Closed Bug 1328441 Opened 7 years ago Closed 7 years ago

CI busted building rbweb with TLS error

Categories

(MozReview Graveyard :: Testing / Development Environment, defect)

Product:
MozReview Graveyard
Component:
Testing / Development Environment
Version:
Production
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: mcote, Assigned: gps)

References

Details

The rb tests are currently failing; amongst the error messages is this:

rbweb> stderr: DEPRECATION: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of pip will drop support for Python 2.6
rbweb> /venv/lib/python2.6/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:318: SNIMissingWarning: An HTTPS request has been made, but the SNI (Subject Name Indication) extension to TLS is not available on this platform. This may cause the server to present an incorrect TLS certificate, which can cause validation failures. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/security.html#snimissingwarning.

Interestingly zalun saw something similar today in his local environment, with Python 2.7.12.  Upgrading to 2.7.13 fixed it.  The note above about 2.6 being no longer supported, however, makes me think this might not be an easy fix in production.  If there's no fix for the TLS problems in Python 2.6, we'll have to upgrade to 2.7, somehow, and very very soon.
For some reason it is attempting TLS when talking to http://downloads.reviewboard.org/. Having not looked at what that server is doing, my guess is they are 301'ing to https:// and Python 2.6 is barfing because the server requires SNI to negotiate the certificate, which Python 2.6 does not support.
Assignee: nobody → gps
Status: NEW → ASSIGNED
http://downloads.reviewboard.org/ 301's to https:// and headers indicate it is using CloudFront. CloudFront requires SNI unless you pay them a good chunk of money for a dedicated IP.
We attempted to switch ansible/roles/mozreview-virtualenv/files/requirements.txt in fcece6d7e38a (bug 1110299). However, that was reverted in e27ab55bc81a. There was also some minor changes about trusted hosts in 0305a960aa02 (1243501).

Welcome to the hell that is crappy TLS support on Python 2.6.
Depends on: 1110299
Pushed by gszorc@mozilla.com:
https://hg.mozilla.org/hgcustom/version-control-tools/rev/608768a6ebbb
ansible/mozreview-virtualenv: download Python packages from S3
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.