Uploaded image for project: 'Python Driver'
  1. Python Driver
  2. PYTHON-3042

Migrate OCSP testing to Ubuntu 20.04

XMLWordPrintableJSON

    • Type: Icon: Task Task
    • Resolution: Fixed
    • Priority: Icon: Unknown Unknown
    • 4.1
    • Affects Version/s: None
    • Component/s: None
    • None

      Unlike PYTHON-2903, where we migrated most testing to Ubuntu 18.04, for OCSP we need to migrate to Ubuntu 20.04 because of SERVER-51364. When using Ubuntu 18.04 the stapling tests fail, for all Python versions, complaining that the server did not actually staple a response. This is due to a bug in the OpenSSL version that ships with Ubuntu 18.04, which caused the server team to disable OCSP stapling in SERVER-51364.

      test-ocsp-ecdsa-delegate-valid-cert-server-staples
      test-ocsp-ecdsa-valid-cert-server-staples
      test-ocsp-rsa-delegate-valid-cert-server-staples
      test-ocsp-rsa-valid-cert-server-staples

      For example:

       [2021/12/10 21:41:18.008] + python test/ocsp/test_ocsp.py
 [2021/12/10 21:41:18.555] .2021-12-10 21:41:18,554 DEBUG ocsp_support Peer presented a must-staple cert
 [2021/12/10 21:41:18.555] 2021-12-10 21:41:18,554 DEBUG ocsp_support Peer did not staple an OCSP response
 [2021/12/10 21:41:18.555] 2021-12-10 21:41:18,555 DEBUG ocsp_support Must-staple cert with no stapled response, hard fail.
 [2021/12/10 21:41:19.061] E2021-12-10 21:41:19,061 DEBUG ocsp_support Peer presented a must-staple cert
 [2021/12/10 21:41:19.061] 2021-12-10 21:41:19,061 DEBUG ocsp_support Peer did not staple an OCSP response
 [2021/12/10 21:41:19.061] 2021-12-10 21:41:19,061 DEBUG ocsp_support Must-staple cert with no stapled response, hard fail.
 [2021/12/10 21:41:19.073] .
 [2021/12/10 21:41:19.073] ======================================================================
 [2021/12/10 21:41:19.073] ERROR: test_tls (__main__.TestOCSP)
 [2021/12/10 21:41:19.073] ----------------------------------------------------------------------
 [2021/12/10 21:41:19.073] Traceback (most recent call last):
 [2021/12/10 21:41:19.073]   File "/data/mci/9774afe2e6383ad4b135c02a771e5443/src/test/ocsp/test_ocsp.py", line 72, in test_tls
 [2021/12/10 21:41:19.073]     _connect(options)
 [2021/12/10 21:41:19.073]   File "/data/mci/9774afe2e6383ad4b135c02a771e5443/src/test/ocsp/test_ocsp.py", line 49, in _connect
 [2021/12/10 21:41:19.073]     client.admin.command('ping')
 [2021/12/10 21:41:19.073]   File "/data/mci/9774afe2e6383ad4b135c02a771e5443/src/pymongo/database.py", line 592, in command
 [2021/12/10 21:41:19.073]     with self.__client._socket_for_reads(
 [2021/12/10 21:41:19.073]   File "/opt/python/3.10/lib/python3.10/contextlib.py", line 135, in __enter__
 [2021/12/10 21:41:19.073]     return next(self.gen)
 [2021/12/10 21:41:19.073]   File "/data/mci/9774afe2e6383ad4b135c02a771e5443/src/pymongo/mongo_client.py", line 1171, in _socket_for_reads
 [2021/12/10 21:41:19.073]     server = self._select_server(read_preference, session)
 [2021/12/10 21:41:19.073]   File "/data/mci/9774afe2e6383ad4b135c02a771e5443/src/pymongo/mongo_client.py", line 1131, in _select_server
 [2021/12/10 21:41:19.073]     server = topology.select_server(server_selector)
 [2021/12/10 21:41:19.073]   File "/data/mci/9774afe2e6383ad4b135c02a771e5443/src/pymongo/topology.py", line 242, in select_server
 [2021/12/10 21:41:19.073]     servers = self.select_servers(
 [2021/12/10 21:41:19.073]   File "/data/mci/9774afe2e6383ad4b135c02a771e5443/src/pymongo/topology.py", line 200, in select_servers
 [2021/12/10 21:41:19.073]     server_descriptions = self._select_servers_loop(
 [2021/12/10 21:41:19.073]   File "/data/mci/9774afe2e6383ad4b135c02a771e5443/src/pymongo/topology.py", line 216, in _select_servers_loop
 [2021/12/10 21:41:19.073]     raise ServerSelectionTimeoutError(
 [2021/12/10 21:41:19.073] pymongo.errors.ServerSelectionTimeoutError: SSL handshake failed: localhost:27017: [('SSL routines', 'tls_process_initial_server_flight', 'invalid status response')], Timeout: 0.5s, Topology Description: <TopologyDescription id: 61b3c97e2c30041af89bd59c, topology_type: Unknown, servers: [<ServerDescription ('localhost', 27017) server_type: Unknown, rtt: None, error=AutoReconnect("SSL handshake failed: localhost:27017: [('SSL routines', 'tls_process_initial_server_flight', 'invalid status response')]")>]>

      All the server versions we need to test OCSP are built for Ubuntu 20.04.

            Assignee:
            bernie@mongodb.com Bernie Hackett
            Reporter:
            bernie@mongodb.com Bernie Hackett
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: