Bug#907031: python3.7: autopkgtest needs update for new version of openssl

To: submit@bugs.debian.org
Subject: Bug#907031: python3.7: autopkgtest needs update for new version of openssl
From: Paul Gevers <elbrus@debian.org>
Date: Thu, 23 Aug 2018 11:11:22 +0200
Message-id: <[🔎] 1654c007-b1f4-c504-3830-a4708ce3c929@debian.org>
Reply-to: Paul Gevers <elbrus@debian.org>, 907031@bugs.debian.org

Source: python3.7
Version: 3.7.0-5
X-Debbugs-CC: debian-ci@lists.debian.org, openssl@packages.debian.org
User: debian-ci@lists.debian.org
Usertags: needs-update
Control: affects -1 src:openssl
Control: block 907015 by -1

Dear maintainers,

With a recent upload of openssl the autopkgtest of python3.7 started to
fail in testing. I copied the some of the output below.

Currently this regression is contributing to the delay of the migration
of openssl to testing [1]. Of course, openssl shouldn't just break your
autopkgtest (or even worse, your package), but it seems to me that the
change in openssl was intended and your package needs to update to the
new situation. If needed, please change the bug's severity.

If this is a real problem in your package (and not only in your
autopkgtest), the right binary package(s) from openssl should really add
a versioned Breaks on the unfixed version of (one of your) package(s),
hence I added a blocking relation on the openssl bug that tracks that.
Note: the Breaks is nice even if the issue is only in the autopkgtest as
it helps the migration software to figure out the right versions to
combine in the tests.

A quote from the openssl maintainer about the openssl update:
"
This is probably the result of the default openssl.cfg now having:
[system_default_sect]
MinProtocol = TLSv1.2
CipherString = DEFAULT@SECLEVEL=2

Where the SECLEVEL 2 requires a 112 / 2048 bit security level.
"

More information about this bug and the reason for filing it can be found on
https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation

Paul

[1] https://qa.debian.org/excuses.php?package=openssl

https://ci.debian.net/data/autopkgtest/testing/amd64/p/python3.7/869649/log.gz

test_ciphers (test.test_ssl.SimpleBackgroundTests) ...  server:  new
connection from ('127.0.0.1', 36034)

 server:  bad connection attempt from ('127.0.0.1', 36034):
Traceback (most recent call last):
   File "/usr/lib/python3.7/test/test_ssl.py", line 2126, in wrap_conn
    self.sock, server_side=True)
   File "/usr/lib/python3.7/ssl.py", line 412, in wrap_socket
    session=session
   File "/usr/lib/python3.7/ssl.py", line 850, in _create
    self.do_handshake()
   File "/usr/lib/python3.7/ssl.py", line 1108, in do_handshake
    self._sslobj.do_handshake()
 BrokenPipeError: [Errno 32] Broken pipe
 server:  new connection from ('127.0.0.1', 36036)

 server:  bad connection attempt from ('127.0.0.1', 36036):
Traceback (most recent call last):
   File "/usr/lib/python3.7/test/test_ssl.py", line 2126, in wrap_conn
    self.sock, server_side=True)
   File "/usr/lib/python3.7/ssl.py", line 412, in wrap_socket
    session=session
   File "/usr/lib/python3.7/ssl.py", line 850, in _create
    self.do_handshake()
   File "/usr/lib/python3.7/ssl.py", line 1108, in do_handshake
    self._sslobj.do_handshake()
 BrokenPipeError: [Errno 32] Broken pipe

======================================================================
FAIL: test_options (test.test_ssl.ContextTests)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/usr/lib/python3.7/test/test_ssl.py", line 1030, in test_options
    self.assertEqual(default, ctx.options)
AssertionError: <Opti[26
chars]CIPHER_SERVER_PREFERENCE|OP_NO_COMPRESSION: 2185363540> !=
<Opti[26 chars]CIPHER_SERVER_PREFERENCE|1048576|OP_NO_COMPRESSION:
2186412116>

======================================================================
FAIL: test_default_ecdh_curve (test.test_ssl.ThreadedTests)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/usr/lib/python3.7/test/test_ssl.py", line 3646, in
test_default_ecdh_curve
    self.assertIn("ECDH", s.cipher()[0])
AssertionError: 'ECDH' not found in 'TLS_AES_256_GCM_SHA384'

======================================================================
FAIL: test_version_basic (test.test_ssl.ThreadedTests)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/usr/lib/python3.7/test/test_ssl.py", line 3550, in
test_version_basic
    self.assertEqual(s.version(), 'TLSv1.2')
AssertionError: 'TLSv1.3' != 'TLSv1.2'
- TLSv1.3
?       ^
+ TLSv1.2
?       ^

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

Prev by Date: Bug#907028: ruby-openssl: autopkgtest needs update for new version of openssl
Next by Date: Bug#907033: python2.7: autopkgtest needs update for new version of openssl
Previous by thread: Bug#907028: ruby-openssl: autopkgtest needs update for new version of openssl
Next by thread: Bug#907033: python2.7: autopkgtest needs update for new version of openssl
Index(es):
- Date
- Thread