bpo-35121: prefix dot in domain for proper subdomain validation #10258

tirkarthi · 2018-10-31T10:29:14Z

Domain related check is done at

Line 1176 in 0353b4e

if not (req_host.endswith(domain) or erhn.endswith(domain)):

. There is no check to add '.' before domain if absent. Hence it performs a substring match with the values req_host = ".barfoo.com" and erhn = ".barfoo.com" and domain = "foo.com" so the condition not (req_host.endswith(domain) or erhn.endswith(domain)) fails and doesn't return False. I would suggest adding a check to make sure domain also starts with '.' similar to req_host and erhn thus fixing the issue. I tried the fix and existing tests along with the reported case works fine.

This causes domain "foo.com" to be a valid domain for access of "barfoo.com" since "foo.com" matches the subdomain in substring match with endswith method.

https://bugs.python.org/issue35121

serhiy-storchaka · 2018-12-21T15:50:17Z

Lib/http/cookiejar.py

@@ -1173,6 +1173,8 @@ def domain_return_ok(self, domain, request):
            req_host = "."+req_host
        if not erhn.startswith("."):
            erhn = "."+erhn
+        if not domain.startswith("."):
+            domain = "."+domain


This will affect calls of self.is_blocked(domain) and self.is_not_allowed(domain) below.

Thanks @serhiy-storchaka . My bad that I looked into fixing the issue and not about the underlying callers that use the dot-prefixed domain. Yes, adding the extra dot makes the comparison to fail where A has an extra dot at start due to my patch at

cpython/Lib/http/cookiejar.py

Line 601 in f30060d

if not initial_dot and A == B:

.

Sample program where the domain should be blocked

import urllib from http.cookiejar import DefaultCookiePolicy policy = DefaultCookiePolicy(blocked_domains=['xxxfoo.co.jp']) req = urllib.request.Request('https://xxxfoo.co.jp/') print(policy.domain_return_ok('xxxfoo.co.jp', req))

➜ cpython git:(master) ✗ python3.7 /tmp/bar.py False

➜ cpython git:(bpo35121) ✗ ./python.exe /tmp/bar.py True

With patch this returns true but should be false since the domain is blocked and the prefix dot makes the comparison .xxxfoo.co.jp == xxxfoo.co.jp . One fix would be to use dot prefixed domain only for the checks at

cpython/Lib/http/cookiejar.py

Line 1178 in f30060d

if not (req_host.endswith(domain) or erhn.endswith(domain)):

I think this needs to be fixed but I am also afraid I might accidentally break something here since the function itself received no changes since 2004.

tirkarthi · 2018-12-21T20:32:45Z

Looking further into this the domain validation makes it little more stricter and can have wider implications. Example requests library uses cookiejar to maintain cookies between sessions. One more case is that domain can be empty so only non-empty domains can be prefixed with dot

A simple server that sets Cookie with value A=LDJDSFLKSDJLDSF

import SimpleHTTPServer
import logging

class MyHTTPRequestHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):
    def do_GET(self):
        self.cookieHeader = self.headers.get('Cookie')
        SimpleHTTPServer.SimpleHTTPRequestHandler.do_GET(self)

    def end_headers(self):
        self.send_my_headers()
        SimpleHTTPServer.SimpleHTTPRequestHandler.end_headers(self)

    def send_my_headers(self):
        self.send_header('Set-Cookie', 'A=LDJDSFLKSDJLDSF')

if __name__ == '__main__':
    SimpleHTTPServer.test(HandlerClass=MyHTTPRequestHandler)

Add below host entry to /etc/hosts

127.0.0.1 test.com
127.0.0.1 footest.com

import requests

with requests.Session() as s:
    cookies = dict(cookies_are='working')
    m = s.get("http://test.com:8000", cookies=cookies)
    print(m.request.headers)
    m = s.get("http://footest.com:8000", cookies=cookies)
    print(m.request.headers)

Before patch :

{'User-Agent': 'python-requests/2.11.1', 'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*', 
'Connection': 'keep-alive', 'Cookie': 'cookies_are=working'}
{'User-Agent': 'python-requests/2.11.1', 'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*', 
'Connection': 'keep-alive', 'Cookie': 'A=LDJDSFLKSDJLDSF; cookies_are=working'}

After patch :

{'User-Agent': 'python-requests/2.11.1', 'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*', 
'Connection': 'keep-alive', 'Cookie': 'cookies_are=working'}
{'User-Agent': 'python-requests/2.11.1', 'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*', 
'Connection': 'keep-alive', 'Cookie': 'cookies_are=working'}

As with my patch since the cookie is set on test.com while making a request to footest.com the cookie is skipped as part of the patch. This is a behavior change to be decided whether worth doing or to document this. In a client with session like requests module connecting to lot of hosts this can potentially pass cookies of test.com to footest.com . A discussion on requests repo on providing the option for user to set a stricter cookie policy : psf/requests#2576

I am adding this to the tracker too.


        Prefix domain with dot for proper subdomain validation in domain_retu…

…rn_ok


        Add NEWS entry


        Prefix dot only for suffix check and add test

Lib/test/test_http_cookiejar.py

serhiy-storchaka · 2018-12-24T09:04:21Z

Misc/NEWS.d/next/Library/2018-10-31-15-39-17.bpo-35121.EgHv9k.rst

@@ -0,0 +1,2 @@
+Prefix domain with dot for proper subdomain validation in


This describes what the code does, which is an implementation detail. A news entry should describe the change in the user visible behavior.

Added a note about it but this is also affects when domain_return_ok is present. I couldn't come up with a better wording since I am not a native speaker. Suggestions welcome. This started as a bug fix but since this
turned out to be a security issue is it okay to move this to security section?

Don't send cookies of domain A without Domain attribute to domain B when domain A is a suffix match of domain B while using a cookiejar with :meth:`http.cookiejar.DefaultCookiePolicy` policy. Patch by Karthikeyan Singaravelan.

ZackerySpytz · 2018-12-24T09:31:19Z

Lib/http/cookiejar.py

-        if not (req_host.endswith(domain) or erhn.endswith(domain)):
+        if suffix_check_domain and not suffix_check_domain.startswith("."):
+            suffix_check_domain = "." + suffix_check_domain
+        if not (req_host.endswith(suffix_check_domain) or erhn.endswith(suffix_check_domain)):


New code should conform to PEP 8.

Maybe use shorter name, e.g. dotdomain?

dotdomain sounds good to me. Perhaps restructure the clause as below removing the assignment at the start?

if domain and not domain.startswith("."): dotdomain = "." + domain else: dotdomain = domain

Changed the code to use dotdomain as mentioned in #10258 (comment). Thanks.


