STINNER Victor added the comment:
Ok, Python 2.7, 3.4 and 3.5 can now be *compiled* with LibreSSL.
There are still issues with LibreSSL: see the new issue #23177.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21356
Changes by STINNER Victor victor.stin...@gmail.com:
--
resolution: - fixed
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21356
___
Roundup Robot added the comment:
New changeset eddcb6671a48 by Victor Stinner in branch '2.7':
Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. The
https://hg.python.org/cpython/rev/eddcb6671a48
New changeset 7f82f50fdad0 by Victor Stinner in branch '3.4':
Issue #21356: Make
Bernard Spil added the comment:
When configure is called with correct LDFLAGS and CPPFLAGS for LibreSSL these
patches to configure, Modules/_ssl.c and Lib/_ssl.py will detect not having
RAND_egd support in OpenSSL and make the build succeed.
--
Added file:
Changes by Bernard Spil pyt...@bachfreund.nl:
Added file: http://bugs.python.org/file37300/patch-Lib_ssl.py
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21356
___
Changes by Bernard Spil pyt...@bachfreund.nl:
Added file: http://bugs.python.org/file37301/patch-Modules__ssl.c
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21356
___
Changes by Bernard Spil pyt...@bachfreund.nl:
Removed file: http://bugs.python.org/file37242/patch-Modules__ssl.c
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21356
___
STINNER Victor added the comment:
patch-configure.ac:
-AC_DEFINE(__BSD_VISIBLE, 1, [Define on FreeBSD to activate all library
features])
Why do you remove this define?
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21356
Antoine Pitrou added the comment:
I thikn RAND_egd() should probably raise NotImplementedError if the function
isn't exposed by the ssl library.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21356
Bernard Spil added the comment:
Victor: That is a change that has been implemented in the downstream port to
fix wxPython, see https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=192365 this
ended up in this patch as my primary objective was to fix it for the FreeBSD
port.
Antoine: Sorry, I'm
STINNER Victor added the comment:
Victor: That is a change that has been implemented in the downstream port to
fix wxPython, see https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=192365
this ended up in this patch as my primary objective was to fix it for the
FreeBSD port.
It looks
Bernard Spil added the comment:
Remove https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=192365 patch from this
patch-set
--
Added file: http://bugs.python.org/file37302/patch-configure.ac
___
Python tracker rep...@bugs.python.org
Changes by Bernard Spil pyt...@bachfreund.nl:
Removed file: http://bugs.python.org/file37299/patch-configure.ac
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21356
___
STINNER Victor added the comment:
I thikn RAND_egd() should probably raise NotImplementedError if the function
isn't exposed by the ssl library.
I would prefer to follow the model of the os module: don't declare a function
if it is not supported by the OS.
--
Antoine Pitrou added the comment:
I would prefer to follow the model of the os module: don't declare a function
if it is not supported by the OS.
I don't have any strong feelings, so let's do it like that. RAND_egd() isn't
useful anyway.
--
___
Roundup Robot added the comment:
New changeset 6f23bc5d480e by Victor Stinner in branch 'default':
Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. The
https://hg.python.org/cpython/rev/6f23bc5d480e
--
nosy: +python-dev
___
Python
STINNER Victor added the comment:
Ok, here is a first commit to try to support LibreSSL in Python 3.5.
Can someone please test to compile Python 3.5 with LibreSSL and run the test
suite (at least test_ssl) to check that everything is fine? If you confirm that
the change is correct, I will
Bernard Spil added the comment:
FAILED (failures=2, errors=2, skipped=5)
That is OK, as these 2 tests should fail with LibreSSL since SSLv2 and SSLv3
support has been removed from LibreSSL.
ERROR: test_protocol_sslv23 (__main__.ThreadedTests)
ERROR: test_protocol_sslv3 (__main__.ThreadedTests)
STINNER Victor added the comment:
That is OK, as these 2 tests should fail with LibreSSL since SSLv2 and SSLv3
support has been removed from LibreSSL.
See the issue #22935.
I prefer to wait until this issue is fixed in Python 3.5, and that test_ssl
pass on your PC, before backporting this
Bernard Spil added the comment:
Merged the patch from haypo back into the FreeBSD port for 2.7 at
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=192511
In the process I discovered during test_ssl that I had to patch Lib/socket.py
as well to make RAND_egd conditional
--
Bernard Spil added the comment:
Hi,
I think this can be found in LibreSSL's opensslv.h
An ifdef LIBRESSL_VERSION_NUMBER should work
See
https://github.com/libressl-portable/openbsd/blob/master/src/lib/libssl/src/crypto/opensslv.h
_ssl.c includes crypto.h which in turn includes opensslv.h
Changes by koobs koobs.free...@gmail.com:
--
nosy: +koobs
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21356
___
___
Python-bugs-list mailing
Bernard Spil added the comment:
EGD was only necessary for some commercial UNIX systems, versions that needed
it all reached end of life. It no longer makes sense to have any code referring
to it.
EGD needed untilOS release date
IRIX6.5.19 feb 2003
Solaris
STINNER Victor added the comment:
We don't drop feature in minor releases, we are working hard to maintain the
backward compatibility.
We may only disable RAND_egd if Python is compiled/linked to LibreSSL. So the
check should probably be dynamic.
--
Antoine Pitrou added the comment:
We're still willing to fix this if someone tells us how to test for LibreSSL in
C code.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21356
___
Changes by Andrej A Antonov polymor...@gmail.com:
--
nosy: +polymorphm
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21356
___
___
Michał Górny added the comment:
In CPython, the _ssl module is compiled in C. How can we check if libssl
provides RAND_egd() or not at compile time?
How about... checking whether the function is provided? Unless I'm missing some
major point, AC_CHECK_FUNC should be good enough.
Is there a
Antoine Pitrou added the comment:
Unless I'm missing some major point, AC_CHECK_FUNC should be good enough.
Building extension modules such as ssl doesn't involve autoconf.
Do you want to make silly assumptions on API depending on provider name, and
then add extra conditionals for
STINNER Victor added the comment:
The PyPy patch (and some discussion) is here:
Your patch checks at runtime if libssl comes with RAND_egd:
HAVE_OPENSSL_RAND_EGD = rffi_platform.Has('RAND_egd')
In CPython, the _ssl module is compiled in C. How can we check if libssl
provides RAND_egd()
STINNER Victor added the comment:
Related discussion:
http://marc.info/?l=openbsd-techm=140512043210089w=2
The answer for Python is:
your package maintainers and ask them to configure these software without egd
support.
--
___
Python tracker
Changes by Tobias Oberstein tobias.oberst...@tavendo.de:
--
nosy: +oberstet
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21356
___
___
Changes by Florent Xicluna florent.xicl...@gmail.com:
--
nosy: +flox
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21356
___
___
Python-bugs-list
Changes by STINNER Victor victor.stin...@gmail.com:
--
title: LibreSSL/RAND_egd fix needed. - Support LibreSSL (instead of OpenSSL):
make RAND_egd optional
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21356
33 matches
Mail list logo
