Bug 1815903

Summary: python-ndg_httpsclient fails to build after openssl upgrade to 1.1.1e
Product: [Fedora] Fedora Reporter: Miro Hrončok <mhroncok>
Component: python-ndg_httpsclientAssignee: Felix Schwarz <fschwarz>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: cstratak, fschwarz, itamar, mhroncok, mplch, nick, python-sig, tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-03-30 13:07:36 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1785415, 1803234    

Description Miro Hrončok 2020-03-22 15:51:02 UTC 
python-ndg_httpsclient fails to build after openssl upgrade to 1.1.1e:


https://koschei.fedoraproject.org/build/8125180
https://koschei.fedoraproject.org/package/python-ndg_httpsclient?collection=f33

======================================================================
ERROR: test02_fetch_from_url (__main__.TestUtilsModule)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "./test_utils.py", line 32, in test02_fetch_from_url
    res = fetch_from_url(Constants.TEST_URI, config)
  File "/builddir/build/BUILD/ndg_httpsclient-0.5.1/ndg/httpsclient/utils.py", line 100, in fetch_from_url
    raise URLFetchError(return_message)
ndg.httpsclient.utils.URLFetchError: Error: [('SSL routines', 'ssl3_read_n', 'unexpected eof while reading')]
======================================================================
FAIL: test03_open_url (__main__.TestUtilsModule)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "./test_utils.py", line 38, in test03_open_url
    self.assertEqual(res[0], 200,
AssertionError: 0 != 200 : open_url for 'https://localhost:4443' failed
----------------------------------------------------------------------


This also blocks the Python 3.9 rebuild.


For the build logs with Python 3.9, see:
https://copr-be.cloud.fedoraproject.org/results/@python/python3.9/fedora-rawhide-x86_64/01314194-python-ndg_httpsclient/

For all our attempts to build python-ndg_httpsclient with Python 3.9, see:
https://copr.fedorainfracloud.org/coprs/g/python/python3.9/package/python-ndg_httpsclient/

Testing and mass rebuild of packages is happening in copr. You can follow these instructions to test locally in mock if your package builds with Python 3.9:
https://copr.fedorainfracloud.org/coprs/g/python/python3.9/

Let us know here if you have any questions.

Python 3.9 will be included in Fedora 33. To make that update smoother, we're building Fedora packages with early pre-releases of Python 3.9.
A build failure prevents us from testing all dependent packages (transitive [Build]Requires), so if this package is required a lot, it's important for us to get it fixed soon.
We'd appreciate help from the people who know this package best, but if you don't want to work on this now, let us know so we can try to work around it on our side.
Comment 1 Felix Schwarz 2020-03-22 22:26:50 UTC 
I filed an upstream bug report - hoping they will solve the problem for us.
Comment 2 Miro Hrončok 2020-03-23 09:59:11 UTC 
See also https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/PM65WZJLD542DDJQRHIYSN2MHQK26FNL/
Comment 3 Miro Hrončok 2020-03-30 13:07:36 UTC 
This no longer happens because the change was reverted.
Comment 4 Felix Schwarz 2020-03-30 13:50:07 UTC 
But this is specific to Fedora's version of openssl 1.1.1e, right? So other downstreams will face the same issue when using a vanilla openssl? And we might experience the same problem when we upgrade to openssl 3.0 (without Fedora-specific patches)?
Comment 5 Miro Hrončok 2020-03-30 13:59:07 UTC 
> But this is specific to Fedora's version of openssl 1.1.1e, right?

This was reverted upstream, but obviously not "in" 1.1.1e. Not sure when is 1.1.1f scheduled.

> So other downstreams will face the same issue when using a vanilla openssl?

With exactly 1.1.1e, they might.

> And we might experience the same problem when we upgrade to openssl 3.0 (without Fedora-specific patches)?

Python itself had failing tests with the change, so chances are Python will be adapted for 3.0. That might (or might not) also fix ndg_httpsclient.