        Reword news entry and added extra test

serhiy-storchaka · 2018-12-24T09:58:28Z

Lib/http/cookiejar.py

-        if not (req_host.endswith(domain) or erhn.endswith(domain)):
+        if suffix_check_domain and not suffix_check_domain.startswith("."):
+            suffix_check_domain = "." + suffix_check_domain
+        if not (req_host.endswith(suffix_check_domain) or erhn.endswith(suffix_check_domain)):


Maybe use shorter name, e.g. dotdomain?

serhiy-storchaka · 2018-12-24T09:58:28Z

Misc/NEWS.d/next/Library/2018-10-31-15-39-17.bpo-35121.EgHv9k.rst

@@ -0,0 +1,4 @@
+Don't send cookies of domain A without Domain attribute to domain B
+when domain A is a suffix match of domain B while using a cookiejar
+with :meth:`http.cookiejar.DefaultCookiePolicy` policy. Patch by


Fixed. Thanks.

serhiy-storchaka · 2018-12-24T10:03:05Z

LGTM, but the code style and the wording of a news entry may need some polishing.

tirkarthi · 2018-12-24T10:54:30Z

This also affects 2.7 as I can see the added tests failing without the fix with the same logic being present. I don't know if it might break anything since 2.7 is there for a long time. I have done a manual backport of this PR in case this is needed for 2.7 and locally tests pass for cookielib. Branch : 2.7...tirkarthi:bpo35121-27


        Refactor if clause and fix news entry

tirkarthi · 2018-12-24T12:59:41Z

@serhiy-storchaka Is this worth moving news entry into security section instead of library?

tirkarthi · 2018-12-24T18:31:21Z

Sorry this turned out to be longer since I think I may have found another issue in return_ok(cookie, domain) which does similar substring check in return_ok_domain thus returning true. So this not only passed cookies of test.com to footest.com but could have potentially passed cookies of 1.test.com to 11.test.com.

I have a fix for return_ok_domain locally similar to domain_return_ok but I don't know if I am making something stricter though these functions don't return correct values currently as they should be. I would also like to know if it's okay to continue the discussion further here and feedback on the analysis. More details as below :

https://docs.python.org/3/library/http.cookiejar.html#http.cookiejar.CookiePolicy.return_ok

CookiePolicy.return_ok(cookie, request)

    Return boolean value indicating whether cookie should be returned to server.
    cookie is a Cookie instance. request is an object implementing the interface defined by the documentation for CookieJar.add_cookie_header().

pol.set_blocked_domains([])
req = urllib.request.Request("http://acme.com/")
res = FakeResponse(headers, "http://acme.com/")
cookies = c.make_cookies(res, req)
c.extract_cookies(res, req)
self.assertEqual(len(c), 1)

print(cookies[0]) # <Cookie CUSTOMER=WILE_E_COYOTE for acme.com/>
req = urllib.request.Request("http://badacme.com/")
self.assertFalse(pol.return_ok(cookies[0], req)) # This fails returning true though cookie is set on acme.com

The function return_ok calls helper functions for different attributes of a cookie like return_ok_path, return_ok_domain, etc. In return_ok_domain similar substring test is done and thus returns true while checking with domain though it should be checking with dotdomain like the proposed fix at

cpython/Lib/http/cookiejar.py

Line 1162 in 44a79cc

if cookie.version == 0 and not ("."+erhn).endswith(domain):

From the docs at https://docs.python.org/3/library/http.cookiejar.html#http.cookiejar.CookiePolicy.domain_return_ok

 CookiePolicy.domain_return_ok(domain, request)

Return false if cookies should not be returned, given cookie domain.

This method is an optimization. It removes the need for checking every cookie 
with a particular domain (which might involve reading many files). Returning true 
from domain_return_ok() and path_return_ok() leaves all the work to return_ok().

domain_return_ok is a check that says if the domain has access to the request object as per the original report this should have returned False which it didn't. Then after the lightweight check each cookie itself is checked for all the attributes with return_ok as a stricter form of check per cookie which should have returned False with return_ok_domain but returned True and thus the cookie for test.com was passed along to footest.com after two layers of checking.

Now that domain_return_ok is fixed the lightweight check being more stricter at

cpython/Lib/http/cookiejar.py

Line 1251 in 44a79cc

if not self._policy.domain_return_ok(domain, request):

the domain level returns an empty list but the underlying stricter check return_ok_domain still has the bug though it's not executed. The fix would be to use dotdomain in return_ok_domain similar to current one. I applied the fix and no tests failed.

One more option is that there are stricter versions of the policy that could be enabled with the flags and hence return_ok_domain would have been stricter but the DefaultCookiePolicy has these flags false by default.


        Ensure return_ok_domain does proper validation

tirkarthi · 2018-12-25T15:00:52Z

Fixed return_ok_domain too with b8e2df1 since it's the underlying problem and is used in the public function return_ok when domain is set. Let me know if it needs to be reverted and raised a separate PR . Thanks.

vstinner · 2019-01-10T15:59:52Z

I removed the " needs backport to 3.6" label, the 3.6 branch no long accept bugfixes (only security fixes are accepted): https://devguide.python.org/#status-of-python-branches

ned-deily · 2019-01-10T16:24:26Z

@vstinner, This is marked as a security fix.


        Move NEWS to security

tirkarthi · 2019-03-09T09:51:05Z

Thanks @serhiy-storchaka . Moved NEWS entry to security.

miss-islington · 2019-03-10T02:09:51Z

Thanks @tirkarthi for the PR, and @ned-deily for merging it 🌮🎉.. I'm working now to backport this PR to: 3.6, 3.7.
🐍🍒⛏🤖 I'm not a witch! I'm not a witch!

bedevere-bot · 2019-03-10T02:10:15Z

GH-12259 is a backport of this pull request to the 3.7 branch.


        bpo-35121: prefix dot in domain for proper subdomain validation (pyth…

…onGH-10258) Don't send cookies of domain A without Domain attribute to domain B when domain A is a suffix match of domain B while using a cookiejar with `http.cookiejar.DefaultCookiePolicy` policy. Patch by Karthikeyan Singaravelan. (cherry picked from commit ca7fe50) Co-authored-by: Xtreak <tir.karthi@gmail.com>

bedevere-bot · 2019-03-10T02:10:29Z

GH-12260 is a backport of this pull request to the 3.6 branch.


        bpo-35121: prefix dot in domain for proper subdomain validation (pyth…

…onGH-10258) Don't send cookies of domain A without Domain attribute to domain B when domain A is a suffix match of domain B while using a cookiejar with `http.cookiejar.DefaultCookiePolicy` policy. Patch by Karthikeyan Singaravelan. (cherry picked from commit ca7fe50) Co-authored-by: Xtreak <tir.karthi@gmail.com>

miss-islington · 2019-03-10T02:36:34Z

Thanks @tirkarthi for the PR, and @ned-deily for merging it 🌮🎉.. I'm working now to backport this PR to: 3.7.
🐍🍒⛏🤖

bedevere-bot · 2019-03-10T02:36:46Z

GH-12261 is a backport of this pull request to the 3.7 branch.


        bpo-35121: prefix dot in domain for proper subdomain validation (pyth…

…onGH-10258) Don't send cookies of domain A without Domain attribute to domain B when domain A is a suffix match of domain B while using a cookiejar with `http.cookiejar.DefaultCookiePolicy` policy. Patch by Karthikeyan Singaravelan. (cherry picked from commit ca7fe50) Co-authored-by: Xtreak <tir.karthi@gmail.com>


        bpo-35121: prefix dot in domain for proper subdomain validation (GH-1…

…0258) (GH-12261) Don't send cookies of domain A without Domain attribute to domain B when domain A is a suffix match of domain B while using a cookiejar with `http.cookiejar.DefaultCookiePolicy` policy. Patch by Karthikeyan Singaravelan. (cherry picked from commit ca7fe50) Co-authored-by: Xtreak <tir.karthi@gmail.com>


        bpo-35121: prefix dot in domain for proper subdomain validation (GH-1…

…0258) (GH-12260) Don't send cookies of domain A without Domain attribute to domain B when domain A is a suffix match of domain B while using a cookiejar with `http.cookiejar.DefaultCookiePolicy` policy. Patch by Karthikeyan Singaravelan. (cherry picked from commit ca7fe50) Co-authored-by: Xtreak <tir.karthi@gmail.com>

bedevere-bot · 2019-03-10T03:29:25Z

⚠️⚠️⚠️ Buildbot failure ⚠️⚠️⚠️

Hi! The buildbot ARMv7 Debian buster 3.6 has failed when building commit b241af8.

