Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OpenSSL 3.0 uses different version scheme #90272

Closed
penguinolog mannequin opened this issue Dec 17, 2021 · 14 comments
Closed

OpenSSL 3.0 uses different version scheme #90272

penguinolog mannequin opened this issue Dec 17, 2021 · 14 comments
Labels
3.9 only security fixes 3.10 only security fixes 3.11 bug and security fixes tests Tests in the Lib/test dir topic-SSL type-bug An unexpected behavior, bug, or error

Comments

@penguinolog
Copy link
Mannequin

penguinolog mannequin commented Dec 17, 2021

BPO 46114
Nosy @tiran, @stratakis, @hroncok, @miss-islington, @penguinolog
PRs
  • bpo-46114: Fix OpenSSL version check for 3.0.1 (GH-30170) #30170
  • [3.10] bpo-46114: Fix OpenSSL version check for 3.0.1 (GH-30170) #30172
  • [3.9] bpo-46114: Fix OpenSSL version check for 3.0.1 (GH-30170) (GH-30173) #30173
  • Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = None
    closed_at = None
    created_at = <Date 2021-12-17.10:51:19.891>
    labels = ['expert-SSL', 'type-bug', '3.9', '3.10', '3.11', 'tests']
    title = 'OpenSSL 3.0 uses different version scheme'
    updated_at = <Date 2022-03-22.23:20:19.195>
    user = 'https://github.com/penguinolog'

    bugs.python.org fields:

    activity = <Date 2022-03-22.23:20:19.195>
    actor = 'cstratak'
    assignee = 'none'
    closed = False
    closed_date = None
    closer = None
    components = ['Tests', 'SSL']
    creation = <Date 2021-12-17.10:51:19.891>
    creator = 'penguinolog'
    dependencies = []
    files = []
    hgrepos = []
    issue_num = 46114
    keywords = ['patch']
    message_count = 12.0
    messages = ['408770', '408773', '408776', '408779', '408788', '408792', '408795', '415499', '415502', '415504', '415517', '415839']
    nosy_count = 5.0
    nosy_names = ['christian.heimes', 'cstratak', 'hroncok', 'miss-islington', 'penguinolog']
    pr_nums = ['30170', '30172', '30173']
    priority = 'normal'
    resolution = None
    stage = 'patch review'
    status = 'open'
    superseder = None
    type = 'behavior'
    url = 'https://bugs.python.org/issue46114'
    versions = ['Python 3.9', 'Python 3.10', 'Python 3.11']

    @penguinolog
    Copy link
    Mannequin Author

    penguinolog mannequin commented Dec 17, 2021

    Documentation: https://www.openssl.org/docs/manmaster/man3/OpenSSL_version_num.html

    Python build fail with OpenSSL 3.0.1
    (looks like OpenSSL broken deprecated API)

    @penguinolog penguinolog mannequin assigned tiran Dec 17, 2021
    @penguinolog penguinolog mannequin added 3.8 only security fixes 3.10 only security fixes 3.11 bug and security fixes labels Dec 17, 2021
    @penguinolog penguinolog mannequin assigned tiran Dec 17, 2021
    @penguinolog penguinolog mannequin added 3.9 only security fixes 3.8 only security fixes topic-SSL 3.10 only security fixes 3.11 bug and security fixes labels Dec 17, 2021
    @penguinolog
    Copy link
    Mannequin Author

    penguinolog mannequin commented Dec 17, 2021

    Error example:
    test_ssl: testing with 'OpenSSL 3.0.1 14 Dec 2021' (3, 0, 0, 1, 0)
    ...
    AssertionError: False is not true : ('OpenSSL 3.0.1 14 Dec 2021', (3, 0, 0, 1, 0), '0x30000010')

    @tiran
    Copy link
    Member

    tiran commented Dec 17, 2021

    The test case does not work for OpenSSL >= 3.0.1. The test assumes that the version starts with M.NN.FF, but OpenSSL 3 uses M.NN.PP. The FF (fix) part is always 00. The issue didn't show up before because fix and patch level were 0 for 3.0.0 alphas and betas.

    @tiran tiran added tests Tests in the Lib/test dir and removed 3.8 only security fixes labels Dec 17, 2021
    @tiran tiran removed their assignment Dec 17, 2021
    @tiran tiran added type-bug An unexpected behavior, bug, or error tests Tests in the Lib/test dir and removed 3.8 only security fixes labels Dec 17, 2021
    @tiran tiran removed their assignment Dec 17, 2021
    @tiran tiran added the type-bug An unexpected behavior, bug, or error label Dec 17, 2021
    @tiran
    Copy link
    Member

    tiran commented Dec 17, 2021

    FYI, OpenSSL_version_num() is not deprecated and Python does not fail to build with OpenSSL 3.0.1. One test case is failing because OpenSSL 3 changed the version scheme slightly.

    @tiran tiran changed the title OpenSSL deprecated OpenSSL_version_num() since version 3.0.0 OpenSSL 3.0 uses different version scheme Dec 17, 2021
    @tiran tiran changed the title OpenSSL deprecated OpenSSL_version_num() since version 3.0.0 OpenSSL 3.0 uses different version scheme Dec 17, 2021
    @tiran
    Copy link
    Member

    tiran commented Dec 17, 2021

    New changeset 2985fea by Christian Heimes in branch 'main':
    bpo-46114: Fix OpenSSL version check for 3.0.1 (GH-30170)
    2985fea

    @miss-islington
    Copy link
    Contributor

    New changeset 251d2ea by Miss Islington (bot) in branch '3.10':
    bpo-46114: Fix OpenSSL version check for 3.0.1 (GH-30170)
    251d2ea

    @tiran
    Copy link
    Member

    tiran commented Dec 17, 2021

    New changeset a9b3edb by Christian Heimes in branch '3.9':
    [3.9] bpo-46114: Fix OpenSSL version check for 3.0.1 (GH-30170) (GH-30173)
    a9b3edb

    @hroncok
    Copy link
    Mannequin

    hroncok mannequin commented Mar 18, 2022

    3.8 is security only, so I suppose there is no chance of getting the test fixed as well?

    @tiran
    Copy link
    Member

    tiran commented Mar 18, 2022

    Correct, I didn't backport this fix and several other OpenSSL 3.0 related fixes to Python 3.8 because 3.8 is in security-only mode.

    @hroncok
    Copy link
    Mannequin

    hroncok mannequin commented Mar 18, 2022

    Ack, will do it downstream-only.

    @stratakis
    Copy link
    Mannequin

    stratakis mannequin commented Mar 18, 2022

    3.8 builds are still running on the buildbots so not fixing 3.8 will cause them to fail.

    @stratakis
    Copy link
    Mannequin

    stratakis mannequin commented Mar 22, 2022

    @ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
    @vstinner
    Copy link
    Member

    I created a backport to 3.8: #92954

    @kumaraditya303
    Copy link
    Contributor

    Fixed by #30170

    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Labels
    3.9 only security fixes 3.10 only security fixes 3.11 bug and security fixes tests Tests in the Lib/test dir topic-SSL type-bug An unexpected behavior, bug, or error
    Projects
    None yet
    Development

    No branches or pull requests

    4 participants