-
Type:
Task
-
Resolution: Unresolved
-
Priority:
Unknown
-
Affects Version/s: None
-
Component/s: None
-
Python Drivers
-
Not Needed
PYTHON-5038 worked around a certificate problem in our test suite on Python 3.13 on macos and windows:
[2025/01/13 09:02:03.041] FAILURE: ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Missing Authority Key Identifier (_ssl.c:1020) () [2025/01/13 09:02:03.041] self = <test.test_encryption.TestKmsRetryProse testMethod=test_kms_retry> [2025/01/13 09:02:03.041] def test_kms_retry(self): [2025/01/13 09:02:03.041] if IS_PYOPENSSL: [2025/01/13 09:02:03.041] self.skipTest( [2025/01/13 09:02:03.041] "PyOpenSSL does not support a required method for this test, Connection.makefile" [2025/01/13 09:02:03.041] ) [2025/01/13 09:02:03.041] > self._test("aws", {"region": "foo", "key": "bar", "endpoint": "127.0.0.1:9003"}) [2025/01/13 09:02:03.041] test/test_encryption.py:2911: [2025/01/13 09:02:03.041] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [2025/01/13 09:02:03.041] test/test_encryption.py:2884: in _test [2025/01/13 09:02:03.041] self.http_post("/reset") [2025/01/13 09:02:03.041] test/test_encryption.py:2877: in http_post [2025/01/13 09:02:03.041] conn.request("POST", path, body, headers) [2025/01/13 09:02:03.041] /Library/Frameworks/Python.Framework/Versions/3.13/lib/python3.13/http/client.py:1336: in request [2025/01/13 09:02:03.041] self._send_request(method, url, body, headers, encode_chunked) [2025/01/13 09:02:03.041] /Library/Frameworks/Python.Framework/Versions/3.13/lib/python3.13/http/client.py:1382: in _send_request [2025/01/13 09:02:03.041] self.endheaders(body, encode_chunked=encode_chunked) [2025/01/13 09:02:03.041] /Library/Frameworks/Python.Framework/Versions/3.13/lib/python3.13/http/client.py:1331: in endheaders [2025/01/13 09:02:03.041] self._send_output(message_body, encode_chunked=encode_chunked) [2025/01/13 09:02:03.041] /Library/Frameworks/Python.Framework/Versions/3.13/lib/python3.13/http/client.py:1091: in _send_output [2025/01/13 09:02:03.041] self.send(msg) [2025/01/13 09:02:03.041] /Library/Frameworks/Python.Framework/Versions/3.13/lib/python3.13/http/client.py:1035: in send [2025/01/13 09:02:03.041] self.connect() [2025/01/13 09:02:03.041] /Library/Frameworks/Python.Framework/Versions/3.13/lib/python3.13/http/client.py:1477: in connect [2025/01/13 09:02:03.041] self.sock = self._context.wrap_socket(self.sock, [2025/01/13 09:02:03.041] /Library/Frameworks/Python.Framework/Versions/3.13/lib/python3.13/ssl.py:455: in wrap_socket [2025/01/13 09:02:03.041] return self.sslsocket_class._create( [2025/01/13 09:02:03.041] /Library/Frameworks/Python.Framework/Versions/3.13/lib/python3.13/ssl.py:1076: in _create [2025/01/13 09:02:03.041] self.do_handshake() [2025/01/13 09:02:03.041] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ [2025/01/13 09:02:03.041] self = <ssl.SSLSocket [closed] fd=-1, family=2, type=1, proto=0>, block = False [2025/01/13 09:02:03.041] @_sslcopydoc [2025/01/13 09:02:03.041] def do_handshake(self, block=False): [2025/01/13 09:02:03.041] self._check_connected() [2025/01/13 09:02:03.041] timeout = self.gettimeout() [2025/01/13 09:02:03.041] try: [2025/01/13 09:02:03.041] if timeout == 0.0 and block: [2025/01/13 09:02:03.041] self.settimeout(None) [2025/01/13 09:02:03.041] > self._sslobj.do_handshake() [2025/01/13 09:02:03.041] E ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Missing Authority Key Identifier (_ssl.c:1020) [2025/01/13 09:02:03.041] /Library/Frameworks/Python.Framework/Versions/3.13/lib/python3.13/ssl.py:1372: SSLCertVerificationError
These errors mean that the server.pem and/or ca.pem file is missing the Authority Key Identifier (AKI) field which seems to be required by the newer TLS library on Python 3.13.
To address this issue we should regenerate the test certificates with the appropriate AKI field in place.
- clones
-
-
- Closed
-