Loading...

Type: Build Failure
Resolution: Unresolved
Priority: Unknown
Fix Version/s: None
Affects Version/s: None
Component/s: Tests, TLS/SSL
Labels:
- greenerbuild

Confidence Status:
None

Assigned Teams:

Python Drivers

Documentation Changes:
Not Needed

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Link:
None
Goal Name(s):
None

Name of Failure:

FAILURE: cryptography.utils.CryptographyDeprecationWarning: Parsed a serial number which wasn't positive (i.e., it was negative or zero), which is disallowed by RFC 5280. Loading this certificate will cause an exception in a future release of cryptography

Link to task:

https://spruce.mongodb.com/task/mongo_python_driver_pyopenssl_win64_test_standard_rapid_python3.11_sync_noauth_nossl_standalone_db6dad95beae6ad2b9b8b60b00d37a67810b743e_26_01_26_12_51_26/tests?execution=1&sorts=STATUS%3AASC

Context of when and why the failure occurred:

Introduced by the move to Windows 2022 in ~~PYTHON-5697~~. System certs on Windows with PyOpenSSL is best-effort, so we should suppress this warning. We will have to handle whatever error cryptography ends up raising for this condition when they decide to do so.

Stack trace:

[2026/01/26 12:26:40.801] FAILURE: cryptography.utils.CryptographyDeprecationWarning: Parsed a serial number which wasn't positive (i.e., it was negative or zero), which is disallowed by RFC 5280. Loading this certificate will cause an exception in a future release of cryptography. ()
[2026/01/26 12:26:40.801] self = <test.test_srv_polling.TestSrvPolling testMethod=test_srv_waits_to_poll>
[2026/01/26 12:26:40.801]     def test_srv_waits_to_poll(self):
[2026/01/26 12:26:40.801]         modified = [("localhost.test.build.10gen.cc", 27019)]
[2026/01/26 12:26:40.801]     
[2026/01/26 12:26:40.801]         def resolver_response():
[2026/01/26 12:26:40.801]             return modified
[2026/01/26 12:26:40.801]     
[2026/01/26 12:26:40.801]         with SrvPollingKnobs(
[2026/01/26 12:26:40.801]             ttl_time=WAIT_TIME,
[2026/01/26 12:26:40.801]             min_srv_rescan_interval=WAIT_TIME,
[2026/01/26 12:26:40.801]             nodelist_callback=resolver_response,
[2026/01/26 12:26:40.801]         ):
[2026/01/26 12:26:40.801] >           client = self.simple_client(self.CONNECTION_STRING)
[2026/01/26 12:26:40.801]                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[2026/01/26 12:26:40.801] test\test_srv_polling.py:374: 
[2026/01/26 12:26:40.801] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
[2026/01/26 12:26:40.801] test\__init__.py:1119: in simple_client
[2026/01/26 12:26:40.801]     client = MongoClient(h, p, **kwargs)
[2026/01/26 12:26:40.801]              ^^^^^^^^^^^^^^^^^^^^^^^^^^^
[2026/01/26 12:26:40.801] pymongo\synchronous\mongo_client.py:891: in __init__
[2026/01/26 12:26:40.801]     self._get_topology()  # type: ignore[unused-coroutine]
[2026/01/26 12:26:40.801]     ^^^^^^^^^^^^^^^^^^^^
[2026/01/26 12:26:40.801] pymongo\synchronous\mongo_client.py:1758: in _get_topology
[2026/01/26 12:26:40.801]     self._resolve_srv()
[2026/01/26 12:26:40.801] pymongo\synchronous\mongo_client.py:956: in _resolve_srv
[2026/01/26 12:26:40.801]     self._options = ClientOptions(
[2026/01/26 12:26:40.801] pymongo\client_options.py:222: in __init__
[2026/01/26 12:26:40.801]     self.__pool_options = _parse_pool_options(username, password, database, options, is_sync)
[2026/01/26 12:26:40.801]                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[2026/01/26 12:26:40.801] pymongo\client_options.py:173: in _parse_pool_options
[2026/01/26 12:26:40.801]     ssl_context, tls_allow_invalid_hostnames = _parse_ssl_options(options, is_sync)
[2026/01/26 12:26:40.801]                                                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[2026/01/26 12:26:40.801] pymongo\client_options.py:135: in _parse_ssl_options
[2026/01/26 12:26:40.801]     ctx = get_ssl_context(
[2026/01/26 12:26:40.801] pymongo\ssl_support.py:129: in get_ssl_context
[2026/01/26 12:26:40.801]     ctx.load_default_certs()
[2026/01/26 12:26:40.801] pymongo\pyopenssl_context.py:359: in load_default_certs
[2026/01/26 12:26:40.801]     self._load_wincerts(storename)
[2026/01/26 12:26:40.801] _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
[2026/01/26 12:26:40.801] self = <pymongo.pyopenssl_context.SSLContext object at 0x00000223236683C0>
[2026/01/26 12:26:40.801] store = 'ROOT'
[2026/01/26 12:26:40.801]     def _load_wincerts(self, store: str) -> None:
[2026/01/26 12:26:40.801]         """Attempt to load CA certs from Windows trust store."""
[2026/01/26 12:26:40.801]         cert_store = self._ctx.get_cert_store()
[2026/01/26 12:26:40.801]         assert cert_store is not None
[2026/01/26 12:26:40.801]         oid = _stdlibssl.Purpose.SERVER_AUTH.oid
[2026/01/26 12:26:40.801]     
[2026/01/26 12:26:40.801]         for cert, encoding, trust in _stdlibssl.enum_certificates(store):  # type: ignore
[2026/01/26 12:26:40.801]             if encoding == "x509_asn":
[2026/01/26 12:26:40.801]                 if trust is True or oid in trust:
[2026/01/26 12:26:40.801]                     cert_store.add_cert(
[2026/01/26 12:26:40.801] >                       _crypto.X509.from_cryptography(x509.load_der_x509_certificate(cert))
[2026/01/26 12:26:40.801]                                                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[2026/01/26 12:26:40.801]                     )
[2026/01/26 12:26:40.801] E                   cryptography.utils.CryptographyDeprecationWarning: Parsed a serial number which wasn't positive (i.e., it was negative or zero), which is disallowed by RFC 5280. Loading this certificate will cause an exception in a future release of cryptography.
[2026/01/26 12:26:40.801] pymongo\pyopenssl_context.py:348: CryptographyDeprecationWarning

Details

Description

Name of Failure:

Link to task:

Context of when and why the failure occurred:

Stack trace:

Attachments

Activity

People

Dates