-
Type:
Task
-
Resolution: Fixed
-
Priority:
Unknown
-
Affects Version/s: None
-
Component/s: None
-
None
Unlike PYTHON-2903, where we migrated most testing to Ubuntu 18.04, for OCSP we need to migrate to Ubuntu 20.04 because of SERVER-51364. When using Ubuntu 18.04 the stapling tests fail, for all Python versions, complaining that the server did not actually staple a response. This is due to a bug in the OpenSSL version that ships with Ubuntu 18.04, which caused the server team to disable OCSP stapling in SERVER-51364.
test-ocsp-ecdsa-delegate-valid-cert-server-staples
test-ocsp-ecdsa-valid-cert-server-staples
test-ocsp-rsa-delegate-valid-cert-server-staples
test-ocsp-rsa-valid-cert-server-staples
For example:
[2021/12/10 21:41:18.008] + python test/ocsp/test_ocsp.py
[2021/12/10 21:41:18.555] .2021-12-10 21:41:18,554 DEBUG ocsp_support Peer presented a must-staple cert
[2021/12/10 21:41:18.555] 2021-12-10 21:41:18,554 DEBUG ocsp_support Peer did not staple an OCSP response
[2021/12/10 21:41:18.555] 2021-12-10 21:41:18,555 DEBUG ocsp_support Must-staple cert with no stapled response, hard fail.
[2021/12/10 21:41:19.061] E2021-12-10 21:41:19,061 DEBUG ocsp_support Peer presented a must-staple cert
[2021/12/10 21:41:19.061] 2021-12-10 21:41:19,061 DEBUG ocsp_support Peer did not staple an OCSP response
[2021/12/10 21:41:19.061] 2021-12-10 21:41:19,061 DEBUG ocsp_support Must-staple cert with no stapled response, hard fail.
[2021/12/10 21:41:19.073] .
[2021/12/10 21:41:19.073] ======================================================================
[2021/12/10 21:41:19.073] ERROR: test_tls (__main__.TestOCSP)
[2021/12/10 21:41:19.073] ----------------------------------------------------------------------
[2021/12/10 21:41:19.073] Traceback (most recent call last):
[2021/12/10 21:41:19.073] File "/data/mci/9774afe2e6383ad4b135c02a771e5443/src/test/ocsp/test_ocsp.py", line 72, in test_tls
[2021/12/10 21:41:19.073] _connect(options)
[2021/12/10 21:41:19.073] File "/data/mci/9774afe2e6383ad4b135c02a771e5443/src/test/ocsp/test_ocsp.py", line 49, in _connect
[2021/12/10 21:41:19.073] client.admin.command('ping')
[2021/12/10 21:41:19.073] File "/data/mci/9774afe2e6383ad4b135c02a771e5443/src/pymongo/database.py", line 592, in command
[2021/12/10 21:41:19.073] with self.__client._socket_for_reads(
[2021/12/10 21:41:19.073] File "/opt/python/3.10/lib/python3.10/contextlib.py", line 135, in __enter__
[2021/12/10 21:41:19.073] return next(self.gen)
[2021/12/10 21:41:19.073] File "/data/mci/9774afe2e6383ad4b135c02a771e5443/src/pymongo/mongo_client.py", line 1171, in _socket_for_reads
[2021/12/10 21:41:19.073] server = self._select_server(read_preference, session)
[2021/12/10 21:41:19.073] File "/data/mci/9774afe2e6383ad4b135c02a771e5443/src/pymongo/mongo_client.py", line 1131, in _select_server
[2021/12/10 21:41:19.073] server = topology.select_server(server_selector)
[2021/12/10 21:41:19.073] File "/data/mci/9774afe2e6383ad4b135c02a771e5443/src/pymongo/topology.py", line 242, in select_server
[2021/12/10 21:41:19.073] servers = self.select_servers(
[2021/12/10 21:41:19.073] File "/data/mci/9774afe2e6383ad4b135c02a771e5443/src/pymongo/topology.py", line 200, in select_servers
[2021/12/10 21:41:19.073] server_descriptions = self._select_servers_loop(
[2021/12/10 21:41:19.073] File "/data/mci/9774afe2e6383ad4b135c02a771e5443/src/pymongo/topology.py", line 216, in _select_servers_loop
[2021/12/10 21:41:19.073] raise ServerSelectionTimeoutError(
[2021/12/10 21:41:19.073] pymongo.errors.ServerSelectionTimeoutError: SSL handshake failed: localhost:27017: [('SSL routines', 'tls_process_initial_server_flight', 'invalid status response')], Timeout: 0.5s, Topology Description: <TopologyDescription id: 61b3c97e2c30041af89bd59c, topology_type: Unknown, servers: [<ServerDescription ('localhost', 27017) server_type: Unknown, rtt: None, error=AutoReconnect("SSL handshake failed: localhost:27017: [('SSL routines', 'tls_process_initial_server_flight', 'invalid status response')]")>]>
All the server versions we need to test OCSP are built for Ubuntu 20.04.
- is related to
-
-
- Closed
-
- related to
-
SERVER-51364 Ubuntu 18.04 Server with OCSP and TLS fails to work
-
- Closed
-