python-ndg_httpsclient fails to build after openssl upgrade to 1.1.1e: https://koschei.fedoraproject.org/build/8125180 https://koschei.fedoraproject.org/package/python-ndg_httpsclient?collection=f33 ====================================================================== ERROR: test02_fetch_from_url (__main__.TestUtilsModule) ---------------------------------------------------------------------- Traceback (most recent call last): File "./test_utils.py", line 32, in test02_fetch_from_url res = fetch_from_url(Constants.TEST_URI, config) File "/builddir/build/BUILD/ndg_httpsclient-0.5.1/ndg/httpsclient/utils.py", line 100, in fetch_from_url raise URLFetchError(return_message) ndg.httpsclient.utils.URLFetchError: Error: [('SSL routines', 'ssl3_read_n', 'unexpected eof while reading')] ====================================================================== FAIL: test03_open_url (__main__.TestUtilsModule) ---------------------------------------------------------------------- Traceback (most recent call last): File "./test_utils.py", line 38, in test03_open_url self.assertEqual(res[0], 200, AssertionError: 0 != 200 : open_url for 'https://localhost:4443' failed ---------------------------------------------------------------------- This also blocks the Python 3.9 rebuild. For the build logs with Python 3.9, see: https://copr-be.cloud.fedoraproject.org/results/@python/python3.9/fedora-rawhide-x86_64/01314194-python-ndg_httpsclient/ For all our attempts to build python-ndg_httpsclient with Python 3.9, see: https://copr.fedorainfracloud.org/coprs/g/python/python3.9/package/python-ndg_httpsclient/ Testing and mass rebuild of packages is happening in copr. You can follow these instructions to test locally in mock if your package builds with Python 3.9: https://copr.fedorainfracloud.org/coprs/g/python/python3.9/ Let us know here if you have any questions. Python 3.9 will be included in Fedora 33. To make that update smoother, we're building Fedora packages with early pre-releases of Python 3.9. A build failure prevents us from testing all dependent packages (transitive [Build]Requires), so if this package is required a lot, it's important for us to get it fixed soon. We'd appreciate help from the people who know this package best, but if you don't want to work on this now, let us know so we can try to work around it on our side.
I filed an upstream bug report - hoping they will solve the problem for us.
See also https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/PM65WZJLD542DDJQRHIYSN2MHQK26FNL/
This no longer happens because the change was reverted.
But this is specific to Fedora's version of openssl 1.1.1e, right? So other downstreams will face the same issue when using a vanilla openssl? And we might experience the same problem when we upgrade to openssl 3.0 (without Fedora-specific patches)?
> But this is specific to Fedora's version of openssl 1.1.1e, right? This was reverted upstream, but obviously not "in" 1.1.1e. Not sure when is 1.1.1f scheduled. > So other downstreams will face the same issue when using a vanilla openssl? With exactly 1.1.1e, they might. > And we might experience the same problem when we upgrade to openssl 3.0 (without Fedora-specific patches)? Python itself had failing tests with the change, so chances are Python will be adapted for 3.0. That might (or might not) also fix ndg_httpsclient.