Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 654612

Summary: dev-python/ndg-httpsclient-0.4.2-r1: multiple test failures
Product: Gentoo Linux Reporter: Thomas Deutschmann (RETIRED) <whissi>
Component: Current packagesAssignee: Python Gentoo Team <python>
Status: RESOLVED FIXED    
Severity: normal CC: mgorny
Priority: Normal Keywords: TESTFAILURE
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 654444, 655978    
Attachments: build.log

Description Thomas Deutschmann (RETIRED) gentoo-dev 2018-05-02 13:21:13 UTC 
Created attachment 529348 [details]
build.log

> test03_ssl_verification_of_peer_succeeds (ndg.httpsclient.test.test_https.TestHTTPSConnection) ... 3073521344:error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:s3_pkt.c:1498:SSL alert number 48
> 3073521344:error:140780E5:SSL routines:ssl23_read:ssl handshake failure:s23_lib.c:137:
> ACCEPT
> 3073521344:error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired:s3_pkt.c:1498:SSL alert number 45
> 3073521344:error:140780E5:SSL routines:ssl23_read:ssl handshake failure:s23_lib.c:137:
> ACCEPT
> ERROR
> test04_ssl_verification_with_subj_alt_name (ndg.httpsclient.test.test_https.TestHTTPSConnection) ... ERROR:ndg.httpsclient.ssl_peer_verification:Certificate <X509Name object '/O=NDG/OU=Security/CN=localhost'> in peer certificate chain has expired
> ERROR
> test04_ssl_verification_with_subj_common_name (ndg.httpsclient.test.test_https.TestHTTPSConnection) ... DEBUG:ndg.httpsclient.ssl_peer_verification:Disabling peer verification with subject subjectAltNames!
> 3073521344:error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired:s3_pkt.c:1498:SSL alert number 45
> 3073521344:error:140780E5:SSL routines:ssl23_read:ssl handshake failure:s23_lib.c:137:
> ACCEPT
> ERROR:ndg.httpsclient.ssl_peer_verification:Certificate <X509Name object '/O=NDG/OU=Security/CN=localhost'> in peer certificate chain has expired
> ERROR
> 
> ======================================================================
> ERROR: test03_ssl_verification_of_peer_succeeds (ndg.httpsclient.test.test_https.TestHTTPSConnection)
> ----------------------------------------------------------------------
> Traceback (most recent call last):
>   File "/var/tmp/portage/dev-python/ndg-httpsclient-0.4.2-r1/work/ndg_httpsclient-0.4.2/ndg/httpsclient/test/test_https.py", line 74, in test03_ssl_verification_of_peer_succeeds
>     conn.request('GET', '/')
>   File "/usr/lib/python2.7/httplib.py", line 1042, in request
>     self._send_request(method, url, body, headers)
>   File "/usr/lib/python2.7/httplib.py", line 1082, in _send_request
>     self.endheaders(body)
>   File "/usr/lib/python2.7/httplib.py", line 1038, in endheaders
>     self._send_output(message_body)
>   File "/usr/lib/python2.7/httplib.py", line 882, in _send_output
>     self.send(msg)
>   File "/usr/lib/python2.7/httplib.py", line 858, in send
>     self.sock.sendall(data)
>   File "/var/tmp/portage/dev-python/ndg-httpsclient-0.4.2-r1/work/ndg_httpsclient-0.4.2/ndg/httpsclient/ssl_socket.py", line 173, in sendall
>     self.__ssl_conn.sendall(data)
>   File "/usr/lib/python2.7/site-packages/OpenSSL/SSL.py", line 1666, in sendall
>     self._raise_ssl_error(self._ssl, result)
>   File "/usr/lib/python2.7/site-packages/OpenSSL/SSL.py", line 1546, in _raise_ssl_error
>     _raise_current_error()
>   File "/usr/lib/python2.7/site-packages/OpenSSL/_util.py", line 54, in exception_from_error_queue
>     raise exception_type(errors)
> Error: [('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')]
> 
> ======================================================================
> ERROR: test04_ssl_verification_with_subj_alt_name (ndg.httpsclient.test.test_https.TestHTTPSConnection)
> ----------------------------------------------------------------------
> Traceback (most recent call last):
>   File "/var/tmp/portage/dev-python/ndg-httpsclient-0.4.2-r1/work/ndg_httpsclient-0.4.2/ndg/httpsclient/test/test_https.py", line 93, in test04_ssl_verification_with_subj_alt_name
>     conn.request('GET', '/')
>   File "/usr/lib/python2.7/httplib.py", line 1042, in request
>     self._send_request(method, url, body, headers)
>   File "/usr/lib/python2.7/httplib.py", line 1082, in _send_request
>     self.endheaders(body)
>   File "/usr/lib/python2.7/httplib.py", line 1038, in endheaders
>     self._send_output(message_body)
>   File "/usr/lib/python2.7/httplib.py", line 882, in _send_output
>     self.send(msg)
>   File "/usr/lib/python2.7/httplib.py", line 858, in send
>     self.sock.sendall(data)
>   File "/var/tmp/portage/dev-python/ndg-httpsclient-0.4.2-r1/work/ndg_httpsclient-0.4.2/ndg/httpsclient/ssl_socket.py", line 173, in sendall
>     self.__ssl_conn.sendall(data)
>   File "/usr/lib/python2.7/site-packages/OpenSSL/SSL.py", line 1666, in sendall
>     self._raise_ssl_error(self._ssl, result)
>   File "/usr/lib/python2.7/site-packages/OpenSSL/SSL.py", line 1546, in _raise_ssl_error
>     _raise_current_error()
>   File "/usr/lib/python2.7/site-packages/OpenSSL/_util.py", line 54, in exception_from_error_queue
