1815903 – python-ndg_httpsclient fails to build after openssl upgrade to 1.1.1e

Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1815903 - python-ndg_httpsclient fails to build after openssl upgrade to 1.1.1e

Summary: python-ndg_httpsclient fails to build after openssl upgrade to 1.1.1e

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	python-ndg_httpsclient
Sub Component:
Version:	rawhide
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Felix Schwarz
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	F33FTBFS PYTHON39
TreeView+	depends on / blocked

Reported:	2020-03-22 15:51 UTC by Miro Hrončok
Modified:	2020-03-30 13:59 UTC (History)
CC List:	8 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-03-30 13:07:36 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	cedadev ndg_httpsclient issues 22	0	None	open	test suite fails with openssl 1.1.1e	2020-03-30 13:05:44 UTC

Description Miro Hrončok 2020-03-22 15:51:02 UTC

python-ndg_httpsclient fails to build after openssl upgrade to 1.1.1e:


https://koschei.fedoraproject.org/build/8125180
https://koschei.fedoraproject.org/package/python-ndg_httpsclient?collection=f33

======================================================================
ERROR: test02_fetch_from_url (__main__.TestUtilsModule)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "./test_utils.py", line 32, in test02_fetch_from_url
    res = fetch_from_url(Constants.TEST_URI, config)
  File "/builddir/build/BUILD/ndg_httpsclient-0.5.1/ndg/httpsclient/utils.py", line 100, in fetch_from_url
    raise URLFetchError(return_message)
ndg.httpsclient.utils.URLFetchError: Error: [('SSL routines', 'ssl3_read_n', 'unexpected eof while reading')]
======================================================================
FAIL: test03_open_url (__main__.TestUtilsModule)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "./test_utils.py", line 38, in test03_open_url
    self.assertEqual(res[0], 200,
AssertionError: 0 != 200 : open_url for 'https://localhost:4443' failed
----------------------------------------------------------------------


This also blocks the Python 3.9 rebuild.


For the build logs with Python 3.9, see:
https://copr-be.cloud.fedoraproject.org/results/@python/python3.9/fedora-rawhide-x86_64/01314194-python-ndg_httpsclient/

For all our attempts to build python-ndg_httpsclient with Python 3.9, see:
https://copr.fedorainfracloud.org/coprs/g/python/python3.9/package/python-ndg_httpsclient/

Testing and mass rebuild of packages is happening in copr. You can follow these instructions to test locally in mock if your package builds with Python 3.9:
https://copr.fedorainfracloud.org/coprs/g/python/python3.9/

Let us know here if you have any questions.

Python 3.9 will be included in Fedora 33. To make that update smoother, we're building Fedora packages with early pre-releases of Python 3.9.
A build failure prevents us from testing all dependent packages (transitive [Build]Requires), so if this package is required a lot, it's important for us to get it fixed soon.
We'd appreciate help from the people who know this package best, but if you don't want to work on this now, let us know so we can try to work around it on our side.

Comment 1 Felix Schwarz 2020-03-22 22:26:50 UTC

I filed an upstream bug report - hoping they will solve the problem for us.

Comment 2 Miro Hrončok 2020-03-23 09:59:11 UTC

See also https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/PM65WZJLD542DDJQRHIYSN2MHQK26FNL/

Comment 3 Miro Hrončok 2020-03-30 13:07:36 UTC

This no longer happens because the change was reverted.

Comment 4 Felix Schwarz 2020-03-30 13:50:07 UTC

But this is specific to Fedora's version of openssl 1.1.1e, right? So other downstreams will face the same issue when using a vanilla openssl? And we might experience the same problem when we upgrade to openssl 3.0 (without Fedora-specific patches)?

Comment 5 Miro Hrončok 2020-03-30 13:59:07 UTC

> But this is specific to Fedora's version of openssl 1.1.1e, right?

This was reverted upstream, but obviously not "in" 1.1.1e. Not sure when is 1.1.1f scheduled.

> So other downstreams will face the same issue when using a vanilla openssl?

With exactly 1.1.1e, they might.

> And we might experience the same problem when we upgrade to openssl 3.0 (without Fedora-specific patches)?

Python itself had failing tests with the change, so chances are Python will be adapted for 3.0. That might (or might not) also fix ndg_httpsclient.

Note You need to log in before you can comment on or make changes to this bug.