[Bug 1815439] Please test proposed package

Łukasz Zemczak 1815439 at bugs.launchpad.net
Mon Feb 11 18:20:51 UTC 2019 

Hello Dimitri, or anyone else affected,

Accepted python-boto into bionic-proposed. The package will build now
and be available at https://launchpad.net/ubuntu/+source/python-
boto/2.44.0-1ubuntu2.18.04.0 in a few hours, and then in the -proposed
repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.  Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested and change the tag from
verification-needed-bionic to verification-done-bionic. If it does not
fix the bug for you, please add a comment stating that, and change the
tag to verification-failed-bionic. In either case, without details of
your testing we will not be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance for helping!

N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to python-boto in Ubuntu.
https://bugs.launchpad.net/bugs/1815439

Title:
  python-boto needs to support SNI for OpenSSL 1.1.1

Status in python-boto package in Ubuntu:
  Fix Released
Status in python-boto source package in Bionic:
  Fix Committed
Status in python-boto source package in Cosmic:
  Fix Committed
Status in python-boto package in Debian:
  Fix Released

Bug description:
  [Impact]

   * OpenSSL 1.1.1 performs SNI hostname verification, therefore
  hostname SSL context option must be set when establishing the
  connection, otherwise, validation of SNI certificates fail and thus
  resulting in lack of connectivity.

  [Test Case]

   * use python-boto to connect to an SNI tls protected host

  [Regression Potential]

   * change is compatible with pythons/openssl versions shipped in bionic/cosmic-release
   * change is from upstream / tested in debian & disco
   * change improves security, and is compatible with deployed servers out there
   * hosts with certificates not matching their actual hostname will remain invalid/untrusted

  [Additional info]
  To install python & openssl 1.1.1 on Bionic you may enable and use the below silo, which will then exhibit the enforcement of SNI hostname verification.

  sudo add-apt-repository ppa:ci-train-ppa-service/3473
  sudo apt-get update

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-boto/+bug/1815439/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list