https://github.com/python/cpython/commit/68fe899feb8515113d09a4161f34ae45809b807a
commit: 68fe899feb8515113d09a4161f34ae45809b807a
branch: main
author: Zachary Ware <[email protected]>
committer: zware <[email protected]>
date: 2026-05-03T20:20:51Z
summary:
gh-149254: Update CI to use latest OpenSSL and AWS-LC versions (GH-149330)
Also update Modules/_ssl_data_36.h to include an added symbol from OpenSSL
3.6.2.
files:
M .github/workflows/build.yml
M .github/workflows/reusable-ubuntu.yml
M Modules/_ssl_data_36.h
M Tools/ssl/multissltests.py
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 33a5950c1483a2..d4397fc7de54a4 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -278,13 +278,13 @@ jobs:
# unsupported as it most resembles other 1.1.1-work-a-like ssl APIs
# supported by important vendors such as AWS-LC.
- { name: openssl, version: 1.1.1w }
- - { name: openssl, version: 3.0.19 }
- - { name: openssl, version: 3.3.6 }
- - { name: openssl, version: 3.4.4 }
- - { name: openssl, version: 3.5.5 }
- - { name: openssl, version: 3.6.1 }
+ - { name: openssl, version: 3.0.20 }
+ - { name: openssl, version: 3.3.7 }
+ - { name: openssl, version: 3.4.5 }
+ - { name: openssl, version: 3.5.6 }
+ - { name: openssl, version: 3.6.2 }
## AWS-LC
- - { name: aws-lc, version: 1.68.0 }
+ - { name: aws-lc, version: 1.72.1 }
env:
SSLLIB_VER: ${{ matrix.ssllib.version }}
MULTISSL_DIR: ${{ github.workspace }}/multissl
@@ -398,7 +398,7 @@ jobs:
needs: build-context
if: needs.build-context.outputs.run-ubuntu == 'true'
env:
- OPENSSL_VER: 3.5.5
+ OPENSSL_VER: 3.5.6
PYTHONSTRICTEXTENSIONBUILD: 1
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
@@ -506,7 +506,7 @@ jobs:
matrix:
os: [ubuntu-24.04]
env:
- OPENSSL_VER: 3.5.5
+ OPENSSL_VER: 3.5.6
PYTHONSTRICTEXTENSIONBUILD: 1
ASAN_OPTIONS: detect_leaks=0:allocator_may_return_null=1:handle_segv=0
steps:
diff --git a/.github/workflows/reusable-ubuntu.yml
b/.github/workflows/reusable-ubuntu.yml
index 87fba6221fb917..a7e307848af670 100644
--- a/.github/workflows/reusable-ubuntu.yml
+++ b/.github/workflows/reusable-ubuntu.yml
@@ -35,7 +35,7 @@ jobs:
runs-on: ${{ inputs.os }}
timeout-minutes: 60
env:
- OPENSSL_VER: 3.5.5
+ OPENSSL_VER: 3.5.6
PYTHONSTRICTEXTENSIONBUILD: 1
TERM: linux
steps:
diff --git a/Modules/_ssl_data_36.h b/Modules/_ssl_data_36.h
index 5a2e0d067e2dc7..e1c1eb30ff6a7b 100644
--- a/Modules/_ssl_data_36.h
+++ b/Modules/_ssl_data_36.h
@@ -1,6 +1,6 @@
/* File generated by Tools/ssl/make_ssl_data.py */
-/* Generated on 2026-02-13T18:19:19.227109+00:00 */
-/* Generated from Git commit openssl-3.6.1-0-gc9a9e5b10 */
+/* Generated on 2026-05-03T19:50:43.034653+00:00 */
+/* Generated from Git commit openssl-3.6.2-0-gfe686e15d */
/* generated from args.lib2errnum */
static struct py_ssl_library_code library_codes[] = {
@@ -4263,6 +4263,11 @@ static struct py_ssl_error_code error_codes[] = {
#else
{"CONNECT_FAILURE", 61, 100},
#endif
+ #ifdef HTTP_R_CONTENT_TYPE_MISMATCH
+ {"CONTENT_TYPE_MISMATCH", ERR_LIB_HTTP, HTTP_R_CONTENT_TYPE_MISMATCH},
+ #else
+ {"CONTENT_TYPE_MISMATCH", 61, 131},
+ #endif
#ifdef HTTP_R_ERROR_PARSING_ASN1_LENGTH
{"ERROR_PARSING_ASN1_LENGTH", ERR_LIB_HTTP,
HTTP_R_ERROR_PARSING_ASN1_LENGTH},
#else
diff --git a/Tools/ssl/multissltests.py b/Tools/ssl/multissltests.py
index 48207e5330fa90..6be1a5ae94ebc6 100755
--- a/Tools/ssl/multissltests.py
+++ b/Tools/ssl/multissltests.py
@@ -49,11 +49,11 @@
]
OPENSSL_RECENT_VERSIONS = [
- "3.0.19",
- "3.3.6",
- "3.4.4",
- "3.5.5",
- "3.6.1",
+ "3.0.20",
+ "3.3.7",
+ "3.4.5",
+ "3.5.6",
+ "3.6.2",
# See make_ssl_data.py for notes on adding a new version.
]
_______________________________________________
Python-checkins mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3//lists/python-checkins.python.org
Member address: [email protected]
