Test failure with openssl 1.1.1d: TestECDSACertificate.test_load_ecdsa_no_named_curve

[globin]

Dependency versions
Python 3.7.4
openssl 1.1.1d
asn1crypto: 0.24.0
cffi: 1.12.3
six: 1.12.0
pycparser: 2.19

tests/hazmat/primitives/test_dh.py:161: AssertionError
_____________ TestECDSACertificate.test_load_ecdsa_no_named_curve ______________

self = <tests.x509.test_x509.TestECDSACertificate object at 0x7fffc75afa50>
backend = <cryptography.hazmat.backends.openssl.backend.Backend object at 0x7ffff6ac7410>

    def test_load_ecdsa_no_named_curve(self, backend):
        _skip_curve_unsupported(backend, ec.SECP256R1())
        cert = _load_cert(
            os.path.join("x509", "custom", "ec_no_named_curve.pem"),
            x509.load_pem_x509_certificate,
            backend
        )
        with pytest.raises(NotImplementedError):
>           cert.public_key()
E           Failed: DID NOT RAISE <class 'NotImplementedError'>

Full build log:
https://nix-cache.s3.amazonaws.com/log/2d0dc3yc9hrkpwmyl3ymaxf96q9fcl5f-python3.7-cryptography-2.7.drv

[reaperhulk]

This is a known issue and our CI is currently broken on it. 1.1.1d implements some explicit parameter support for EC in a weird way which breaks some tests. We'll be putting out an update to fix it when we decide what to do.

[reaperhulk]

(Thank you for the report though, we should have had an issue open!)

[markokr]

It seems simplest just to drop the test - it does not test any cryptography code, just openssl internal behaviour, which now changed, invalidating the test.

Another way would be to regenerate test file, it seems secp256r1 with different base point should be enough to bypass new openssl logic. Now sure if it's worth the effort. The repo does not seem to have generation code for original test vector.

[alex]

This is fixed now.