What do you need to do:

Don't panic.
Check the buildbot page in the devguide if you don't know what the buildbots are or how they work.
Go to the page of the buildbot that failed (https://buildbot.python.org/all/#builders/180/builds/1) and take a look at the build logs.
Check if the failure is related to this commit (b241af8) or if it is a false positive.
If the failure is related to this commit, please, reflect that on the issue and make a new Pull Request with a fix.

You can take a look at the buildbot page here:

https://buildbot.python.org/all/#builders/180/builds/1

Click to see traceback logs

Traceback (most recent call last):
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/test/test_ssl.py", line 1966, in run
    msg = self.read()
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/test/test_ssl.py", line 1943, in read
    return self.sslconn.read()
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 874, in read
    return self._sslobj.read(len, buffer)
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 633, in read
    v = self._sslobj.read(len)
 ConnectionResetError: [Errno 104] Connection reset by peer
k


Traceback (most recent call last):
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/test/test_ssl.py", line 1888, in wrap_conn
    self.sock, server_side=True)
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 407, in wrap_socket
    _context=self, _session=session)
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 817, in __init__
    self.do_handshake()
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 1077, in do_handshake
    self._sslobj.do_handshake()
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
 ssl.SSLError: [SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:852)
k


Traceback (most recent call last):
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/test/test_ssl.py", line 1888, in wrap_conn
    self.sock, server_side=True)
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 407, in wrap_socket
    _context=self, _session=session)
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 817, in __init__
    self.do_handshake()
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 1077, in do_handshake
    self._sslobj.do_handshake()
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
 ssl.SSLError: [SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:852)
k


Traceback (most recent call last):
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/test/test_ssl.py", line 1888, in wrap_conn
    self.sock, server_side=True)
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 407, in wrap_socket
    _context=self, _session=session)
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 817, in __init__
    self.do_handshake()
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 1077, in do_handshake
    self._sslobj.do_handshake()
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
 ssl.SSLError: [SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:852)
k


Traceback (most recent call last):
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/test/test_ssl.py", line 1888, in wrap_conn
    self.sock, server_side=True)
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 407, in wrap_socket
    _context=self, _session=session)
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 817, in __init__
    self.do_handshake()
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 1077, in do_handshake
    self._sslobj.do_handshake()
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
 ssl.SSLError: [SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:852)
 server:  new connection from ('127.0.0.1', 48610)
 server: connection cipher is now ('ECDHE-RSA-AES256-SHA', 'TLSv1.0', 256)
 server: selected protocol is now None
k


Traceback (most recent call last):
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/test/test_ssl.py", line 1888, in wrap_conn
    self.sock, server_side=True)
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 407, in wrap_socket
    _context=self, _session=session)
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 817, in __init__
    self.do_handshake()
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 1077, in do_handshake
    self._sslobj.do_handshake()
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
 ssl.SSLError: [SSL] called a function you should not call (_ssl.c:852)
 server:  new connection from ('127.0.0.1', 59560)

 server:  bad connection attempt from ('127.0.0.1', 59560):
Traceback (most recent call last):
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/test/test_ssl.py", line 1888, in wrap_conn
    self.sock, server_side=True)
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 407, in wrap_socket
    _context=self, _session=session)
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 817, in __init__
    self.do_handshake()
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 1077, in do_handshake
    self._sslobj.do_handshake()
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
 OSError: [Errno 0] Error
 server:  new connection from ('127.0.0.1', 58004)

 server:  bad connection attempt from ('127.0.0.1', 58004):
Traceback (most recent call last):
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/test/test_ssl.py", line 1888, in wrap_conn
    self.sock, server_side=True)
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 407, in wrap_socket
    _context=self, _session=session)
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 817, in __init__
    self.do_handshake()
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 1077, in do_handshake
    self._sslobj.do_handshake()
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
 ssl.SSLError: [SSL] called a function you should not call (_ssl.c:852)
k


Traceback (most recent call last):
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/test/test_ssl.py", line 1888, in wrap_conn
    self.sock, server_side=True)
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 407, in wrap_socket
    _context=self, _session=session)
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 817, in __init__
    self.do_handshake()
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 1077, in do_handshake
    self._sslobj.do_handshake()
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
 ssl.SSLError: [SSL: NO_SHARED_CIPHER] no shared cipher (_ssl.c:852)
k


Traceback (most recent call last):
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/test/test_ssl.py", line 2031, in run
    self.write(msg.lower())
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/test/test_ssl.py", line 1949, in write
    return self.sslconn.write(bytes)
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 891, in write
    return self._sslobj.write(data)
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 642, in write
    return self._sslobj.write(data)
 ConnectionResetError: [Errno 104] Connection reset by peer
k


Traceback (most recent call last):
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/test/test_ssl.py", line 2633, in test_protocol_sslv23
    try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1, 'TLSv1')
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/test/test_ssl.py", line 2323, in try_protocol_combo
    chatty=False, connectionchatty=False)
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/test/test_ssl.py", line 2248, in server_params_test
    s.connect((HOST, server.port))
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 1109, in connect
    self._real_connect(addr, False)
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 1100, in _real_connect
    self.do_handshake()
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 1077, in do_handshake
    self._sslobj.do_handshake()
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version (_ssl.c:852)

======================================================================
ERROR: test_protocol_tlsv1_1 (test.test_ssl.ThreadedTests)
Connecting to a TLSv1.1 server with various client options.
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/test/test_ssl.py", line 2707, in test_protocol_tlsv1_1
    try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1_1, 'TLSv1.1')
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/test/test_ssl.py", line 2323, in try_protocol_combo
    chatty=False, connectionchatty=False)
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/test/test_ssl.py", line 2248, in server_params_test
    s.connect((HOST, server.port))
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 1109, in connect
    self._real_connect(addr, False)
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 1100, in _real_connect
    self.do_handshake()
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 1077, in do_handshake
    self._sslobj.do_handshake()
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version (_ssl.c:852)

----------------------------------------------------------------------

Ran 136 tests in 8.989s

FAILED (errors=2, skipped=7)


Traceback (most recent call last):
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/test/test_httplib.py", line 1605, in test_networked_good_cert
    h.request('GET', '/')
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/http/client.py", line 1239, in request
    self._send_request(method, url, body, headers, encode_chunked)
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/http/client.py", line 1285, in _send_request
    self.endheaders(body, encode_chunked=encode_chunked)
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/http/client.py", line 1234, in endheaders
    self._send_output(message_body, encode_chunked=encode_chunked)
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/http/client.py", line 1026, in _send_output
    self.send(msg)
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/http/client.py", line 964, in send
    self.connect()
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/http/client.py", line 1400, in connect
    server_hostname=server_hostname)
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 407, in wrap_socket
    _context=self, _session=session)
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 817, in __init__
    self.do_handshake()
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 1077, in do_handshake
    self._sslobj.do_handshake()
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)

----------------------------------------------------------------------

Ran 103 tests in 1.956s

FAILED (errors=1)


Traceback (most recent call last):
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/test/test_nntplib.py", line 292, in setUpClass
    usenetrc=False)
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/nntplib.py", line 1077, in __init__
    self.sock = _encrypt_on(self.sock, ssl_context, host)
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/nntplib.py", line 292, in _encrypt_on
    return context.wrap_socket(sock, server_hostname=hostname)
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 407, in wrap_socket
    _context=self, _session=session)
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 817, in __init__
    self.do_handshake()
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 1077, in do_handshake
    self._sslobj.do_handshake()
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: DH_KEY_TOO_SMALL] dh key too small (_ssl.c:852)

