gh-94682: Build and test with OpenSSL 1.1.1q (gh-94683)

diff --git a/.azure-pipelines/ci.yml b/.azure-pipelines/ci.yml
index 9e9ce2108ed818d7f6bd9c68e62f9fd368a05c3c..bf164d19ef2234fe7f3a54bc9dba48107b70a613 100644 (file)
--- a/.azure-pipelines/ci.yml
+++ b/.azure-pipelines/ci.yml
@@ -57,7 +57,7 @@ jobs:
   variables:
     testRunTitle: '$(build.sourceBranchName)-linux'
     testRunPlatform: linux
-    openssl_version: 1.1.1n
+    openssl_version: 1.1.1q
 
   steps:
   - template: ./posix-steps.yml
@@ -83,7 +83,7 @@ jobs:
   variables:
     testRunTitle: '$(Build.SourceBranchName)-linux-coverage'
     testRunPlatform: linux-coverage
-    openssl_version: 1.1.1n
+    openssl_version: 1.1.1q
 
   steps:
   - template: ./posix-steps.yml

diff --git a/.azure-pipelines/pr.yml b/.azure-pipelines/pr.yml
index c3ecc67057280268611cf4bd06e6b2834ea50027..3cbd19fda982f177ec675a279e22bc1ec674293f 100644 (file)
--- a/.azure-pipelines/pr.yml
+++ b/.azure-pipelines/pr.yml
@@ -57,7 +57,7 @@ jobs:
   variables:
     testRunTitle: '$(system.pullRequest.TargetBranch)-linux'
     testRunPlatform: linux
-    openssl_version: 1.1.1n
+    openssl_version: 1.1.1q
 
   steps:
   - template: ./posix-steps.yml
@@ -83,7 +83,7 @@ jobs:
   variables:
     testRunTitle: '$(Build.SourceBranchName)-linux-coverage'
     testRunPlatform: linux-coverage
-    openssl_version: 1.1.1n
+    openssl_version: 1.1.1q
 
   steps:
   - template: ./posix-steps.yml

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index d800442ad07e36ff3e99f5d8dc1d51ca83dae77b..1db5c505149397ad06ed61b2bb420aecfa96be3d 100644 (file)
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -175,7 +175,7 @@ jobs:
     needs: check_source
     if: needs.check_source.outputs.run_tests == 'true'
     env:
-      OPENSSL_VER: 1.1.1n
+      OPENSSL_VER: 1.1.1q
       PYTHONSTRICTEXTENSIONBUILD: 1
     steps:
     - uses: actions/checkout@v3
@@ -234,7 +234,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        openssl_ver: [1.1.1n, 3.0.2]
+        openssl_ver: [1.1.1q, 3.0.5]
     env:
       OPENSSL_VER: ${{ matrix.openssl_ver }}
       MULTISSL_DIR: ${{ github.workspace }}/multissl
@@ -281,7 +281,7 @@ jobs:
     needs: check_source
     if: needs.check_source.outputs.run_tests == 'true'
     env:
-      OPENSSL_VER: 1.1.1n
+      OPENSSL_VER: 1.1.1q
       PYTHONSTRICTEXTENSIONBUILD: 1
       ASAN_OPTIONS: detect_leaks=0:allocator_may_return_null=1:handle_segv=0
     steps:

diff --git a/Mac/BuildScript/build-installer.py b/Mac/BuildScript/build-installer.py
index a1d31c423814b325f7992f798c96d31b889f8792..65fc013999dcd007fba0842e664dcfb090f22b56 100755 (executable)
--- a/Mac/BuildScript/build-installer.py
+++ b/Mac/BuildScript/build-installer.py
@@ -246,9 +246,9 @@ def library_recipes():
 
