Doing same test on bionic, but first unpacking libssl1.1 from the silo ppa, withough upgrading python-boto
$ sudo dpkg-deb -x ./libssl1.1_1.1.1-1ubuntu2.1~18.04.0_amd64.deb / And getting the error: $ dpkg-query -W python-boto python-boto 2.44.0-1ubuntu2 SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:726) With: $ dpkg-query -W libssl1.1 python-boto libssl1.1:amd64 1.1.1-1ubuntu2.1~18.04.0 python-boto 2.44.0-1ubuntu2.18.04.0 Things are fine, and i get the results back quickly. ** Tags removed: verification-needed verification-needed-bionic ** Tags added: verification-done verification-done-bionic ** Description changed: [Impact] * OpenSSL 1.1.1 performs SNI hostname verification, therefore hostname SSL context option must be set when establishing the connection, otherwise, validation of SNI certificates fail and thus resulting in lack of connectivity. [Test Case] - * use python-boto to connect to an SNI tls protected host + * use python-boto to connect to an SNI tls protected host, e.g. GCE + google storage using legacy .boto [Regression Potential] * change is compatible with pythons/openssl versions shipped in bionic/cosmic-release * change is from upstream / tested in debian & disco * change improves security, and is compatible with deployed servers out there * hosts with certificates not matching their actual hostname will remain invalid/untrusted [Additional info] To install python & openssl 1.1.1 on Bionic you may enable and use the below silo, which will then exhibit the enforcement of SNI hostname verification. sudo add-apt-repository ppa:ci-train-ppa-service/3473 sudo apt-get update -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1815439 Title: python-boto needs to support SNI for OpenSSL 1.1.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-boto/+bug/1815439/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
