[Python-modules-team] Bug#911837: twisted: autopkgtest needs update for new version of openssl

Paul Gevers elbrus at debian.org
Thu Oct 25 11:03:59 BST 2018 

Source: twisted
Version: 18.7.0-3
User: debian-ci at lists.debian.org
Usertags: needs-update
Control: affects -1 src:python3-defaults

[X-Debbugs-CC: debian-ci at lists.debian.org,
python3-defaults at packages.debian.org]

Dear maintainers,

With a recent upload of python3-defaults the autopkgtest of twisted
fails in testing when that autopkgtest is run with the binary packages
of python3-defaults from unstable. It passes when run with only packages
from testing. In tabular form:
                       pass            fail
python3-defaults       from testing    3.6.7-1
twisted                from testing    18.7.0-3
versioned deps [0]     from testing    from unstable
all others             from testing    from testing

I copied some of the output at the bottom of this report.  Looking at
the error, it seems you need to update the tests for the version of
openssl in unstable, version 1.1.1. We have a Wiki page that describes
the common updates required [1].

Currently this regression is contributing to the delay of the migration
of python3-defaults to testing [2].

More information about this bug and the reason for filing it can be found on
https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation

Paul

[0] You can see what packages were added from the second line of the log
file quoted below. The migration software adds source package from
unstable to the list if they are needed to install packages from
python3-defaults/3.6.7-1. I.e. due to versioned dependencies or
breaks/conflicts. In this case: python3-defaults/3.6.7-1 openssl/1.1.1-1
python3-stdlib-extensions/3.7.1-1 python3.6/3.6.7-1
[1] https://wiki.debian.org/ContinuousIntegration/TriagingTips/openssl-1.1.1
[2] https://qa.debian.org/excuses.php?package=python3-defaults

https://ci.debian.net/data/autopkgtest/testing/amd64/t/twisted/1204127/log.gz

/usr/lib/python3/dist-packages/service_identity/pyopenssl.py:97:
SubjectAltNameWarning: Certificate has no `subjectAltName`, falling back
to check for a `commonName` for now.  This feature is being removed by
major browsers and deprecated by RFC 2818.
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/twisted/test/test_tcp.py", line
1196, in clientDisconnected
    self.assertEqual(exception.args[0], expectedErrorCode)
  File "/usr/lib/python3/dist-packages/twisted/trial/_synctest.py", line
432, in assertEqual
    super(_Assertions, self).assertEqual(first, second, msg)
  File "/usr/lib/python3.6/unittest/case.py", line 829, in assertEqual
    assertion_func(first, second, msg=msg)
  File "/usr/lib/python3.6/unittest/case.py", line 1028, in assertListEqual
    self.assertSequenceEqual(list1, list2, msg, seq_type=list)
  File "/usr/lib/python3.6/unittest/case.py", line 1010, in
assertSequenceEqual
    self.fail(msg)
twisted.trial.unittest.FailTest: Lists differ: [('SSL routines',
'ssl_write_internal', 'protocol is shutdown')] != [('SSL routines',
'SSL_write', 'protocol is shutdown')]

First differing element 0:
('SSL routines', 'ssl_write_internal', 'protocol is shutdown')
('SSL routines', 'SSL_write', 'protocol is shutdown')

- [('SSL routines', 'ssl_write_internal', 'protocol is shutdown')]
?                    ^^^      ---------

+ [('SSL routines', 'SSL_write', 'protocol is shutdown')]
?                    ^^^

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/twisted/test/test_sslverify.py",
line 2677, in test_doesNotStumbleOverEmptyList
    sslverify._expandCipherString(u'', SSL.SSLv23_METHOD, 0)
  File "/usr/lib/python3/dist-packages/twisted/trial/_synctest.py", line
432, in assertEqual
    super(_Assertions, self).assertEqual(first, second, msg)
  File "/usr/lib/python3.6/unittest/case.py", line 829, in assertEqual
    assertion_func(first, second, msg=msg)
  File "/usr/lib/python3.6/unittest/case.py", line 1028, in assertListEqual
    self.assertSequenceEqual(list1, list2, msg, seq_type=list)
  File "/usr/lib/python3.6/unittest/case.py", line 1010, in
assertSequenceEqual
    self.fail(msg)
twisted.trial.unittest.FailTest: Lists differ: [] !=
[OpenSSLCipher('TLS_AES_256_GCM_SHA384'), [82 chars]56')]

Second list contains 3 additional elements.
First extra element 0:
OpenSSLCipher('TLS_AES_256_GCM_SHA384')

- []
+ [OpenSSLCipher('TLS_AES_256_GCM_SHA384'),
+  OpenSSLCipher('TLS_CHACHA20_POLY1305_SHA256'),
+  OpenSSLCipher('TLS_AES_128_GCM_SHA256')]
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/twisted/test/test_sslverify.py",
line 1636, in assertECDH
    self.assertIn(u"ECDH", cipher)
  File "/usr/lib/python3/dist-packages/twisted/trial/_synctest.py", line
492, in assertIn
    % (containee, container))
twisted.trial.unittest.FailTest: 'ECDH' not in 'TLS_AES_256_GCM_SHA384'
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/twisted/test/test_sslverify.py",
line 874, in test_givesMeaningfulErrorMessageIfNoCipherMatches
    sslverify.OpenSSLAcceptableCiphers.fromOpenSSLCipherString('')
  File "/usr/lib/python3/dist-packages/twisted/trial/_synctest.py", line
421, in assertRaises
    return context._handle(lambda: f(*args, **kwargs))
  File "/usr/lib/python3/dist-packages/twisted/trial/_synctest.py", line
315, in _handle
    self._returnValue = obj()
  File "/usr/lib/python3/dist-packages/twisted/trial/_synctest.py", line
331, in __exit__
    self._expectedName, self._returnValue)
twisted.trial.unittest.FailTest: ValueError not raised
(<twisted.internet._sslverify.OpenSSLCertificateOptions object at
0x7f9020679048> returned)
/usr/lib/python3/dist-packages/twisted/test/test_sslverify.py:215:
CryptographyDeprecationWarning: DNSName values should be passed as an
A-label string. This means unicode characters should be encoded via
idna. Support for passing unicode strings (aka U-label) will be removed
in a future version.
-------------------------------------------------------------------------------
Ran 12354 tests in 180.147s

180.14729285240173 12354 12354 0 4 2326

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/python-modules-team/attachments/20181025/8aaa1917/attachment.sig>

More information about the Python-modules-team mailing list