astropy: TestStandardProfileHTTPSHub error after upgrade of OpenSSL to 1.1.0
With the latest release on Python (taken from 20161103 according to the Changelog), TestStandardProfileHTTPSHub.test_main gives an error on setup:
__________ ERROR at setup of TestStandardProfileHTTPSHub.test_main ____________
self = <astropy.vo.samp.tests.test_standard_profile.TestStandardProfileHTTPSHub object at 0x7f69515e9d90>
method = <bound method TestStandardProfileHTTPSHub.test_main of <astropy.vo.samp.tests.test_standard_profile.TestStandardProfileHTTPSHub object at 0x7f69515e9d90>>
def setup_method(self, method):
self.tmpdir = tempfile.mkdtemp()
self.hub = SAMPHubServer(web_profile=False, mode='multiple', pool_size=1,
**self.hub_init_kwargs)
self.hub.start()
self.client1 = SAMPIntegratedClient(**self.client_init_kwargs)
> self.client1.connect(hub=self.hub, pool_size=1, **self.client_connect_kwargs)
/usr/lib/python2.7/dist-packages/astropy/vo/samp/tests/test_standard_profile.py:51:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/lib/python2.7/dist-packages/astropy/vo/samp/integrated_client.py:184: in connect
cert_reqs, ca_certs, ssl_version, pool_size)
/usr/lib/python2.7/dist-packages/astropy/vo/samp/hub_proxy.py:128: in connect
self.ping()
/usr/lib/python2.7/dist-packages/astropy/vo/samp/hub_proxy.py:165: in ping
return self._samp_hub.ping()
/usr/lib/python2.7/dist-packages/astropy/vo/samp/utils.py:65: in __call__
response = function(*args, **kwrds)
/usr/lib/python2.7/xmlrpclib.py:1243: in __call__
return self.__send(self.__name, args)
[...]
/usr/lib/python2.7/httplib.py:844: in send
self.connect()
/usr/lib/python2.7/dist-packages/astropy/vo/samp/ssl_utils.py:62: in connect
sslconn = ssl.wrap_socket(sock, **kwargs)
/usr/lib/python2.7/ssl.py:943: in wrap_socket
ciphers=ciphers)
/usr/lib/python2.7/ssl.py:611: in __init__
self.do_handshake()
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
self = <ssl.SSLSocket object at 0x7f69503f8d70>, block = False
def do_handshake(self, block=False):
"""Perform a TLS/SSL handshake."""
self._check_connected()
timeout = self.gettimeout()
try:
if timeout == 0.0 and block:
self.settimeout(None)
> self._sslobj.do_handshake()
E error: [Errno 104] Connection reset by peer
/usr/lib/python2.7/ssl.py:840: error
where the captures stdout also just shows a
INFO: Hub set for using SSL. [astropy.vo.samp.hub]
INFO: Hub started [astropy.vo.samp.hub]
________ ERROR at setup of TestStandardProfileHTTPSHubClient.test_main _________
self = <astropy.vo.samp.tests.test_standard_profile.TestStandardProfileHTTPSHubClient object at 0x7f6950413490>
method = <bound method TestStandardProfileHTTPSHubClient.test_main of <astropy.vo.samp....t_standard_profile.TestStandardProfileHTTPSHubClient object at 0x7f6950413490>>
def setup_method(self, method):
self.tmpdir = tempfile.mkdtemp()
self.hub = SAMPHubServer(web_profile=False, mode='multiple', pool_size=1,
**self.hub_init_kwargs)
self.hub.start()
self.client1 = SAMPIntegratedClient(**self.client_init_kwargs)
> self.client1.connect(hub=self.hub, pool_size=1, **self.client_connect_kwargs)
/usr/lib/python2.7/dist-packages/astropy/vo/samp/tests/test_standard_profile.py:51:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/lib/python2.7/dist-packages/astropy/vo/samp/integrated_client.py:184: in connect
cert_reqs, ca_certs, ssl_version, pool_size)
/usr/lib/python2.7/dist-packages/astropy/vo/samp/hub_proxy.py:128: in connect
self.ping()
/usr/lib/python2.7/dist-packages/astropy/vo/samp/hub_proxy.py:165: in ping
return self._samp_hub.ping()
/usr/lib/python2.7/dist-packages/astropy/vo/samp/utils.py:65: in __call__
response = function(*args, **kwrds)
/usr/lib/python2.7/xmlrpclib.py:1243: in __call__
return self.__send(self.__name, args)
[...]
/usr/lib/python2.7/httplib.py:844: in send
self.connect()
/usr/lib/python2.7/dist-packages/astropy/vo/samp/ssl_utils.py:62: in connect
sslconn = ssl.wrap_socket(sock, **kwargs)
/usr/lib/python2.7/ssl.py:943: in wrap_socket
ciphers=ciphers)
/usr/lib/python2.7/ssl.py:611: in __init__
self.do_handshake()
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
self = <ssl.SSLSocket object at 0x7f6950491b18>, block = False
def do_handshake(self, block=False):
"""Perform a TLS/SSL handshake."""
self._check_connected()
timeout = self.gettimeout()
try:
if timeout == 0.0 and block:
self.settimeout(None)
> self._sslobj.do_handshake()
E error: [Errno 104] Connection reset by peer
/usr/lib/python2.7/ssl.py:840: error
On Python-3.5, the behaviour is the same.
Main change in Python was the use of OpenSSL 1.0. The Python-2.7 changelog shows a few more SSL related entries:
- Issue #27691: Fix ssl module’s parsing of GEN_RID subject alternative name fields in X.509 certs.
- Issue #27850: Remove 3DES from ssl module’s default cipher list to counter measure sweet32 attack (CVE-2016-2183).
- Issue #27766: Add ChaCha20 Poly1305 to ssl module’s default ciper list. (Required OpenSSL 1.1.0 or LibreSSL).
- Issue #26470: Port ssl and hashlib module to OpenSSL 1.1.0. Closes: #835793.
Full test log here
About this issue
- Original URL
- State: closed
- Created 8 years ago
- Comments: 16 (16 by maintainers)
I won’t have any time in the near future to work on this, but just in case anyone wants to take a look at this, there’s now a bounty on this 😄 (as an experiment)
Well, technically the replacement need to be in place when the release is out, in ~3 weeks time, not by Friday 😃