Bug 1331425
| Summary: | Segmentation fault in sslwrap function | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Artur Zaprzała <artur.zaprzala> | ||||
| Component: | python | Assignee: | Python Maintainers <python-maint> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Branislav Náter <bnater> | ||||
| Severity: | high | Docs Contact: | Lenka Špačková <lkuprova> | ||||
| Priority: | unspecified | ||||||
| Version: | 7.2 | CC: | artur.zaprzala, cheimes, cstratak, franknleslie, isenfeld, pviktori | ||||
| Target Milestone: | rc | ||||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| URL: | https://github.com/ajenti/ajenti/issues/846 | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | python-2.7.5-46.el7 | Doc Type: | Deprecated Functionality | ||||
| Doc Text: |
sslwrap() removed from Python
The sslwrap() function has been removed from Python 2.7. After the 466 Python Enhancement Proposal (https://www.python.org/dev/peps/pep-0466/) was implemented, using this function resulted in a segmentation fault. The removal is consistent with upstream. Red Hat recommends using the ssl.wrap_socket() function instead.
|
Story Points: | --- | ||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2016-11-03 20:16:56 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
|
Description
Artur Zaprzała
2016-04-28 13:45:16 UTC
The bug was introduced in python-2.7.5-34.el7.x86_64. python-2.7.5-18.el7_1.1.x86_64 is OK. This bug was probably introduced in the resolution of #1250611 What is the expected output that you get with the previous release? With python-2.7.5-18.el7_1.1.x86_64 the output is: Traceback (most recent call last): File "<string>", line 1, in <module> ssl.SSLError: [Errno 336265218] _ssl.c:351: error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system lib That is correct, because the test case is too minimal to do something usefull. Created attachment 1171986 [details]
First draft of patch
Upstream issue about sslwrap: http://bugs.python.org/issue22438 The position of Python developers is that since ssl._ssl.sslwrap is private, undocumented API, it can be removed at any time. Artur, due to ssl._ssl.sslwrap being private, undocumented API that is no longer used upstream, I'm struggling to find good test cases. Would you be willing to test the fix if I provide a RPM? I will test this patch next week. I tested the patch however with that reproducer there is no output, I don't know though if that is the expected case, since there were also a lot of other changes in the SSL module. A better test case should be required in order to be sure. Since this is in RHEL 7.2, it always crashes when called, and we only got this one report about the crash, it seems it would be OK to remove _ssl.sslwrap altogether, as upstream intended. This would reduce the maintenance effort a lot (since the backport is quite invasive), and for anyone still relying on _ssl.sslwrap there are workarounds available. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2016-2586.html |