwieers @ansibot