[issue21356] Support LibreSSL (instead of OpenSSL): make RAND_egd optional

2015-01-06 Thread STINNER Victor 

Changes by STINNER Victor :


--
resolution:  -> fixed
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue21356] Support LibreSSL (instead of OpenSSL): make RAND_egd optional

2015-01-06 Thread STINNER Victor 

STINNER Victor added the comment:

Ok, Python 2.7, 3.4 and 3.5 can now be *compiled* with LibreSSL.

There are still issues with LibreSSL: see the new issue #23177.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue21356] Support LibreSSL (instead of OpenSSL): make RAND_egd optional

2015-01-06 Thread Roundup Robot 

Roundup Robot added the comment:

New changeset eddcb6671a48 by Victor Stinner in branch '2.7':
Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. The
https://hg.python.org/cpython/rev/eddcb6671a48

New changeset 7f82f50fdad0 by Victor Stinner in branch '3.4':
Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. The
https://hg.python.org/cpython/rev/7f82f50fdad0

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue21356] Support LibreSSL (instead of OpenSSL): make RAND_egd optional

2014-11-28 Thread Bernard Spil 

Bernard Spil added the comment:

Merged the patch from haypo back into the FreeBSD port for 2.7 at 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=192511
In the process I discovered during test_ssl that I had to patch Lib/socket.py 
as well to make RAND_egd conditional

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue21356] Support LibreSSL (instead of OpenSSL): make RAND_egd optional

2014-11-28 Thread STINNER Victor 

STINNER Victor added the comment:

> That is OK, as these 2 tests should fail with LibreSSL since SSLv2 and SSLv3 
> support has been removed from LibreSSL.

See the issue #22935.

I prefer to wait until this issue is fixed in Python 3.5, and that test_ssl 
pass on your PC, before backporting this change into Python 2.7 & 3.4.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue21356] Support LibreSSL (instead of OpenSSL): make RAND_egd optional

2014-11-28 Thread Bernard Spil 

Bernard Spil added the comment:

FAILED (failures=2, errors=2, skipped=5)
That is OK, as these 2 tests should fail with LibreSSL since SSLv2 and SSLv3 
support has been removed from LibreSSL.

ERROR: test_protocol_sslv23 (__main__.ThreadedTests)
ERROR: test_protocol_sslv3 (__main__.ThreadedTests)

--
Added file: http://bugs.python.org/file37304/test_ssl.log

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue21356] Support LibreSSL (instead of OpenSSL): make RAND_egd optional

2014-11-28 Thread STINNER Victor 

STINNER Victor added the comment:

Ok, here is a first commit to try to support LibreSSL in Python 3.5.

Can someone please test to compile Python 3.5 with LibreSSL and run the test 
suite (at least test_ssl) to check that everything is fine? If you confirm that 
the change is correct, I will backport it to Python 2.7 and 3.4. Please mention 
your version of LibreSSL, OS and OS version in your feedback. LibreSSL has 
different releases: 2.0 to 2.1.1. Which one was embeded in OpenBSD 5.6?
http://www.libressl.org/

Bernard Spil's patches don't apply on Python 3.5, I guess that they were 
written for Python 2.7. I also fixed test_ssl.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue21356] Support LibreSSL (instead of OpenSSL): make RAND_egd optional

2014-11-28 Thread Roundup Robot 

Roundup Robot added the comment:

New changeset 6f23bc5d480e by Victor Stinner in branch 'default':
Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. The
https://hg.python.org/cpython/rev/6f23bc5d480e

--
nosy: +python-dev

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue21356] Support LibreSSL (instead of OpenSSL): make RAND_egd optional

2014-11-28 Thread Antoine Pitrou 

Antoine Pitrou added the comment:

> I would prefer to follow the model of the os module: don't declare a function 
> if it is not supported by the OS.

I don't have any strong feelings, so let's do it like that. RAND_egd() isn't 
useful anyway.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue21356] Support LibreSSL (instead of OpenSSL): make RAND_egd optional

2014-11-28 Thread STINNER Victor 

STINNER Victor added the comment:

> I thikn RAND_egd() should probably raise NotImplementedError if the function 
> isn't exposed by the ssl library.

