Dear Richard,
If the only problem is legacy (and unsafe) ciphersuites, loading the legacy provider will solve this problem.
On Fri, Jun 24, 2022 at 1:11 PM Richard W.M. Jones <rjones@xxxxxxxxxx> wrote:
On Thu, Jun 23, 2022 at 10:43:45AM +0100, Richard W.M. Jones wrote:
> python2.7-0:2.7.18-22.fc37.src
Vaguely seeing if it's feasible to backport the OpenSSL 3 support to
Python 2.7. This branch gets quite far:
https://github.com/rwmjones/cpython/tree/python-2.7-openssl-3
Only one test fails, test_ssl (obviously), but it does only appear to
fail where it tests obsolete ciphers. I looked into fixing the test,
but the upstream version of this test has changed a great deal, with a
whole mechanism for skipping unsupported ciphers.
Remaining test failures in detail below.
Rich.
----------------------------------------------------------------------
running build
running build_ext
warning: openssl 0x00000000 is too old for _hashlib
building dbm using ndbm
Python build finished, but the necessary bits to build these modules were not found:
_hashlib bsddb185 dl
imageop sunaudiodev
To find the necessary bits, look in setup.py in detect_modules() for the module's name.
running build_scripts
find ./Lib -name '*.py[co]' -print | xargs rm -f
./python -Wd -3 -E -tt ./Lib/test/regrtest.py -v test_ssl
== CPython 2.7.18 (tags/2.7-3-g1efbb6fd52:1efbb6fd52, Jun 24 2022, 12:05:45) [GCC 12.1.1 20220507 (Red Hat 12.1.1-1)]
== Linux-5.14.0-0.rc4.20210804gitd5ad8ec3cfb5.36.fc35.x86_64-x86_64-with-fedora-37-Rawhide little-endian
== /home/rjones/d/cpython-2.7/build/test_python_641493
== CPU count: 24
Run tests sequentially
0:00:00 load avg: 0.09 [1/1] test_ssl
test_ssl: testing with 'OpenSSL 3.0.3 3 May 2022' (3, 0, 0, 3, 0)
under Linux ('Fedora', '37', 'Rawhide')
HAS_SNI = True
OP_ALL = 0x80000050
OP_NO_TLSv1_1 = 0x10000000
test__create_stdlib_context (test.test_ssl.ContextTests) ... ok
test__https_verify_certificates (test.test_ssl.ContextTests) ... ok
test__https_verify_envvar (test.test_ssl.ContextTests) ... ok
test_cert_store_stats (test.test_ssl.ContextTests) ... ok
test_check_hostname (test.test_ssl.ContextTests) ... ok
test_ciphers (test.test_ssl.ContextTests) ... ok
test_constructor (test.test_ssl.ContextTests) ... ok
test_create_default_context (test.test_ssl.ContextTests) ... ok
test_get_ca_certs (test.test_ssl.ContextTests) ... ok
test_load_cert_chain (test.test_ssl.ContextTests) ... ok
test_load_default_certs (test.test_ssl.ContextTests) ... ok
test_load_default_certs_env (test.test_ssl.ContextTests) ... ok
test_load_default_certs_env_windows (test.test_ssl.ContextTests) ... skipped 'Windows specific'
test_load_dh_params (test.test_ssl.ContextTests) ... ok
test_load_verify_cadata (test.test_ssl.ContextTests) ... ERROR
test_load_verify_locations (test.test_ssl.ContextTests) ... ok
test_options (test.test_ssl.ContextTests) ... ok
test_protocol (test.test_ssl.ContextTests) ... ok
test_session_stats (test.test_ssl.ContextTests) ... ok
test_set_default_verify_paths (test.test_ssl.ContextTests) ... ok
test_set_ecdh_curve (test.test_ssl.ContextTests) ... ok
test_sni_callback (test.test_ssl.ContextTests) ... ok
test_sni_callback_refcycle (test.test_ssl.ContextTests) ... ok
test_verify_flags (test.test_ssl.ContextTests) ... ok
test_verify_mode (test.test_ssl.ContextTests) ... ok
test_sslwrap_simple (test.test_ssl.BasicTests) ... ok
test_DER_to_PEM (test.test_ssl.BasicSocketTests) ... ok
test_asn1object (test.test_ssl.BasicSocketTests) ... ok
test_cert_time_to_seconds (test.test_ssl.BasicSocketTests) ... ok
test_cert_time_to_seconds_locale (test.test_ssl.BasicSocketTests) ... skipped 'locale-specific month name needs to be different from C locale'
test_cert_time_to_seconds_timezone (test.test_ssl.BasicSocketTests) ... ok
test_constants (test.test_ssl.BasicSocketTests) ... ok
test_empty_cert (test.test_ssl.BasicSocketTests)
Wrapping with an empty cert file ... ok
test_enum_certificates (test.test_ssl.BasicSocketTests) ... skipped 'Windows specific'
test_enum_crls (test.test_ssl.BasicSocketTests) ... skipped 'Windows specific'
test_errors (test.test_ssl.BasicSocketTests) ... ok
test_get_default_verify_paths (test.test_ssl.BasicSocketTests) ... ok
test_malformed_cert (test.test_ssl.BasicSocketTests)
Wrapping with a badly formatted certificate (syntax error) ... ok
test_malformed_key (test.test_ssl.BasicSocketTests)
Wrapping with a badly formatted key (syntax error) ... ok
test_match_hostname (test.test_ssl.BasicSocketTests) ... ok
test_openssl_version (test.test_ssl.BasicSocketTests) ... FAIL
test_parse_all_sans (test.test_ssl.BasicSocketTests) ... ok
test_parse_cert (test.test_ssl.BasicSocketTests) ...
