Bug 217703 - lang/python36: Remove BROKEN_SSL for openssl-devel
Summary: lang/python36: Remove BROKEN_SSL for openssl-devel
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Po-Chuan Hsieh
URL: https://bugs.python.org/issue29697
Depends on:
Reported: 2017-03-11 11:34 UTC by Melvyn Sopacua
Modified: 2018-02-01 03:09 UTC (History)
7 users (show)

See Also:
koobs: maintainer-feedback+

Fix port (409 bytes, patch)
2017-04-24 15:11 UTC, Melvyn Sopacua
no flags Details | Diff
Buildlog (87.14 KB, application/octet-stream)
2017-04-24 15:14 UTC, Melvyn Sopacua
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Melvyn Sopacua 2017-03-11 11:34:06 UTC
When repocopy was done from lang/python35 the BROKEN line was not removed. Python 3.6 has always been compatible with OpenSSL 1.1 and never suffered from this issue.
Comment 1 Kubilay Kocak freebsd_committer freebsd_triage 2017-04-23 05:01:23 UTC
@Melvyn, could you provide a patch to the port with the proposed change as well as confirmation (and/or build/poudriere/qa log) that the port builds and packages correctly with the current version of openssl-devel.
Comment 2 Melvyn Sopacua 2017-04-24 14:43:16 UTC
3.6.1 is currently the only official release that builds and works correctly (EC certs broken in 3.6.0 and 3.5-) with OpenSSL 1.1.0.  For details see bpo 29697 [1].

Don't have the time to dink around with poudriere, but I'll attach build log and patch shortly.

[1] http://bugs.python.org/issue29697
Comment 3 Melvyn Sopacua 2017-04-24 15:11:44 UTC
Created attachment 182043 [details]
Fix port
Comment 4 Melvyn Sopacua 2017-04-24 15:14:29 UTC
Created attachment 182044 [details]
Comment 5 commit-hook freebsd_committer 2017-05-27 19:31:22 UTC
A commit references this bug:

Author: sunpoet
Date: Sat May 27 19:30:34 UTC 2017
New revision: 441865
URL: https://svnweb.freebsd.org/changeset/ports/441865


  PR:		217703
  Submitted by:	Melvyn Sopacua <m.r.sopacua@gmail.com>

Comment 6 Po-Chuan Hsieh freebsd_committer 2017-05-27 19:33:25 UTC
Committed. Thanks!
Comment 7 Kubilay Kocak freebsd_committer freebsd_triage 2017-05-28 05:54:53 UTC
Re-open pending MFH, as the quarterly port is presumably still affected (add comment and re-close if not)
Comment 8 Melvyn Sopacua 2017-06-09 12:04:30 UTC
Mat broke it again.

Can you paste full buildlog and showconfig here, since obviously, it can be built with your commit reverted:

tar -tf /var/packages/jobboo/All/python36-3.6.1_2.txz | grep '_ssl.so$'
Comment 9 Mathieu Arnold freebsd_committer 2017-06-09 12:22:15 UTC
I did not such thing. I marked it as BROKEN because it was not building, with the error I gave.

Here is the build log:
Comment 10 Kubilay Kocak freebsd_committer freebsd_triage 2017-06-09 12:58:38 UTC
@Melvyn This issue is/was to remove the BROKEN mark, which was (originally) completed (but still pending MFH). 

Please create a separate issue for the new failure with summary:

lang/python36: Fails to package (ssl.so Undefined symbol "SSL_get0_next_proto_negotiated"

If you could add this Issue URL to the new issue's "See Also" field, and add the failed build log as an attachment that would be great
Comment 11 Kubilay Kocak freebsd_committer freebsd_triage 2017-06-09 12:58:55 UTC
No response on MFH, cancelling and closing
Comment 12 Kubilay Kocak freebsd_committer freebsd_triage 2017-06-09 13:00:32 UTC
@Melvyn Please also CC the openssl and openssl-devel maintainers (if they are different)
Comment 13 commit-hook freebsd_committer 2017-06-09 19:46:59 UTC
A commit references this bug:

Author: feld
Date: Fri Jun  9 19:46:11 UTC 2017
New revision: 443039
URL: https://svnweb.freebsd.org/changeset/ports/443039

  MFH: r441865


  PR:		217703
  Submitted by:	Melvyn Sopacua <m.r.sopacua@gmail.com>

_U  branches/2017Q2/
Comment 14 Melvyn Sopacua 2017-06-10 14:23:02 UTC
Update, for reference:

This is an issue in Python upstream.

Python uses #ifdef OPENSSL_NPN_NEGOTIATED to detect support. This is always defined in the OpenSSL 1.1 header (as opposed to OpenSSL 1.0.2 and earlier) and the symbols are guarded by #ifndef OPENSSL_NO_NEXTPROTONEG.

The combo yields Python enabling support, but it not being available.

This has been wrong from Python since the beginning, since the first commit introducing NPN already defined OPENSSL_NO_NEXTPROTONEG [1], but they've been able to get away with it till now.

Of course, a variable saying something is not disabled, is a braindead concept in OpenSSL general source, as you can't detect if it's disabled if it is not born yet (in earlier versions).

Working on a patch for upstream.

@koobs I assume separate report if I'd like that patch included in the ports tree?

[1] https://github.com/openssl/openssl/commit/68b33cc5c7aa1bb98e95bfb4b61c34192a7a50e3
Comment 15 Kubilay Kocak freebsd_committer freebsd_triage 2017-06-16 05:26:33 UTC
(In reply to Melvyn Sopacua from comment #14)

Yes please Melvyn. Please also cc python@ on creation of that issue, and feel free to add me (user: koobs) to the 'nosy' list in the python bug tracker.
Comment 16 vali gholami 2017-11-26 20:46:47 UTC