https://github.com/python/cpython/commit/98e748b3a0d97bd2c785efc63693f971113b3b63
commit: 98e748b3a0d97bd2c785efc63693f971113b3b63
branch: main
author: Zachary Ware <[email protected]>
committer: zware <[email protected]>
date: 2025-10-04T19:43:17-05:00
summary:
gh-139573: Update OpenSSL in CI (GH-139577)
files:
M .github/workflows/build.yml
M .github/workflows/reusable-ubuntu.yml
M Doc/using/configure.rst
M Modules/_ssl_data_35.h
M Tools/ssl/multissltests.py
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index ebfaf32e193bcb..47d38b7542913c 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -273,7 +273,7 @@ jobs:
# Keep 1.1.1w in our list despite it being upstream EOL and otherwise
# unsupported as it most resembles other 1.1.1-work-a-like ssl APIs
# supported by important vendors such as AWS-LC.
- openssl_ver: [1.1.1w, 3.0.17, 3.2.5, 3.3.4, 3.4.2, 3.5.2]
+ openssl_ver: [1.1.1w, 3.0.18, 3.2.6, 3.3.5, 3.4.3, 3.5.4]
# See Tools/ssl/make_ssl_data.py for notes on adding a new version
env:
OPENSSL_VER: ${{ matrix.openssl_ver }}
@@ -438,7 +438,7 @@ jobs:
needs: build-context
if: needs.build-context.outputs.run-tests == 'true'
env:
- OPENSSL_VER: 3.0.16
+ OPENSSL_VER: 3.0.18
PYTHONSTRICTEXTENSIONBUILD: 1
steps:
- uses: actions/checkout@v4
@@ -558,7 +558,7 @@ jobs:
matrix:
os: [ubuntu-24.04]
env:
- OPENSSL_VER: 3.0.16
+ OPENSSL_VER: 3.0.18
PYTHONSTRICTEXTENSIONBUILD: 1
ASAN_OPTIONS: detect_leaks=0:allocator_may_return_null=1:handle_segv=0
steps:
diff --git a/.github/workflows/reusable-ubuntu.yml
b/.github/workflows/reusable-ubuntu.yml
index 76b19fd5d1a72e..7f8b9fdf5d6639 100644
--- a/.github/workflows/reusable-ubuntu.yml
+++ b/.github/workflows/reusable-ubuntu.yml
@@ -30,7 +30,7 @@ jobs:
runs-on: ${{ inputs.os }}
timeout-minutes: 60
env:
- OPENSSL_VER: 3.0.15
+ OPENSSL_VER: 3.0.18
PYTHONSTRICTEXTENSIONBUILD: 1
TERM: linux
steps:
diff --git a/Doc/using/configure.rst b/Doc/using/configure.rst
index b3a9e081edc9f5..b05e0600114757 100644
--- a/Doc/using/configure.rst
+++ b/Doc/using/configure.rst
@@ -22,7 +22,7 @@ Features and minimum versions required to build CPython:
* Support for threads.
-* OpenSSL 1.1.1 is the minimum version and OpenSSL 3.0.16 is the recommended
+* OpenSSL 1.1.1 is the minimum version and OpenSSL 3.0.18 is the recommended
minimum version for the :mod:`ssl` and :mod:`hashlib` extension modules.
* SQLite 3.15.2 for the :mod:`sqlite3` extension module.
diff --git a/Modules/_ssl_data_35.h b/Modules/_ssl_data_35.h
index 9e69eaa910f003..e4919b550e3a89 100644
--- a/Modules/_ssl_data_35.h
+++ b/Modules/_ssl_data_35.h
@@ -1,6 +1,6 @@
/* File generated by Tools/ssl/make_ssl_data.py */
-/* Generated on 2025-08-13T16:42:33.155822+00:00 */
-/* Generated from Git commit openssl-3.5.2-0-g0893a6235 */
+/* Generated on 2025-10-04T17:49:19.148321+00:00 */
+/* Generated from Git commit openssl-3.5.4-0-gc1eeb9406 */
/* generated from args.lib2errnum */
static struct py_ssl_library_code library_codes[] = {
@@ -5338,6 +5338,11 @@ static struct py_ssl_error_code error_codes[] = {
#else
{"FIPS_MODULE_ENTERING_ERROR_STATE", 57, 224},
#endif
+ #ifdef PROV_R_FIPS_MODULE_IMPORT_PCT_ERROR
+ {"FIPS_MODULE_IMPORT_PCT_ERROR", ERR_LIB_PROV,
PROV_R_FIPS_MODULE_IMPORT_PCT_ERROR},
+ #else
+ {"FIPS_MODULE_IMPORT_PCT_ERROR", 57, 253},
+ #endif
#ifdef PROV_R_FIPS_MODULE_IN_ERROR_STATE
{"FIPS_MODULE_IN_ERROR_STATE", ERR_LIB_PROV,
PROV_R_FIPS_MODULE_IN_ERROR_STATE},
#else
diff --git a/Tools/ssl/multissltests.py b/Tools/ssl/multissltests.py
index c0559446982eab..56976de49989ec 100755
--- a/Tools/ssl/multissltests.py
+++ b/Tools/ssl/multissltests.py
@@ -48,11 +48,11 @@
]
OPENSSL_RECENT_VERSIONS = [
- "3.0.16",
- "3.2.5",
- "3.3.4",
- "3.4.2",
- "3.5.2",
+ "3.0.18",
+ "3.2.6",
+ "3.3.5",
+ "3.4.3",
+ "3.5.4",
# See make_ssl_data.py for notes on adding a new version.
]
_______________________________________________
Python-checkins mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3//lists/python-checkins.python.org
Member address: [email protected]