{'issuer': ((('countryName', u'XY'),),
(('localityName', u'Castle Anthrax'),),
(('organizationName', u'Python Software Foundation'),),
(('commonName', u'localhost'),)),
'notAfter': 'Aug 26 14:23:15 2028 GMT',
'notBefore': u'Aug 29 14:23:15 2018 GMT',
'serialNumber': u'98A7CF88C74A32ED',
'subject': ((('countryName', u'XY'),),
(('localityName', u'Castle Anthrax'),),
(('organizationName', u'Python Software Foundation'),),
(('commonName', u'localhost'),)),
'subjectAltName': (('DNS', 'localhost'),),
'version': 3L}
{'OCSP': (u'http://ocsp.verisign.com',),
'caIssuers': (u'http://SVRIntl-G3-aia.verisign.com/SVRIntlG3.cer',),
'crlDistributionPoints': (u'http://SVRIntl-G3-crl.verisign.com/SVRIntlG3.crl',),
'issuer': ((('countryName', u'US'),),
(('organizationName', u'VeriSign, Inc.'),),
(('organizationalUnitName', u'VeriSign Trust Network'),),
(('organizationalUnitName',
u'Terms of use at https://www.verisign.com/rpa (c)10'),),
(('commonName',
u'VeriSign Class 3 International Server CA - G3'),)),
'notAfter': 'Sep 20 23:59:59 2012 GMT',
'notBefore': u'Sep 21 00:00:00 2011 GMT',
'serialNumber': u'2EE6EA7640A075CEE5005F4D7C79549A',
'subject': ((('countryName', u'FI'),),
(('stateOrProvinceName', u'Espoo'),),
(('localityName', u'Espoo'),),
(('organizationName', u'Nokia'),),
(('organizationalUnitName', u'BI'),),
(('commonName', u'projects.developer.nokia.com'),)),
'subjectAltName': (('DNS', 'projects.developer.nokia.com'),
('DNS', 'projects.forum.nokia.com')),
'version': 3L}
ok
test_parse_cert_CVE_2013_4238 (test.test_ssl.BasicSocketTests) ...
{'issuer': ((('countryName', u'US'),),
(('stateOrProvinceName', u'Oregon'),),
(('localityName', u'Beaverton'),),
(('organizationName', u'Python Software Foundation'),),
(('organizationalUnitName', u'Python Core Development'),),
(('commonName', u'null.python.org\x00example.org'),),
(('emailAddress', u'python-dev@xxxxxxxxxx'),)),
'notAfter': 'Aug 7 13:12:52 2013 GMT',
'notBefore': u'Aug 7 13:11:52 2013 GMT',
'serialNumber': u'00',
'subject': ((('countryName', u'US'),),
(('stateOrProvinceName', u'Oregon'),),
(('localityName', u'Beaverton'),),
(('organizationName', u'Python Software Foundation'),),
(('organizationalUnitName', u'Python Core Development'),),
(('commonName', u'null.python.org\x00example.org'),),
(('emailAddress', u'python-dev@xxxxxxxxxx'),)),
'subjectAltName': (('DNS', 'altnull.python.org\x00example.com'),
('email', 'null@xxxxxxxxxx\x00user@xxxxxxxxxxx'),
('URI', 'http://null.python.org\x00http://example.org'),
(u'IP Address', u'192.0.2.1'),
(u'IP Address', u'2001:DB8:0:0:0:0:0:1')),
'version': 3L}
ok
test_parse_cert_CVE_2019_5010 (test.test_ssl.BasicSocketTests) ...
{'issuer': ((('countryName', u'UK'),), (('commonName', u'cody-ca'),)),
'notAfter': 'Jun 14 18:00:58 2028 GMT',
'notBefore': u'Jun 18 18:00:58 2018 GMT',
'serialNumber': u'02',
'subject': ((('countryName', u'UK'),),
(('commonName', u'codenomicon-vm-2.test.lal.cisco.com'),)),
'subjectAltName': (('DNS', 'codenomicon-vm-2.test.lal.cisco.com'),),
'version': 3L}
ok
test_purpose_enum (test.test_ssl.BasicSocketTests) ... ok
test_random (test.test_ssl.BasicSocketTests) ...
