◐ Shell
reader mode source ↗
Skip to content

[3.5] bpo-36576: Skip test_ssl and test_asyncio tests failing with OpenSSL 1.1.1#12694

Merged
larryhastings merged 6 commits into
python:3.5from
vstinner:skip_tests_openssl11
Sep 7, 2019
Merged

[3.5] bpo-36576: Skip test_ssl and test_asyncio tests failing with OpenSSL 1.1.1#12694
larryhastings merged 6 commits into
python:3.5from
vstinner:skip_tests_openssl11

Conversation

@vstinner

@vstinner vstinner commented Apr 5, 2019
edited
Loading

Copy link
Copy Markdown
Member

Some test_ssl and test_asyncio are written for OpenSSL 1.0 and TLS
1.0, but fail with OpenSSL 1.1.1 and TLS 1.3.

Fixing these needs require to backport new ssl flags like
ssl.OP_NO_TLSv1_3 or ssl.OP_NO_COMPRESSION which cannot be done in a
minor 3.5.x release. Moreover, it is not really worth it: the code
works fine, issues are in the tests.

https://bugs.python.org/issue36576

@bedevere-bot bedevere-bot added tests Tests in the Lib/test dir awaiting core review labels Apr 5, 2019
@vstinner

vstinner commented Apr 5, 2019

Copy link
Copy Markdown
Member Author

I wrote a similar change for Fedora Rawhide: https://src.fedoraproject.org/rpms/python35/pull-request/23

Somehow related, I wrote a change to add OpenSSL 1.1.1 support to Python 3.4:

I may also skip failing tests on Python 3.4.

@vstinner vstinner requested a review from tiran April 5, 2019 08:35
@vstinner

vstinner commented Apr 5, 2019

Copy link
Copy Markdown
Member Author

cc @stratakis

@vstinner vstinner changed the title [3.5] bpo-26470: Skip test_ssl and test_asyncio tests failing with OpenSSL 1.1 Apr 5, 2019
@vstinner

vstinner commented Apr 5, 2019

Copy link
Copy Markdown
Member Author

@stratakis asked me to replace "OpenSSL 1.1" with "OpenSSL 1.1.0": done.

hroncok
hroncok approved these changes Apr 8, 2019
View reviewed changes

@hroncok hroncok left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hide comment

Good enough for 3.5.

@vstinner vstinner changed the title [3.5] bpo-26470: Skip test_ssl and test_asyncio tests failing with OpenSSL 1.1.0 Apr 9, 2019
@vstinner vstinner changed the title [3.5] bpo-26470: Skip test_ssl and test_asyncio tests failing with OpenSSL 1.1.1 Apr 9, 2019
hroncok
hroncok approved these changes Apr 9, 2019
View reviewed changes

@hroncok hroncok left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hide comment

Even better now! Thanks.

@vstinner

vstinner commented Apr 9, 2019

Copy link
Copy Markdown
Member Author

Oh, the NEWS entry used the old bpo number. I also fixed that.

@vstinner
bpo-36576: Skip test_ssl and test_asyncio tests failing with OpenSSL …
6f582ba 
…1.1.1

Some test_ssl and test_asyncio are written for OpenSSL 1.0 and TLS
1.0, but fail with OpenSSL 1.1.1 and TLS 1.3.

Fixing these needs require to backport new ssl flags like
ssl.OP_NO_TLSv1_3 or ssl.OP_NO_COMPRESSION which cannot be done in a
minor 3.5.x release. Moreover, it is not really worth it: the code
works fine, issues are in the tests.
@vstinner

vstinner commented Apr 9, 2019

Copy link
Copy Markdown
Member Author

Oh, my PR used IS_OPENSSL_1_1_1 but it didn't exist! I fixed that as well.

@larryhastings

larryhastings commented Jul 13, 2019

Copy link
Copy Markdown
Contributor

@tiran I'm inclined to merge this patch. Do you want to review it before I merge, or should I just go ahead?

@vstinner

vstinner commented Jul 14, 2019

Copy link
Copy Markdown
Member Author

FYI Fedora now uses this patch in Python 3.5: https://src.fedoraproject.org/rpms/python35/blob/master/f/00322-test_ssl-skip-openssl111.patch

Even if right now, the package is still linked to OpenSSL 1.0: https://src.fedoraproject.org/rpms/python35/blob/master/f/python35.spec#_128

@larryhastings larryhastings merged commit 4d1c254 into python:3.5 Sep 7, 2019
@bedevere-bot

bedevere-bot commented Sep 7, 2019

Copy link
Copy Markdown

@larryhastings: Please replace # with GH- in the commit message next time. Thanks!

@larryhastings

larryhastings commented Sep 7, 2019

Copy link
Copy Markdown
Contributor

Thanks for the 3.5 love, Victor!

@vstinner vstinner deleted the skip_tests_openssl11 branch January 30, 2020 12:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tiran tiran Awaiting requested review from tiran

1 more reviewer

@hroncok hroncok hroncok approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

tests Tests in the Lib/test dir

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@vstinner @larryhastings @bedevere-bot @hroncok @the-knights-who-say-ni