>     raise exception_type(errors)
> Error: [('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')]
> 
> ======================================================================
> ERROR: test04_ssl_verification_with_subj_common_name (ndg.httpsclient.test.test_https.TestHTTPSConnection)
> ----------------------------------------------------------------------
> Traceback (most recent call last):
>   File "/var/tmp/portage/dev-python/ndg-httpsclient-0.4.2-r1/work/ndg_httpsclient-0.4.2/ndg/httpsclient/test/test_https.py", line 116, in test04_ssl_verification_with_subj_common_name
>     conn.request('GET', '/')
>   File "/usr/lib/python2.7/httplib.py", line 1042, in request
>     self._send_request(method, url, body, headers)
>   File "/usr/lib/python2.7/httplib.py", line 1082, in _send_request
>     self.endheaders(body)
>   File "/usr/lib/python2.7/httplib.py", line 1038, in endheaders
>     self._send_output(message_body)
>   File "/usr/lib/python2.7/httplib.py", line 882, in _send_output
>     self.send(msg)
>   File "/usr/lib/python2.7/httplib.py", line 858, in send
>     self.sock.sendall(data)
>   File "/var/tmp/portage/dev-python/ndg-httpsclient-0.4.2-r1/work/ndg_httpsclient-0.4.2/ndg/httpsclient/ssl_socket.py", line 173, in sendall
>     self.__ssl_conn.sendall(data)
>   File "/usr/lib/python2.7/site-packages/OpenSSL/SSL.py", line 1666, in sendall
>     self._raise_ssl_error(self._ssl, result)
>   File "/usr/lib/python2.7/site-packages/OpenSSL/SSL.py", line 1546, in _raise_ssl_error
>     _raise_current_error()
>   File "/usr/lib/python2.7/site-packages/OpenSSL/_util.py", line 54, in exception_from_error_queue
>     raise exception_type(errors)
> Error: [('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')]
> 
> ----------------------------------------------------------------------
> Ran 14 tests in 0.313s
> 
> FAILED (errors=3)
> E-RSA-CAMELLIA128-SHA    DHE-DSS-CAMELLIA128-SHA    DH-RSA-CAMELLIA128-SHA    
> DH-DSS-CAMELLIA128-SHA     ECDH-RSA-AES128-GCM-SHA256 ECDH-ECDSA-AES128-GCM-SHA256
> ECDH-RSA-AES128-SHA256     ECDH-ECDSA-AES128-SHA256   ECDH-RSA-AES128-SHA       
> ECDH-ECDSA-AES128-SHA      AES128-GCM-SHA256          AES128-SHA256             
> AES128-SHA                 SEED-SHA                   CAMELLIA128-SHA           
> IDEA-CBC-SHA               ECDHE-RSA-RC4-SHA          ECDHE-ECDSA-RC4-SHA       
> ECDH-RSA-RC4-SHA           ECDH-ECDSA-RC4-SHA         RC4-SHA                   
> RC4-MD5                    ECDHE-RSA-DES-CBC3-SHA     ECDHE-ECDSA-DES-CBC3-SHA  
> EDH-RSA-DES-CBC3-SHA       EDH-DSS-DES-CBC3-SHA       DH-RSA-DES-CBC3-SHA       
> DH-DSS-DES-CBC3-SHA        ECDH-RSA-DES-CBC3-SHA      ECDH-ECDSA-DES-CBC3-SHA   
> DES-CBC3-SHA
> Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
> Shared Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
> Supported Elliptic Curves: P-256:P-521:brainpoolP512r1:brainpoolP384r1:P-384:brainpoolP256r1:secp256k1:B-571:K-571:K-409:B-409:K-283:B-283
> Shared Elliptic curves: P-256:P-521:brainpoolP512r1:brainpoolP384r1:P-384:brainpoolP256r1:secp256k1:B-571:K-571:K-409:B-409:K-283:B-283
> ---
> New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
> SSL-Session:
>     Protocol  : TLSv1.2
>     Cipher    : ECDHE-RSA-AES256-GCM-SHA384
>     Session-ID: 
>     Session-ID-ctx: 01000000
>     Master-Key: AFCCCF756CC147A698857CF6C71E16FA4F389A86A2FB4C00C2A233C457406F476372E3E56B802FED83183E736B39BCE2
>     Key-Arg   : None
>     PSK identity: None
>     PSK identity hint: None
>     SRP username: None
>     Compression: 1 (zlib compression)
>     Start Time: 1525266654
>     Timeout   : 300 (sec)
>     Verify return code: 0 (ok)
> ---
>    0 items in the session cache
>    0 client connects (SSL_connect())
>    0 client renegotiates (SSL_connect())
>    0 client connects that finished
>    5 server accepts (SSL_accept())
>    0 server renegotiates (SSL_accept())
>    4 server accepts that finished
>    0 session cache hits
>    0 session cache misses
>    0 session cache timeouts
>    0 callback cache hits
>    0 cache full overflows (128 allowed)
> ---
> no client certificate available
> </pre></BODY></HTML>
> 
> 
> 3073521344:error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired:s3_pkt.c:1498:SSL alert number 45
> 3073521344:error:140780E5:SSL routines:ssl23_read:ssl handshake failure:s23_lib.c:137:
> ACCEPT
>  * ERROR: dev-python/ndg-httpsclient-0.4.2-r1::gentoo failed (test phase):
>  *   Tests fail with python2.7
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2018-05-02 13:21:22 UTC 
Portage 2.3.24 (python 3.5.5-final-0, default/linux/x86/17.0, gcc-6.4.0, glibc-2.25-r11, 4.9.95-gentoo i686)
=================================================================
System uname: Linux-4.9.95-gentoo-i686-Intel-R-_Core-TM-_i7-3770K_CPU_@_3.50GHz-with-gentoo-2.4.1
KiB Mem:     3108308 total,   2883292 free
KiB Swap:     488276 total,    449552 free
Timestamp of repository gentoo: Wed, 02 May 2018 11:26:14 +0000
Head commit of repository gentoo: 67f45ea2661459c4d39cda0e9f76e476bf0962b4

