사용자 정의 openssl 설치를 사용하여 소스에서 Python 3.7 설치: test_ssl 실패 [닫기]

사용자 정의 openssl 설치를 사용하여 소스에서 Python 3.7 설치: test_ssl 실패 [닫기]

루트 권한 없이 Ubuntu 서버의 소스에서 Python을 설치하려면 openssl다음 명령을 사용하여 Python을 설치해야 했습니다.

wget https://www.openssl.org/source/openssl-1.1.1e.tar.gz
tar -xzvf openssl-1.1.1e.tar.gz
cd openssl-1.1.1e
./config --prefix=${HOME}/.local/openssl --openssldir=${HOME}/.local/openssl
make -j$(nproc)
make install_sw

그런 다음 다음을 설정했습니다 ~/.bashrc.

export PATH=$HOME/.local/openssl/bin:$PATH
export LD_LIBRARY_PATH=$HOME/.local/openssl/lib:$LD_LIBRARY_PATH

certs새 폴더에서 기존 폴더로의 심볼릭 링크를 만들었습니다 (이 단계가 필요합니다):

ln -s /etc/ssl/certs $HOME/.local/openssl/certs

그런 다음 Python 3.7.7을 설치하기 시작했습니다.

wget https://www.python.org/ftp/python/3.7.7/Python-3.7.7.tgz
tar -xzvf Python-3.7.7.tgz
cd Python-3.7.7
./configure --enable-shared --enable-optimizations --with-openssl=${HOME}/.local/openssl --prefix=${HOME}/.local
make -j$(nproc)

나는 얻다:

== Tests result: FAILURE ==

385 tests OK.

4 tests failed:
    test_imaplib test_ssl test_tarfile test_urllib2_localnet

27 tests skipped:
    test_bz2 test_curses test_dbm_gnu test_dbm_ndbm test_devpoll
    test_idle test_kqueue test_msilib test_ossaudiodev test_smtpnet
    test_socketserver test_sqlite test_startfile test_tcl test_timeout
    test_tix test_tk test_ttk_guionly test_ttk_textonly test_turtle
    test_urllib2net test_urllibnet test_winconsoleio test_winreg
    test_winsound test_xmlrpc_net test_zipfile64

SSL이 가장 중요한 것 같아서 자세한 내용을 확인하기 위해 상세 모드에서 다시 실행했습니다.

./python -m test -v test_ssl

나는 얻다:

== CPython 3.7.7 (default, Mar 18 2020, 23:27:01) [GCC 6.3.0 20170516]
== Linux-4.9.0-11-amd64-x86_64-with-debian-9.12 little-endian
== cwd: /home/user/Python-3.7.7/build/test_python_25131
== CPU count: 16
== encodings: locale=UTF-8, FS=utf-8
0:00:00 load avg: 4.03 Run tests sequentially
0:00:00 load avg: 4.03 [1/1] test_ssl
test_ssl: testing with 'OpenSSL 1.1.1e  17 Mar 2020' (1, 1, 1, 5, 15)
          under Linux ('debian', '9.12', '')
          HAS_SNI = True
          OP_ALL = 0x80000054
          OP_NO_TLSv1_1 = 0x10000000
test__create_stdlib_context (test.test_ssl.ContextTests) ... ok
...etc...
test_ciphers (test.test_ssl.SimpleBackgroundTests) ...  server:  new connection from ('127.0.0.1', 40460)
 server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
 server: selected protocol is now None
Test server failure:
Traceback (most recent call last):
   File "/home/user/Python-3.7.7/Lib/test/test_ssl.py", line 2392, in run
    msg = self.read()
   File "/home/user/Python-3.7.7/Lib/test/test_ssl.py", line 2369, in read
    return self.sslconn.read()
   File "/home/user/Python-3.7.7/Lib/ssl.py", line 931, in read
    return self._sslobj.read(len)
 OSError: [Errno 0] Error
ERROR
...etc...

 server:  bad connection attempt from ('127.0.0.1', 46120):
Traceback (most recent call last):
   File "/home/user/Python-3.7.7/Lib/test/test_ssl.py", line 2313, in wrap_conn
    self.sock, server_side=True)
   File "/home/user/Python-3.7.7/Lib/ssl.py", line 423, in wrap_socket
    session=session
   File "/home/user/Python-3.7.7/Lib/ssl.py", line 870, in _create
    self.do_handshake()
   File "/home/user/Python-3.7.7/Lib/ssl.py", line 1139, in do_handshake
    self._sslobj.do_handshake()
 ssl.SSLError: [SSL: SSLV3_ALERT_BAD_CERTIFICATE] sslv3 alert bad certificate (_ssl.c:1076)
ok
======================================================================
ERROR: test_session_handling (test.test_ssl.ThreadedTests)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/user/Python-3.7.7/Lib/test/test_ssl.py", line 4344, in test_session_handling
    s.connect((HOST, server.port))
  File "/home/user/Python-3.7.7/Lib/ssl.py", line 1172, in connect
    self._real_connect(addr, False)
  File "/home/user/Python-3.7.7/Lib/ssl.py", line 1159, in _real_connect
    super().connect(addr)
ConnectionRefusedError: [Errno 111] Connection refused

======================================================================
ERROR: test_tls_unique_channel_binding (test.test_ssl.ThreadedTests)
Test tls-unique channel binding.
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/user/Python-3.7.7/Lib/test/test_ssl.py", line 3925, in test_tls_unique_channel_binding
    s.connect((HOST, server.port))
  File "/home/user/Python-3.7.7/Lib/ssl.py", line 1172, in connect
    self._real_connect(addr, False)
  File "/home/user/Python-3.7.7/Lib/ssl.py", line 1163, in _real_connect
    self.do_handshake()
  File "/home/user/Python-3.7.7/Lib/ssl.py", line 1139, in do_handshake
    self._sslobj.do_handshake()
ConnectionResetError: [Errno 104] Connection reset by peer

----------------------------------------------------------------------

Ran 153 tests in 4.000s

FAILED (errors=8, skipped=8)
test test_ssl failed
test_ssl failed

== Tests result: FAILURE ==

1 test failed:
    test_ssl

Total duration: 4.1 sec
Tests result: FAILURE

아직 인증서 문제가 있는 것 같습니다.

이 문제를 해결하는 데 도움을 주셔서 대단히 감사합니다. 미리 감사드립니다!

답변1

OpenSSL 1.1.1e의 동작 변경으로 인해 테스트가 실패합니다. 이제 OpenSSL 1.1.1d를 사용해 보세요. 바라보다https://bugs.python.org/issue40018더 많은 정보를 알고 싶습니다.

관련 정보