RAND_status is 1 (sufficient randomness)
ok
test_refcycle (test.test_ssl.BasicSocketTests) ... ok
test_server_side (test.test_ssl.BasicSocketTests) ... ok
test_timeout (test.test_ssl.BasicSocketTests) ... ok
test_tls_unique_channel_binding (test.test_ssl.BasicSocketTests) ... ok
test_unknown_channel_binding (test.test_ssl.BasicSocketTests) ... ok
test_unsupported_dtls (test.test_ssl.BasicSocketTests) ... ok
test_wrapped_unconnected (test.test_ssl.BasicSocketTests) ... ok
test_lib_reason (test.test_ssl.SSLErrorTests) ... ok
test_str (test.test_ssl.SSLErrorTests) ... ok
test_subclass (test.test_ssl.SSLErrorTests) ... ok
test_alpn_protocols (test.test_ssl.ThreadedTests) ... server: new connection from ('127.0.0.1', 36526)
server: connection cipher is now ('ECDHE-RSA-AES256-GCM-SHA384', 'TLSv1.2', 256)
server: selected protocol is now None
client: sending 'FOO\n'...
client: read 'foo\n'
client: sending 'FOO\n'...
client: read 'foo\n'
client: sending 'FOO\n'...
client: read 'foo\n'
client: closing connection.
server: new connection from ('127.0.0.1', 58156)
server: connection cipher is now ('ECDHE-RSA-AES256-GCM-SHA384', 'TLSv1.2', 256)
server: selected protocol is now None
client: sending 'FOO\n'...
client: read 'foo\n'
client: sending 'FOO\n'...
client: read 'foo\n'
client: sending 'FOO\n'...
client: read 'foo\n'
client: closing connection.
server: new connection from ('127.0.0.1', 41748)
server: connection cipher is now ('ECDHE-RSA-AES256-GCM-SHA384', 'TLSv1.2', 256)
server: selected protocol is now None
client: sending 'FOO\n'...
client: read 'foo\n'
client: sending 'FOO\n'...
client: read 'foo\n'
client: sending 'FOO\n'...
client: read 'foo\n'
client: closing connection.
server: new connection from ('127.0.0.1', 54770)
client: sending 'FOO\n'...
server: connection cipher is now ('ECDHE-RSA-AES256-GCM-SHA384', 'TLSv1.2', 256)
server: selected protocol is now None
client: read 'foo\n'
client: sending 'FOO\n'...
client: read 'foo\n'
client: sending 'FOO\n'...
client: read 'foo\n'
client: closing connection.
ok
test_asyncore_server (test.test_ssl.ThreadedTests)
Check the example asyncore integration. ...
server: new connection from 127.0.0.1:38794
client: sending 'FOO\n'...
server: read 'FOO\n' from client
client: read 'foo\n'
client: closing connection.
client: connection closed.
server: read 'over\n' from client
cleanup: stopping server.
cleanup: joining server thread.
server: closed connection <ssl.SSLSocket object at 0x7f28dd23b0d0>
server: read '' from client
cleanup: successfully joined.
ok
test_check_hostname (test.test_ssl.ThreadedTests) ...
server: new connection from ('127.0.0.1', 33176)
server: bad connection attempt from ('127.0.0.1', 33176):
Traceback (most recent call last):
File "/home/rjones/d/cpython-2.7/Lib/test/test_ssl.py", line 1732, in wrap_conn
self.sock, server_side=True)
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 369, in wrap_socket
_context=self)
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 599, in __init__
self.do_handshake()
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 828, in do_handshake
self._sslobj.do_handshake()
SSLError: [SSL: BAD_RSA_DECRYPT] no suitable signature algorithm (_ssl.c:727)
ERROR
test_compression (test.test_ssl.ThreadedTests) ... server: new connection from ('127.0.0.1', 39026)
server: bad connection attempt from ('127.0.0.1', 39026):
Traceback (most recent call last):
File "/home/rjones/d/cpython-2.7/Lib/test/test_ssl.py", line 1732, in wrap_conn
self.sock, server_side=True)
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 369, in wrap_socket
_context=self)
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 599, in __init__
self.do_handshake()
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 828, in do_handshake
self._sslobj.do_handshake()
SSLError: [SSL: BAD_RSA_DECRYPT] no suitable signature algorithm (_ssl.c:727)
ERROR
test_compression_disabled (test.test_ssl.ThreadedTests) ... server: new connection from ('127.0.0.1', 51970)
server: bad connection attempt from ('127.0.0.1', 51970):
Traceback (most recent call last):
File "/home/rjones/d/cpython-2.7/Lib/test/test_ssl.py", line 1732, in wrap_conn
self.sock, server_side=True)
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 369, in wrap_socket
_context=self)
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 599, in __init__
self.do_handshake()
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 828, in do_handshake
self._sslobj.do_handshake()
SSLError: [SSL: BAD_RSA_DECRYPT] no suitable signature algorithm (_ssl.c:727)
ERROR
test_crl_check (test.test_ssl.ThreadedTests) ...
