Matthias Klose added the comment:
causing #22523, still referencing _ssl.sslwrap.
--
nosy: +doko
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21308
___
Barry A. Warsaw added the comment:
Note that this change broke eventlet:
https://github.com/eventlet/eventlet/issues/135
--
nosy: +barry
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21308
Alex Gaynor added the comment:
Filed http://bugs.python.org/issue22438 to track it.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21308
___
___
Stefan Behnel added the comment:
The current implementation doesn't work with Unicode file paths. Try passing a
Unicode string e.g. as cafile into context.load_verify_locations(). It calls
PyString_AsEncodedObject() on it, which then fails with a PyErr_BadArgument()
on the entry type check.
Alex Gaynor added the comment:
Thanks for the report, I've filed: http://bugs.python.org/issue22244 to track
that issue.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21308
___
Nick Coghlan added the comment:
Thanks for getting this in, folks!
As Alex suggests, we can file any identified regressions as new issues.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21308
Alex Gaynor added the comment:
Latest patch fixes both the issues Benjamin noted.
--
Added file: http://bugs.python.org/file36423/ssl-backport.diff
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21308
Benjamin Peterson added the comment:
I spent hours looking at this patch, which certainly doesn't constitute a real
review, but is probably about as good as your going to get on this behemouth.
Anyway, Alex knows he's on the hook for when things start going sour.
--
Roundup Robot added the comment:
New changeset 221a1f9155e2 by Benjamin Peterson in branch '2.7':
backport many ssl features from Python 3 (closes #21308)
http://hg.python.org/cpython/rev/221a1f9155e2
--
nosy: +python-dev
resolution: - fixed
stage: patch review - resolved
status: open
Alex Gaynor added the comment:
New patch additionally backports the Tools/ssl/ directory from Python3, which
has two utilities for generating some of the code used. Thanks to Benjamin for
catching this.
--
Added file: http://bugs.python.org/file36418/ssl-backport.diff
Alex Gaynor added the comment:
Last version had some stray stuff due to the fact that I don't know how to use
version control. New version should resolve that.
--
Added file: http://bugs.python.org/file36419/ssl-backport.diff
___
Python tracker
Benjamin Peterson added the comment:
Running test_ssl gives this:
% ./python Lib/test/regrtest.py test_ssl
test_ssl
Exception in thread Thread-104:
Traceback (most recent call last):
File /home/benjamin/dev/python/2.7/Lib/threading.py, line 810, in
__bootstrap_inner
self.run()
File
Alex Gaynor added the comment:
On what platform?
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21308
___
___
Python-bugs-list mailing list
Benjamin Peterson added the comment:
Gentoo Linux. Openssl 1.0.1i
On Tue, Aug 19, 2014, at 19:29, Alex Gaynor wrote:
Alex Gaynor added the comment:
On what platform?
--
___
Python tracker rep...@bugs.python.org
Benjamin Peterson added the comment:
In load_cert_chain, you may find it convenient to not Py_DECREF and Py_CLEAR
keyfile_bytes and certfile_bytes, which aren't PyObject *.
--
___
Python tracker rep...@bugs.python.org
Robert Kuska added the comment:
Hi everyone,
I went ahead and I've applied ssl-backport.diff (alex, 2014-08-07 18:49) patch
into Python 2.7.8 on Fedora Rawhide (currently only scratch build).
My report:
Firstly, I've encountered seg fault, I fixed this with patch from
Alex Gaynor added the comment:
Thanks for testing this out Robert! The attached patch fixes the error you saw.
--
Added file: http://bugs.python.org/file36407/ssl-backport.diff
___
Python tracker rep...@bugs.python.org
Changes by Jakub Wilk jw...@jwilk.net:
--
nosy: +jwilk
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21308
___
___
Python-bugs-list mailing list
Nick Coghlan added the comment:
The problem is that the Rietveld integration isn't able to figure out the base
revision, so it isn't generating the review automatically. Times like this it
would be nice to be able to specify a base branch explicitly...
In other news... the outcome of the
Antoine Pitrou added the comment:
Le 07/08/2014 04:34, Nick Coghlan a écrit :
In other news... the outcome of the Fedora thread is that Slavek is
just going to go ahead and apply the patch to Python 2.7 RPMs in Fedora
Rawhide next week. That will hopefully be entirely uneventful, but if it
Alex Gaynor added the comment:
New patch should be in the mercurial diff format.