sh bash 4.4_p12
ld GNU ld (Gentoo 2.29.1 p3) 2.29.1
app-shells/bash:          4.4_p12::gentoo
dev-lang/perl:            5.24.3-r1::gentoo
dev-lang/python:          2.7.14-r1::gentoo, 3.5.5::gentoo
dev-util/cmake:           3.9.6::gentoo
dev-util/pkgconfig:       0.29.2::gentoo
sys-apps/baselayout:      2.4.1-r2::gentoo
sys-apps/openrc:          0.34.11::gentoo
sys-apps/sandbox:         2.13::gentoo
sys-devel/autoconf:       2.13::gentoo, 2.69-r4::gentoo
sys-devel/automake:       1.15.1-r2::gentoo
sys-devel/binutils:       2.29.1-r1::gentoo
sys-devel/gcc:            6.4.0-r1::gentoo
sys-devel/gcc-config:     1.8-r1::gentoo
sys-devel/libtool:        2.4.6-r3::gentoo
sys-devel/make:           4.2.1::gentoo
sys-kernel/linux-headers: 4.13::gentoo (virtual/os-headers)
sys-libs/glibc:           2.25-r11::gentoo
Repositories:

gentoo
    location: /usr/portage
    sync-type: git
    sync-uri: https://github.com/gentoo-mirror/gentoo.git
    priority: -1000