server: new connection from ('127.0.0.1', 49686)
server: bad connection attempt from ('127.0.0.1', 49686):
Traceback (most recent call last):
File "/home/rjones/d/cpython-2.7/Lib/test/test_ssl.py", line 1732, in wrap_conn
self.sock, server_side=True)
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 369, in wrap_socket
_context=self)
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 599, in __init__
self.do_handshake()
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 828, in do_handshake
self._sslobj.do_handshake()
SSLError: [SSL: BAD_RSA_DECRYPT] no suitable signature algorithm (_ssl.c:727)
ERROR
test_default_ecdh_curve (test.test_ssl.ThreadedTests) ... server: new connection from ('127.0.0.1', 50888)
server: connection cipher is now ('ECDHE-RSA-AES256-GCM-SHA384', 'TLSv1.2', 256)
server: selected protocol is now None
ok
test_dh_params (test.test_ssl.ThreadedTests) ... server: new connection from ('127.0.0.1', 39768)
server: bad connection attempt from ('127.0.0.1', 39768):
Traceback (most recent call last):
File "/home/rjones/d/cpython-2.7/Lib/test/test_ssl.py", line 1732, in wrap_conn
self.sock, server_side=True)
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 369, in wrap_socket
_context=self)
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 599, in __init__
self.do_handshake()
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 828, in do_handshake
self._sslobj.do_handshake()
SSLError: [SSL: BAD_RSA_DECRYPT] no suitable signature algorithm (_ssl.c:727)
ERROR
test_do_handshake_enotconn (test.test_ssl.ThreadedTests) ... ok
test_echo (test.test_ssl.ThreadedTests)
Basic test of an SSL client connecting to a server ...
server: new connection from ('127.0.0.1', 51012)
client: sending 'FOO\n'...
server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
server: selected protocol is now None
client: read 'foo\n'
client: sending 'FOO\n'...
client: read 'foo\n'
client: sending 'FOO\n'...
client: read 'foo\n'
client: closing connection.
server: new connection from ('127.0.0.1', 60552)
server: bad connection attempt from ('127.0.0.1', 60552):
Traceback (most recent call last):
File "/home/rjones/d/cpython-2.7/Lib/test/test_ssl.py", line 1732, in wrap_conn
self.sock, server_side=True)
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 369, in wrap_socket
_context=self)
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 599, in __init__
self.do_handshake()
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 828, in do_handshake
self._sslobj.do_handshake()
SSLError: [SSL: BAD_RSA_DECRYPT] no suitable signature algorithm (_ssl.c:727)
ERROR
test_getpeercert (test.test_ssl.ThreadedTests) ...
{'issuer': ((('countryName', u'XY'),),
(('localityName', u'Castle Anthrax'),),
(('organizationName', u'Python Software Foundation'),),
(('commonName', u'localhost'),)),
'notAfter': 'Aug 26 14:23:15 2028 GMT',
'notBefore': u'Aug 29 14:23:15 2018 GMT',
'serialNumber': u'98A7CF88C74A32ED',
'subject': ((('countryName', u'XY'),),
(('localityName', u'Castle Anthrax'),),
(('organizationName', u'Python Software Foundation'),),
(('commonName', u'localhost'),)),
'subjectAltName': (('DNS', 'localhost'),),
'version': 3L}
Connection cipher is ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256).
ok
test_getpeercert_enotconn (test.test_ssl.ThreadedTests) ... ok
test_handshake_timeout (test.test_ssl.ThreadedTests) ... ok
test_no_shared_ciphers (test.test_ssl.ThreadedTests) ... server: new connection from ('127.0.0.1', 44402)
server: bad connection attempt from ('127.0.0.1', 44402):
Traceback (most recent call last):
File "/home/rjones/d/cpython-2.7/Lib/test/test_ssl.py", line 1732, in wrap_conn
self.sock, server_side=True)
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 369, in wrap_socket
_context=self)
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 599, in __init__
self.do_handshake()
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 828, in do_handshake
self._sslobj.do_handshake()
SSLError: [SSL: NO_SHARED_CIPHER] no shared cipher (_ssl.c:727)
ok
test_npn_protocols (test.test_ssl.ThreadedTests) ... skipped 'NPN support needed for this test'
test_protocol_sslv2 (test.test_ssl.ThreadedTests)
Connecting to an SSLv2 server with various client options ... skipped 'OpenSSL is compiled without SSLv2 support'
test_protocol_sslv23 (test.test_ssl.ThreadedTests)
Connecting to an SSLv23 server with various client options ...
PROTOCOL_TLS->PROTOCOL_TLS CERT_NONE
PROTOCOL_TLSv1->PROTOCOL_TLS CERT_NONE
ERROR
test_protocol_sslv3 (test.test_ssl.ThreadedTests)
Connecting to an SSLv3 server with various client options ... skipped 'OpenSSL is compiled without SSLv3 support'
test_protocol_tlsv1 (test.test_ssl.ThreadedTests)
Connecting to a TLSv1 server with various client options ...
PROTOCOL_TLSv1->PROTOCOL_TLSv1 CERT_NONE
ERROR
test_protocol_tlsv1_1 (test.test_ssl.ThreadedTests)
Connecting to a TLSv1.1 server with various client options. ...
PROTOCOL_TLSv1_1->PROTOCOL_TLSv1_1 CERT_NONE
ERROR
test_protocol_tlsv1_2 (test.test_ssl.ThreadedTests)
Connecting to a TLSv1.2 server with various client options. ...
