Message12504
I updated the JARs for BouncyCastle from 1.57 to 1.61 (see #2742), but now I get a regression on Java 7 (but not 8 or later). At the moment, I don't understand why, so will add a skip citing this issue.
I'm making this a low priority while it has only been observed for Java 7.
The new failure as follows:
======================================================================
ERROR: test_load_cert_chain (__main__.ContextTests)
----------------------------------------------------------------------
Traceback (most recent call last):
File "D:\hg\jython-int\dist\Lib\test\test_ssl.py", line 820, in test_load_cert_chain
ctx.load_cert_chain(CERTFILE_PROTECTED, password=KEY_PASSWORD)
File "D:\hg\jython-int\dist\Lib\ssl.py", line 1128, in load_cert_chain
self._key_managers = _get_openssl_key_manager(certfile, keyfile, password, _key_store=self._key_store)
File "D:\hg\jython-int\dist\Lib\ssl.py", line 1128, in load_cert_chain
self._key_managers = _get_openssl_key_manager(certfile, keyfile, password, _key_store=self._key_store)
File "D:\hg\jython-int\dist\Lib\_sslcerts.py", line 123, in _get_openssl_key_manager
_certs, _private_key = _extract_certs_for_paths([cert_file], password)
File "D:\hg\jython-int\dist\Lib\_sslcerts.py", line 220, in _extract_certs_for_paths
_certs, _private_key = _extract_cert_from_data(f, password, key_converter, cert_converter)
File "D:\hg\jython-int\dist\Lib\_sslcerts.py", line 239, in _extract_cert_from_data
certs, private_key = _read_pem_cert_from_data(f, password, key_converter, cert_converter)
File "D:\hg\jython-int\dist\Lib\_sslcerts.py", line 281, in _read_pem_cert_from_data
key_pair = key_converter.getKeyPair(obj.decryptKeyPair(provider))
File "D:\hg\jython-int\dist\Lib\_sslcerts.py", line 281, in _read_pem_cert_from_data
key_pair = key_converter.getKeyPair(obj.decryptKeyPair(provider))
PEMException: org.bouncycastle.openssl.PEMException: Unable to create OpenSSL PBDKF: PBKDF-OpenSSL SecretKeyFactory not available
This looks identical to #2594, the resolution of which I never really understood. (The JARs are on the classpath: from where else would one get a org.bouncycastle.openssl.PEMException?)
There's already a version-sensitive part to this test, making a special case of versions less than 9. This tweak is before we reach the new failure, and it doesn't seem to be about quite the same thing. But this I don't understand this tweak either, and removing does not cause failures, although it may have previously. |
|
Date |
User |
Action |
Args |
2019-05-12 06:20:59 | jeff.allen | set | recipients:
+ jeff.allen, zyasoft |
2019-05-12 06:20:59 | jeff.allen | set | messageid: <1557642059.3.0.50290271836.issue2770@roundup.psfhosted.org> |
2019-05-12 06:20:59 | jeff.allen | link | issue2770 messages |
2019-05-12 06:20:58 | jeff.allen | create | |
|