bpo-35031: Fix test_start_tls_server_1 on FreeBSD buildbots #10011
Conversation
|
Tested on the buildbot itself: CURRENT-amd64% uname -a
FreeBSD CURRENT-amd64 12.0-ALPHA10 FreeBSD 12.0-ALPHA10 r339405 GENERIC-NODEBUG amd64
CURRENT-amd64% ./python -m test test_asyncio -m test_start_tls_server_1 -v
== CPython 3.8.0a0 (tags/v3.7.0a4-747-g35230d08e0:35230d08e0, Oct 21 2018, 03:49:42) [Clang 6.0.1 (tags/RELEASE_601/final 335540)]
== FreeBSD-12.0-ALPHA10-amd64-64bit-ELF little-endian
== cwd: /usr/home/pablo/cpython/build/test_python_32337
== CPU count: 4
== encodings: locale=UTF-8, FS=utf-8
Run tests sequentially
0:00:00 load avg: 3.63 [1/1] test_asyncio
test_start_tls_server_1 (test.test_asyncio.test_sslproto.ProactorStartTLSTests) ... skipped 'Windows only'
test_start_tls_server_1 (test.test_asyncio.test_sslproto.SelectorStartTLSTests) ... ok
----------------------------------------------------------------------
Ran 2 tests in 0.424s
OK (skipped=1)
1 test OK.
Total duration: 1 sec
Tests result: SUCCESS
CURRENT-amd64% |
|
Example of the current failure: |
There was a problem hiding this comment.
LGTM.
Honestly, I'm not a TLS expert, but this bug is annoying and makes the buildbot fail randomly. So I suggest to apply it as soon as possible :-)
If it's wrong, it can be fixed later, but at least the buildbot will become useful again and stop to spam buildbot-status and random PRs.
| @@ -429,6 +429,7 @@ def test_start_tls_server_1(self): | |||
|
|
|||
| server_context = test_utils.simple_server_sslcontext() | |||
| client_context = test_utils.simple_client_sslcontext() | |||
| client_context.options |= ssl.OP_NO_TLSv1_3 | |||
There was a problem hiding this comment.
Can we add a comment explaining this line?
There was a problem hiding this comment.
Can we please restrict this to FreeBSD?
@1st1 In the long run, we should have parametrized tests to test TLS 1.2 and TLS 1.3 behavior. The protocols behave differently on mulitple accounts. For client cert auth, we even need to have TLS 1.3 with and without PHA.
| @@ -429,6 +429,7 @@ def test_start_tls_server_1(self): | |||
|
|
|||
| server_context = test_utils.simple_server_sslcontext() | |||
| client_context = test_utils.simple_client_sslcontext() | |||
| client_context.options |= ssl.OP_NO_TLSv1_3 | |||
There was a problem hiding this comment.
Can we please restrict this to FreeBSD?
@1st1 In the long run, we should have parametrized tests to test TLS 1.2 and TLS 1.3 behavior. The protocols behave differently on mulitple accounts. For client cert auth, we even need to have TLS 1.3 with and without PHA.
|
Thanks @pablogsal for the PR 🌮🎉.. I'm working now to backport this PR to: 3.6. |
|
Thanks @pablogsal for the PR 🌮🎉.. I'm working now to backport this PR to: 3.7. |
|
Sorry, @pablogsal, I could not cleanly backport this to |
|
GH-10496 is a backport of this pull request to the 3.7 branch. |
|
Backporting after checking that it works on the buildbots. |
|
Apparently, the issue in 3.6 is different. It happens on test_ssl. Example: https://buildbot.python.org/all/#/builders/172/builds/86/steps/4/logs/stdio |
Some FreeBSD buildbots fail to run this test as the eof was not being received by the server if the size is not big enough. This behaviour only appears if the client is using TLS1.3. (cherry picked from commit f6a47f3) Co-authored-by: Pablo Galindo <Pablogsal@gmail.com>
https://bugs.python.org/issue35031