https://github.com/python/cpython/commit/c9b96b1e6fea13dc2879dcc626015c06dc0056ac
commit: c9b96b1e6fea13dc2879dcc626015c06dc0056ac
branch: main
author: Zachary Ware <[email protected]>
committer: hugovk <[email protected]>
date: 2026-03-01T11:18:23+02:00
summary:
gh-136728: Combine OpenSSL and AWS-LC CI configurations (#144805)
files:
M .github/workflows/build.yml
M Tools/ssl/multissltests.py
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 91235c0309d29f..c017ee04d67f07 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -253,8 +253,8 @@ jobs:
os: ${{ matrix.os }}
test-opts: ${{ matrix.test-opts || '' }}
- build-ubuntu-ssltests-openssl:
- name: 'Ubuntu SSL tests with OpenSSL'
+ build-ubuntu-ssltests:
+ name: 'Ubuntu SSL tests'
runs-on: ${{ matrix.os }}
timeout-minutes: 60
needs: build-context
@@ -263,16 +263,25 @@ jobs:
fail-fast: false
matrix:
os: [ubuntu-24.04]
- # Keep 1.1.1w in our list despite it being upstream EOL and otherwise
- # unsupported as it most resembles other 1.1.1-work-a-like ssl APIs
- # supported by important vendors such as AWS-LC.
- openssl_ver: [1.1.1w, 3.0.19, 3.3.6, 3.4.4, 3.5.5, 3.6.1]
- # See Tools/ssl/make_ssl_data.py for notes on adding a new version
+ ssllib:
+ # See Tools/ssl/make_ssl_data.py for notes on adding a new version
+ ## OpenSSL
+ # Keep 1.1.1w in our list despite it being upstream EOL and otherwise
+ # unsupported as it most resembles other 1.1.1-work-a-like ssl APIs
+ # supported by important vendors such as AWS-LC.
+ - { name: openssl, version: 1.1.1w }
+ - { name: openssl, version: 3.0.19 }
+ - { name: openssl, version: 3.3.6 }
+ - { name: openssl, version: 3.4.4 }
+ - { name: openssl, version: 3.5.5 }
+ - { name: openssl, version: 3.6.1 }
+ ## AWS-LC
+ - { name: aws-lc, version: 1.68.0 }
env:
- OPENSSL_VER: ${{ matrix.openssl_ver }}
+ SSLLIB_VER: ${{ matrix.ssllib.version }}
MULTISSL_DIR: ${{ github.workspace }}/multissl
- OPENSSL_DIR: ${{ github.workspace }}/multissl/openssl/${{
matrix.openssl_ver }}
- LD_LIBRARY_PATH: ${{ github.workspace }}/multissl/openssl/${{
matrix.openssl_ver }}/lib
+ SSLLIB_DIR: ${{ github.workspace }}/multissl/${{ matrix.ssllib.name
}}/${{ matrix.ssllib.version }}
+ LD_LIBRARY_PATH: ${{ github.workspace }}/multissl/${{ matrix.ssllib.name
}}/${{ matrix.ssllib.version }}/lib
steps:
- uses: actions/checkout@v6
with:
@@ -283,73 +292,19 @@ jobs:
run: echo "::add-matcher::.github/problem-matchers/gcc.json"
- name: Install dependencies
run: sudo ./.github/workflows/posix-deps-apt.sh
- - name: Configure OpenSSL env vars
- run: |
- echo "MULTISSL_DIR=${GITHUB_WORKSPACE}/multissl" >> "$GITHUB_ENV"
- echo "OPENSSL_DIR=${GITHUB_WORKSPACE}/multissl/openssl/${OPENSSL_VER}"
>> "$GITHUB_ENV"
- echo
"LD_LIBRARY_PATH=${GITHUB_WORKSPACE}/multissl/openssl/${OPENSSL_VER}/lib" >>
"$GITHUB_ENV"
- - name: 'Restore OpenSSL build'
- id: cache-openssl
- uses: actions/cache@v5
- with:
- path: ./multissl/openssl/${{ env.OPENSSL_VER }}
- key: ${{ matrix.os }}-multissl-openssl-${{ env.OPENSSL_VER }}
- - name: Install OpenSSL
- if: steps.cache-openssl.outputs.cache-hit != 'true'
- run: python3 Tools/ssl/multissltests.py --steps=library --base-directory
"$MULTISSL_DIR" --openssl "$OPENSSL_VER" --system Linux
- - name: Configure CPython
- run: ./configure CFLAGS="-fdiagnostics-format=json" --config-cache
--enable-slower-safety --with-pydebug --with-openssl="$OPENSSL_DIR"
- - name: Build CPython
- run: make -j4
- - name: Display build info
- run: make pythoninfo
- - name: SSL tests
- run: ./python Lib/test/ssltests.py
-
- build-ubuntu-ssltests-awslc:
- name: 'Ubuntu SSL tests with AWS-LC'
- runs-on: ${{ matrix.os }}
- timeout-minutes: 60
- needs: build-context
- if: needs.build-context.outputs.run-ubuntu == 'true'
- strategy:
- fail-fast: false
- matrix:
