Message12972

Author	jeff.allen
Recipients	jeff.allen
Date	2020-02-03.20:43:46
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1580762626.64.0.480248923673.issue2858@roundup.psfhosted.org>
In-reply-to

Content
In a newly-installed v2.7.2b2 or b3, test_ssl fails like this: test test_ssl_jy failed -- Traceback (most recent call last): File "...\inst\Lib\test\test_ssl.py", line 940, in test_load_cert_chain ctx.load_cert_chain(CERTFILE_PROTECTED, password=KEY_PASSWORD) ... File "...\inst\Lib\_sslcerts.py", line 281, in _read_pem_cert_from_data key_pair = key_converter.getKeyPair(obj.decryptKeyPair(provider)) PEMException: org.python.bouncycastle.openssl.PEMException: Unable to create OpenSSL PBDKF: PBKDF-OpenSSL SecretKeyFactory not available This does not happen in the development configuration, nor if I introduce the Bouncy Castle JARs to the class path. It began after upgrading the JARs. It seems likely the cause is the shading of the JAR that we do when embedding it in jython.jar during the Ant build. We do not do this shading to all the JARs we depend on. Some we name-translate: org/python/apache/commons/compress org/python/bouncycastle And some we just copy: com/ziclix/python/sql jnr/ffi Options appear to be: 1. hope the cause is within our library and fix it. (But maybe it is a BC feature?) 2. include the library unshaded. (Not known if this would be a problem.)

In a newly-installed v2.7.2b2 or b3, test_ssl fails like this:

test test_ssl_jy failed -- Traceback (most recent call last):
  File "...\inst\Lib\test\test_ssl.py", line 940, in test_load_cert_chain
    ctx.load_cert_chain(CERTFILE_PROTECTED, password=KEY_PASSWORD)

  ...

  File "...\inst\Lib\_sslcerts.py", line 281, in _read_pem_cert_from_data
    key_pair = key_converter.getKeyPair(obj.decryptKeyPair(provider))
PEMException: org.python.bouncycastle.openssl.PEMException: Unable to create OpenSSL PBDKF: PBKDF-OpenSSL SecretKeyFactory not available


This does not happen in the development configuration, nor if I introduce the Bouncy Castle JARs to the class path. It began after upgrading the JARs.

It seems likely the cause is the shading of the JAR that we do when embedding it in jython.jar during the Ant build. We do not do this shading to all the JARs we depend on. Some we name-translate:

    org/python/apache/commons/compress
    org/python/bouncycastle

And some we just copy:

    com/ziclix/python/sql
    jnr/ffi

Options appear to be:

1. hope the cause is within our library and fix it. (But maybe it is a BC feature?)
2. include the library unshaded. (Not known if this would be a problem.)

History
Date	User	Action	Args
2020-02-03 20:43:46	jeff.allen	set	recipients: + jeff.allen
2020-02-03 20:43:46	jeff.allen	set	messageid: <1580762626.64.0.480248923673.issue2858@roundup.psfhosted.org>
2020-02-03 20:43:46	jeff.allen	link	issue2858 messages
2020-02-03 20:43:46	jeff.allen	create