ABI="x86"
ABI_X86="32"
ACCEPT_KEYWORDS="x86"
ACCEPT_LICENSE="* -@EULA"
ACCEPT_PROPERTIES="*"
ACCEPT_RESTRICT="*"
ARCH="x86"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -pipe -march=pentium4m -mtune=pentium4m"
CHOST="i686-pc-linux-gnu"
CHOST_x86="i686-pc-linux-gnu"
COLLISION_IGNORE="/lib/modules/* *.py[co] *$py.class */dropin.cache"
CONFIG_PROTECT="/etc /usr/share/config /usr/share/gnupg/qualified.txt"
CPU_FLAGS_X86="mmx mmxext sse sse2"
CXXFLAGS="-O2 -pipe -march=pentium4m -mtune=pentium4m"
DEFAULT_ABI="x86"
EDITOR="/usr/bin/mcedit"
ELIBC="glibc"
EPREFIX=""
EROOT="/"
FCFLAGS="-O2 -march=i686 -pipe"
FEATURES="assume-digests binpkg-logs cgroup config-protect-if-modified distlocks downgrade-backup ebuild-locks fixlafiles merge-sync multilib-strict news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-O2 -march=i686 -pipe"
GCC_SPECS=""
GRUB_PLATFORMS="efi-32 pc"
GSETTINGS_BACKEND="dconf"
HOME="/root"
INFOPATH="/usr/share/gcc-data/i686-pc-linux-gnu/6.4.0/info:/usr/share/binutils-data/i686-pc-linux-gnu/2.29.1/info:/usr/share/info"
INPUT_DEVICES="libinput keyboard mouse"
IUSE_IMPLICIT="abi_x86_32 prefix prefix-chain prefix-guest"
KERNEL="linux"
L10N="en en-US de de-DE"
LANG="en_US.UTF-8"
LC_ALL="en_US.UTF-8"
LC_MESSAGES="C"
LC_PAPER="de_DE.UTF-8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
LIBDIR_x86="lib"
LINGUAS="en de"
LOGNAME="root"
MAIL="/var/mail/root"
MAKEOPTS="--jobs 5 --load-average 7.95"
MULTILIB_ABIS="x86"
NOCOLOR="true"
OFFICE_IMPLEMENTATION="libreoffice"
OLDPWD="/root"
OPENGL_PROFILE="xorg-x11"
PAGER="/usr/bin/less"
PATH="/usr/i686-pc-linux-gnu/gcc-bin/6.4.0:/usr/lib/llvm/5/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin"
PHP_TARGETS="php5-6 php7-0"
POSTGRES_TARGETS="postgres9_5"
PWD="/tmp/stable"
PYTHONDONTWRITEBYTECODE="1"
PYTHON_SINGLE_TARGET="python3_5"
PYTHON_TARGETS="python2_7 python3_5"
QT_GRAPHICSSYSTEM="raster"
ROOT="/"
ROOTPATH="/usr/i686-pc-linux-gnu/gcc-bin/6.4.0:/usr/lib/llvm/5/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin"
RUBY_TARGETS="ruby22 ruby23"
SHELL="/bin/bash"
SHLVL="2"
SSH_TTY="/dev/pts/0"
TERM="screen"
TMUX="/tmp/tmux-0/default,4836,0"
TMUX_PANE="%1"
TWISTED_DISABLE_WRITING_OF_PLUGIN_CACHE="1"
USER="root"
USERLAND="GNU"
VIDEO_CARDS="vmware"
XDG_CONFIG_DIRS="/etc/xdg"
XDG_DATA_DIRS="/usr/local/share:/usr/share"
Comment 2 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2018-06-11 19:42:13 UTC 
I somewhat suspect this is due to SSLv3 being disabled somewhere along the pipeline.  Would be nice to figure out where and confirm that, though.
Comment 3 Larry the Git Cow gentoo-dev 2020-02-21 13:59:21 UTC 
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=44f86f9d1aa28c879ba16e3e70a0ae72b9f684ce

commit 44f86f9d1aa28c879ba16e3e70a0ae72b9f684ce
Author:     Michał Górny <mgorny@gentoo.org>
AuthorDate: 2020-02-21 13:48:08 +0000
Commit:     Michał Górny <mgorny@gentoo.org>
CommitDate: 2020-02-21 13:59:10 +0000

    dev-python/ndg-httpsclient: Bump to 0.5.1
    
    Closes: https://bugs.gentoo.org/709964
    Closes: https://bugs.gentoo.org/654612
    Signed-off-by: Michał Górny <mgorny@gentoo.org>

 dev-python/ndg-httpsclient/Manifest                |  1 +
 .../ndg-httpsclient/ndg-httpsclient-0.5.1.ebuild   | 49 ++++++++++++++++++++++
 2 files changed, 50 insertions(+)