https://github.com/python/cpython/commit/8629d466f02b81248cf44759a6d5acc4956530ec
commit: 8629d466f02b81248cf44759a6d5acc4956530ec
branch: 3.13
author: Bénédikt Tran <[email protected]>
committer: picnixz <[email protected]>
date: 2025-08-24T09:47:09Z
summary:
[3.13] gh-135261: bring back CI job for testing OpenSSL 1.1.1w (GH-135262)
(#138110)
This partially reverts commit ad944b5e1f304be1a8c2cc03e9f15005bcb97108
by bringing back the CI job for testing OpenSSL 1.1.1w. Despite this
version being upstream EOL, the rationale for keeping it as follows:
- It most resembles other 1.1.1-work-a-like ssl APIs supported by important
vendors.
- Python officially requires OpenSSL 1.1.1 or later, although OpenSSL 3.0 or
later
is recommended for cryptographic modules. Since changing the build
requirements
requires a transition period, we need to keep testing the allowed versions.
- The code base still contains calls to OpenSSL functions that are deprecated
since
OpenSSL 3.0 as well as `ifdef` blocks constrained to OpenSSL 1.1.1.
(cherry picked from commit 96b7a2eba423b42320f15fd4974740e3e930bb8b)
files:
M .github/workflows/build.yml
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 87db19561325b9..404664fa2dfdb3 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -307,7 +307,10 @@ jobs:
fail-fast: false
matrix:
os: [ubuntu-24.04]
- openssl_ver: [3.0.15, 3.1.7, 3.2.3, 3.3.2]
+ # Keep 1.1.1w in our list despite it being upstream EOL and otherwise
+ # unsupported as it most resembles other 1.1.1-work-a-like ssl APIs
+ # supported by important vendors such as AWS-LC.
+ openssl_ver: [1.1.1w, 3.0.15, 3.1.7, 3.2.3, 3.3.2]
env:
OPENSSL_VER: ${{ matrix.openssl_ver }}
MULTISSL_DIR: ${{ github.workspace }}/multissl
_______________________________________________
Python-checkins mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3//lists/python-checkins.python.org
Member address: [email protected]
