Created attachment 529348 [details] build.log > test03_ssl_verification_of_peer_succeeds (ndg.httpsclient.test.test_https.TestHTTPSConnection) ... 3073521344:error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:s3_pkt.c:1498:SSL alert number 48 > 3073521344:error:140780E5:SSL routines:ssl23_read:ssl handshake failure:s23_lib.c:137: > ACCEPT > 3073521344:error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired:s3_pkt.c:1498:SSL alert number 45 > 3073521344:error:140780E5:SSL routines:ssl23_read:ssl handshake failure:s23_lib.c:137: > ACCEPT > ERROR > test04_ssl_verification_with_subj_alt_name (ndg.httpsclient.test.test_https.TestHTTPSConnection) ... ERROR:ndg.httpsclient.ssl_peer_verification:Certificate <X509Name object '/O=NDG/OU=Security/CN=localhost'> in peer certificate chain has expired > ERROR > test04_ssl_verification_with_subj_common_name (ndg.httpsclient.test.test_https.TestHTTPSConnection) ... DEBUG:ndg.httpsclient.ssl_peer_verification:Disabling peer verification with subject subjectAltNames! > 3073521344:error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired:s3_pkt.c:1498:SSL alert number 45 > 3073521344:error:140780E5:SSL routines:ssl23_read:ssl handshake failure:s23_lib.c:137: > ACCEPT > ERROR:ndg.httpsclient.ssl_peer_verification:Certificate <X509Name object '/O=NDG/OU=Security/CN=localhost'> in peer certificate chain has expired > ERROR > > ====================================================================== > ERROR: test03_ssl_verification_of_peer_succeeds (ndg.httpsclient.test.test_https.TestHTTPSConnection) > ---------------------------------------------------------------------- > Traceback (most recent call last): > File "/var/tmp/portage/dev-python/ndg-httpsclient-0.4.2-r1/work/ndg_httpsclient-0.4.2/ndg/httpsclient/test/test_https.py", line 74, in test03_ssl_verification_of_peer_succeeds > conn.request('GET', '/') > File "/usr/lib/python2.7/httplib.py", line 1042, in request > self._send_request(method, url, body, headers) > File "/usr/lib/python2.7/httplib.py", line 1082, in _send_request > self.endheaders(body) > File "/usr/lib/python2.7/httplib.py", line 1038, in endheaders > self._send_output(message_body) > File "/usr/lib/python2.7/httplib.py", line 882, in _send_output > self.send(msg) > File "/usr/lib/python2.7/httplib.py", line 858, in send > self.sock.sendall(data) > File "/var/tmp/portage/dev-python/ndg-httpsclient-0.4.2-r1/work/ndg_httpsclient-0.4.2/ndg/httpsclient/ssl_socket.py", line 173, in sendall > self.__ssl_conn.sendall(data) > File "/usr/lib/python2.7/site-packages/OpenSSL/SSL.py", line 1666, in sendall > self._raise_ssl_error(self._ssl, result) > File "/usr/lib/python2.7/site-packages/OpenSSL/SSL.py", line 1546, in _raise_ssl_error > _raise_current_error() > File "/usr/lib/python2.7/site-packages/OpenSSL/_util.py", line 54, in exception_from_error_queue > raise exception_type(errors) > Error: [('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')] > > ====================================================================== > ERROR: test04_ssl_verification_with_subj_alt_name (ndg.httpsclient.test.test_https.TestHTTPSConnection) > ---------------------------------------------------------------------- > Traceback (most recent call last): > File "/var/tmp/portage/dev-python/ndg-httpsclient-0.4.2-r1/work/ndg_httpsclient-0.4.2/ndg/httpsclient/test/test_https.py", line 93, in test04_ssl_verification_with_subj_alt_name > conn.request('GET', '/') > File "/usr/lib/python2.7/httplib.py", line 1042, in request > self._send_request(method, url, body, headers) > File "/usr/lib/python2.7/httplib.py", line 1082, in _send_request > self.endheaders(body) > File "/usr/lib/python2.7/httplib.py", line 1038, in endheaders > self._send_output(message_body) > File "/usr/lib/python2.7/httplib.py", line 882, in _send_output > self.send(msg) > File "/usr/lib/python2.7/httplib.py", line 858, in send > self.sock.sendall(data) > File "/var/tmp/portage/dev-python/ndg-httpsclient-0.4.2-r1/work/ndg_httpsclient-0.4.2/ndg/httpsclient/ssl_socket.py", line 173, in sendall > self.__ssl_conn.sendall(data) > File "/usr/lib/python2.7/site-packages/OpenSSL/SSL.py", line 1666, in sendall > self._raise_ssl_error(self._ssl, result) > File "/usr/lib/python2.7/site-packages/OpenSSL/SSL.py", line 1546, in _raise_ssl_error > _raise_current_error() > File "/usr/lib/python2.7/site-packages/OpenSSL/_util.py", line 54, in exception_from_error_queue > raise exception_type(errors) > Error: [('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')] > > ====================================================================== > ERROR: test04_ssl_verification_with_subj_common_name (ndg.httpsclient.test.test_https.TestHTTPSConnection) > ---------------------------------------------------------------------- > Traceback (most recent call last): > File "/var/tmp/portage/dev-python/ndg-httpsclient-0.4.2-r1/work/ndg_httpsclient-0.4.2/ndg/httpsclient/test/test_https.py", line 116, in test04_ssl_verification_with_subj_common_name > conn.request('GET', '/') > File "/usr/lib/python2.7/httplib.py", line 1042, in request > self._send_request(method, url, body, headers) > File "/usr/lib/python2.7/httplib.py", line 1082, in _send_request > self.endheaders(body) > File "/usr/lib/python2.7/httplib.py", line 1038, in endheaders > self._send_output(message_body) > File "/usr/lib/python2.7/httplib.py", line 882, in _send_output > self.send(msg) > File "/usr/lib/python2.7/httplib.py", line 858, in send > self.sock.sendall(data) > File "/var/tmp/portage/dev-python/ndg-httpsclient-0.4.2-r1/work/ndg_httpsclient-0.4.2/ndg/httpsclient/ssl_socket.py", line 173, in sendall > self.__ssl_conn.sendall(data) > File "/usr/lib/python2.7/site-packages/OpenSSL/SSL.py", line 1666, in sendall > self._raise_ssl_error(self._ssl, result) > File "/usr/lib/python2.7/site-packages/OpenSSL/SSL.py", line 1546, in _raise_ssl_error > _raise_current_error() > File "/usr/lib/python2.7/site-packages/OpenSSL/_util.py", line 54, in exception_from_error_queue > raise exception_type(errors) > Error: [('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')] > > ---------------------------------------------------------------------- > Ran 14 tests in 0.313s > > FAILED (errors=3) > E-RSA-CAMELLIA128-SHA DHE-DSS-CAMELLIA128-SHA DH-RSA-CAMELLIA128-SHA > DH-DSS-CAMELLIA128-SHA ECDH-RSA-AES128-GCM-SHA256 ECDH-ECDSA-AES128-GCM-SHA256 > ECDH-RSA-AES128-SHA256 ECDH-ECDSA-AES128-SHA256 