[3.14] gh-135261: bring back CI job for testing OpenSSL 1.1.1w (GH-135262) (#138109)

gh-135261: bring back CI job for testing OpenSSL 1.1.1w (GH-135262)

This partially reverts commit d83e30caddcbf9482273743d287577517ec735b7
by bringing back the CI job for testing OpenSSL 1.1.1w. Despite this
version being upstream EOL, the rationale for keeping it as follows:

- It most resembles other 1.1.1-work-a-like ssl APIs supported by important vendors.
- Python officially requires OpenSSL 1.1.1 or later, although OpenSSL 3.0 or later
  is recommended for cryptographic modules. Since changing the build requirements
  requires a transition period, we need to keep testing the allowed versions.
- The code base still contains calls to OpenSSL functions that are deprecated since
  OpenSSL 3.0 as well as `ifdef` blocks constrained to OpenSSL 1.1.1.

(cherry picked from commit 96b7a2eba423b42320f15fd4974740e3e930bb8b)

Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 5c4750661e6d5bff2121e590b89ea9f64ca0fb61..44f015e2bca0baa607154734920aed66f17814f4 100644 (file)
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -317,7 +317,10 @@ jobs:
       fail-fast: false
       matrix:
         os: [ubuntu-24.04]
-        openssl_ver: [3.0.17, 3.2.5, 3.3.4, 3.4.2, 3.5.2]
+        # Keep 1.1.1w in our list despite it being upstream EOL and otherwise
+        # unsupported as it most resembles other 1.1.1-work-a-like ssl APIs
+        # supported by important vendors such as AWS-LC.
+        openssl_ver: [1.1.1w, 3.0.17, 3.2.5, 3.3.4, 3.4.2, 3.5.2]
         # See Tools/ssl/make_ssl_data.py for notes on adding a new version
     env:
       OPENSSL_VER: ${{ matrix.openssl_ver }}