Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.
Sign up[3.5] bpo-36576: Skip test_ssl and test_asyncio tests failing with OpenSSL 1.1.1 #12694
Conversation
This comment has been minimized.
This comment has been minimized.
|
I wrote a similar change for Fedora Rawhide: https://src.fedoraproject.org/rpms/python35/pull-request/23 Somehow related, I wrote a change to add OpenSSL 1.1.1 support to Python 3.4:
I may also skip failing tests on Python 3.4. |
This comment has been minimized.
This comment has been minimized.
|
cc @stratakis |
This comment has been minimized.
This comment has been minimized.
|
@stratakis asked me to replace "OpenSSL 1.1" with "OpenSSL 1.1.0": done. |
| @@ -1145,6 +1151,7 @@ def test_legacy_create_unix_server_ssl_verify_failed(self): | |||
| self.test_create_unix_server_ssl_verify_failed() | |||
|
|
|||
| @unittest.skipIf(ssl is None, 'No ssl module') | |||
| @unittest.skipIf(IS_OPENSSL_1_1, "bpo-26470: fail on OpenSSL 1.1") | |||
This comment has been minimized.
This comment has been minimized.
hroncok
Apr 7, 2019
Contributor
Is the version number 1.1 and not 1.1.0 here by accident or purpose?
| @unittest.skipIf(IS_OPENSSL_1_1, "bpo-26470: fail on OpenSSL 1.1") | |
| @unittest.skipIf(IS_OPENSSL_1_1, "bpo-26470: fail on OpenSSL 1.1.0") |
That would make it more consistent.
Also, have we checked that it's actually 1.1.0 and not 1.1.1? Should we say 1.1 everywhere instead?
This comment has been minimized.
This comment has been minimized.
vstinner
Apr 8, 2019
Author
Member
Also, have we checked that it's actually 1.1.0 and not 1.1.1?
No, and I'm not interested to test if it's exactly 1.1.0 or 1.1.1. I'm tired of the OpenSSL 1.1.1 mess, I consider that I already spent enough time on this topic :-)
Should we say 1.1 everywhere instead?
I fixed the test_asyncio comment to write OpenSSL 1.1.0, as I did in test_ssl.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
| @@ -38,6 +38,12 @@ | |||
| from asyncio import test_support as support | |||
|
|
|||
|
|
|||
| if ssl is not None: | |||
| IS_OPENSSL_1_1 = ssl.OPENSSL_VERSION_INFO >= (1, 1, 0) | |||
This comment has been minimized.
This comment has been minimized.
hroncok
Apr 7, 2019
Contributor
Woudl a oneliner be more readable? Or less? Something like:
IS_OPENSSL_1_1 = ssl is not None and ssl.OPENSSL_VERSION_INFO >= (1, 1, 0)Or even:
IS_OPENSSL_1_1 = ssl and ssl.OPENSSL_VERSION_INFO >= (1, 1, 0)
This comment has been minimized.
This comment has been minimized.
|
Good enough for 3.5. |
|
Even better now! Thanks. |
This comment has been minimized.
This comment has been minimized.
|
Oh, the NEWS entry used the old bpo number. I also fixed that. |
…1.1.1 Some test_ssl and test_asyncio are written for OpenSSL 1.0 and TLS 1.0, but fail with OpenSSL 1.1.1 and TLS 1.3. Fixing these needs require to backport new ssl flags like ssl.OP_NO_TLSv1_3 or ssl.OP_NO_COMPRESSION which cannot be done in a minor 3.5.x release. Moreover, it is not really worth it: the code works fine, issues are in the tests.
This comment has been minimized.
This comment has been minimized.
|
Oh, my PR used IS_OPENSSL_1_1_1 but it didn't exist! I fixed that as well. |
This comment has been minimized.
This comment has been minimized.
|
@tiran I'm inclined to merge this patch. Do you want to review it before I merge, or should I just go ahead? |
This comment has been minimized.
This comment has been minimized.
|
FYI Fedora now uses this patch in Python 3.5: https://src.fedoraproject.org/rpms/python35/blob/master/f/00322-test_ssl-skip-openssl111.patch Even if right now, the package is still linked to OpenSSL 1.0: https://src.fedoraproject.org/rpms/python35/blob/master/f/python35.spec#_128 |
4d1c254
into
python:3.5
This comment has been minimized.
This comment has been minimized.
bedevere-bot
commented
Sep 7, 2019
|
@larryhastings: Please replace |
This comment has been minimized.
This comment has been minimized.
|
Thanks for the 3.5 love, Victor! |
vstinner commentedApr 5, 2019
•
edited
Some test_ssl and test_asyncio are written for OpenSSL 1.0 and TLS
1.0, but fail with OpenSSL 1.1.1 and TLS 1.3.
Fixing these needs require to backport new ssl flags like
ssl.OP_NO_TLSv1_3 or ssl.OP_NO_COMPRESSION which cannot be done in a
minor 3.5.x release. Moreover, it is not really worth it: the code
works fine, issues are in the tests.
https://bugs.python.org/issue36576