Installing Python 3.7 from source: test_ssl failed

3

To be able to install Python from source without root permission on a Ubuntu server, I had to install openssl, which I did using the following commands:

wget https://www.openssl.org/source/openssl-1.1.1e.tar.gz
tar -xzvf openssl-1.1.1e.tar.gz
cd openssl-1.1.1e
./config --prefix=${HOME}/.local/openssl --openssldir=${HOME}/.local/openssl
make -j$(nproc)
make install_sw

Then I set the following in ~/.bashrc:

export PATH=$HOME/.local/openssl/bin:$PATH
export LD_LIBRARY_PATH=$HOME/.local/openssl/lib:$LD_LIBRARY_PATH

and created a symbolic link from the new certs folder to the existing one (this step is necessary):

ln -s /etc/ssl/certs $HOME/.local/openssl/certs

Then I proceeded to installing Python 3.7.7:

wget https://www.python.org/ftp/python/3.7.7/Python-3.7.7.tgz
tar -xzvf Python-3.7.7.tgz
cd Python-3.7.7
./configure --enable-shared --enable-optimizations --with-openssl=${HOME}/.local/openssl --prefix=${HOME}/.local
make -j$(nproc)

I obtained:

== Tests result: FAILURE ==

385 tests OK.

4 tests failed:
    test_imaplib test_ssl test_tarfile test_urllib2_localnet

27 tests skipped:
    test_bz2 test_curses test_dbm_gnu test_dbm_ndbm test_devpoll
    test_idle test_kqueue test_msilib test_ossaudiodev test_smtpnet
    test_socketserver test_sqlite test_startfile test_tcl test_timeout
    test_tix test_tk test_ttk_guionly test_ttk_textonly test_turtle
    test_urllib2net test_urllibnet test_winconsoleio test_winreg
    test_winsound test_xmlrpc_net test_zipfile64

The SSL seems to be the most critical, so I ran it again in verbose mode to have more detail:

./python -m test -v test_ssl

I obtained:

== CPython 3.7.7 (default, Mar 18 2020, 23:27:01) [GCC 6.3.0 20170516]
== Linux-4.9.0-11-amd64-x86_64-with-debian-9.12 little-endian
== cwd: /home/user/Python-3.7.7/build/test_python_25131
== CPU count: 16
== encodings: locale=UTF-8, FS=utf-8
0:00:00 load avg: 4.03 Run tests sequentially
0:00:00 load avg: 4.03 [1/1] test_ssl
test_ssl: testing with 'OpenSSL 1.1.1e  17 Mar 2020' (1, 1, 1, 5, 15)
          under Linux ('debian', '9.12', '')
          HAS_SNI = True
          OP_ALL = 0x80000054
          OP_NO_TLSv1_1 = 0x10000000
test__create_stdlib_context (test.test_ssl.ContextTests) ... ok
...etc...
test_ciphers (test.test_ssl.SimpleBackgroundTests) ...  server:  new connection from ('127.0.0.1', 40460)
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
 server: selected protocol is now None
Test server failure:
Traceback (most recent call last):
   File "/home/user/Python-3.7.7/Lib/test/test_ssl.py", line 2392, in run
    msg = self.read()
   File "/home/user/Python-3.7.7/Lib/test/test_ssl.py", line 2369, in read
    return self.sslconn.read()
   File "/home/user/Python-3.7.7/Lib/ssl.py", line 931, in read
    return self._sslobj.read(len)
 OSError: [Errno 0] Error
ERROR
...etc...

 server:  bad connection attempt from ('127.0.0.1', 46120):
Traceback (most recent call last):
   File "/home/user/Python-3.7.7/Lib/test/test_ssl.py", line 2313, in wrap_conn
    self.sock, server_side=True)
   File "/home/user/Python-3.7.7/Lib/ssl.py", line 423, in wrap_socket
    session=session
   File "/home/user/Python-3.7.7/Lib/ssl.py", line 870, in _create
    self.do_handshake()
   File "/home/user/Python-3.7.7/Lib/ssl.py", line 1139, in do_handshake
    self._sslobj.do_handshake()
 ssl.SSLError: [SSL: SSLV3_ALERT_BAD_CERTIFICATE] sslv3 alert bad certificate (_ssl.c:1076)
ok
======================================================================
ERROR: test_session_handling (test.test_ssl.ThreadedTests)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/user/Python-3.7.7/Lib/test/test_ssl.py", line 4344, in test_session_handling
    s.connect((HOST, server.port))
  File "/home/user/Python-3.7.7/Lib/ssl.py", line 1172, in connect
    self._real_connect(addr, False)
  File "/home/user/Python-3.7.7/Lib/ssl.py", line 1159, in _real_connect
    super().connect(addr)
ConnectionRefusedError: [Errno 111] Connection refused

======================================================================
ERROR: test_tls_unique_channel_binding (test.test_ssl.ThreadedTests)
Test tls-unique channel binding.
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/user/Python-3.7.7/Lib/test/test_ssl.py", line 3925, in test_tls_unique_channel_binding
    s.connect((HOST, server.port))
  File "/home/user/Python-3.7.7/Lib/ssl.py", line 1172, in connect
    self._real_connect(addr, False)
  File "/home/user/Python-3.7.7/Lib/ssl.py", line 1163, in _real_connect
    self.do_handshake()
  File "/home/user/Python-3.7.7/Lib/ssl.py", line 1139, in do_handshake
    self._sslobj.do_handshake()
ConnectionResetError: [Errno 104] Connection reset by peer

----------------------------------------------------------------------

Ran 153 tests in 4.000s

FAILED (errors=8, skipped=8)
test test_ssl failed
test_ssl failed

== Tests result: FAILURE ==

1 test failed:
    test_ssl

Total duration: 4.1 sec
Tests result: FAILURE

I seems that I still have an issue with certificates.

I would appreciate a lot for your help on resolving this issue. Thank you very much in advance!

linux
python
ssl
openssl
asked on Super User Mar 19, 2020 by Khue

1 Answer

2

The test fails due to an behavior change in OpenSSL 1.1.1e. Try with OpenSSL 1.1.1d for now. See https://bugs.python.org/issue40018 for more information.

answered on Super User Mar 22, 2020 by Steffen Ullrich

User contributions licensed under CC BY-SA 3.0