Python
使用自定義 openssl 安裝從原始碼安裝 Python 3.7:test_ssl 失敗
為了能夠在沒有 root 權限的情況下在 Ubuntu 伺服器上從原始碼安裝 Python,我必須安裝
openssl,我使用以下命令進行了安裝:wget https://www.openssl.org/source/openssl-1.1.1e.tar.gz tar -xzvf openssl-1.1.1e.tar.gz cd openssl-1.1.1e ./config --prefix=${HOME}/.local/openssl --openssldir=${HOME}/.local/openssl make -j$(nproc) make install_sw然後我在中設置以下內容
~/.bashrc:export PATH=$HOME/.local/openssl/bin:$PATH export LD_LIBRARY_PATH=$HOME/.local/openssl/lib:$LD_LIBRARY_PATH並創建了一個從新
certs文件夾到現有文件夾的符號連結(此步驟是必要的):ln -s /etc/ssl/certs $HOME/.local/openssl/certs然後我開始安裝 Python 3.7.7:
wget https://www.python.org/ftp/python/3.7.7/Python-3.7.7.tgz tar -xzvf Python-3.7.7.tgz cd Python-3.7.7 ./configure --enable-shared --enable-optimizations --with-openssl=${HOME}/.local/openssl --prefix=${HOME}/.local make -j$(nproc)我獲得了:
== Tests result: FAILURE == 385 tests OK. 4 tests failed: test_imaplib test_ssl test_tarfile test_urllib2_localnet 27 tests skipped: test_bz2 test_curses test_dbm_gnu test_dbm_ndbm test_devpoll test_idle test_kqueue test_msilib test_ossaudiodev test_smtpnet test_socketserver test_sqlite test_startfile test_tcl test_timeout test_tix test_tk test_ttk_guionly test_ttk_textonly test_turtle test_urllib2net test_urllibnet test_winconsoleio test_winreg test_winsound test_xmlrpc_net test_zipfile64SSL 似乎是最關鍵的,所以我以詳細模式再次執行它以獲得更多細節:
./python -m test -v test_ssl我獲得了:
== CPython 3.7.7 (default, Mar 18 2020, 23:27:01) [GCC 6.3.0 20170516] == Linux-4.9.0-11-amd64-x86_64-with-debian-9.12 little-endian == cwd: /home/user/Python-3.7.7/build/test_python_25131 == CPU count: 16 == encodings: locale=UTF-8, FS=utf-8 0:00:00 load avg: 4.03 Run tests sequentially 0:00:00 load avg: 4.03 [1/1] test_ssl test_ssl: testing with 'OpenSSL 1.1.1e 17 Mar 2020' (1, 1, 1, 5, 15) under Linux ('debian', '9.12', '') HAS_SNI = True OP_ALL = 0x80000054 OP_NO_TLSv1_1 = 0x10000000 test__create_stdlib_context (test.test_ssl.ContextTests) ... ok ...etc... test_ciphers (test.test_ssl.SimpleBackgroundTests) ... server: new connection from ('127.0.0.1', 40460) server: connection cipher is now ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256) server: selected protocol is now None Test server failure: Traceback (most recent call last): File "/home/user/Python-3.7.7/Lib/test/test_ssl.py", line 2392, in run msg = self.read() File "/home/user/Python-3.7.7/Lib/test/test_ssl.py", line 2369, in read return self.sslconn.read() File "/home/user/Python-3.7.7/Lib/ssl.py", line 931, in read return self._sslobj.read(len) OSError: [Errno 0] Error ERROR ...etc... server: bad connection attempt from ('127.0.0.1', 46120): Traceback (most recent call last): File "/home/user/Python-3.7.7/Lib/test/test_ssl.py", line 2313, in wrap_conn self.sock, server_side=True) File "/home/user/Python-3.7.7/Lib/ssl.py", line 423, in wrap_socket session=session File "/home/user/Python-3.7.7/Lib/ssl.py", line 870, in _create self.do_handshake() File "/home/user/Python-3.7.7/Lib/ssl.py", line 1139, in do_handshake self._sslobj.do_handshake() ssl.SSLError: [SSL: SSLV3_ALERT_BAD_CERTIFICATE] sslv3 alert bad certificate (_ssl.c:1076) ok ====================================================================== ERROR: test_session_handling (test.test_ssl.ThreadedTests) ---------------------------------------------------------------------- Traceback (most recent call last): File "/home/user/Python-3.7.7/Lib/test/test_ssl.py", line 4344, in test_session_handling s.connect((HOST, server.port)) File "/home/user/Python-3.7.7/Lib/ssl.py", line 1172, in connect self._real_connect(addr, False) File "/home/user/Python-3.7.7/Lib/ssl.py", line 1159, in _real_connect super().connect(addr) ConnectionRefusedError: [Errno 111] Connection refused ====================================================================== ERROR: test_tls_unique_channel_binding (test.test_ssl.ThreadedTests) Test tls-unique channel binding. ---------------------------------------------------------------------- Traceback (most recent call last): File "/home/user/Python-3.7.7/Lib/test/test_ssl.py", line 3925, in test_tls_unique_channel_binding s.connect((HOST, server.port)) File "/home/user/Python-3.7.7/Lib/ssl.py", line 1172, in connect self._real_connect(addr, False) File "/home/user/Python-3.7.7/Lib/ssl.py", line 1163, in _real_connect self.do_handshake() File "/home/user/Python-3.7.7/Lib/ssl.py", line 1139, in do_handshake self._sslobj.do_handshake() ConnectionResetError: [Errno 104] Connection reset by peer ---------------------------------------------------------------------- Ran 153 tests in 4.000s FAILED (errors=8, skipped=8) test test_ssl failed test_ssl failed == Tests result: FAILURE == 1 test failed: test_ssl Total duration: 4.1 sec Tests result: FAILURE我似乎仍然對證書有疑問。
對於您解決此問題的幫助,我將不勝感激。非常感謝您!
由於 OpenSSL 1.1.1e 中的行為更改,測試失敗。現在嘗試使用 OpenSSL 1.1.1d。有關更多資訊,請參閱https://bugs.python.org/issue40018。