ECDH-RSA-AES128-SHA > ECDH-ECDSA-AES128-SHA AES128-GCM-SHA256 AES128-SHA256 > AES128-SHA SEED-SHA CAMELLIA128-SHA > IDEA-CBC-SHA ECDHE-RSA-RC4-SHA ECDHE-ECDSA-RC4-SHA > ECDH-RSA-RC4-SHA ECDH-ECDSA-RC4-SHA RC4-SHA > RC4-MD5 ECDHE-RSA-DES-CBC3-SHA ECDHE-ECDSA-DES-CBC3-SHA > EDH-RSA-DES-CBC3-SHA EDH-DSS-DES-CBC3-SHA DH-RSA-DES-CBC3-SHA > DH-DSS-DES-CBC3-SHA ECDH-RSA-DES-CBC3-SHA ECDH-ECDSA-DES-CBC3-SHA > DES-CBC3-SHA > Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1 > Shared Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1 > Supported Elliptic Curves: P-256:P-521:brainpoolP512r1:brainpoolP384r1:P-384:brainpoolP256r1:secp256k1:B-571:K-571:K-409:B-409:K-283:B-283 > Shared Elliptic curves: P-256:P-521:brainpoolP512r1:brainpoolP384r1:P-384:brainpoolP256r1:secp256k1:B-571:K-571:K-409:B-409:K-283:B-283 > --- > New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 > SSL-Session: > Protocol : TLSv1.2 > Cipher : ECDHE-RSA-AES256-GCM-SHA384 > Session-ID: > Session-ID-ctx: 01000000 > Master-Key: AFCCCF756CC147A698857CF6C71E16FA4F389A86A2FB4C00C2A233C457406F476372E3E56B802FED83183E736B39BCE2 > Key-Arg : None > PSK identity: None > PSK identity hint: None > SRP username: None > Compression: 1 (zlib compression) > Start Time: 1525266654 > Timeout : 300 (sec) > Verify return code: 0 (ok) > --- > 0 items in the session cache > 0 client connects (SSL_connect()) > 0 client renegotiates (SSL_connect()) > 0 client connects that finished > 5 server accepts (SSL_accept()) > 0 server renegotiates (SSL_accept()) > 4 server accepts that finished > 0 session cache hits > 0 session cache misses > 0 session cache timeouts > 0 callback cache hits > 0 cache full overflows (128 allowed) > --- > no client certificate available > </pre></BODY></HTML> > > > 3073521344:error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired:s3_pkt.c:1498:SSL alert number 45 > 3073521344:error:140780E5:SSL routines:ssl23_read:ssl handshake failure:s23_lib.c:137: > ACCEPT > * ERROR: dev-python/ndg-httpsclient-0.4.2-r1::gentoo failed (test phase): > * Tests fail with python2.7
Portage 2.3.24 (python 3.5.5-final-0, default/linux/x86/17.0, gcc-6.4.0, glibc-2.25-r11, 4.9.95-gentoo i686) ================================================================= System uname: Linux-4.9.95-gentoo-i686-Intel-R-_Core-TM-_i7-3770K_CPU_@_3.50GHz-with-gentoo-2.4.1 KiB Mem: 3108308 total, 2883292 free KiB Swap: 488276 total, 449552 free Timestamp of repository gentoo: Wed, 02 May 2018 11:26:14 +0000 Head commit of repository gentoo: 67f45ea2661459c4d39cda0e9f76e476bf0962b4 sh bash 4.4_p12 ld GNU ld (Gentoo 2.29.1 p3) 2.29.1 app-shells/bash: 4.4_p12::gentoo dev-lang/perl: 5.24.3-r1::gentoo dev-lang/python: 2.7.14-r1::gentoo, 3.5.5::gentoo dev-util/cmake: 3.9.6::gentoo dev-util/pkgconfig: 0.29.2::gentoo sys-apps/baselayout: 2.4.1-r2::gentoo sys-apps/openrc: 0.34.11::gentoo sys-apps/sandbox: 2.13::gentoo sys-devel/autoconf: 2.13::gentoo, 2.69-r4::gentoo sys-devel/automake: 1.15.1-r2::gentoo sys-devel/binutils: 2.29.1-r1::gentoo sys-devel/gcc: 6.4.0-r1::gentoo sys-devel/gcc-config: 1.8-r1::gentoo sys-devel/libtool: 2.4.6-r3::gentoo sys-devel/make: 4.2.1::gentoo sys-kernel/linux-headers: 4.13::gentoo (virtual/os-headers) sys-libs/glibc: 