----------------------------------------------------------------------

Ran 89 tests in 10.588s

FAILED (errors=1, skipped=2)


Traceback (most recent call last):
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/test/test_ssl.py", line 1966, in run
    msg = self.read()
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/test/test_ssl.py", line 1943, in read
    return self.sslconn.read()
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 874, in read
    return self._sslobj.read(len, buffer)
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 633, in read
    v = self._sslobj.read(len)
 ConnectionResetError: [Errno 104] Connection reset by peer
k


Traceback (most recent call last):
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/test/test_ssl.py", line 1888, in wrap_conn
    self.sock, server_side=True)
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 407, in wrap_socket
    _context=self, _session=session)
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 817, in __init__
    self.do_handshake()
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 1077, in do_handshake
    self._sslobj.do_handshake()
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
 ssl.SSLError: [SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:852)
k


Traceback (most recent call last):
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/test/test_ssl.py", line 1888, in wrap_conn
    self.sock, server_side=True)
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 407, in wrap_socket
    _context=self, _session=session)
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 817, in __init__
    self.do_handshake()
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 1077, in do_handshake
    self._sslobj.do_handshake()
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
 ssl.SSLError: [SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:852)
k


Traceback (most recent call last):
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/test/test_ssl.py", line 1888, in wrap_conn
    self.sock, server_side=True)
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 407, in wrap_socket
    _context=self, _session=session)
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 817, in __init__
    self.do_handshake()
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 1077, in do_handshake
    self._sslobj.do_handshake()
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
 ssl.SSLError: [SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:852)
k


Traceback (most recent call last):
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/test/test_ssl.py", line 1966, in run
    msg = self.read()
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/test/test_ssl.py", line 1943, in read
    return self.sslconn.read()
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 874, in read
    return self._sslobj.read(len, buffer)
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 633, in read
    v = self._sslobj.read(len)
 ConnectionResetError: [Errno 104] Connection reset by peer
k


Traceback (most recent call last):
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/test/test_ssl.py", line 1966, in run
    msg = self.read()
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/test/test_ssl.py", line 1943, in read
    return self.sslconn.read()
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 874, in read
    return self._sslobj.read(len, buffer)
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 633, in read
    v = self._sslobj.read(len)
 ConnectionResetError: [Errno 104] Connection reset by peer
k


Traceback (most recent call last):
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/test/test_ssl.py", line 1888, in wrap_conn
    self.sock, server_side=True)
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 407, in wrap_socket
    _context=self, _session=session)
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 817, in __init__
    self.do_handshake()
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 1077, in do_handshake
    self._sslobj.do_handshake()
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
 ssl.SSLError: [SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:852)
 server:  new connection from ('127.0.0.1', 49350)
 server: connection cipher is now ('ECDHE-RSA-AES256-SHA', 'TLSv1.0', 256)
 server: selected protocol is now None
k


Traceback (most recent call last):
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/test/test_ssl.py", line 1888, in wrap_conn
    self.sock, server_side=True)
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 407, in wrap_socket
    _context=self, _session=session)
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 817, in __init__
    self.do_handshake()
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 1077, in do_handshake
    self._sslobj.do_handshake()
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
 ssl.SSLError: [SSL] called a function you should not call (_ssl.c:852)
 server:  new connection from ('127.0.0.1', 47036)

 server:  bad connection attempt from ('127.0.0.1', 47036):
Traceback (most recent call last):
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/test/test_ssl.py", line 1888, in wrap_conn
    self.sock, server_side=True)
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 407, in wrap_socket
    _context=self, _session=session)
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 817, in __init__
    self.do_handshake()
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 1077, in do_handshake
    self._sslobj.do_handshake()
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
 OSError: [Errno 0] Error
 server:  new connection from ('127.0.0.1', 35650)

 server:  bad connection attempt from ('127.0.0.1', 35650):
Traceback (most recent call last):
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/test/test_ssl.py", line 1888, in wrap_conn
    self.sock, server_side=True)
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 407, in wrap_socket
    _context=self, _session=session)
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 817, in __init__
    self.do_handshake()
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 1077, in do_handshake
    self._sslobj.do_handshake()
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
 ssl.SSLError: [SSL] called a function you should not call (_ssl.c:852)
k


Traceback (most recent call last):
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/test/test_ssl.py", line 1888, in wrap_conn
    self.sock, server_side=True)
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 407, in wrap_socket
    _context=self, _session=session)
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 817, in __init__
    self.do_handshake()
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 1077, in do_handshake
    self._sslobj.do_handshake()
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
 ssl.SSLError: [SSL: NO_SHARED_CIPHER] no shared cipher (_ssl.c:852)
k


Traceback (most recent call last):
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/test/test_ssl.py", line 2031, in run
    self.write(msg.lower())
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/test/test_ssl.py", line 1949, in write
    return self.sslconn.write(bytes)
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 891, in write
    return self._sslobj.write(data)
   File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 642, in write
    return self._sslobj.write(data)
 ConnectionResetError: [Errno 104] Connection reset by peer
k


Traceback (most recent call last):
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/test/test_ssl.py", line 2633, in test_protocol_sslv23
    try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1, 'TLSv1')
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/test/test_ssl.py", line 2323, in try_protocol_combo
    chatty=False, connectionchatty=False)
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/test/test_ssl.py", line 2248, in server_params_test
    s.connect((HOST, server.port))
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 1109, in connect
    self._real_connect(addr, False)
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 1100, in _real_connect
    self.do_handshake()
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 1077, in do_handshake
    self._sslobj.do_handshake()
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version (_ssl.c:852)

======================================================================
ERROR: test_protocol_tlsv1_1 (test.test_ssl.ThreadedTests)
Connecting to a TLSv1.1 server with various client options.
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/test/test_ssl.py", line 2707, in test_protocol_tlsv1_1
    try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1_1, 'TLSv1.1')
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/test/test_ssl.py", line 2323, in try_protocol_combo
    chatty=False, connectionchatty=False)
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/test/test_ssl.py", line 2248, in server_params_test
    s.connect((HOST, server.port))
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 1109, in connect
    self._real_connect(addr, False)
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 1100, in _real_connect
    self.do_handshake()
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 1077, in do_handshake
    self._sslobj.do_handshake()
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version (_ssl.c:852)