--
Added file: http://bugs.python.org/file36301/ssl-backport.diff
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21308
Nick Coghlan added the comment:
On 7 Aug 2014 23:11, Antoine Pitrou rep...@bugs.python.org wrote:
I doubt adding a ton of new APIs and code can be uneventful, but good
luck :)
They don't call it Rawhide for nothing! :)
--
___
Python tracker
Changes by Nick Coghlan ncogh...@gmail.com:
Removed file: http://bugs.python.org/file36075/ssl-backport.diff
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21308
___
Changes by Nick Coghlan ncogh...@gmail.com:
Removed file: http://bugs.python.org/file36089/ssl-backport.diff
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21308
___
Changes by Nick Coghlan ncogh...@gmail.com:
Removed file: http://bugs.python.org/file36139/ssl-backport.diff
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21308
___
Changes by Nick Coghlan ncogh...@gmail.com:
Removed file: http://bugs.python.org/file36142/ssl-backport.diff
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21308
___
Changes by Nick Coghlan ncogh...@gmail.com:
Removed file: http://bugs.python.org/file36113/ssl-backport.diff
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21308
___
Changes by Nick Coghlan ncogh...@gmail.com:
Removed file: http://bugs.python.org/file36092/ssl-backport.diff
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21308
___
Nick Coghlan added the comment:
To help keep the file list clear, I unlinked the older versions of the patch.
They're still available in the issue history below.
Alex, could you generate a version using the hg diff format (so the review gets
generated automatically), or else add it manually
Alex Gaynor added the comment:
I've been doing this work in a git repo, do you know how to generate an
hg-formated diff with git?
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21308
___
Benjamin Peterson added the comment:
Doesn't hg accept git diffs?
On Wed, Aug 6, 2014, at 21:31, Alex Gaynor wrote:
Alex Gaynor added the comment:
I've been doing this work in a git repo, do you know how to generate an
hg-formated diff with git?
--
Alex Gaynor added the comment:
Latest patch does as Donald suggests and rolls back the WantWrite changes,
fixing poplib.
--
Added file: http://bugs.python.org/file36255/ssl-backport.diff
___
Python tracker rep...@bugs.python.org
Donald Stufft added the comment:
I think we probably want to revert that particular change. Afaik it wasn't
added to 3.4 because of the danger of breaking things so we probably shouldn't
add it to 2.7.
--
___
Python tracker rep...@bugs.python.org
Arnaud Fontaine added the comment:
Would it be possible to also backport the changes to httplib.py to support TLS
SNI as many libraries (including setuptools) relies on this module to download
files and some servers reject clients not supporting TLS SNI (such as
cloud.github.com)? I have
Nick Coghlan added the comment:
Hi Arnaud, such a change is out of scope for PEP 466. To minimise the scale of
the changes in a maintenance release, it was deliberately limited to provide
the core infrastructure, so at least third party libraries like requests can
support SNI in Python 2,
Alex Gaynor added the comment:
Investigations:
The test_poplib failures are caused by the backporting of
http://bugs.python.org/issue20951, does anyone have opinions on whether we
should backport Antoine's fix for poplib, or revert that particular change?
I'm not sure how to fix that
Alex Gaynor added the comment:
Latest patch makes the needed change to Makefile.pre.in
--
Added file: http://bugs.python.org/file36142/ssl-backport.diff
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21308
Ned Deily added the comment:
Some results from a quick build/test on OS X 10.9.4 with Xcode 5.1.1 clang and
openssl 1.0.1h from MacPorts (similar results when built with Apple-supplied
openssl 0.9.8y and on OS X 10.5.8 ppc with Apple-supplied openssl 0.9.7l):
- Modules/_ssl.c:2861:52:
Alex Gaynor added the comment:
Ned, did you apply the patch from http://bugs.python.org/issue22023 first? That
bt looks like what you'd see without it.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21308
Christian Heimes added the comment:
Does https://github.com/alex/cpython/commits/backport-ssl contain all relevant
code changes? I like to review the changes during my train ride home.
--
___
Python tracker rep...@bugs.python.org
Ned Deily added the comment:
did you apply the patch from http://bugs.python.org/issue22023 first?
Sorry, missed that. Let's try again with that applied as well:
OS X 10.9.4 with Xcode 5.1.1 clang and openssl 1.0.1h from MacPorts
- Modules/_ssl.c:2861:52: warning: invalid conversion
Christian Heimes added the comment:
Awesome! :)
I'll try to find some time to check your work when I'm back from EuroPython.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21308
___
Nick Coghlan added the comment:
Thanks for working through this!
