Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[3.5] bpo-36576: Skip test_ssl and test_asyncio tests failing with OpenSSL 1.1.1 #12694

Merged
merged 6 commits into from Sep 7, 2019

Conversation

@vstinner
Copy link
Member

commented Apr 5, 2019

Some test_ssl and test_asyncio are written for OpenSSL 1.0 and TLS
1.0, but fail with OpenSSL 1.1.1 and TLS 1.3.

Fixing these needs require to backport new ssl flags like
ssl.OP_NO_TLSv1_3 or ssl.OP_NO_COMPRESSION which cannot be done in a
minor 3.5.x release. Moreover, it is not really worth it: the code
works fine, issues are in the tests.

https://bugs.python.org/issue36576

@vstinner

This comment has been minimized.

Copy link
Member Author

commented Apr 5, 2019

I wrote a similar change for Fedora Rawhide: https://src.fedoraproject.org/rpms/python35/pull-request/23

Somehow related, I wrote a change to add OpenSSL 1.1.1 support to Python 3.4:

I may also skip failing tests on Python 3.4.

@vstinner vstinner force-pushed the vstinner:skip_tests_openssl11 branch from 4aedb49 to 7a0a3e1 Apr 5, 2019

@vstinner vstinner requested a review from tiran Apr 5, 2019

@vstinner

This comment has been minimized.

Copy link
Member Author

commented Apr 5, 2019

@vstinner vstinner force-pushed the vstinner:skip_tests_openssl11 branch from 7a0a3e1 to 0b1939b Apr 5, 2019

@vstinner vstinner changed the title [3.5] bpo-26470: Skip test_ssl and test_asyncio tests failing with OpenSSL 1.1 [3.5] bpo-26470: Skip test_ssl and test_asyncio tests failing with OpenSSL 1.1.0 Apr 5, 2019

@vstinner

This comment has been minimized.

Copy link
Member Author

commented Apr 5, 2019

@stratakis asked me to replace "OpenSSL 1.1" with "OpenSSL 1.1.0": done.

@@ -1145,6 +1151,7 @@ def test_legacy_create_unix_server_ssl_verify_failed(self):
self.test_create_unix_server_ssl_verify_failed()

@unittest.skipIf(ssl is None, 'No ssl module')
@unittest.skipIf(IS_OPENSSL_1_1, "bpo-26470: fail on OpenSSL 1.1")

This comment has been minimized.

Copy link
@hroncok

hroncok Apr 7, 2019

Contributor

Is the version number 1.1 and not 1.1.0 here by accident or purpose?

Suggested change
@unittest.skipIf(IS_OPENSSL_1_1, "bpo-26470: fail on OpenSSL 1.1")
@unittest.skipIf(IS_OPENSSL_1_1, "bpo-26470: fail on OpenSSL 1.1.0")

That would make it more consistent.

Also, have we checked that it's actually 1.1.0 and not 1.1.1? Should we say 1.1 everywhere instead?

This comment has been minimized.

Copy link
@vstinner

vstinner Apr 8, 2019

Author Member

Also, have we checked that it's actually 1.1.0 and not 1.1.1?

No, and I'm not interested to test if it's exactly 1.1.0 or 1.1.1. I'm tired of the OpenSSL 1.1.1 mess, I consider that I already spent enough time on this topic :-)

Should we say 1.1 everywhere instead?

I fixed the test_asyncio comment to write OpenSSL 1.1.0, as I did in test_ssl.

This comment has been minimized.

Copy link
@hroncok

hroncok Apr 8, 2019

Contributor

ok

This comment has been minimized.

Copy link
@hroncok

hroncok Apr 9, 2019

Contributor

For the record, the tests pass with OpenSSL 1.1.0i.

@@ -38,6 +38,12 @@
from asyncio import test_support as support


if ssl is not None:
IS_OPENSSL_1_1 = ssl.OPENSSL_VERSION_INFO >= (1, 1, 0)

This comment has been minimized.

Copy link
@hroncok

hroncok Apr 7, 2019

Contributor

Woudl a oneliner be more readable? Or less? Something like:

IS_OPENSSL_1_1 = ssl is not None and ssl.OPENSSL_VERSION_INFO >= (1, 1, 0)

Or even:

IS_OPENSSL_1_1 = ssl and ssl.OPENSSL_VERSION_INFO >= (1, 1, 0)

This comment has been minimized.

Copy link
@vstinner

vstinner Apr 8, 2019

Author Member

I prefer to write the code on 4 lines ;-)

@hroncok
hroncok approved these changes Apr 8, 2019
Copy link
Contributor

left a comment

Good enough for 3.5.

@vstinner vstinner force-pushed the vstinner:skip_tests_openssl11 branch from d19efd4 to 2f4bfad Apr 9, 2019

@vstinner vstinner changed the title [3.5] bpo-26470: Skip test_ssl and test_asyncio tests failing with OpenSSL 1.1.0 [3.5] bpo-26470: Skip test_ssl and test_asyncio tests failing with OpenSSL 1.1.1 Apr 9, 2019

@vstinner vstinner changed the title [3.5] bpo-26470: Skip test_ssl and test_asyncio tests failing with OpenSSL 1.1.1 [3.5] bpo-36576: Skip test_ssl and test_asyncio tests failing with OpenSSL 1.1.1 Apr 9, 2019

@hroncok
hroncok approved these changes Apr 9, 2019
Copy link
Contributor

left a comment

Even better now! Thanks.

@vstinner vstinner force-pushed the vstinner:skip_tests_openssl11 branch from 2f4bfad to d55511d Apr 9, 2019

@vstinner

This comment has been minimized.

Copy link
Member Author

commented Apr 9, 2019

Oh, the NEWS entry used the old bpo number. I also fixed that.

bpo-36576: Skip test_ssl and test_asyncio tests failing with OpenSSL …
…1.1.1

Some test_ssl and test_asyncio are written for OpenSSL 1.0 and TLS
1.0, but fail with OpenSSL 1.1.1 and TLS 1.3.

Fixing these needs require to backport new ssl flags like
ssl.OP_NO_TLSv1_3 or ssl.OP_NO_COMPRESSION which cannot be done in a
minor 3.5.x release. Moreover, it is not really worth it: the code
works fine, issues are in the tests.

@vstinner vstinner force-pushed the vstinner:skip_tests_openssl11 branch from d55511d to 6f582ba Apr 9, 2019

@vstinner

This comment has been minimized.

Copy link
Member Author

commented Apr 9, 2019

Oh, my PR used IS_OPENSSL_1_1_1 but it didn't exist! I fixed that as well.

@larryhastings

This comment has been minimized.

Copy link
Contributor

commented Jul 13, 2019

@tiran I'm inclined to merge this patch. Do you want to review it before I merge, or should I just go ahead?

@vstinner

This comment has been minimized.

Copy link
Member Author

commented Jul 14, 2019

@larryhastings larryhastings merged commit 4d1c254 into python:3.5 Sep 7, 2019

5 checks passed

bedevere/issue-number Issue number 36576 found
Details
bedevere/maintenance-branch-pr Valid maintenance branch PR title.
bedevere/news News entry found in Misc/NEWS.d
continuous-integration/appveyor/pr AppVeyor build succeeded
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
@bedevere-bot

This comment has been minimized.

Copy link

commented Sep 7, 2019

@larryhastings: Please replace # with GH- in the commit message next time. Thanks!

@larryhastings

This comment has been minimized.

Copy link
Contributor

commented Sep 7, 2019

Thanks for the 3.5 love, Victor!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
5 participants
You can’t perform that action at this time.