----------------------------------------------------------------------

Ran 136 tests in 4.807s

FAILED (errors=2, skipped=7)
Re-running test 'test_httplib' in verbose mode


Traceback (most recent call last):
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/socketserver.py", line 320, in _handle_request_noblock
    self.process_request(request, client_address)
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/socketserver.py", line 351, in process_request
    self.finish_request(request, client_address)
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/socketserver.py", line 364, in finish_request
    self.RequestHandlerClass(request, client_address, self)
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/socketserver.py", line 724, in __init__
    self.handle()
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/http/server.py", line 418, in handle
    self.handle_one_request()
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/http/server.py", line 386, in handle_one_request
    self.raw_requestline = self.rfile.readline(65537)
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/socket.py", line 586, in readinto
    return self._sock.recv_into(b)
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 1012, in recv_into
    return self.read(nbytes, buffer)
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 874, in read
    return self._sslobj.read(len, buffer)
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 631, in read
    v = self._sslobj.read(len, buffer)
ConnectionResetError: [Errno 104] Connection reset by peer
----------------------------------------
----------------------------------------
Exception happened during processing of request from ('127.0.0.1', 53960)
Traceback (most recent call last):
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/socketserver.py", line 320, in _handle_request_noblock
    self.process_request(request, client_address)
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/socketserver.py", line 351, in process_request
    self.finish_request(request, client_address)
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/socketserver.py", line 364, in finish_request
    self.RequestHandlerClass(request, client_address, self)
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/socketserver.py", line 724, in __init__
    self.handle()
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/http/server.py", line 418, in handle
    self.handle_one_request()
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/http/server.py", line 386, in handle_one_request
    self.raw_requestline = self.rfile.readline(65537)
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/socket.py", line 586, in readinto
    return self._sock.recv_into(b)
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 1012, in recv_into
    return self.read(nbytes, buffer)
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 874, in read
    return self._sslobj.read(len, buffer)
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 631, in read
    v = self._sslobj.read(len, buffer)
ConnectionResetError: [Errno 104] Connection reset by peer
----------------------------------------
Got an error:
[SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:852)


Traceback (most recent call last):
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/test/test_httplib.py", line 1605, in test_networked_good_cert
    h.request('GET', '/')
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/http/client.py", line 1239, in request
    self._send_request(method, url, body, headers, encode_chunked)
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/http/client.py", line 1285, in _send_request
    self.endheaders(body, encode_chunked=encode_chunked)
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/http/client.py", line 1234, in endheaders
    self._send_output(message_body, encode_chunked=encode_chunked)
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/http/client.py", line 1026, in _send_output
    self.send(msg)
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/http/client.py", line 964, in send
    self.connect()
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/http/client.py", line 1400, in connect
    server_hostname=server_hostname)
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 407, in wrap_socket
    _context=self, _session=session)
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 817, in __init__
    self.do_handshake()
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 1077, in do_handshake
    self._sslobj.do_handshake()
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)

----------------------------------------------------------------------

Ran 103 tests in 1.463s

FAILED (errors=1)
Re-running test 'test_nntplib' in verbose mode


Traceback (most recent call last):
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/test/test_nntplib.py", line 292, in setUpClass
    usenetrc=False)
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/nntplib.py", line 1077, in __init__
    self.sock = _encrypt_on(self.sock, ssl_context, host)
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/nntplib.py", line 292, in _encrypt_on
    return context.wrap_socket(sock, server_hostname=hostname)
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 407, in wrap_socket
    _context=self, _session=session)
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 817, in __init__
    self.do_handshake()
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 1077, in do_handshake
    self._sslobj.do_handshake()
  File "/ssd/buildbot/buildarea/3.6.gps-ubuntu-exynos5-armv7l/build/Lib/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: DH_KEY_TOO_SMALL] dh key too small (_ssl.c:852)

----------------------------------------------------------------------

Ran 89 tests in 10.562s

FAILED (errors=1, skipped=2)

bedevere-bot · 2019-03-10T03:51:54Z

⚠️⚠️⚠️ Buildbot failure ⚠️⚠️⚠️

Hi! The buildbot AMD64 FreeBSD CURRENT Shared 3.6 has failed when building commit b241af8.

What do you need to do:

Don't panic.
Check the buildbot page in the devguide if you don't know what the buildbots are or how they work.
Go to the page of the buildbot that failed (https://buildbot.python.org/all/#builders/172/builds/180) and take a look at the build logs.
Check if the failure is related to this commit (b241af8) or if it is a false positive.
If the failure is related to this commit, please, reflect that on the issue and make a new Pull Request with a fix.

You can take a look at the buildbot page here:

https://buildbot.python.org/all/#builders/172/builds/180

Click to see traceback logs

Traceback (most recent call last):
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1966, in run
    msg = self.read()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1943, in read
    return self.sslconn.read()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 874, in read
    return self._sslobj.read(len, buffer)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 633, in read
    v = self._sslobj.read(len)
 ConnectionResetError: [Errno 54] Connection reset by peer
ERROR


Traceback (most recent call last):
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1966, in run
    msg = self.read()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1943, in read
    return self.sslconn.read()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 874, in read
    return self._sslobj.read(len, buffer)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 633, in read
    v = self._sslobj.read(len)
 ConnectionResetError: [Errno 54] Connection reset by peer
ERROR


Traceback (most recent call last):
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1966, in run
    msg = self.read()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1943, in read
    return self.sslconn.read()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 874, in read
    return self._sslobj.read(len, buffer)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 633, in read
    v = self._sslobj.read(len)
 ConnectionResetError: [Errno 54] Connection reset by peer
ERROR


Traceback (most recent call last):
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1966, in run
    msg = self.read()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1943, in read
    return self.sslconn.read()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 874, in read
    return self._sslobj.read(len, buffer)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 633, in read
    v = self._sslobj.read(len)
 ConnectionResetError: [Errno 54] Connection reset by peer
ERROR


Traceback (most recent call last):
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1966, in run
    msg = self.read()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1943, in read
    return self.sslconn.read()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 874, in read
    return self._sslobj.read(len, buffer)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 633, in read
    v = self._sslobj.read(len)
 ConnectionResetError: [Errno 54] Connection reset by peer
k


Traceback (most recent call last):
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1888, in wrap_conn
    self.sock, server_side=True)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 407, in wrap_socket
    _context=self, _session=session)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 817, in __init__
    self.do_handshake()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 1077, in do_handshake
    self._sslobj.do_handshake()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
 ssl.SSLError: [SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:852)
k


Traceback (most recent call last):
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1966, in run
    msg = self.read()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1943, in read
    return self.sslconn.read()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 874, in read
    return self._sslobj.read(len, buffer)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 633, in read
    v = self._sslobj.read(len)
 ConnectionResetError: [Errno 54] Connection reset by peer
ERROR


Traceback (most recent call last):
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1888, in wrap_conn
    self.sock, server_side=True)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 407, in wrap_socket
    _context=self, _session=session)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 817, in __init__
    self.do_handshake()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 1077, in do_handshake
    self._sslobj.do_handshake()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
 ssl.SSLError: [SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:852)
k


Traceback (most recent call last):
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1966, in run
    msg = self.read()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1943, in read
    return self.sslconn.read()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 874, in read
    return self._sslobj.read(len, buffer)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 633, in read
    v = self._sslobj.read(len)
 ConnectionResetError: [Errno 54] Connection reset by peer
k


Traceback (most recent call last):
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1966, in run
    msg = self.read()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1943, in read
    return self.sslconn.read()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 874, in read
    return self._sslobj.read(len, buffer)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 633, in read
    v = self._sslobj.read(len)
 ConnectionResetError: [Errno 54] Connection reset by peer
ERROR


Traceback (most recent call last):
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1888, in wrap_conn
    self.sock, server_side=True)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 407, in wrap_socket
    _context=self, _session=session)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 817, in __init__
    self.do_handshake()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 1077, in do_handshake
    self._sslobj.do_handshake()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
 ssl.SSLError: [SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:852)
k


Traceback (most recent call last):
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1966, in run
    msg = self.read()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1943, in read
    return self.sslconn.read()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 874, in read
    return self._sslobj.read(len, buffer)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 633, in read
    v = self._sslobj.read(len)
 ConnectionResetError: [Errno 54] Connection reset by peer
k


Traceback (most recent call last):
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1966, in run
    msg = self.read()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1943, in read
    return self.sslconn.read()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 874, in read
    return self._sslobj.read(len, buffer)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 633, in read
    v = self._sslobj.read(len)
 ConnectionResetError: [Errno 54] Connection reset by peer
k