PROTOCOL_TLSv1_2->PROTOCOL_TLSv1_2 CERT_NONE
{PROTOCOL_TLS->PROTOCOL_TLSv1_2} CERT_NONE
PROTOCOL_TLSv1_2->PROTOCOL_TLS CERT_NONE
{PROTOCOL_TLSv1->PROTOCOL_TLSv1_2} CERT_NONE
{PROTOCOL_TLSv1_2->PROTOCOL_TLSv1} CERT_NONE
{PROTOCOL_TLSv1_1->PROTOCOL_TLSv1_2} CERT_NONE
{PROTOCOL_TLSv1_2->PROTOCOL_TLSv1_1} CERT_NONE
ok
test_read_write_after_close_raises_valuerror (test.test_ssl.ThreadedTests) ... ok
test_recv_send (test.test_ssl.ThreadedTests)
Test recv(), send() and friends. ...
server: new connection from ('127.0.0.1', 59354)
server: bad connection attempt from ('127.0.0.1', 59354):
Traceback (most recent call last):
File "/home/rjones/d/cpython-2.7/Lib/test/test_ssl.py", line 1732, in wrap_conn
self.sock, server_side=True)
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 369, in wrap_socket
_context=self)
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 599, in __init__
self.do_handshake()
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 828, in do_handshake
self._sslobj.do_handshake()
SSLError: [SSL: BAD_RSA_DECRYPT] no suitable signature algorithm (_ssl.c:727)
ERROR
test_recv_zero (test.test_ssl.ThreadedTests) ... server: new connection from ('127.0.0.1', 36264)
server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
server: selected protocol is now None
ok
test_rude_shutdown (test.test_ssl.ThreadedTests)
A brutal shutdown of an SSL server should raise an OSError ... ok
test_selected_alpn_protocol (test.test_ssl.ThreadedTests) ... server: new connection from ('127.0.0.1', 59908)
server: bad connection attempt from ('127.0.0.1', 59908):
Traceback (most recent call last):
File "/home/rjones/d/cpython-2.7/Lib/test/test_ssl.py", line 1732, in wrap_conn
self.sock, server_side=True)
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 369, in wrap_socket
_context=self)
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 599, in __init__
self.do_handshake()
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 828, in do_handshake
self._sslobj.do_handshake()
SSLError: [SSL: BAD_RSA_DECRYPT] no suitable signature algorithm (_ssl.c:727)
ERROR
test_selected_alpn_protocol_if_server_uses_alpn (test.test_ssl.ThreadedTests) ... server: new connection from ('127.0.0.1', 57474)
server: bad connection attempt from ('127.0.0.1', 57474):
Traceback (most recent call last):
File "/home/rjones/d/cpython-2.7/Lib/test/test_ssl.py", line 1732, in wrap_conn
self.sock, server_side=True)
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 369, in wrap_socket
_context=self)
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 599, in __init__
self.do_handshake()
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 828, in do_handshake
self._sslobj.do_handshake()
SSLError: [SSL: BAD_RSA_DECRYPT] no suitable signature algorithm (_ssl.c:727)
ERROR
test_selected_npn_protocol (test.test_ssl.ThreadedTests) ... server: new connection from ('127.0.0.1', 33742)
server: bad connection attempt from ('127.0.0.1', 33742):
Traceback (most recent call last):
File "/home/rjones/d/cpython-2.7/Lib/test/test_ssl.py", line 1732, in wrap_conn
self.sock, server_side=True)
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 369, in wrap_socket
_context=self)
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 599, in __init__
self.do_handshake()
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 828, in do_handshake
self._sslobj.do_handshake()
SSLError: [SSL: BAD_RSA_DECRYPT] no suitable signature algorithm (_ssl.c:727)
ERROR
test_server_accept (test.test_ssl.ThreadedTests) ... ok
test_sni_callback (test.test_ssl.ThreadedTests) ... server: new connection from ('127.0.0.1', 43762)
server: bad connection attempt from ('127.0.0.1', 43762):
Traceback (most recent call last):
File "/home/rjones/d/cpython-2.7/Lib/test/test_ssl.py", line 1732, in wrap_conn
self.sock, server_side=True)
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 369, in wrap_socket
_context=self)
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 599, in __init__
self.do_handshake()
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 828, in do_handshake
self._sslobj.do_handshake()
SSLError: [SSL: BAD_RSA_DECRYPT] no suitable signature algorithm (_ssl.c:727)
ERROR
test_sni_callback_alert (test.test_ssl.ThreadedTests) ... ok
test_sni_callback_raising (test.test_ssl.ThreadedTests) ... ok
test_sni_callback_wrong_return_type (test.test_ssl.ThreadedTests) ... ok
test_socketserver (test.test_ssl.ThreadedTests)
Using a SocketServer to create and manage SSL connections. ...
server (('127.0.0.1', 32973):32973 ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)):
[24/Jun/2022 12:09:22] "GET /keycert.pem HTTP/1.1" 200 -
client: read 4058 bytes from remote server '<HTTPSServerThread <HTTPSServer localhost.localdomain:32973>>'
stopping HTTPS server
joining HTTPS thread
ok
test_starttls (test.test_ssl.ThreadedTests)
Switching from clear text to encrypted and back again. ...
client: sending 'msg 1'...
server: new connection from ('127.0.0.1', 44848)
server: read 'msg 1' (unencrypted), sending back 'msg 1' (unencrypted)...
client: read 'msg 1' from server
client: sending 'MSG 2'...
server: read 'MSG 2' (unencrypted), sending back 'msg 2' (unencrypted)...
