Bug 1618753

Summary: Fedora's OpenSSL TLS minimum version is not comaptible with Python's test
Product: [Fedora] Fedora Reporter: Miro Hrončok <mhroncok>
Component: python3Assignee: Miro Hrončok <mhroncok>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 29CC: cstratak, dmalcolm, mcyprian, mhroncok, pviktori, rkuska, shcherbina.iryna, tomspur, torsava
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: python3-3.7.4-1.fc30 python3-3.7.4-1.fc29 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-07-29 01:08:10 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Miro Hrončok 2018-08-17 13:39:03 UTC 
There is an upstream Python test that checks the minimum TLS version - test_min_max_version (test.test_ssl.ContextTests).

Fedora 29+ sets TLSv1 as explicit minimum version. Python's test suite assumes that the minimum protocol version is set to a magic marker.


FAIL: test_min_max_version (test.test_ssl.ContextTests)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/builddir/build/BUILD/Python-3.7.0/Lib/test/test_ssl.py", line 1084, in test_min_max_version
    ctx.minimum_version, ssl.TLSVersion.MINIMUM_SUPPORTED
AssertionError: <TLSVersion.TLSv1: 769> != <TLSVersion.MINIMUM_SUPPORTED: -2>


We currently workaround the problem by setting:

    export OPENSSL_CONF=/non-existing-file

This is a tracking bug to have this sorted in a better way, most likely upstream.
Comment 1 Petr Viktorin (pviktori) 2019-02-04 13:57:41 UTC 
Will be fixed in the next 3.7 upstream release.
Comment 2 Miro Hrončok 2019-06-26 08:59:03 UTC 
https://src.fedoraproject.org/rpms/python3/pull-request/114
Comment 3 Fedora Update System 2019-07-09 17:26:44 UTC 
FEDORA-2019-9bfb4a3e4b has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-9bfb4a3e4b
Comment 4 Fedora Update System 2019-07-09 17:29:58 UTC 
FEDORA-2019-60a1defcd1 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-60a1defcd1
Comment 5 Fedora Update System 2019-07-10 00:37:44 UTC 
python3-3.7.4-1.fc30, python3-docs-3.7.4-1.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-9bfb4a3e4b
Comment 6 Fedora Update System 2019-07-10 02:41:41 UTC 
python3-3.7.4-1.fc29, python3-docs-3.7.4-1.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-60a1defcd1
Comment 7 Fedora Update System 2019-07-29 01:08:10 UTC 
python3-3.7.4-1.fc30, python3-docs-3.7.4-1.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report.
Comment 8 Fedora Update System 2019-08-05 01:41:04 UTC 
python3-3.7.4-1.fc29, python3-docs-3.7.4-1.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.