Traceback (most recent call last):
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1966, in run
    msg = self.read()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1943, in read
    return self.sslconn.read()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 874, in read
    return self._sslobj.read(len, buffer)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 633, in read
    v = self._sslobj.read(len)
 ConnectionResetError: [Errno 54] Connection reset by peer
k


Traceback (most recent call last):
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1888, in wrap_conn
    self.sock, server_side=True)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 407, in wrap_socket
    _context=self, _session=session)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 817, in __init__
    self.do_handshake()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 1077, in do_handshake
    self._sslobj.do_handshake()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
 ssl.SSLError: [SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:852)
 server:  new connection from ('127.0.0.1', 61710)
 server: connection cipher is now ('ECDHE-RSA-AES256-SHA', 'TLSv1.0', 256)
 server: selected protocol is now None
k


Traceback (most recent call last):
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1888, in wrap_conn
    self.sock, server_side=True)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 407, in wrap_socket
    _context=self, _session=session)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 817, in __init__
    self.do_handshake()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 1077, in do_handshake
    self._sslobj.do_handshake()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
 ssl.SSLError: [SSL] called a function you should not call (_ssl.c:852)
 server:  new connection from ('127.0.0.1', 61728)

 server:  bad connection attempt from ('127.0.0.1', 61728):
Traceback (most recent call last):
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1888, in wrap_conn
    self.sock, server_side=True)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 407, in wrap_socket
    _context=self, _session=session)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 817, in __init__
    self.do_handshake()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 1077, in do_handshake
    self._sslobj.do_handshake()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
 OSError: [Errno 0] Error
 server:  new connection from ('127.0.0.1', 61730)

 server:  bad connection attempt from ('127.0.0.1', 61730):
Traceback (most recent call last):
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1888, in wrap_conn
    self.sock, server_side=True)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 407, in wrap_socket
    _context=self, _session=session)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 817, in __init__
    self.do_handshake()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 1077, in do_handshake
    self._sslobj.do_handshake()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
 ssl.SSLError: [SSL] called a function you should not call (_ssl.c:852)
k


Traceback (most recent call last):
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1888, in wrap_conn
    self.sock, server_side=True)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 407, in wrap_socket
    _context=self, _session=session)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 817, in __init__
    self.do_handshake()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 1077, in do_handshake
    self._sslobj.do_handshake()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
 ssl.SSLError: [SSL: NO_SHARED_CIPHER] no shared cipher (_ssl.c:852)
k


Traceback (most recent call last):
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 2031, in run
    self.write(msg.lower())
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1949, in write
    return self.sslconn.write(bytes)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 891, in write
    return self._sslobj.write(data)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 642, in write
    return self._sslobj.write(data)
 BrokenPipeError: [Errno 32] Broken pipe
k


Traceback (most recent call last):
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1966, in run
    msg = self.read()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1943, in read
    return self.sslconn.read()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 874, in read
    return self._sslobj.read(len, buffer)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 633, in read
    v = self._sslobj.read(len)
 ConnectionResetError: [Errno 54] Connection reset by peer
k


Traceback (most recent call last):
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1700, in test_ciphers
    s.connect(self.server_addr)
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 1109, in connect
    self._real_connect(addr, False)
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 1100, in _real_connect
    self.do_handshake()
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 1077, in do_handshake
    self._sslobj.do_handshake()
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ConnectionResetError: [Errno 54] Connection reset by peer

======================================================================
ERROR: test_connect (test.test_ssl.SimpleBackgroundTests)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1525, in test_connect
    s.connect(self.server_addr)
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 1109, in connect
    self._real_connect(addr, False)
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 1100, in _real_connect
    self.do_handshake()
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 1077, in do_handshake
    self._sslobj.do_handshake()
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ConnectionResetError: [Errno 54] Connection reset by peer

======================================================================
ERROR: test_connect_cadata (test.test_ssl.SimpleBackgroundTests)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1642, in test_connect_cadata
    s.connect(self.server_addr)
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 1109, in connect
    self._real_connect(addr, False)
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 1096, in _real_connect
    socket.connect(self, addr)
ConnectionRefusedError: [Errno 61] Connection refused

======================================================================
ERROR: test_connect_capath (test.test_ssl.SimpleBackgroundTests)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1621, in test_connect_capath
    s.connect(self.server_addr)
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 1109, in connect
    self._real_connect(addr, False)
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 1100, in _real_connect
    self.do_handshake()
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 1077, in do_handshake
    self._sslobj.do_handshake()
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ConnectionResetError: [Errno 54] Connection reset by peer

======================================================================
ERROR: test_connect_with_context (test.test_ssl.SimpleBackgroundTests)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1583, in test_connect_with_context
    s.connect(self.server_addr)
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 1109, in connect
    self._real_connect(addr, False)
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 1100, in _real_connect
    self.do_handshake()
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 1077, in do_handshake
    self._sslobj.do_handshake()
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ConnectionResetError: [Errno 54] Connection reset by peer

======================================================================
ERROR: test_get_server_certificate (test.test_ssl.SimpleBackgroundTests)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1687, in test_get_server_certificate
    _test_get_server_certificate(self, *self.server_addr, cert=SIGNING_CA)
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1847, in _test_get_server_certificate
    pem = ssl.get_server_certificate((host, port), ca_certs=cert)
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 1232, in get_server_certificate
    with context.wrap_socket(sock) as sslsock:
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 407, in wrap_socket
    _context=self, _session=session)
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 817, in __init__
    self.do_handshake()
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 1077, in do_handshake
    self._sslobj.do_handshake()
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ConnectionResetError: [Errno 54] Connection reset by peer

----------------------------------------------------------------------

Ran 136 tests in 11.027s

FAILED (errors=6, skipped=8)


Traceback (most recent call last):
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1966, in run
    msg = self.read()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1943, in read
    return self.sslconn.read()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 874, in read
    return self._sslobj.read(len, buffer)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 633, in read
    v = self._sslobj.read(len)
 ConnectionResetError: [Errno 54] Connection reset by peer
ERROR


Traceback (most recent call last):
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1966, in run
    msg = self.read()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1943, in read
    return self.sslconn.read()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 874, in read
    return self._sslobj.read(len, buffer)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 633, in read
    v = self._sslobj.read(len)
 ConnectionResetError: [Errno 54] Connection reset by peer
ERROR


Traceback (most recent call last):
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1966, in run
    msg = self.read()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1943, in read
    return self.sslconn.read()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 874, in read
    return self._sslobj.read(len, buffer)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 633, in read
    v = self._sslobj.read(len)
 ConnectionResetError: [Errno 54] Connection reset by peer
ERROR


Traceback (most recent call last):
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1966, in run
    msg = self.read()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1943, in read
    return self.sslconn.read()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 874, in read
    return self._sslobj.read(len, buffer)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 633, in read
    v = self._sslobj.read(len)
 ConnectionResetError: [Errno 54] Connection reset by peer
ERROR


Traceback (most recent call last):
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1966, in run
    msg = self.read()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1943, in read
    return self.sslconn.read()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 874, in read
    return self._sslobj.read(len, buffer)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 633, in read
    v = self._sslobj.read(len)
 ConnectionResetError: [Errno 54] Connection reset by peer
k


Traceback (most recent call last):
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1888, in wrap_conn
    self.sock, server_side=True)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 407, in wrap_socket
    _context=self, _session=session)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 817, in __init__
    self.do_handshake()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 1077, in do_handshake
    self._sslobj.do_handshake()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
 ssl.SSLError: [SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:852)
k


