| msg135253 - (view) |
Author: STINNER Victor (vstinner) *  |
Date: 2011-05-05 23:35 |
| It looks like OpenSSL can be compiled without SSLv2 (#ifdef OPENSSL_NO_SSL2). See this bug report: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=612780 When compiling Python, I get the following error: /home/haypo/prog/HG/cpython/Modules/_ssl.c: In function 'context_new': /home/haypo/prog/HG/cpython/Modules/_ssl.c:1451:9: warning: implicit declaration of function 'SSLv2_method' /home/haypo/prog/HG/cpython/Modules/_ssl.c:1451:9: warning: passing argument 1 of 'SSL_CTX_new' makes pointer from integer without a cast /usr/include/openssl/ssl.h:1469:10: note: expected 'const struct SSL_METHOD *' but argument is of type 'int' *** WARNING: renaming "_ssl" since importing it failed: build/lib.linux-x86_64-3.3-pydebug/_ssl.cpython-33dm.so: undefined symbol: SSLv2_method See also issue #9415. --- Attached patch makes ssl.PROTOCOL_SSLv2 optional. I don't know what to do with @skip_if_broken_ubuntu_ssl in test_ssl.py. |
|
|
| msg135273 - (view) |
Author: Antoine Pitrou (pitrou) * |
Date: 2011-05-06 10:10 |
| Does this happen with a released build of OpenSSL? The Debian bug talks about experimental. +try: + from _ssl import PROTOCOL_SSLv2 + OPENSSL_NO_SSL2 = False +except ImportError: + OPENSSL_NO_SSL2 = True Please avoid "negative" constants. Calling it HAS_SSLv2 would be fine. Also, there should be some doc update mentioning that PROTOCOL_SSLv2 is not always present. |
|
|
| msg135333 - (view) |
Author: Éric Araujo (eric.araujo) * |
Date: 2011-05-06 17:10 |
| The original bug requesting that SSLv2 be disabled is #589706; the updated openssl package with this change is in Debian unstable and testing now. |
|
|
| msg135424 - (view) |
Author: STINNER Victor (vstinner) * |
Date: 2011-05-07 09:23 |
| > Please avoid "negative" constants. Calling it HAS_SSLv2 would be fine. I reused the term from ssl.h (#ifdef OPENSSL_NO_SSL2), but yes we can use a different name. > Also, there should be some doc update mentioning that PROTOCOL_SSLv2 > is not always present. Ok, I will do that. |
|
|
| msg135545 - (view) |
Author: STINNER Victor (vstinner) * |
Date: 2011-05-08 22:09 |
| Updated patch. Note: I tried to keep the same enum values for py_ssl_version, it's maybe useless and so "=1" can be removed. |
|
|
| msg135546 - (view) |
Author: Antoine Pitrou (pitrou) * |
Date: 2011-05-08 22:13 |
| > Updated patch. > > Note: I tried to keep the same enum values for py_ssl_version, it's > maybe useless and so "=1" can be removed. Thank you! PROTOCOL_NAMES should stay private and therefore be named _PROTOCOL_NAMES, IMHO. Keeping the same enum values is worthwhile, I think. |
|
|
| msg135547 - (view) |
Author: Roundup Robot (python-dev)  |
Date: 2011-05-08 22:43 |
| New changeset 5296c3e2f166 by Victor Stinner in branch 'default': Issue #12012: ssl.PROTOCOL_SSLv2 becomes optional http://hg.python.org/cpython/rev/5296c3e2f166 |
|
|
| msg135548 - (view) |
Author: Antoine Pitrou (pitrou) * |
Date: 2011-05-08 22:46 |
| > New changeset 5296c3e2f166 by Victor Stinner in branch 'default': > Issue #12012: ssl.PROTOCOL_SSLv2 becomes optional > http://hg.python.org/cpython/rev/5296c3e2f166 Since it's a bugfix, it should probably go into all branches. |
|
|
| msg135663 - (view) |
Author: Roundup Robot (python-dev) |
Date: 2011-05-09 22:50 |
| New changeset b7abf0590e1c by Victor Stinner in branch '3.1': Issue #12012: ssl.PROTOCOL_SSLv2 becomes optional http://hg.python.org/cpython/rev/b7abf0590e1c New changeset 20beec22764f by Victor Stinner in branch '3.2': (Merge 3.1) Issue #12012: ssl.PROTOCOL_SSLv2 becomes optional http://hg.python.org/cpython/rev/20beec22764f |
|
|
| msg135666 - (view) |
Author: Roundup Robot (python-dev) |
Date: 2011-05-09 23:52 |
| New changeset 3c87a13980be by Victor Stinner in branch '2.7': (Merge 3.1) Issue #12012: ssl.PROTOCOL_SSLv2 becomes optional http://hg.python.org/cpython/rev/3c87a13980be |
|
|
| msg135668 - (view) |
Author: STINNER Victor (vstinner) * |
Date: 2011-05-09 23:53 |
| > Since it's a bugfix, it should probably go into all branches. Fixed in 2.7, 3.1, 3.2, 3.3. |
|
|
| msg136444 - (view) |
Author: Antoine Pitrou (pitrou) * |
Date: 2011-05-21 14:34 |
| Victor, you broke the Solaris gcc buildbot on 2.7. http://www.python.org/dev/buildbot/all/builders/sparc%20solaris10%20gcc%202.7/builds/837 |
|
|
| msg136512 - (view) |
Author: Roundup Robot (python-dev) |
Date: 2011-05-22 11:23 |
| New changeset d5771ed4ec4e by Victor Stinner in branch '2.7': Issue #12012: test_ssl uses test_support.import_module() http://hg.python.org/cpython/rev/d5771ed4ec4e |
|
|
| msg136513 - (view) |
Author: STINNER Victor (vstinner) * |
Date: 2011-05-22 11:23 |
| > Victor, you broke the Solaris gcc buildbot on 2.7. It should be fixed by d5771ed4ec4e. |
|
|