client: read 'msg 2' from server
client: sending 'STARTTLS'...
server: read STARTTLS from client, sending OK...
client: read 'ok' from server, starting TLS...
server: bad connection attempt from ('127.0.0.1', 44848):
Traceback (most recent call last):
File "/home/rjones/d/cpython-2.7/Lib/test/test_ssl.py", line 1732, in wrap_conn
self.sock, server_side=True)
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 369, in wrap_socket
_context=self)
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 599, in __init__
self.do_handshake()
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 828, in do_handshake
self._sslobj.do_handshake()
SSLError: [SSL: BAD_RSA_DECRYPT] no suitable signature algorithm (_ssl.c:727)
ERROR
test_tls1_3 (test.test_ssl.ThreadedTests) ... server: new connection from ('127.0.0.1', 47508)
server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
server: selected protocol is now None
ok
test_tls_unique_channel_binding (test.test_ssl.ThreadedTests)
Test tls-unique channel binding. ...
server: new connection from ('127.0.0.1', 58508)
server: bad connection attempt from ('127.0.0.1', 58508):
Traceback (most recent call last):
File "/home/rjones/d/cpython-2.7/Lib/test/test_ssl.py", line 1732, in wrap_conn
self.sock, server_side=True)
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 369, in wrap_socket
_context=self)
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 599, in __init__
self.do_handshake()
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 828, in do_handshake
self._sslobj.do_handshake()
SSLError: [SSL: BAD_RSA_DECRYPT] no suitable signature algorithm (_ssl.c:727)
ERROR
test_version_basic (test.test_ssl.ThreadedTests) ... ERROR
test_wrong_cert (test.test_ssl.ThreadedTests)
Connecting when the server rejects the client's certificate ...
SSLError is SSLError(1, u'[SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version (_ssl.c:727)')
ok
======================================================================
ERROR: test_load_verify_cadata (test.test_ssl.ContextTests)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/home/rjones/d/cpython-2.7/Lib/test/test_ssl.py", line 1033, in test_load_verify_cadata
ctx.load_verify_locations(cadata=cacert_der)
SSLError: unknown error (_ssl.c:2989)
======================================================================
ERROR: test_check_hostname (test.test_ssl.ThreadedTests)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/home/rjones/d/cpython-2.7/Lib/test/test_ssl.py", line 2268, in test_check_hostname
s.connect((HOST, server.port))
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 864, in connect
self._real_connect(addr, False)
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 855, in _real_connect
self.do_handshake()
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 828, in do_handshake
self._sslobj.do_handshake()
SSLError: [SSL: TLSV1_ALERT_INTERNAL_ERROR] tlsv1 alert internal error (_ssl.c:727)
======================================================================
ERROR: test_compression (test.test_ssl.ThreadedTests)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/home/rjones/d/cpython-2.7/Lib/test/test_ssl.py", line 3000, in test_compression
chatty=True, connectionchatty=True)
File "/home/rjones/d/cpython-2.7/Lib/test/test_ssl.py", line 2064, in server_params_test
s.connect((HOST, server.port))
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 864, in connect
self._real_connect(addr, False)
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 855, in _real_connect
self.do_handshake()
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 828, in do_handshake
self._sslobj.do_handshake()
SSLError: [SSL: TLSV1_ALERT_INTERNAL_ERROR] tlsv1 alert internal error (_ssl.c:727)
======================================================================
ERROR: test_compression_disabled (test.test_ssl.ThreadedTests)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/home/rjones/d/cpython-2.7/Lib/test/test_ssl.py", line 3012, in test_compression_disabled
chatty=True, connectionchatty=True)
File "/home/rjones/d/cpython-2.7/Lib/test/test_ssl.py", line 2064, in server_params_test
s.connect((HOST, server.port))
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 864, in connect
self._real_connect(addr, False)
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 855, in _real_connect
self.do_handshake()
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 828, in do_handshake
self._sslobj.do_handshake()
SSLError: [SSL: TLSV1_ALERT_INTERNAL_ERROR] tlsv1 alert internal error (_ssl.c:727)
======================================================================
ERROR: test_crl_check (test.test_ssl.ThreadedTests)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/home/rjones/d/cpython-2.7/Lib/test/test_ssl.py", line 2227, in test_crl_check
s.connect((HOST, server.port))
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 864, in connect
self._real_connect(addr, False)
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 855, in _real_connect
self.do_handshake()
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 828, in do_handshake
self._sslobj.do_handshake()
SSLError: [SSL: TLSV1_ALERT_INTERNAL_ERROR] tlsv1 alert internal error (_ssl.c:727)
======================================================================