Traceback (most recent call last):
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1966, in run
    msg = self.read()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1943, in read
    return self.sslconn.read()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 874, in read
    return self._sslobj.read(len, buffer)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 633, in read
    v = self._sslobj.read(len)
 ConnectionResetError: [Errno 54] Connection reset by peer
ERROR


Traceback (most recent call last):
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1888, in wrap_conn
    self.sock, server_side=True)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 407, in wrap_socket
    _context=self, _session=session)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 817, in __init__
    self.do_handshake()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 1077, in do_handshake
    self._sslobj.do_handshake()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
 ssl.SSLError: [SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:852)
k


Traceback (most recent call last):
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1966, in run
    msg = self.read()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1943, in read
    return self.sslconn.read()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 874, in read
    return self._sslobj.read(len, buffer)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 633, in read
    v = self._sslobj.read(len)
 ConnectionResetError: [Errno 54] Connection reset by peer
k


Traceback (most recent call last):
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1966, in run
    msg = self.read()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1943, in read
    return self.sslconn.read()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 874, in read
    return self._sslobj.read(len, buffer)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 633, in read
    v = self._sslobj.read(len)
 ConnectionResetError: [Errno 54] Connection reset by peer
ERROR


Traceback (most recent call last):
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1888, in wrap_conn
    self.sock, server_side=True)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 407, in wrap_socket
    _context=self, _session=session)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 817, in __init__
    self.do_handshake()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 1077, in do_handshake
    self._sslobj.do_handshake()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
 ssl.SSLError: [SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:852)
k


Traceback (most recent call last):
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1966, in run
    msg = self.read()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1943, in read
    return self.sslconn.read()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 874, in read
    return self._sslobj.read(len, buffer)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 633, in read
    v = self._sslobj.read(len)
 ConnectionResetError: [Errno 54] Connection reset by peer
k


Traceback (most recent call last):
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1966, in run
    msg = self.read()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1943, in read
    return self.sslconn.read()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 874, in read
    return self._sslobj.read(len, buffer)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 633, in read
    v = self._sslobj.read(len)
 ConnectionResetError: [Errno 54] Connection reset by peer
k


Traceback (most recent call last):
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1966, in run
    msg = self.read()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1943, in read
    return self.sslconn.read()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 874, in read
    return self._sslobj.read(len, buffer)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 633, in read
    v = self._sslobj.read(len)
 ConnectionResetError: [Errno 54] Connection reset by peer
k


Traceback (most recent call last):
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1888, in wrap_conn
    self.sock, server_side=True)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 407, in wrap_socket
    _context=self, _session=session)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 817, in __init__
    self.do_handshake()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 1077, in do_handshake
    self._sslobj.do_handshake()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
 ssl.SSLError: [SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:852)
 server:  new connection from ('127.0.0.1', 62427)
 server: connection cipher is now ('ECDHE-RSA-AES256-SHA', 'TLSv1.0', 256)
 server: selected protocol is now None
k


Traceback (most recent call last):
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1888, in wrap_conn
    self.sock, server_side=True)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 407, in wrap_socket
    _context=self, _session=session)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 817, in __init__
    self.do_handshake()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 1077, in do_handshake
    self._sslobj.do_handshake()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
 ssl.SSLError: [SSL] called a function you should not call (_ssl.c:852)
 server:  new connection from ('127.0.0.1', 62445)

 server:  bad connection attempt from ('127.0.0.1', 62445):
Traceback (most recent call last):
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1888, in wrap_conn
    self.sock, server_side=True)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 407, in wrap_socket
    _context=self, _session=session)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 817, in __init__
    self.do_handshake()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 1077, in do_handshake
    self._sslobj.do_handshake()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
 OSError: [Errno 0] Error
 server:  new connection from ('127.0.0.1', 62447)

 server:  bad connection attempt from ('127.0.0.1', 62447):
Traceback (most recent call last):
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1888, in wrap_conn
    self.sock, server_side=True)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 407, in wrap_socket
    _context=self, _session=session)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 817, in __init__
    self.do_handshake()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 1077, in do_handshake
    self._sslobj.do_handshake()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
 ssl.SSLError: [SSL] called a function you should not call (_ssl.c:852)
k


Traceback (most recent call last):
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1888, in wrap_conn
    self.sock, server_side=True)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 407, in wrap_socket
    _context=self, _session=session)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 817, in __init__
    self.do_handshake()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 1077, in do_handshake
    self._sslobj.do_handshake()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
 ssl.SSLError: [SSL: NO_SHARED_CIPHER] no shared cipher (_ssl.c:852)
k


Traceback (most recent call last):
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 2031, in run
    self.write(msg.lower())
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1949, in write
    return self.sslconn.write(bytes)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 891, in write
    return self._sslobj.write(data)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 642, in write
    return self._sslobj.write(data)
 BrokenPipeError: [Errno 32] Broken pipe
k


Traceback (most recent call last):
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1966, in run
    msg = self.read()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1943, in read
    return self.sslconn.read()
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 874, in read
    return self._sslobj.read(len, buffer)
   File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 633, in read
    v = self._sslobj.read(len)
 ConnectionResetError: [Errno 54] Connection reset by peer
k


Traceback (most recent call last):
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1700, in test_ciphers
    s.connect(self.server_addr)
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 1109, in connect
    self._real_connect(addr, False)
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 1100, in _real_connect
    self.do_handshake()
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 1077, in do_handshake
    self._sslobj.do_handshake()
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ConnectionResetError: [Errno 54] Connection reset by peer

======================================================================
ERROR: test_connect (test.test_ssl.SimpleBackgroundTests)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1525, in test_connect
    s.connect(self.server_addr)
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 1109, in connect
    self._real_connect(addr, False)
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 1100, in _real_connect
    self.do_handshake()
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 1077, in do_handshake
    self._sslobj.do_handshake()
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ConnectionResetError: [Errno 54] Connection reset by peer

======================================================================
ERROR: test_connect_cadata (test.test_ssl.SimpleBackgroundTests)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1642, in test_connect_cadata
    s.connect(self.server_addr)
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 1109, in connect
    self._real_connect(addr, False)
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 1100, in _real_connect
    self.do_handshake()
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 1077, in do_handshake
    self._sslobj.do_handshake()
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ConnectionResetError: [Errno 54] Connection reset by peer

======================================================================
ERROR: test_connect_capath (test.test_ssl.SimpleBackgroundTests)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1621, in test_connect_capath
    s.connect(self.server_addr)
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 1109, in connect
    self._real_connect(addr, False)
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 1100, in _real_connect
    self.do_handshake()
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 1077, in do_handshake
    self._sslobj.do_handshake()
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ConnectionResetError: [Errno 54] Connection reset by peer

======================================================================
ERROR: test_connect_with_context (test.test_ssl.SimpleBackgroundTests)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1583, in test_connect_with_context
    s.connect(self.server_addr)
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 1109, in connect
    self._real_connect(addr, False)
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 1100, in _real_connect
    self.do_handshake()
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 1077, in do_handshake
    self._sslobj.do_handshake()
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ConnectionResetError: [Errno 54] Connection reset by peer

======================================================================
ERROR: test_get_server_certificate (test.test_ssl.SimpleBackgroundTests)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1687, in test_get_server_certificate
    _test_get_server_certificate(self, *self.server_addr, cert=SIGNING_CA)
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/test/test_ssl.py", line 1847, in _test_get_server_certificate
    pem = ssl.get_server_certificate((host, port), ca_certs=cert)
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/ssl.py", line 1231, in get_server_certificate
    with  create_connection(addr) as sock:
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/socket.py", line 724, in create_connection
    raise err
  File "/usr/home/buildbot/python/3.6.koobs-freebsd-current/build/Lib/socket.py", line 713, in create_connection
    sock.connect(sa)
ConnectionRefusedError: [Errno 61] Connection refused

----------------------------------------------------------------------

Ran 136 tests in 6.174s

FAILED (errors=6, skipped=8)

tirkarthi · 2019-03-10T04:01:58Z

The buildbot failures seem to be unrelated to the issue . I can see open issues for test_ssl https://bugs.python.org/issue35925 and https://bugs.python.org/issue35136 .

