[Python-modules-team] Bug#911716: python-urllib3 FTBFS: ssl tests fail
Helmut Grohne
helmut at subdivi.de
Tue Oct 23 21:23:06 BST 2018
Source: python-urllib3
Version: 1.22-1
Severity: serious
Tags: ftbfs
python-urllib3 fails to build from source in unstable. Building the
experimental version succeeds. A build ends with:
https://tests.reproducible-builds.org/debian/rbuild/unstable/amd64/python-urllib3_1.22-1.rbuild.log.gz
| =================================== FAILURES ===================================
| _________________ TestConnection.test_match_hostname_mismatch __________________
|
| self = <test.test_connection.TestConnection object at 0x7fc52d560780>
|
| def test_match_hostname_mismatch(self):
| cert = {'subjectAltName': [('DNS', 'foo')]}
| asserted_hostname = 'bar'
| try:
| with mock.patch('urllib3.connection.log.error') as mock_log:
| > _match_hostname(cert, asserted_hostname)
|
| test/test_connection.py:39:
| _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
|
| cert = {'subjectAltName': [('DNS', 'foo')]}, asserted_hostname = 'bar'
|
| def _match_hostname(cert, asserted_hostname):
| try:
| > match_hostname(cert, asserted_hostname)
|
| urllib3/connection.py:356:
| _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
|
| cert = {'subjectAltName': [('DNS', 'foo')]}, hostname = 'bar'
|
| def match_hostname(cert, hostname):
| """Verify that *cert* (in decoded format as returned by
| SSLSocket.getpeercert()) matches the *hostname*. RFC 2818 and RFC 6125
| rules are followed.
|
| The function matches IP addresses rather than dNSNames if hostname is a
| valid ipaddress string. IPv4 addresses are supported on all platforms.
| IPv6 addresses are supported on platforms with IPv6 support (AF_INET6
| and inet_pton).
|
| CertificateError is raised on failure. On success, the function
| returns nothing.
| """
| if not cert:
| raise ValueError("empty or no certificate, match_hostname needs a "
| "SSL socket or SSL context with either "
| "CERT_OPTIONAL or CERT_REQUIRED")
| try:
| host_ip = _inet_paton(hostname)
| except ValueError:
| # Not an IP address (common case)
| host_ip = None
| dnsnames = []
| san = cert.get('subjectAltName', ())
| for key, value in san:
| if key == 'DNS':
| if host_ip is None and _dnsname_match(value, hostname):
| return
| dnsnames.append(value)
| elif key == 'IP Address':
| if host_ip is not None and _ipaddress_match(value, host_ip):
| return
| dnsnames.append(value)
| if not dnsnames:
| # The subject is only checked when there is no dNSName entry
| # in subjectAltName
| for sub in cert.get('subject', ()):
| for key, value in sub:
| # XXX according to RFC 2818, the most specific Common Name
| # must be used.
| if key == 'commonName':
| if _dnsname_match(value, hostname):
| return
| dnsnames.append(value)
| if len(dnsnames) > 1:
| raise CertificateError("hostname %r "
| "doesn't match either of %s"
| % (hostname, ', '.join(map(repr, dnsnames))))
| elif len(dnsnames) == 1:
| raise CertificateError("hostname %r "
| "doesn't match %r"
| > % (hostname, dnsnames[0]))
| E ssl.SSLCertVerificationError: ("hostname 'bar' doesn't match 'foo'",)
|
| /usr/lib/python3.7/ssl.py:327: SSLCertVerificationError
|
| During handling of the above exception, another exception occurred:
|
| self = <test.test_connection.TestConnection object at 0x7fc52d560780>
|
| def test_match_hostname_mismatch(self):
| cert = {'subjectAltName': [('DNS', 'foo')]}
| asserted_hostname = 'bar'
| try:
| with mock.patch('urllib3.connection.log.error') as mock_log:
| _match_hostname(cert, asserted_hostname)
| except CertificateError as e:
| > assert str(e) == "hostname 'bar' doesn't match 'foo'"
| E assert '("hostname \...ch \'foo\'",)' == "hostname 'bar...t match 'foo'"
| E - ("hostname 'bar' doesn't match 'foo'",)
| E ? -- ---
| E + hostname 'bar' doesn't match 'foo'
|
| test/test_connection.py:41: AssertionError
| ======= 1 failed, 545 passed, 51 skipped, 1 deselected in 11.58 seconds ========
| /usr/lib/python3/dist-packages/_pytest/assertion/rewrite.py:6: DeprecationWarning: the imp module is deprecated in favour of importlib; see the module's documentation for alternative uses
| import imp
| /usr/lib/python3/dist-packages/pkg_resources/_vendor/pyparsing.py:943: DeprecationWarning: Using or importing the ABCs from 'collections' instead of from 'collections.abc' is deprecated, and in 3.8 it will stop working
| collections.MutableMapping.register(ParseResults)
| /usr/lib/python3/dist-packages/pkg_resources/_vendor/pyparsing.py:3245: DeprecationWarning: Using or importing the ABCs from 'collections' instead of from 'collections.abc' is deprecated, and in 3.8 it will stop working
| elif isinstance( exprs, collections.Iterable ):
| E: pybuild pybuild:338: test: plugin distutils failed with: exit code=1: cd /build/1st/python-urllib3-1.22/.pybuild/cpython3_3.7_urllib3/build; python3.7 -m pytest --ignore=test/appengine --ignore=test/with_dummyserver --ignore=test/test_connectionpool.py --ignore=test/contrib/test_socks.py -k-test_recent_date
| dh_auto_test: pybuild --test -i python{version} -p "3.7 3.6" returned exit code 13
| make: *** [debian/rules:16: build] Error 25
| dpkg-buildpackage: error: debian/rules build subprocess returned exit status 2
Helmut
More information about the Python-modules-team
mailing list