Ned Deily added the comment:
For what it's worth, the resolution of Issue23476 uses an API that was added in
OpenSSL 1.0.2.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue23686
___
Marc-Andre Lemburg added the comment:
Are you sure you want to go with OpenSSL 1.0.2a ? It typically takes a few
patch level releases for them to clear out all the major bugs (including
security relevant ones).
For egenix-pyopenssl, we've chose to stay with 1.0.1 for the time being until
the
Marc-Andre Lemburg added the comment:
On 14.04.2015 01:41, Donald Stufft wrote:
I'm pretty massively +1 in Python shipping 1.0.2 (or really, whatever the
latest OpenSSL is) wherever it can, including the OSX installers even on
systems where Apple ships it's ancient OpenSSL.
Eventually,
Donald Stufft added the comment:
I think 1.0.2 is the only version of OpenSSL that has the ability to short
circuit the chain validation which is something that makes it easier for
libraries like requests to remove the weak 1024 bit roots from their SSL
certificate store.
It's also needed
Marc-Andre Lemburg added the comment:
On 14.04.2015 01:36, Ned Deily wrote:
https://github.com/openssl/openssl/pull/218
(certificate expiry checks not working)
That issue appears to have been fixed in 1.0.2a, no?
Yes, but it shows the kind of errors to expect in the early
stages of a new
Ned Deily added the comment:
I don't have a really strong feeling one way or the other. It's not a big
issue for the OS X installers as this only affects the much-less-used
32-bit-only installer for old systems. So this is really primarily an issue
affecting the Windows installers. I guess
Marc-Andre Lemburg added the comment:
On 14.04.2015 00:29, Ned Deily wrote:
For what it's worth, the resolution of Issue23476 uses an API that was added
in OpenSSL 1.0.2.
Hmm, I don't think that's a good move at this time.
Most Linux users won't benefit from this since their system
Zachary Ware added the comment:
That works for me.
Of course, the thing we both forgot was NEWS.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue23686
___
Steve Dower added the comment:
The ability was already gone with the first round of project changes (hence why
we needed more changes for 1.0.2a). Worth keeping in mind, but I certainly
appreciate the significantly reduced build time.
Maybe when/if people complain, we can add a switch that
Roundup Robot added the comment:
New changeset 1e64d57422ee by Steve Dower in branch 'default':
Closes #23686: Update Windows installer OpenSSL to 1.0.2a
https://hg.python.org/cpython/rev/1e64d57422ee
--
resolution: - fixed
stage: needs patch - resolved
status: open - closed
Steve Dower added the comment:
Attached a patch that updates 3.5. Zach - please let me know if I missed
something you'd normally do for this.
--
keywords: +patch
Added file: http://bugs.python.org/file38901/23686_35.patch
___
Python tracker
Zachary Ware added the comment:
Looks like that covers it. The one thing I'm concerned about is that,
historically, we've always said you can point our build system at whatever
version of OpenSSL you want and it should work, but obviously this locks us in
to 1.0.2+. Really, there shouldn't
Roundup Robot added the comment:
New changeset 05a502da108f by Zachary Ware in branch '2.7':
Issue #23686: Update Windows build to use OpenSSL 1.0.2a
https://hg.python.org/cpython/rev/05a502da108f
New changeset 404e4adf492c by Zachary Ware in branch '3.4':
Issue #23686: Update Windows build to
Zachary Ware added the comment:
I've updated 2.7 and 3.4, but 3.5 is a different matter. Steve, I'll want to
take a look at it with you at the sprints; 1.0.2 changed enough that the
projects you wrote for OpenSSL broke.
--
___
Python tracker
Roundup Robot added the comment:
New changeset 447794596266 by Ned Deily in branch '2.7':
Issue #23686: Update OS X 10.5 installer build to use OpenSSL 1.0.2a.
https://hg.python.org/cpython/rev/447794596266
New changeset 59b8a83ea50b by Ned Deily in branch '3.4':
Issue #23686: Update OS X 10.5
Ned Deily added the comment:
1.0.2a is now available.
https://www.openssl.org/source/openssl-1.0.2a.tar.gz
The OS X 10.5 installer builds are now updated. Leaving the issue open for
updates to the Windows installers.
--
___
Python tracker
Changes by Ned Deily n...@acm.org:
--
title: Upgrade copy of OpenSSL bundled with Python - Update Windows and OS X
installer OpenSSL to 1.0.2a
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue23686
17 matches
Mail list logo
