Bug 1761194 - python-cryptography: FTBFS with OpenSSL 1.1.1d
Summary: python-cryptography: FTBFS with OpenSSL 1.1.1d
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: python-cryptography
Version: 29
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Jeremy Cline
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: 1761081
TreeView+ depends on / blocked
 
Reported: 2019-10-13 10:15 UTC by Christian Heimes
Modified: 2019-10-29 01:27 UTC (History)
7 users (show)

Fixed In Version: python-cryptography-2.6.1-3.fc31
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-10-29 01:27:16 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github pyca cryptography issues 4998 0 None None None 2019-10-13 10:15:55 UTC

Description Christian Heimes 2019-10-13 10:15:56 UTC 
Description of problem:
python-cryptography fails to build from source because two unit tests are failing with OpenSSL 1.1.1d. 1.1.1c was fine. It's a known issue and documented as https://github.com/pyca/cryptography/issues/4998. The problem affects all supported versions of Fedora.

Version-Release number of selected component (if applicable):
any version of python-cryptograhy
openssl-1.1.1d

How reproducible:
always

Steps to Reproduce:
1. Run test suite, e.g. tox

Actual results:
=================================== FAILURES ===================================
_____________________ TestDH.test_dh_parameters_supported ______________________
self = <tests.hazmat.primitives.test_dh.TestDH object at 0x7f14a6900730>
backend = <cryptography.hazmat.backends.openssl.backend.Backend object at 0x7f14c8dca100>
    def test_dh_parameters_supported(self, backend):
        assert backend.dh_parameters_supported(23, 5)
>       assert not backend.dh_parameters_supported(23, 18)
E       assert not True
E        +  where True = <bound method Backend.dh_parameters_supported of <cryptography.hazmat.backends.openssl.backend.Backend object at 0x7f14c8dca100>>(23, 18)
E        +    where <bound method Backend.dh_parameters_supported of <cryptography.hazmat.backends.openssl.backend.Backend object at 0x7f14c8dca100>> = <cryptography.hazmat.backends.openssl.backend.Backend object at 0x7f14c8dca100>.dh_parameters_supported
tests/hazmat/primitives/test_dh.py:161: AssertionError
_____________ TestECDSACertificate.test_load_ecdsa_no_named_curve ______________
self = <tests.x509.test_x509.TestECDSACertificate object at 0x7f14a37a26a0>
backend = <cryptography.hazmat.backends.openssl.backend.Backend object at 0x7f14c8dca100>
    def test_load_ecdsa_no_named_curve(self, backend):
        _skip_curve_unsupported(backend, ec.SECP256R1())
        cert = _load_cert(
            os.path.join("x509", "custom", "ec_no_named_curve.pem"),
            x509.load_pem_x509_certificate,
            backend
        )
        with pytest.raises(NotImplementedError):
>           cert.public_key()
E           Failed: DID NOT RAISE <class 'NotImplementedError'>
tests/x509/test_x509.py:3731: Failed

Expected results:
no error
Comment 1 Fedora Update System 2019-10-14 08:29:20 UTC 
FEDORA-2019-b7565e6ccc has been submitted as an update to Fedora 31. https://bodhi.fedoraproject.org/updates/FEDORA-2019-b7565e6ccc
Comment 2 Christian Heimes 2019-10-14 08:30:24 UTC 
Fixed in python-cryptography-2.7-3.fc32, https://bodhi.fedoraproject.org/updates/FEDORA-2019-c69eb4cdb1
Comment 3 Fedora Update System 2019-10-14 14:51:50 UTC 
python-cryptography-2.6.1-3.fc31 has been pushed to the Fedora 31 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-b7565e6ccc
Comment 4 Fedora Update System 2019-10-29 01:27:16 UTC 
python-cryptography-2.6.1-3.fc31 has been pushed to the Fedora 31 stable repository. If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.