ERROR: test_dh_params (test.test_ssl.ThreadedTests)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/home/rjones/d/cpython-2.7/Lib/test/test_ssl.py", line 3022, in test_dh_params
chatty=True, connectionchatty=True)
File "/home/rjones/d/cpython-2.7/Lib/test/test_ssl.py", line 2064, in server_params_test
s.connect((HOST, server.port))
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 864, in connect
self._real_connect(addr, False)
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 855, in _real_connect
self.do_handshake()
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 828, in do_handshake
self._sslobj.do_handshake()
SSLError: [SSL: TLSV1_ALERT_INTERNAL_ERROR] tlsv1 alert internal error (_ssl.c:727)
======================================================================
ERROR: test_echo (test.test_ssl.ThreadedTests)
Basic test of an SSL client connecting to a server
----------------------------------------------------------------------
Traceback (most recent call last):
File "/home/rjones/d/cpython-2.7/Lib/test/test_ssl.py", line 2168, in test_echo
chatty=True, connectionchatty=True)
File "/home/rjones/d/cpython-2.7/Lib/test/test_ssl.py", line 2064, in server_params_test
s.connect((HOST, server.port))
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 864, in connect
self._real_connect(addr, False)
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 855, in _real_connect
self.do_handshake()
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 828, in do_handshake
self._sslobj.do_handshake()
SSLError: [SSL: TLSV1_ALERT_INTERNAL_ERROR] tlsv1 alert internal error (_ssl.c:727)
======================================================================
ERROR: test_protocol_sslv23 (test.test_ssl.ThreadedTests)
Connecting to an SSLv23 server with various client options
----------------------------------------------------------------------
Traceback (most recent call last):
File "/home/rjones/d/cpython-2.7/Lib/test/test_ssl.py", line 190, in f
return func(*args, **kwargs)
File "/home/rjones/d/cpython-2.7/Lib/test/test_ssl.py", line 2404, in test_protocol_sslv23
try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1, 'TLSv1')
File "/home/rjones/d/cpython-2.7/Lib/test/test_ssl.py", line 2136, in try_protocol_combo
chatty=False, connectionchatty=False)
File "/home/rjones/d/cpython-2.7/Lib/test/test_ssl.py", line 2064, in server_params_test
s.connect((HOST, server.port))
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 864, in connect
self._real_connect(addr, False)
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 855, in _real_connect
self.do_handshake()
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 828, in do_handshake
self._sslobj.do_handshake()
SSLError: [SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version (_ssl.c:727)
======================================================================
ERROR: test_protocol_tlsv1 (test.test_ssl.ThreadedTests)
Connecting to a TLSv1 server with various client options
----------------------------------------------------------------------
Traceback (most recent call last):
File "/home/rjones/d/cpython-2.7/Lib/test/test_ssl.py", line 2452, in test_protocol_tlsv1
try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1, 'TLSv1')
File "/home/rjones/d/cpython-2.7/Lib/test/test_ssl.py", line 2136, in try_protocol_combo
chatty=False, connectionchatty=False)
File "/home/rjones/d/cpython-2.7/Lib/test/test_ssl.py", line 2064, in server_params_test
s.connect((HOST, server.port))
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 864, in connect
self._real_connect(addr, False)
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 855, in _real_connect
self.do_handshake()
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 828, in do_handshake
self._sslobj.do_handshake()
SSLError: [SSL: TLSV1_ALERT_INTERNAL_ERROR] tlsv1 alert internal error (_ssl.c:727)
======================================================================
ERROR: test_protocol_tlsv1_1 (test.test_ssl.ThreadedTests)
Connecting to a TLSv1.1 server with various client options.
----------------------------------------------------------------------
Traceback (most recent call last):
File "/home/rjones/d/cpython-2.7/Lib/test/test_ssl.py", line 190, in f
return func(*args, **kwargs)
File "/home/rjones/d/cpython-2.7/Lib/test/test_ssl.py", line 2471, in test_protocol_tlsv1_1
try_protocol_combo(ssl.PROTOCOL_TLSv1_1, ssl.PROTOCOL_TLSv1_1, 'TLSv1.1')
File "/home/rjones/d/cpython-2.7/Lib/test/test_ssl.py", line 2136, in try_protocol_combo
chatty=False, connectionchatty=False)
File "/home/rjones/d/cpython-2.7/Lib/test/test_ssl.py", line 2064, in server_params_test
s.connect((HOST, server.port))
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 864, in connect
self._real_connect(addr, False)
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 855, in _real_connect
self.do_handshake()
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 828, in do_handshake
self._sslobj.do_handshake()
SSLError: [SSL: TLSV1_ALERT_INTERNAL_ERROR] tlsv1 alert internal error (_ssl.c:727)
======================================================================
ERROR: test_recv_send (test.test_ssl.ThreadedTests)
Test recv(), send() and friends.
