DEP8 failure: deprecation warning on stderr
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
stunnel4 (Ubuntu) |
Fix Released
|
Undecided
|
Andreas Hasenack |
Bug Description
stunnel currently fails dep8 tests because it emits this warning in stderr:
/tmp/autopkgtes
Indeed, PROTOCOL_TLS was deprecated in python 3.10, and the code should use either PROTOCOL_TLS_CLIENT or PROTOCOL_
The correct substitution in this code is to use PROTOCOL_
ssl.
Auto-negotiate the highest protocol version that both the client and server support, and configure the context client-side connections. The protocol enables CERT_REQUIRED and check_hostname by default.
This makes the test fail when it uses the ip (127.0.0.1) to connect to localhost instead of "localhost", because the test certificate has a CN of "localhost":
Failed to connect to 127.0.0.1:6503: [SSL: CERTIFICATE_
Alternatives:
- allow stderr in the test
- use PROTOCOL_TLS_CLIENT but also set check_hostname in the context to False, mimicking what we had before with just PROTOCOL_TLS
- add IP:127.0.0.1 to subjectAltName in the test certificate (untested)
Related branches
- Sergio Durigan Junior (community): Approve
- Canonical Server: Pending requested
-
Diff: 208 lines (+97/-47)8 files modifieddebian/changelog (+13/-0)
debian/control (+2/-1)
debian/patches/07-ssl_op_bit-is-reserved.patch (+29/-0)
debian/patches/series (+1/-0)
debian/tests/certs/README.txt (+5/-0)
debian/tests/certs/certificate.pem (+20/-19)
debian/tests/certs/key.pem (+26/-26)
debian/tests/python/struntime/__main__.py (+1/-1)
Changed in stunnel4 (Ubuntu): | |
assignee: | nobody → Andreas Hasenack (ahasenack) |
status: | New → In Progress |
uploaded