Can't build from scratch

[jsf9k]

I've been seeing a few segfaults when running 30k-40k sslyze scans with the new 1.4+ versions of sslyze. As a result I was trying to build nassl from scratch so I can attach with a debugger and figure out what is going on. This is with a debug build of python 3.6.4 on an up-to-date installation of Arch.

Unfortunately I can't get nassl to build from scratch. When I do this:

git clone --branch bugfix/use_env_to_find_python https://github.com/jsf9k/nassl.git
cd nassl
pip install -r requirements.txt
wget http://zlib.net/zlib-1.2.11.tar.gz
tar xvfz  zlib-1.2.11.tar.gz
wget https://ftp.openssl.org/source/old/1.0.2/openssl-1.0.2e.tar.gz
tar xvfz openssl-1.0.2e.tar.gz
git clone https://github.com/openssl/openssl.git ./openssl-master
python build_from_scratch.py

I get some failed tests:

======================================================================
ERROR: test_write_early_data_doesnot_finish_handshake (tests.ssl_client_tests.ModernSslClientOnlineEarlyDataTests)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/jeremy_frasier/18F/domain-scan/nassl/tests/ssl_client_tests.py", line 233, in test_write_early_data_doesnot_finish_handshake
    self.ssl_client.do_handshake()
  File "/home/jeremy_frasier/18F/domain-scan/nassl/nassl/ssl_client.py", line 180, in do_handshake
    self._ssl.do_handshake()
nassl._nassl.OpenSSLError: error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version

======================================================================
ERROR: test_write_early_data_fail_when_trying_to_send_more_than_max_ealry_data (tests.ssl_client_tests.ModernSslClientOnlineEarlyDataTests)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/jeremy_frasier/18F/domain-scan/nassl/tests/ssl_client_tests.py", line 251, in test_write_early_data_fail_when_trying_to_send_more_than_max_ealry_data
    self.ssl_client.do_handshake()
  File "/home/jeremy_frasier/18F/domain-scan/nassl/nassl/ssl_client.py", line 180, in do_handshake
    self._ssl.do_handshake()
nassl._nassl.OpenSSLError: error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version

======================================================================
FAIL: test_set_cipher_list_bad (tests.SSL_tests.Modern_SSL_Tests)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/jeremy_frasier/18F/domain-scan/nassl/tests/SSL_tests.py", line 94, in test_set_cipher_list_bad
    self.assertRaises(_nassl.OpenSSLError, test_ssl.set_cipher_list, 'badcipherstring')
AssertionError: OpenSSLError not raised by set_cipher_list

----------------------------------------------------------------------
Ran 140 tests in 9.873s

FAILED (failures=1, errors=2, skipped=11)
Test failed: <unittest.runner.TextTestResult run=140 errors=2 failures=1>
error: Test failed: <unittest.runner.TextTestResult run=140 errors=2 failures=1>
Traceback (most recent call last):
  File "./build_from_scratch.py", line 294, in <module>
    main()
  File "./build_from_scratch.py", line 288, in main
    perform_build_task('NASSL Tests', NASSL_TEST_TASKS)
  File "./build_from_scratch.py", line 197, in perform_build_task
    subprocess.check_call(command, shell=True, cwd=cwd)
  File "/home/jeremy_frasier/.pyenv/versions/3.6.4-debug/lib/python3.6/subprocess.py", line 291, in check_call
    raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '/home/jeremy_frasier/18F/domain-scan/venv/bin/python setup.py test' returned non-zero exit status 1.

Any thoughts on why these tests would be failing? When I try to use the tls1.3-draft-18 or tls1.3-draft-19 branches of openssl/openssl I don't even get this far.

[jsf9k]

Note that I forked nabla-c0d3/nassl because I had to change some #!/usr/bin/python lines to #!/usr/bin/env python to get off the ground because I'm running pyenv and hence my python binary isn't located at /usr/bin/python.

[nabla-c0d3]

Make sure you are using commit 1f5878b8e25a785dde330bf485e6ed5a6ae09a1a for the “modern” OpenSSL (it’s more recent than draft-18 or 19). (Source: https://github.com/nabla-c0d3/nassl/blob/master/build_from_scratch.py#L27 )

[jsf9k]

Using that particular commit I get two errors:

======================================================================
ERROR: test_write_early_data_doesnot_finish_handshake (tests.ssl_client_tests.ModernSslClientOnlineEarlyDataTests)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/jeremy_frasier/jsf9k/nassl/tests/ssl_client_tests.py", line 233, in test_write_early_data_doesnot_finish_handshake
    self.ssl_client.do_handshake()
  File "/home/jeremy_frasier/jsf9k/nassl/nassl/ssl_client.py", line 180, in do_handshake
    self._ssl.do_handshake()
nassl._nassl.OpenSSLError: error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version

======================================================================
ERROR: test_write_early_data_fail_when_trying_to_send_more_than_max_ealry_data (tests.ssl_client_tests.ModernSslClientOnlineEarlyDataTests)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/jeremy_frasier/jsf9k/nassl/tests/ssl_client_tests.py", line 251, in test_write_early_data_fail_when_trying_to_send_more_than_max_ealry_data
    self.ssl_client.do_handshake()
  File "/home/jeremy_frasier/jsf9k/nassl/nassl/ssl_client.py", line 180, in do_handshake
    self._ssl.do_handshake()
nassl._nassl.OpenSSLError: error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version

[jsf9k]

@nabla-c0d3, it looks like the same two tests that I identified as failing here are also causing TravisCI to fail in #35.

[nabla-c0d3]

Yes these tests are not expected to work at the moment; I needed to do a release for some other feature.

[jsf9k]

Looks like bd4acb2 fixed this. Thanks @nabla-c0d3!