I've kicked it in the direction of the Fedora Python SIG folks
(https://lists.fedoraproject.org/pipermail/python-devel/2014-July/000611.html),
since it would be good if we could get it tested before it makes its way into
an
Alex Gaynor added the comment:
New patch cherry pick's the fix from issue22074.
--
Added file: http://bugs.python.org/file36113/ssl-backport.diff
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21308
Alex Gaynor added the comment:
New version of this patch fixes a bunch of versionadded and changeds in the
docs that referred to the wrong version.
--
Added file: http://bugs.python.org/file36089/ssl-backport.diff
___
Python tracker
Alex Gaynor added the comment:
Try #3: This fixes a bug with NPN (I hadn't tested with an OpenSSL that
supports NPN, I have now), and cherry-picks the typo fixes from 967311e6c0d2
--
Added file: http://bugs.python.org/file36092/ssl-backport.diff
___
Alex Gaynor added the comment:
The attached patch (drafted by myself, and David Reid) backports all of the SSL
module (and tests!!!) to Python 2.7. All tests pass on my machine (OS X 10.9),
I haven't tested against other platforms.
I /suspect/ the best way to review this patch will be by
Changes by Ian Cordasco graffatcolmin...@gmail.com:
--
nosy: +icordasc
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21308
___
___
Marc-Andre Lemburg added the comment:
On 20.06.2014 16:38, Nick Coghlan wrote:
Nick Coghlan added the comment:
MAL - agreed on the version numbering implications of treating OpenSSL CVE's
as CPython CVE's, but I think Guido pretty much answered that when he
extended the 2.7 EOL to 2020
Nick Coghlan added the comment:
2.7.8 will likely be earlier than expected in order to address the latest
OpenSSL update for the Windows installers. So while the likely time frame for
this hasn't changed (i.e. November'ish 2014), that release is now expected to
be 2.7.9 (assuming the OpenSSL
Marc-Andre Lemburg added the comment:
On 20.06.2014 09:26, Nick Coghlan wrote:
2.7.8 will likely be earlier than expected in order to address the latest
OpenSSL update for the Windows installers. So while the likely time frame for
this hasn't changed (i.e. November'ish 2014), that release
Alex Gaynor added the comment:
I just wanted to note that I've been actively working on this, but it's being
difficult in ways I hadn't predicted :-) Will send an update to python-dev in
the next week or so.
--
___
Python tracker
Nick Coghlan added the comment:
MAL - agreed on the version numbering implications of treating OpenSSL CVE's as
CPython CVE's, but I think Guido pretty much answered that when he extended the
2.7 EOL to 2020 (i.e. we were going to hit 2.7.10 within the next couple of
years regardless).
Nick Coghlan added the comment:
Christian, Alex, Donald - is there an in-progress patch for this available at
all?
2.7.7rc1 is bearing down on us quite rapidly. Given the likely magnitude of
this change, should we consider targeting 2.7.8, and give the OpenStack CI team
and others a greater
Alex Gaynor added the comment:
I have not started on this patch yet, I'd wanted to get the other, smaller,
backports done first. Unless someone else is planning on getting to this, I
think 2.7.8 is more realistic.
--
___
Python tracker
Donald Stufft added the comment:
I agree that 2.7.8 is more realistic. This particular backport is going to be
the most work due to the scope of it.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21308
Changes by Mark Nottingham m...@mnot.net:
--
nosy: +mnot
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21308
___
___
Python-bugs-list mailing list
Changes by Cory Benfield c...@lukasa.co.uk:
--
nosy: +Lukasa
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21308
___
___
Python-bugs-list mailing
New submission from Christian Heimes:
I'm interested to assist with all back port tickets as soon as my internet
connection is fixed. A technician is going to check my line again on Tuesday.
--
___
Python tracker rep...@bugs.python.org
Antoine Pitrou added the comment:
I'm not really interested to assist with backport tickets myself. You may nosy
me but I may not care at all :)
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21308
Changes by Nick Coghlan ncogh...@gmail.com:
--
nosy: alex, benjamin.peterson, christian.heimes, dstufft, giampaolo.rodola,
janssen, ncoghlan, pitrou
priority: normal
severity: normal
stage: needs patch
status: open
title: PEP 466: backport ssl changes
type: enhancement
versions: Python
Changes by Josh Rosenberg shadowranger+pyt...@gmail.com:
--
nosy: +josh.rosenberg
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21308
___
___
Changes by Gregory P. Smith g...@krypto.org:
--
nosy: +gregory.p.smith
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21308
___
___
63 matches
Mail list logo