I would prefer to follow the model of the os module: don't declare a function 
if it is not supported by the OS.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue21356] Support LibreSSL (instead of OpenSSL): make RAND_egd optional

2014-11-28 Thread Bernard Spil 

Changes by Bernard Spil :


Removed file: http://bugs.python.org/file37299/patch-configure.ac

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue21356] Support LibreSSL (instead of OpenSSL): make RAND_egd optional

2014-11-28 Thread Bernard Spil 

Bernard Spil added the comment:

Remove https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=192365 patch from this 
patch-set

--
Added file: http://bugs.python.org/file37302/patch-configure.ac

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue21356] Support LibreSSL (instead of OpenSSL): make RAND_egd optional

2014-11-28 Thread STINNER Victor 

STINNER Victor added the comment:

> Victor: That is a change that has been implemented in the downstream port to 
> fix wxPython, see https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=192365 
> this ended up in this patch as my primary objective was to fix it for the 
> FreeBSD port.

It looks unrelated to LibreSSL, please split your patch in two parts and open a 
new issue for the wxPython fix.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue21356] Support LibreSSL (instead of OpenSSL): make RAND_egd optional

2014-11-28 Thread Bernard Spil 

Bernard Spil added the comment:

Victor: That is a change that has been implemented in the downstream port to 
fix wxPython, see https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=192365 this 
ended up in this patch as my primary objective was to fix it for the FreeBSD 
port.

Antoine: Sorry, I'm not a python dev... I'm willing to do the work if you can 
provide the guidance... This was merely a "works-for-me(TM)" patch. Since 
nothing actually uses egd any longer I would not spend to much effort on it. 
The odds of anyone requiring EGD support _and_ using LibreSSL are negligable. 
EGD is last centuries technology, there's no sense in mixing that with current 
tech.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue21356] Support LibreSSL (instead of OpenSSL): make RAND_egd optional

2014-11-28 Thread Antoine Pitrou 

Antoine Pitrou added the comment:

I thikn RAND_egd() should probably raise NotImplementedError if the function 
isn't exposed by the ssl library.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue21356] Support LibreSSL (instead of OpenSSL): make RAND_egd optional

2014-11-28 Thread STINNER Victor 

STINNER Victor added the comment:

patch-configure.ac:
-AC_DEFINE(__BSD_VISIBLE, 1, [Define on FreeBSD to activate all library 
features])

Why do you remove this define?

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue21356] Support LibreSSL (instead of OpenSSL): make RAND_egd optional

2014-11-28 Thread Bernard Spil 

Changes by Bernard Spil :


Removed file: http://bugs.python.org/file37242/patch-Modules__ssl.c

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue21356] Support LibreSSL (instead of OpenSSL): make RAND_egd optional

2014-11-28 Thread Bernard Spil 

Changes by Bernard Spil :


Added file: http://bugs.python.org/file37301/patch-Modules__ssl.c

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue21356] Support LibreSSL (instead of OpenSSL): make RAND_egd optional

2014-11-28 Thread Bernard Spil 

Changes by Bernard Spil :


Added file: http://bugs.python.org/file37300/patch-Lib_ssl.py

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue21356] Support LibreSSL (instead of OpenSSL): make RAND_egd optional

2014-11-28 Thread Bernard Spil 

Bernard Spil added the comment:

When configure is called with correct LDFLAGS and CPPFLAGS for LibreSSL these 
patches to configure, Modules/_ssl.c and Lib/_ssl.py will detect not having 
RAND_egd support in OpenSSL and make the build succeed.

--
Added file: http://bugs.python.org/file37299/patch-configure.ac

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue21356] Support LibreSSL (instead of OpenSSL): make RAND_egd optional

2014-11-21 Thread Bernard Spil 

Bernard Spil added the comment:

Hi, 

I think this can be found in LibreSSL's opensslv.h 
An ifdef LIBRESSL_VERSION_NUMBER should work

See 
https://github.com/libressl-portable/openbsd/blob/master/src/lib/libssl/src/crypto/opensslv.h

_ssl.c includes crypto.h which in turn includes opensslv.h so checking for 
LIBRESSL_VERSION_NUMBER should provide the correct check.

Attached patch does this in C whereas it should be checked for in configure and 
disabled with a HAS_RAND_egd
Have not figured out how to do this conditionally in Lib/ssl.py yet

--
Added file: http://bugs.python.org/file37242/patch-Modules__ssl.c

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue21356] Support LibreSSL (instead of OpenSSL): make RAND_egd optional

2014-11-20 Thread Antoine Pitrou 

Antoine Pitrou added the comment:

We're still willing to fix this if someone tells us how to test for LibreSSL in 
C code.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue21356] Support LibreSSL (instead of OpenSSL): make RAND_egd optional

2014-11-20 Thread STINNER Victor 

STINNER Victor added the comment:

We don't drop feature in minor releases, we are working hard to maintain the 
backward compatibility.

