On 29/06/2019 21.53, Ned Deily wrote: > On Jun 6, 2019, at 01:43, Ned Deily <n...@python.org> wrote: >> >> https://discuss.python.org/t/python-3-7-4rc1-and-3-6-9rc1-cutoffs-ahead-now-set-for-2019-06-17/1824 >> [...] >> Following the rc1 cutoff, changes merged to the >> 3.7 branch will be released in 3.7.5 three months from now unless you >> mark the issue as a release blocker prior to **3.7.4 final**, planned for >> release on **2019-06-28**, and explain why the change should be >> cherry-picked into the final release. > > Update: 3.7.4 final is delayed at least a few days > > A few last minute release blocker issues were identified shortly before 3.7.4 > final was about to tagged as planned on 2019-06-28, in particular, a couple > of TLS 1.3 issues which are of particular importance since we are migrating > Windows and macOS installers to OpenSSL 1.1.1 with this release. We are now > on hold awaiting resolutions for the remaining items and then we will need to > decide whether another release candidate is needed. I am hopeful we will be > able to proceed by Monday 2019-07-01; I will keep you updated. And thanks > for your help!
Thanks Ned! the issues are related to TLS 1.3 and client cert authentication. TLS 1.3 dropped renegotiation in favor of rekeying and post-handshake authentication. PHA is required for conditional authentication in HTTP, e.g. when a server only requires authentication for some paths or request methods. PR https://github.com/python/cpython/pull/14421 fixes a regression in my PHA code for Python's ssl module. OpenSSL behaves slightly differently than documented. SSLContext.post_handshake_auth = True also enabled server cert validation. Alex has reviewed the PR but likes to have a second opinion. PR https://github.com/python/cpython/pull/14448 enables PHA for http.client. Christian _______________________________________________ Python-Dev mailing list -- python-dev@python.org To unsubscribe send an email to python-dev-le...@python.org https://mail.python.org/mailman3/lists/python-dev.python.org/ Message archived at https://mail.python.org/archives/list/python-dev@python.org/message/46U6OW6UQ7AGVKF6XIJVL7SPT3MKTDI3/