Thanks much Serhiy, Ned, Alex and Zackery for the review and merge.


        [3.4] bpo-35121: prefix dot in domain for proper subdomain validation (…

…pythonGH-10258) Don't send cookies of domain A without Domain attribute to domain B when domain A is a suffix match of domain B while using a cookiejar with `http.cookiejar.DefaultCookiePolicy` policy. Patch by Karthikeyan Singaravelan. (cherry picked from commit ca7fe50) Co-authored-by: Xtreak <tir.karthi@gmail.com>


        [3.5] bpo-35121: prefix dot in domain for proper subdomain validation (…

…pythonGH-10258) Don't send cookies of domain A without Domain attribute to domain B when domain A is a suffix match of domain B while using a cookiejar with `http.cookiejar.DefaultCookiePolicy` policy. Patch by Karthikeyan Singaravelan. (cherry picked from commit ca7fe50) Co-authored-by: Xtreak <tir.karthi@gmail.com>


        [3.4] bpo-35121: prefix dot in domain for proper subdomain validation (…

…GH-10258) (#12279) Don't send cookies of domain A without Domain attribute to domain B when domain A is a suffix match of domain B while using a cookiejar with `http.cookiejar.DefaultCookiePolicy` policy. Patch by Karthikeyan Singaravelan. (cherry picked from commit ca7fe50) Co-authored-by: Xtreak <tir.karthi@gmail.com>


        [3.5] bpo-35121: prefix dot in domain for proper subdomain validation (…

…GH-10258) (#12281) Don't send cookies of domain A without Domain attribute to domain B when domain A is a suffix match of domain B while using a cookiejar with `http.cookiejar.DefaultCookiePolicy` policy. Patch by Karthikeyan Singaravelan. (cherry picked from commit ca7fe50) Co-authored-by: Xtreak <tir.karthi@gmail.com>


        bpo-35121: prefix dot in domain for proper subdomain validation (pyth…

…onGH-10258) Don't send cookies of domain A without Domain attribute to domain B when domain A is a suffix match of domain B while using a cookiejar with `http.cookiejar.DefaultCookiePolicy` policy. Patch by Karthikeyan Singaravelan.


        bpo-35121: prefix dot in domain for proper subdomain validation (pyth…

…onGH-10258) Don't send cookies of domain A without Domain attribute to domain B when domain A is a suffix match of domain B while using a cookiejar with `http.cookiejar.DefaultCookiePolicy` policy. Patch by Karthikeyan Singaravelan.


        [2.7] bpo-35121: prefix dot in domain for proper subdomain validation (…

…GH-10258) (GH-13426) This is a manual backport of ca7fe50 since 2.7 has `http.cookiejar` in `cookielib` https://bugs.python.org/issue35121

the-knights-who-say-ni added the CLA signed label Oct 31, 2018

bedevere-bot added the awaiting review label Oct 31, 2018

serhiy-storchaka reviewed Dec 21, 2018

View changes

tirkarthi added 3 commits Oct 31, 2018

Prefix domain with dot for proper subdomain validation in domain_retu…

d67d18e

…rn_ok

Add NEWS entry

2816aa8

Prefix dot only for suffix check and add test

Loading status checks…

dfdc776

tirkarthi force-pushed the tirkarthi:bpo35121 branch from f30060d to dfdc776 Dec 24, 2018

serhiy-storchaka reviewed Dec 24, 2018

View changes

ZackerySpytz reviewed Dec 24, 2018

View changes

Reword news entry and added extra test

Loading status checks…

ecae447

serhiy-storchaka requested a review from ned-deily Dec 24, 2018

serhiy-storchaka added needs backport to 3.6 type-security needs backport to 3.7 labels Dec 24, 2018

serhiy-storchaka reviewed Dec 24, 2018

View changes

Refactor if clause and fix news entry

Loading status checks…

b2ab4a3

serhiy-storchaka approved these changes Dec 24, 2018

View changes

bedevere-bot added awaiting merge and removed awaiting review labels Dec 24, 2018

Ensure return_ok_domain does proper validation

Loading status checks…

b8e2df1

vstinner removed the needs backport to 3.6 label Jan 10, 2019

ned-deily added the needs backport to 3.6 label Jan 10, 2019

Move NEWS to security

Loading status checks…

9d1eed3

alex approved these changes Mar 9, 2019

View changes

bedevere-bot removed the awaiting merge label Mar 10, 2019

bedevere-bot removed the needs backport to 3.7 label Mar 10, 2019

bedevere-bot removed the needs backport to 3.6 label Mar 10, 2019

ned-deily added the needs backport to 3.7 label Mar 10, 2019

bedevere-bot removed the needs backport to 3.7 label Mar 10, 2019

		@@ -0,0 +1,2 @@
		Prefix domain with dot for proper subdomain validation in

python / cpython

Sponsor python/cpython

Join GitHub today

bpo-35121: prefix dot in domain for proper subdomain validation #10258

bpo-35121: prefix dot in domain for proper subdomain validation #10258

Conversation

tirkarthi commented Oct 31, 2018 • edited by bedevere-bot

This comment has been minimized.

This comment has been minimized.

This comment has been minimized.

tirkarthi commented Dec 21, 2018 • edited

This comment has been minimized.

This comment has been minimized.

This comment has been minimized.

This comment has been minimized.

This comment has been minimized.

This comment has been minimized.

This comment has been minimized.

This comment has been minimized.

This comment has been minimized.

This comment has been minimized.

This comment has been minimized.

serhiy-storchaka commented Dec 24, 2018

This comment has been minimized.

tirkarthi commented Dec 24, 2018

This comment has been minimized.

tirkarthi commented Dec 24, 2018

This comment has been minimized.

tirkarthi commented Dec 24, 2018

This comment has been minimized.

tirkarthi commented Dec 25, 2018

This comment has been minimized.

vstinner commented Jan 10, 2019

This comment has been minimized.

ned-deily commented Jan 10, 2019

This comment has been minimized.

tirkarthi commented Mar 9, 2019

This comment has been minimized.

miss-islington commented Mar 10, 2019

This comment has been minimized.

bedevere-bot commented Mar 10, 2019

This comment has been minimized.

bedevere-bot commented Mar 10, 2019

This comment has been minimized.

miss-islington commented Mar 10, 2019

This comment has been minimized.

bedevere-bot commented Mar 10, 2019

This comment has been minimized.

bedevere-bot commented Mar 10, 2019

⚠️⚠️⚠️ Buildbot failure ⚠️⚠️⚠️

This comment has been minimized.

bedevere-bot commented Mar 10, 2019

⚠️⚠️⚠️ Buildbot failure ⚠️⚠️⚠️

This comment has been minimized.

tirkarthi commented Mar 10, 2019

tirkarthi commented Oct 31, 2018 •

edited by bedevere-bot

tirkarthi commented Dec 21, 2018 •

edited