We may only disable RAND_egd if Python is compiled/linked to LibreSSL. So the 
check should probably be dynamic.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue21356] Support LibreSSL (instead of OpenSSL): make RAND_egd optional

2014-11-20 Thread Bernard Spil 

Bernard Spil added the comment:

EGD was only necessary for some commercial UNIX systems, versions that needed 
it all reached end of life. It no longer makes sense to have any code referring 
to it.

EGD needed untilOS release date
IRIX6.5.19  feb 2003
Solaris 2.6 jul 1997
AIX 5.2 oct 2002
Tru64   5.1Bsep 2002
HP-UX   11i v2  sep 2003

Please check OpenBSD's patches to remove EGD support from Python for many 
versions.
http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/lang/python/2.7/patches/patch-Lib_ssl_py
http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/lang/python/3.4/patches/patch-Lib_ssl_py
http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/lang/python/3.4/patches/patch-Lib_ssl_py

Alternatively see Gentoo's LibreSSL changes 
https://github.com/Sp1l/libressl/tree/master/dev-lang/python

--
nosy: +spil

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue21356] Support LibreSSL (instead of OpenSSL): make RAND_egd optional

2014-11-20 Thread koobs 

Changes by koobs :


--
nosy: +koobs

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue21356] Support LibreSSL (instead of OpenSSL): make RAND_egd optional

2014-10-01 Thread Andrej A Antonov 

Changes by Andrej A Antonov :


--
nosy: +polymorphm

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue21356] Support LibreSSL (instead of OpenSSL): make RAND_egd optional

2014-09-12 Thread Antoine Pitrou 

Antoine Pitrou added the comment:

> Unless I'm missing some major point, AC_CHECK_FUNC should be good enough.

Building extension modules such as ssl doesn't involve autoconf.

> Do you want to make silly assumptions on API depending on provider name, and 
> then add extra conditionals for versions?

Arguably it would be better if LibreSSL exposed the same API as OpenSSL. We're 
not responsible for the discrepancy here.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue21356] Support LibreSSL (instead of OpenSSL): make RAND_egd optional

2014-09-12 Thread Michał Górny 

Michał Górny added the comment:

> In CPython, the _ssl module is compiled in C. How can we check if libssl 
> provides RAND_egd() or not at compile time?

How about... checking whether the function is provided? Unless I'm missing some 
major point, AC_CHECK_FUNC should be good enough.

> Is there a way to check if libssl is OpenSSL or LibreSSL?

Why would you want to do that? Do you want to make silly assumptions on API 
depending on provider name, and then add extra conditionals for versions?

--
nosy: +mgorny

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue21356] Support LibreSSL (instead of OpenSSL): make RAND_egd optional

2014-09-04 Thread STINNER Victor 

STINNER Victor added the comment:

Related discussion:
http://marc.info/?l=openbsd-tech&m=140512043210089&w=2

The answer for Python is:
"your package maintainers and ask them to configure these software without egd 
support."

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue21356] Support LibreSSL (instead of OpenSSL): make RAND_egd optional

2014-09-04 Thread STINNER Victor 

STINNER Victor added the comment:

> The PyPy patch (and some discussion) is here:

Your patch checks at runtime if libssl comes with RAND_egd:

   HAVE_OPENSSL_RAND_EGD = rffi_platform.Has('RAND_egd')

In CPython, the _ssl module is compiled in C. How can we check if libssl 
provides RAND_egd() or not at compile time?

Is there a way to check if libssl is OpenSSL or LibreSSL?

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue21356] Support LibreSSL (instead of OpenSSL): make RAND_egd optional

2014-05-23 Thread Florent Xicluna 

Changes by Florent Xicluna :


--
nosy: +flox

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue21356] Support LibreSSL (instead of OpenSSL): make RAND_egd optional

2014-05-23 Thread Tobias Oberstein 

Changes by Tobias Oberstein :


--
nosy: +oberstet

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue21356] Support LibreSSL (instead of OpenSSL): make RAND_egd optional

2014-04-26 Thread STINNER Victor 

Changes by STINNER Victor :


--
title: LibreSSL/RAND_egd fix needed. -> Support LibreSSL (instead of OpenSSL): 
make RAND_egd optional

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com