Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bpo-30714: ALPN changes for OpenSSL 1.1.0f #2305

Merged
merged 1 commit into from
Aug 15, 2017
Merged

bpo-30714: ALPN changes for OpenSSL 1.1.0f #2305

merged 1 commit into from
Aug 15, 2017

Conversation

tiran
Copy link
Member

@tiran tiran commented Jun 20, 2017
edited by bedevere-bot
Loading

OpenSSL 1.1.0 to 1.1.0e aborted the handshake when server and client
could not agree on a protocol using ALPN. OpenSSL 1.1.0f changed that.
The most recent version now behaves like OpenSSL 1.0.2 again. The ALPN
callback can pretend to not been set.

See openssl/openssl#3158 for more details

Signed-off-by: Christian Heimes christian@python.org

https://bugs.python.org/issue30714

@tiran tiran requested review from alex, vstinner and ned-deily June 20, 2017 16:35
@mention-bot
Copy link

@tiran, thanks for your PR! By analyzing the history of the files in this pull request, we identified @Yhg1s, @benjaminp, @vadmium and @tiran to be potential reviewers.

@tuliom tuliom mentioned this pull request Jul 3, 2017
Closed
@gpshead gpshead self-requested a review July 11, 2017 05:05
gpshead
gpshead approved these changes Jul 11, 2017
View reviewed changes
Copy link
Member

@gpshead gpshead left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is a bummer to be so version specific with regards to an underlying wrapped API that we use but I guess that can't be helped in this library. At least this is just a brittle test.

gpshead
gpshead reviewed Jul 11, 2017
View reviewed changes
Doc/library/ssl.rst Outdated
both sides support ALPN but cannot agree on a protocol.
OpenSSL 1.1.0 to 1.1.0e will abort the handshake and raise :exc:`SSLError`
when both sides support ALPN but cannot agree on a protocol. 1.1.0f+
behaves like 1.0.2.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

rather than stating "behaves like 1.0.2" how about describing that behavior; I don't see how 1.0.2 behaves explicitly described anywhere.

vstinner
vstinner approved these changes Jul 21, 2017
View reviewed changes
Copy link
Member

@vstinner vstinner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The "AMD64 Debian PGO 3.x" buildbot is still failing, so it would be nice to get the fix :-)

http://buildbot.python.org/all/builders/AMD64%20Debian%20PGO%203.x/builds/1023/steps/test/logs/stdio

Misc/NEWS Outdated
@@ -1410,6 +1410,9 @@ Tools/Demos
Tests
-----

* bpo-30714: Address ALPN callback changes for OpenSSL 1.1.0f. The latest
version behaves like OpenSSL 1.0.2 and no longer aborts handshake.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you please convert the NEWS item to blurb?

@vstinner
Copy link
Member

@tiran: If you are too busy, I can try to convert the NEWS entry if you prefer.

@thezoggy thezoggy mentioned this pull request Aug 13, 2017
Closed
@tiran
bpo-30714: ALPN changes for OpenSSL 1.1.0f
a5c1bab 
OpenSSL 1.1.0 to 1.1.0e aborted the handshake when server and client
could not agree on a protocol using ALPN. OpenSSL 1.1.0f changed that.
The most recent version now behaves like OpenSSL 1.0.2 again. The ALPN
callback can pretend to not been set.

See openssl/openssl#3158 for more details

Signed-off-by: Christian Heimes <christian@python.org>
@tiran tiran merged commit 7b40cb7 into python:master Aug 15, 2017
@tiran tiran deleted the bpo-30714-alpn branch August 15, 2017 08:33
@miss-islington
Copy link
Contributor

🐍🍒⛏🤖 Thanks @tiran for the PR, and @tiran for merging it 🌮🎉.I'm working now to backport this PR to: 2.7, 3.6.

@miss-islington
Copy link
Contributor

Sorry @tiran and @tiran, I had trouble checking out the 2.7 backport branch.
Please backport using cherry_picker on command line.

@miss-islington
Copy link
Contributor

Sorry, @tiran and @tiran, I could not cleanly backport this to 3.6 due to a conflict.
Please backport using cherry_picker on command line.

@vstinner
Copy link
Member

vstinner commented Sep 7, 2017

I removed the backport labels, the change was already backported to 2.7 and 3.6.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gpshead gpshead gpshead approved these changes

@alex alex alex approved these changes

@vstinner vstinner vstinner approved these changes

@ned-deily ned-deily ned-deily approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.