2.25-r11::gentoo Repositories: gentoo location: /usr/portage sync-type: git sync-uri: https://github.com/gentoo-mirror/gentoo.git priority: -1000 ABI="x86" ABI_X86="32" ACCEPT_KEYWORDS="x86" ACCEPT_LICENSE="* -@EULA" ACCEPT_PROPERTIES="*" ACCEPT_RESTRICT="*" ARCH="x86" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -pipe -march=pentium4m -mtune=pentium4m" CHOST="i686-pc-linux-gnu" CHOST_x86="i686-pc-linux-gnu" COLLISION_IGNORE="/lib/modules/* *.py[co] *$py.class */dropin.cache" CONFIG_PROTECT="/etc /usr/share/config /usr/share/gnupg/qualified.txt" CPU_FLAGS_X86="mmx mmxext sse sse2" CXXFLAGS="-O2 -pipe -march=pentium4m -mtune=pentium4m" DEFAULT_ABI="x86" EDITOR="/usr/bin/mcedit" ELIBC="glibc" EPREFIX="" EROOT="/" FCFLAGS="-O2 -march=i686 -pipe" FEATURES="assume-digests binpkg-logs cgroup config-protect-if-modified distlocks downgrade-backup ebuild-locks fixlafiles merge-sync multilib-strict news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-O2 -march=i686 -pipe" GCC_SPECS="" GRUB_PLATFORMS="efi-32 pc" GSETTINGS_BACKEND="dconf" HOME="/root" INFOPATH="/usr/share/gcc-data/i686-pc-linux-gnu/6.4.0/info:/usr/share/binutils-data/i686-pc-linux-gnu/2.29.1/info:/usr/share/info" INPUT_DEVICES="libinput keyboard mouse" IUSE_IMPLICIT="abi_x86_32 prefix prefix-chain prefix-guest" KERNEL="linux" L10N="en en-US de de-DE" LANG="en_US.UTF-8" LC_ALL="en_US.UTF-8" LC_MESSAGES="C" LC_PAPER="de_DE.UTF-8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" LIBDIR_x86="lib" LINGUAS="en de" LOGNAME="root" MAIL="/var/mail/root" MAKEOPTS="--jobs 5 --load-average 7.95" MULTILIB_ABIS="x86" NOCOLOR="true" OFFICE_IMPLEMENTATION="libreoffice" OLDPWD="/root" OPENGL_PROFILE="xorg-x11" PAGER="/usr/bin/less" PATH="/usr/i686-pc-linux-gnu/gcc-bin/6.4.0:/usr/lib/llvm/5/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin" PHP_TARGETS="php5-6 php7-0" POSTGRES_TARGETS="postgres9_5" PWD="/tmp/stable" PYTHONDONTWRITEBYTECODE="1" PYTHON_SINGLE_TARGET="python3_5" PYTHON_TARGETS="python2_7 python3_5" QT_GRAPHICSSYSTEM="raster" ROOT="/" ROOTPATH="/usr/i686-pc-linux-gnu/gcc-bin/6.4.0:/usr/lib/llvm/5/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin" RUBY_TARGETS="ruby22 ruby23" SHELL="/bin/bash" SHLVL="2" SSH_TTY="/dev/pts/0" TERM="screen" TMUX="/tmp/tmux-0/default,4836,0" TMUX_PANE="%1" TWISTED_DISABLE_WRITING_OF_PLUGIN_CACHE="1" USER="root" USERLAND="GNU" VIDEO_CARDS="vmware" XDG_CONFIG_DIRS="/etc/xdg" XDG_DATA_DIRS="/usr/local/share:/usr/share"
I somewhat suspect this is due to SSLv3 being disabled somewhere along the pipeline. Would be nice to figure out where and confirm that, though.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=44f86f9d1aa28c879ba16e3e70a0ae72b9f684ce commit 44f86f9d1aa28c879ba16e3e70a0ae72b9f684ce Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2020-02-21 13:48:08 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2020-02-21 13:59:10 +0000 dev-python/ndg-httpsclient: Bump to 0.5.1 Closes: https://bugs.gentoo.org/709964 Closes: https://bugs.gentoo.org/654612 Signed-off-by: Michał Górny <mgorny@gentoo.org> dev-python/ndg-httpsclient/Manifest | 1 + .../ndg-httpsclient/ndg-httpsclient-0.5.1.ebuild | 49 ++++++++++++++++++++++ 2 files changed, 50 insertions(+)