Message12504

Author	jeff.allen
Recipients	jeff.allen, zyasoft
Date	2019-05-12.06:20:58
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1557642059.3.0.50290271836.issue2770@roundup.psfhosted.org>
In-reply-to

Content
I updated the JARs for BouncyCastle from 1.57 to 1.61 (see #2742), but now I get a regression on Java 7 (but not 8 or later). At the moment, I don't understand why, so will add a skip citing this issue. I'm making this a low priority while it has only been observed for Java 7. The new failure as follows: ====================================================================== ERROR: test_load_cert_chain (__main__.ContextTests) ---------------------------------------------------------------------- Traceback (most recent call last): File "D:\hg\jython-int\dist\Lib\test\test_ssl.py", line 820, in test_load_cert_chain ctx.load_cert_chain(CERTFILE_PROTECTED, password=KEY_PASSWORD) File "D:\hg\jython-int\dist\Lib\ssl.py", line 1128, in load_cert_chain self._key_managers = _get_openssl_key_manager(certfile, keyfile, password, _key_store=self._key_store) File "D:\hg\jython-int\dist\Lib\ssl.py", line 1128, in load_cert_chain self._key_managers = _get_openssl_key_manager(certfile, keyfile, password, _key_store=self._key_store) File "D:\hg\jython-int\dist\Lib\_sslcerts.py", line 123, in _get_openssl_key_manager _certs, _private_key = _extract_certs_for_paths([cert_file], password) File "D:\hg\jython-int\dist\Lib\_sslcerts.py", line 220, in _extract_certs_for_paths _certs, _private_key = _extract_cert_from_data(f, password, key_converter, cert_converter) File "D:\hg\jython-int\dist\Lib\_sslcerts.py", line 239, in _extract_cert_from_data certs, private_key = _read_pem_cert_from_data(f, password, key_converter, cert_converter) File "D:\hg\jython-int\dist\Lib\_sslcerts.py", line 281, in _read_pem_cert_from_data key_pair = key_converter.getKeyPair(obj.decryptKeyPair(provider)) File "D:\hg\jython-int\dist\Lib\_sslcerts.py", line 281, in _read_pem_cert_from_data key_pair = key_converter.getKeyPair(obj.decryptKeyPair(provider)) PEMException: org.bouncycastle.openssl.PEMException: Unable to create OpenSSL PBDKF: PBKDF-OpenSSL SecretKeyFactory not available This looks identical to #2594, the resolution of which I never really understood. (The JARs are on the classpath: from where else would one get a org.bouncycastle.openssl.PEMException?) There's already a version-sensitive part to this test, making a special case of versions less than 9. This tweak is before we reach the new failure, and it doesn't seem to be about quite the same thing. But this I don't understand this tweak either, and removing does not cause failures, although it may have previously.

I updated the JARs for BouncyCastle from 1.57 to 1.61 (see #2742), but now I get a regression on Java 7 (but not 8 or later). At the moment, I don't understand why, so will add a skip citing this issue.

I'm making this a low priority while it has only been observed for Java 7.

The new failure as follows:

======================================================================
ERROR: test_load_cert_chain (__main__.ContextTests)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "D:\hg\jython-int\dist\Lib\test\test_ssl.py", line 820, in test_load_cert_chain
    ctx.load_cert_chain(CERTFILE_PROTECTED, password=KEY_PASSWORD)
  File "D:\hg\jython-int\dist\Lib\ssl.py", line 1128, in load_cert_chain
    self._key_managers = _get_openssl_key_manager(certfile, keyfile, password, _key_store=self._key_store)
  File "D:\hg\jython-int\dist\Lib\ssl.py", line 1128, in load_cert_chain
    self._key_managers = _get_openssl_key_manager(certfile, keyfile, password, _key_store=self._key_store)
  File "D:\hg\jython-int\dist\Lib\_sslcerts.py", line 123, in _get_openssl_key_manager
    _certs, _private_key = _extract_certs_for_paths([cert_file], password)
  File "D:\hg\jython-int\dist\Lib\_sslcerts.py", line 220, in _extract_certs_for_paths
    _certs, _private_key = _extract_cert_from_data(f, password, key_converter, cert_converter)
  File "D:\hg\jython-int\dist\Lib\_sslcerts.py", line 239, in _extract_cert_from_data
    certs, private_key = _read_pem_cert_from_data(f, password, key_converter, cert_converter)
  File "D:\hg\jython-int\dist\Lib\_sslcerts.py", line 281, in _read_pem_cert_from_data
    key_pair = key_converter.getKeyPair(obj.decryptKeyPair(provider))
  File "D:\hg\jython-int\dist\Lib\_sslcerts.py", line 281, in _read_pem_cert_from_data
    key_pair = key_converter.getKeyPair(obj.decryptKeyPair(provider))
PEMException: org.bouncycastle.openssl.PEMException: Unable to create OpenSSL PBDKF: PBKDF-OpenSSL SecretKeyFactory not available

This looks identical to #2594, the resolution of which I never really understood. (The JARs are on the classpath: from where else would one get a org.bouncycastle.openssl.PEMException?)

There's already a version-sensitive part to this test, making a special case of versions less than 9. This tweak is before we reach the new failure, and it doesn't seem to be about quite the same thing. But this I don't understand this tweak either, and removing does not cause failures, although it may have previously.

History
Date	User	Action	Args
2019-05-12 06:20:59	jeff.allen	set	recipients: + jeff.allen, zyasoft
2019-05-12 06:20:59	jeff.allen	set	messageid: <1557642059.3.0.50290271836.issue2770@roundup.psfhosted.org>
2019-05-12 06:20:59	jeff.allen	link	issue2770 messages
2019-05-12 06:20:58	jeff.allen	create