SSL issues on "Ubuntu i386" buildbots

[pitrou]

BPO	9415
Nosy	@doko42, @pitrou

^{Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.}

Show more details

GitHub fields:

assignee = None
closed_at = <Date 2010-08-04.17:49:52.909>
created_at = <Date 2010-07-29.11:33:38.059>
labels = ['tests']
title = 'SSL issues on "Ubuntu i386" buildbots'
updated_at = <Date 2010-08-04.17:49:52.908>
user = 'https://github.com/pitrou'

bugs.python.org fields:

activity = <Date 2010-08-04.17:49:52.908>
actor = 'pitrou'
assignee = 'none'
closed = True
closed_date = <Date 2010-08-04.17:49:52.909>
closer = 'pitrou'
components = ['Tests']
creation = <Date 2010-07-29.11:33:38.059>
creator = 'pitrou'
dependencies = []
files = []
hgrepos = []
issue_num = 9415
keywords = []
message_count = 6.0
messages = ['111911', '112083', '112084', '112834', '112837', '112842']
nosy_count = 2.0
nosy_names = ['doko', 'pitrou']
pr_nums = []
priority = 'normal'
resolution = 'fixed'
stage = None
status = 'closed'
superseder = None
type = None
url = 'https://bugs.python.org/issue9415'
versions = ['Python 2.7', 'Python 3.2']

[pitrou]

The buildslaves "i386 Ubuntu" have been exhibiting some strange behaviour for some time now:

======================================================================
ERROR: test_protocol_sslv2 (test.test_ssl.ThreadedTests)
Connecting to an SSLv2 server with various client options
----------------------------------------------------------------------

Traceback (most recent call last):
  File "/scratch/pybot-buildarea/2.7.klose-ubuntu-i386/build/Lib/test/test_ssl.py", line 879, in test_protocol_sslv2
    try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv2, True)
  File "/scratch/pybot-buildarea/2.7.klose-ubuntu-i386/build/Lib/test/test_ssl.py", line 751, in try_protocol_combo
    ciphers="ALL", chatty=False)
  File "/scratch/pybot-buildarea/2.7.klose-ubuntu-i386/build/Lib/test/test_ssl.py", line 703, in server_params_test
    s.connect((HOST, server.port))
  File "/scratch/pybot-buildarea/2.7.klose-ubuntu-i386/build/Lib/ssl.py", line 295, in connect
    self.ca_certs, self.ciphers)
SSLError: _ssl.c:312: Invalid SSL protocol variant specified.

(http://www.python.org/dev/buildbot/builders/i386%20Ubuntu%202.7/builds/78/steps/test/logs/stdio)

======================================================================
ERROR: test_constructor (test.test_ssl.ContextTests)
----------------------------------------------------------------------

Traceback (most recent call last):
  File "/scratch/pybot-buildarea/3.x.klose-ubuntu-i386/build/Lib/test/test_ssl.py", line 179, in test_constructor
    ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv2)
  File "/scratch/pybot-buildarea/3.x.klose-ubuntu-i386/build/Lib/ssl.py", line 96, in __new__
    return _SSLContext.__new__(cls, protocol)
ssl.SSLError: failed to allocate SSL context

(http://www.python.org/dev/buildbot/builders/i386%20Ubuntu%203.x/builds/1689/steps/test/logs/stdio)

Matthias, can you give us more information about the system setup on these buildbots? It seems its OpenSSL library refuses to allocate any SSL context for the SSL v2 protocol. Is it some kind of patch added by the Ubuntu OpenSSL maintainers in order to disable SSLv2 entirely?

[doko42]

see https://lists.ubuntu.com/archives/ubuntu-devel/2010-July/031010.html

[pitrou]

see https://lists.ubuntu.com/archives/ubuntu-devel/2010-July/031010.html

Why are they doing that? SSLv2 ciphers are disabled by default anyway
(in newer OpenSSL versions, that is).

If Ubuntu is adding hacks to the libraries they're packaging, I'm not
willing to add a workaround to the test suite in order for the tests to
pass.

[pitrou]

I'm trying to skip, rather brutally, the failing tests in r83727.

[pitrou]

Committed similar skips for 2.7 in r83728. Let's see what the buildbot says.

[pitrou]

Things are apparently fine now.