[issue13218] test_ssl failures on Debian/Ubuntu
Barry A. Warsaw
report at bugs.python.org
Tue Oct 25 13:31:03 CEST 2011
Barry A. Warsaw <barry at python.org> added the comment:
On Oct 25, 2011, at 09:56 AM, Antoine Pitrou wrote:
>
>Antoine Pitrou <pitrou at free.fr> added the comment:
>
>> It looks like it's been this way for a long time too.
>
>But tests have always passed here using OpenSSL 1.0.0.
Right, sorry, what I meant was this particular behavior (switching to SSLv3
client hello when SSLv2 is disabled) appears to have been in upstream openssl
since about 2005. What's changed recently is that instead of patching openssl
to disable SSLv2 (and thereby not triggering the client hello switch), Debian
has started to use the no-ssl Configure option, which is what probably started
allowing this test to unexpectedly succeed.
>> It's probably too difficult, and not really Python's responsibility,
>> to determine whether SSL_OP_NO_SSLv2 is set.
>
>See http://docs.python.org/dev/library/ssl.html#ssl.SSLContext.options
Interesting, thanks for the pointer.
>> Rather, I think the test is simply bogus and should be disabled or
>> removed.
>
>I think it would be good to keep a simplified/minimal (and, of course,
>working :-)) version of these tests.
>Patches welcome, anyway. I can't really test with Debian's OpenSSL.
I'll work up a patch.
-Barry
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue13218>
_______________________________________
More information about the Python-bugs-list
mailing list