- os: [ubuntu-24.04]
- awslc_ver: [1.55.0]
- env:
- AWSLC_VER: ${{ matrix.awslc_ver}}
- MULTISSL_DIR: ${{ github.workspace }}/multissl
- OPENSSL_DIR: ${{ github.workspace }}/multissl/aws-lc/${{
matrix.awslc_ver }}
- LD_LIBRARY_PATH: ${{ github.workspace }}/multissl/aws-lc/${{
matrix.awslc_ver }}/lib
- steps:
- - uses: actions/checkout@v6
- with:
- persist-credentials: false
- - name: Runner image version
- run: echo "IMAGE_OS_VERSION=${ImageOS}-${ImageVersion}" >> "$GITHUB_ENV"
- - name: Register gcc problem matcher
- run: echo "::add-matcher::.github/problem-matchers/gcc.json"
- - name: Install dependencies
- run: sudo ./.github/workflows/posix-deps-apt.sh
- - name: Configure SSL lib env vars
- run: |
- echo "MULTISSL_DIR=${GITHUB_WORKSPACE}/multissl" >> "$GITHUB_ENV"
- echo "OPENSSL_DIR=${GITHUB_WORKSPACE}/multissl/aws-lc/${AWSLC_VER}" >>
"$GITHUB_ENV"
- echo
"LD_LIBRARY_PATH=${GITHUB_WORKSPACE}/multissl/aws-lc/${AWSLC_VER}/lib" >>
"$GITHUB_ENV"
- - name: 'Restore AWS-LC build'
- id: cache-aws-lc
+ - name: 'Restore SSL library build'
+ id: cache-ssl-lib
uses: actions/cache@v5
with:
- path: ./multissl/aws-lc/${{ matrix.awslc_ver }}
- key: ${{ matrix.os }}-multissl-aws-lc-${{ matrix.awslc_ver }}
- - name: Install AWS-LC
- if: steps.cache-aws-lc.outputs.cache-hit != 'true'
+ path: ./multissl/${{ matrix.ssllib.name }}/${{ matrix.ssllib.version }}
+ key: ${{ matrix.os }}-multissl-${{ matrix.ssllib.name }}-${{
matrix.ssllib.version }}
+ - name: Install SSL Library
+ if: steps.cache-ssl-lib.outputs.cache-hit != 'true'
run: |
python3 Tools/ssl/multissltests.py \
--steps=library \
--base-directory "$MULTISSL_DIR" \
- --awslc ${{ matrix.awslc_ver }} \
+ '--${{ matrix.ssllib.name }}' '${{ matrix.ssllib.version }}' \
--system Linux
- name: Configure CPython
run: |
@@ -357,15 +312,17 @@ jobs:
--config-cache \
--enable-slower-safety \
--with-pydebug \
- --with-openssl="$OPENSSL_DIR" \
+ --with-openssl="$SSLLIB_DIR" \
--with-builtin-hashlib-hashes=blake2 \
--with-ssl-default-suites=openssl
- name: Build CPython
- run: make -j
+ run: make -j4
- name: Display build info
run: make pythoninfo
- - name: Verify python is linked to AWS-LC
- run: ./python -c 'import ssl; print(ssl.OPENSSL_VERSION)' | grep AWS-LC
+ - name: Verify python is linked to the right lib
+ run: |
+ ./python -c 'import ssl; print(ssl.OPENSSL_VERSION)' \
+ | grep -iE '${{ matrix.ssllib.name }}.*${{ matrix.ssllib.version }}'
- name: SSL tests
run: ./python Lib/test/ssltests.py
@@ -691,8 +648,7 @@ jobs:
- build-windows-msi
- build-macos
- build-ubuntu
- - build-ubuntu-ssltests-awslc
- - build-ubuntu-ssltests-openssl
+ - build-ubuntu-ssltests
- build-ios
- build-wasi
- test-hypothesis
@@ -709,8 +665,7 @@ jobs:
allowed-failures: >-
build-android,
build-windows-msi,
- build-ubuntu-ssltests-awslc,
- build-ubuntu-ssltests-openssl,
+ build-ubuntu-ssltests,
test-hypothesis,
cifuzz,
allowed-skips: >-
@@ -741,8 +696,7 @@ jobs:
!fromJSON(needs.build-context.outputs.run-ubuntu)
&& '
build-ubuntu,
- build-ubuntu-ssltests-awslc,
- build-ubuntu-ssltests-openssl,
+ build-ubuntu-ssltests,
test-hypothesis,
build-asan,
build-san,
diff --git a/Tools/ssl/multissltests.py b/Tools/ssl/multissltests.py
index a08e0518f457f5..3b4507c6771b69 100755
--- a/Tools/ssl/multissltests.py
+++ b/Tools/ssl/multissltests.py
@@ -64,7 +64,7 @@
]
AWSLC_RECENT_VERSIONS = [
- "1.55.0",
+ "1.68.0",
]
# store files in ../multissl
@@ -108,7 +108,10 @@
).format(LIBRESSL_RECENT_VERSIONS, LIBRESSL_OLD_VERSIONS)
)
parser.add_argument(
+ '--aws-lc',
+ # Soft-deprecated alias
'--awslc',
+ dest='awslc',
nargs='+',
default=(),
help=(
_______________________________________________
Python-checkins mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3//lists/python-checkins.python.org
Member address: [email protected]