----------------------------------------------------------------------
Traceback (most recent call last):
File "/home/rjones/d/cpython-2.7/Lib/test/test_ssl.py", line 2639, in test_recv_send
s.connect((HOST, server.port))
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 864, in connect
self._real_connect(addr, False)
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 855, in _real_connect
self.do_handshake()
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 828, in do_handshake
self._sslobj.do_handshake()
SSLError: [SSL: TLSV1_ALERT_INTERNAL_ERROR] tlsv1 alert internal error (_ssl.c:727)
======================================================================
ERROR: test_selected_alpn_protocol (test.test_ssl.ThreadedTests)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/home/rjones/d/cpython-2.7/Lib/test/test_ssl.py", line 3033, in test_selected_alpn_protocol
chatty=True, connectionchatty=True)
File "/home/rjones/d/cpython-2.7/Lib/test/test_ssl.py", line 2064, in server_params_test
s.connect((HOST, server.port))
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 864, in connect
self._real_connect(addr, False)
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 855, in _real_connect
self.do_handshake()
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 828, in do_handshake
self._sslobj.do_handshake()
SSLError: [SSL: TLSV1_ALERT_INTERNAL_ERROR] tlsv1 alert internal error (_ssl.c:727)
======================================================================
ERROR: test_selected_alpn_protocol_if_server_uses_alpn (test.test_ssl.ThreadedTests)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/home/rjones/d/cpython-2.7/Lib/test/test_ssl.py", line 3045, in test_selected_alpn_protocol_if_server_uses_alpn
chatty=True, connectionchatty=True)
File "/home/rjones/d/cpython-2.7/Lib/test/test_ssl.py", line 2064, in server_params_test
s.connect((HOST, server.port))
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 864, in connect
self._real_connect(addr, False)
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 855, in _real_connect
self.do_handshake()
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 828, in do_handshake
self._sslobj.do_handshake()
SSLError: [SSL: TLSV1_ALERT_INTERNAL_ERROR] tlsv1 alert internal error (_ssl.c:727)
======================================================================
ERROR: test_selected_npn_protocol (test.test_ssl.ThreadedTests)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/home/rjones/d/cpython-2.7/Lib/test/test_ssl.py", line 3095, in test_selected_npn_protocol
chatty=True, connectionchatty=True)
File "/home/rjones/d/cpython-2.7/Lib/test/test_ssl.py", line 2064, in server_params_test
s.connect((HOST, server.port))
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 864, in connect
self._real_connect(addr, False)
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 855, in _real_connect
self.do_handshake()
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 828, in do_handshake
self._sslobj.do_handshake()
SSLError: [SSL: TLSV1_ALERT_INTERNAL_ERROR] tlsv1 alert internal error (_ssl.c:727)
======================================================================
ERROR: test_sni_callback (test.test_ssl.ThreadedTests)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/home/rjones/d/cpython-2.7/Lib/test/test_ssl.py", line 3154, in test_sni_callback
sni_name='supermessage')
File "/home/rjones/d/cpython-2.7/Lib/test/test_ssl.py", line 2064, in server_params_test
s.connect((HOST, server.port))
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 864, in connect
self._real_connect(addr, False)
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 855, in _real_connect
self.do_handshake()
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 828, in do_handshake
self._sslobj.do_handshake()
SSLError: [SSL: TLSV1_ALERT_INTERNAL_ERROR] tlsv1 alert internal error (_ssl.c:727)
======================================================================
ERROR: test_starttls (test.test_ssl.ThreadedTests)
Switching from clear text to encrypted and back again.
----------------------------------------------------------------------
Traceback (most recent call last):
File "/home/rjones/d/cpython-2.7/Lib/test/test_ssl.py", line 2541, in test_starttls
conn = ssl.wrap_socket(s, ssl_version=ssl.PROTOCOL_TLSv1)
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 931, in wrap_socket
ciphers=ciphers)
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 599, in __init__
self.do_handshake()
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 828, in do_handshake
self._sslobj.do_handshake()
SSLError: [SSL: TLSV1_ALERT_INTERNAL_ERROR] tlsv1 alert internal error (_ssl.c:727)
======================================================================
ERROR: test_tls_unique_channel_binding (test.test_ssl.ThreadedTests)
Test tls-unique channel binding.
----------------------------------------------------------------------
Traceback (most recent call last):
File "/home/rjones/d/cpython-2.7/Lib/test/test_ssl.py", line 2956, in test_tls_unique_channel_binding
s.connect((HOST, server.port))
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 864, in connect
self._real_connect(addr, False)
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 855, in _real_connect
self.do_handshake()
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 828, in do_handshake
self._sslobj.do_handshake()
SSLError: [SSL: TLSV1_ALERT_INTERNAL_ERROR] tlsv1 alert internal error (_ssl.c:727)
======================================================================
ERROR: test_version_basic (test.test_ssl.ThreadedTests)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/home/rjones/d/cpython-2.7/Lib/test/test_ssl.py", line 2893, in test_version_basic
s.connect((HOST, server.port))
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 864, in connect
self._real_connect(addr, False)
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 855, in _real_connect
self.do_handshake()
File "/home/rjones/d/cpython-2.7/Lib/ssl.py", line 828, in do_handshake
self._sslobj.do_handshake()
SSLError: [SSL: TLSV1_ALERT_INTERNAL_ERROR] tlsv1 alert internal error (_ssl.c:727)
======================================================================
FAIL: test_openssl_version (test.test_ssl.BasicSocketTests)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/home/rjones/d/cpython-2.7/Lib/test/test_ssl.py", line 382, in test_openssl_version
(s, t))
AssertionError: ('OpenSSL 3.0.3 3 May 2022', (3, 0, 0, 3, 0))
-----------------------------------test test_ssl failed -- multiple errors occurred
-----------------------------------
Ran 96 tests in 1.061s
FAILED (failures=1, errors=18, skipped=7)
== Tests result: FAILURE ==
1 test failed:
test_ssl
Total duration: 1 sec 153 ms
Tests result: FAILURE
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
nbdkit - Flexible, fast NBD server with plugins
https://gitlab.com/nbdkit/nbdkit
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Dmitry Belyavskiy
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
