To be able to install Python from source without root permission on a Ubuntu server, I had to install openssl
, which I did using the following commands:
wget https://www.openssl.org/source/openssl-1.1.1e.tar.gz
tar -xzvf openssl-1.1.1e.tar.gz
cd openssl-1.1.1e
./config --prefix=${HOME}/.local/openssl --openssldir=${HOME}/.local/openssl
make -j$(nproc)
make install_sw
Then I set the following in ~/.bashrc
:
export PATH=$HOME/.local/openssl/bin:$PATH
export LD_LIBRARY_PATH=$HOME/.local/openssl/lib:$LD_LIBRARY_PATH
and created a symbolic link from the new certs
folder to the existing one (this step is necessary):
ln -s /etc/ssl/certs $HOME/.local/openssl/certs
Then I proceeded to installing Python 3.7.7:
wget https://www.python.org/ftp/python/3.7.7/Python-3.7.7.tgz
tar -xzvf Python-3.7.7.tgz
cd Python-3.7.7
./configure --enable-shared --enable-optimizations --with-openssl=${HOME}/.local/openssl --prefix=${HOME}/.local
make -j$(nproc)
I obtained:
== Tests result: FAILURE ==
385 tests OK.
4 tests failed:
test_imaplib test_ssl test_tarfile test_urllib2_localnet
27 tests skipped:
test_bz2 test_curses test_dbm_gnu test_dbm_ndbm test_devpoll
test_idle test_kqueue test_msilib test_ossaudiodev test_smtpnet
test_socketserver test_sqlite test_startfile test_tcl test_timeout
test_tix test_tk test_ttk_guionly test_ttk_textonly test_turtle
test_urllib2net test_urllibnet test_winconsoleio test_winreg
test_winsound test_xmlrpc_net test_zipfile64
The SSL seems to be the most critical, so I ran it again in verbose mode to have more detail:
./python -m test -v test_ssl
I obtained:
== CPython 3.7.7 (default, Mar 18 2020, 23:27:01) [GCC 6.3.0 20170516]
== Linux-4.9.0-11-amd64-x86_64-with-debian-9.12 little-endian
== cwd: /home/user/Python-3.7.7/build/test_python_25131
== CPU count: 16
== encodings: locale=UTF-8, FS=utf-8
0:00:00 load avg: 4.03 Run tests sequentially
0:00:00 load avg: 4.03 [1/1] test_ssl
test_ssl: testing with 'OpenSSL 1.1.1e 17 Mar 2020' (1, 1, 1, 5, 15)
under Linux ('debian', '9.12', '')
HAS_SNI = True
OP_ALL = 0x80000054
OP_NO_TLSv1_1 = 0x10000000
test__create_stdlib_context (test.test_ssl.ContextTests) ... ok
...etc...
test_ciphers (test.test_ssl.SimpleBackgroundTests) ... server: new connection from ('127.0.0.1', 40460)
server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
server: selected protocol is now None
Test server failure:
Traceback (most recent call last):
File "/home/user/Python-3.7.7/Lib/test/test_ssl.py", line 2392, in run
msg = self.read()
File "/home/user/Python-3.7.7/Lib/test/test_ssl.py", line 2369, in read
return self.sslconn.read()
File "/home/user/Python-3.7.7/Lib/ssl.py", line 931, in read
return self._sslobj.read(len)
OSError: [Errno 0] Error
ERROR
...etc...
server: bad connection attempt from ('127.0.0.1', 46120):
Traceback (most recent call last):
File "/home/user/Python-3.7.7/Lib/test/test_ssl.py", line 2313, in wrap_conn
self.sock, server_side=True)
File "/home/user/Python-3.7.7/Lib/ssl.py", line 423, in wrap_socket
session=session
File "/home/user/Python-3.7.7/Lib/ssl.py", line 870, in _create
self.do_handshake()
File "/home/user/Python-3.7.7/Lib/ssl.py", line 1139, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_BAD_CERTIFICATE] sslv3 alert bad certificate (_ssl.c:1076)
ok
======================================================================
ERROR: test_session_handling (test.test_ssl.ThreadedTests)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/home/user/Python-3.7.7/Lib/test/test_ssl.py", line 4344, in test_session_handling
s.connect((HOST, server.port))
File "/home/user/Python-3.7.7/Lib/ssl.py", line 1172, in connect
self._real_connect(addr, False)
File "/home/user/Python-3.7.7/Lib/ssl.py", line 1159, in _real_connect
super().connect(addr)
ConnectionRefusedError: [Errno 111] Connection refused
======================================================================
ERROR: test_tls_unique_channel_binding (test.test_ssl.ThreadedTests)
Test tls-unique channel binding.
----------------------------------------------------------------------
Traceback (most recent call last):
File "/home/user/Python-3.7.7/Lib/test/test_ssl.py", line 3925, in test_tls_unique_channel_binding
s.connect((HOST, server.port))
File "/home/user/Python-3.7.7/Lib/ssl.py", line 1172, in connect
self._real_connect(addr, False)
File "/home/user/Python-3.7.7/Lib/ssl.py", line 1163, in _real_connect
self.do_handshake()
File "/home/user/Python-3.7.7/Lib/ssl.py", line 1139, in do_handshake
self._sslobj.do_handshake()
ConnectionResetError: [Errno 104] Connection reset by peer
----------------------------------------------------------------------
Ran 153 tests in 4.000s
FAILED (errors=8, skipped=8)
test test_ssl failed
test_ssl failed
== Tests result: FAILURE ==
1 test failed:
test_ssl
Total duration: 4.1 sec
Tests result: FAILURE
I seems that I still have an issue with certificates.
I would appreciate a lot for your help on resolving this issue. Thank you very much in advance!
The test fails due to an behavior change in OpenSSL 1.1.1e. Try with OpenSSL 1.1.1d for now. See https://bugs.python.org/issue40018 for more information.
User contributions licensed under CC BY-SA 3.0