From alice at librelamp.com  Fri Oct 14 20:49:36 2016
From: alice at librelamp.com (Alice Wonder)
Date: Fri, 14 Oct 2016 17:49:36 -0700
Subject: [python-crypto] Python 3.4.3 and LibreSSL 2.4.3
Message-ID: <8199b2f2-1a83-9f89-2c6d-fd6d0ba845a9@librelamp.com>

Hello,

I hope this is an appropriate list.

I am attempting to build Python 3.4.3 on CentOS 7, using the src.rpm 
from EPEL (python34 is the package name) but linking against LibreSSL.

The build itself actually goes fine.

One single test in the test suite fails. This is the failure:

======================================================================
FAIL: test_load_default_certs_env (test.test_ssl.ContextTests)
----------------------------------------------------------------------
Traceback (most recent call last):
   File "/builddir/build/BUILD/Python-3.4.3/Lib/test/test_ssl.py", line 
1027, in test_load_default_certs_env
     self.assertEqual(ctx.cert_store_stats(), {"crl": 0, "x509": 1, 
"x509_ca": 0})
AssertionError: {'x509': 167, 'crl': 0, 'x509_ca': 167} != {'x509': 1, 
'crl': 0, 'x509_ca': 0}
- {'crl': 0, 'x509': 167, 'x509_ca': 167}
?                     --             ^^^
+ {'crl': 0, 'x509': 1, 'x509_ca': 0}
?                                  ^
----------------------------------------------------------------------

What I have already tried - the PEM files in the test directory are 
1024-bit w/ sha1 and sometimes LibreSSL doesn't like keys that are weak. 
Using 2048-bit sha256 has fixed a lot of perl package test suites.

But that isn't the issue here. I re-generated the PEM files but changing 
the script that generates them to use 2048-bit w/ sha256 but I still get 
the error above.

Anyone familiar with the significance of the 167 opposed to 0 is, and 
what might be causing it?

Thanks,

Alice Wonder Miscreations