Description of problem: When FIPS mode is enabled there are two failures in test_ssl.py. Version-Release number of selected component (if applicable): python3-test-3.9.10-2.el9 How reproducible: 100% in FIPS mode Steps to Reproduce: 1. Install python3-test 2. Filter out incompatible tests accroding to [1]. 3. Run the remaining tests. Actual results: # python3 -m test --verbose --list-cases test_ssl.py >foo # grep -v -e test.test_ssl.ContextTests.test_load_cert_chain \ -e test.test_ssl.ThreadedTests.test_check_hostname \ -e test.test_ssl.ThreadedTests.test_compression \ -e test.test_ssl.ThreadedTests.test_compression_disabled \ -e test.test_ssl.ThreadedTests.test_crl_check \ -e test.test_ssl.ThreadedTests.test_dh_params \ -e test.test_ssl.ThreadedTests.test_echo \ -e test.test_ssl.ThreadedTests.test_nonblocking_send \ -e test.test_ssl.ThreadedTests.test_protocol_tlsv1 \ -e test.test_ssl.ThreadedTests.test_recv_send \ -e test.test_ssl.ThreadedTests.test_selected_alpn_protocol \ -e test.test_ssl.ThreadedTests.test_selected_alpn_protocol_if_server_uses_alpn \ -e test.test_ssl.ThreadedTests.test_selected_npn_protocol \ -e test.test_ssl.ThreadedTests.test_session \ -e test.test_ssl.ThreadedTests.test_shared_ciphers \ -e test.test_ssl.ThreadedTests.test_sni_callback \ -e test.test_ssl.ThreadedTests.test_starttls \ -e test.test_ssl.ThreadedTests.test_tls_unique_channel_binding \ -e test.test_ssl.ThreadedTests.test_version_basic \ -e test.test_ssl.ThreadedTests.test_protocol_sslv23 foo >bar # python3 -m test --verbose --matchfile bar test_ssl.py ... ====================================================================== ERROR: test_load_verify_cadata (test.test_ssl.ContextTests) ---------------------------------------------------------------------- Traceback (most recent call last): File "/usr/lib64/python3.9/test/test_ssl.py", line 1467, in test_load_verify_cadata ctx.load_verify_locations(cadata=cacert_der) ssl.SSLError: [EVP] unsupported (_ssl.c:4174) ====================================================================== ERROR: test_connect_cadata (test.test_ssl.SimpleBackgroundTests) ---------------------------------------------------------------------- Traceback (most recent call last): File "/usr/lib64/python3.9/test/test_ssl.py", line 2103, in test_connect_cadata ctx.load_verify_locations(cadata=der) ssl.SSLError: [EVP] unsupported (_ssl.c:4174) ---------------------------------------------------------------------- Ran 137 tests in 6.331s FAILED (errors=2, skipped=14) test test_ssl failed test_ssl failed (2 errors) == Tests result: FAILURE == 1 test failed: test_ssl Total duration: 6.4 sec Tests result: FAILURE Expected results: All executed tests passed. Additional info: [1] http://pkgs.devel.redhat.com/cgit/tests/python/tree/Sanity/FIPS-specifics/runtest.sh#n50
Hi Ondrej. This is a duplicate of bug 2058233 *** This bug has been marked as a duplicate of bug 2058233 ***