     result.extend([
           dict(
-              name="OpenSSL 1.1.1n",
-              url="https://www.openssl.org/source/openssl-1.1.1n.tar.gz",
-              checksum='2aad5635f9bb338bc2c6b7d19cbc9676',
+              name="OpenSSL 1.1.1q",
+              url="https://www.openssl.org/source/openssl-1.1.1q.tar.gz",
+              checksum='d7939ce614029cdff0b6c20f0e2e5703158a489a72b2507b8bd51bf8c8fd10ca',
               buildrecipe=build_universal_openssl,
               configure=None,
               install=None,
@@ -797,10 +797,16 @@ def verifyThirdPartyFile(url, checksum, fname):
         print("Downloading %s"%(name,))
         downloadURL(url, fname)
         print("Archive for %s stored as %s"%(name, fname))
+    if len(checksum) == 32:
+        algo = 'md5'
+    elif len(checksum) == 64:
+        algo = 'sha256'
+    else:
+        raise ValueError(checksum)
     if os.system(
-            'MD5=$(openssl md5 %s) ; test "${MD5##*= }" = "%s"'
-                % (shellQuote(fname), checksum) ):
-        fatal('MD5 checksum mismatch for file %s' % fname)
+            'CHECKSUM=$(openssl %s %s) ; test "${CHECKSUM##*= }" = "%s"'
+                % (algo, shellQuote(fname), checksum) ):
+        fatal('%s checksum mismatch for file %s' % (algo, fname))
 
 def build_universal_openssl(basedir, archList):
     """

diff --git a/Misc/NEWS.d/next/Build/2022-07-08-10-28-23.gh-issue-94682.ZtGt_0.rst b/Misc/NEWS.d/next/Build/2022-07-08-10-28-23.gh-issue-94682.ZtGt_0.rst
new file mode 100644 (file)
index 0000000..60717a1
--- /dev/null
+++ b/Misc/NEWS.d/next/Build/2022-07-08-10-28-23.gh-issue-94682.ZtGt_0.rst
@@ -0,0 +1 @@
+Build and test with OpenSSL 1.1.1q

diff --git a/PCbuild/get_externals.bat b/PCbuild/get_externals.bat
index d29344517988583f26ffdbb1681f13fabd719aad..cd211f13e355e5cf52d285ad99fb2456030b04cf 100644 (file)
--- a/PCbuild/get_externals.bat
+++ b/PCbuild/get_externals.bat
@@ -53,7 +53,7 @@ echo.Fetching external libraries...
 set libraries=
 set libraries=%libraries%                                       bzip2-1.0.8
 if NOT "%IncludeLibffiSrc%"=="false" set libraries=%libraries%  libffi-3.4.2
-if NOT "%IncludeSSLSrc%"=="false" set libraries=%libraries%     openssl-1.1.1n
+if NOT "%IncludeSSLSrc%"=="false" set libraries=%libraries%     openssl-1.1.1q
 set libraries=%libraries%                                       sqlite-3.38.4.0
 if NOT "%IncludeTkinterSrc%"=="false" set libraries=%libraries% tcl-core-8.6.12.1
 if NOT "%IncludeTkinterSrc%"=="false" set libraries=%libraries% tk-8.6.12.1
@@ -77,7 +77,7 @@ echo.Fetching external binaries...
 
 set binaries=
 if NOT "%IncludeLibffi%"=="false"  set binaries=%binaries% libffi-3.4.2
-if NOT "%IncludeSSL%"=="false"     set binaries=%binaries% openssl-bin-1.1.1n
+if NOT "%IncludeSSL%"=="false"     set binaries=%binaries% openssl-bin-1.1.1q
 if NOT "%IncludeTkinter%"=="false" set binaries=%binaries% tcltk-8.6.12.1
 if NOT "%IncludeSSLSrc%"=="false"  set binaries=%binaries% nasm-2.11.06
 

diff --git a/PCbuild/python.props b/PCbuild/python.props
index 7f10e7c45ef7b70b83e38f6678e86954b8e0cf69..efcb480976b6a2db9accf06f2069c153965bc239 100644 (file)
--- a/PCbuild/python.props
+++ b/PCbuild/python.props
@@ -67,8 +67,8 @@
     <libffiDir>$(ExternalsDir)libffi-3.4.2\</libffiDir>
     <libffiOutDir>$(ExternalsDir)libffi-3.4.2\$(ArchName)\</libffiOutDir>
     <libffiIncludeDir>$(libffiOutDir)include</libffiIncludeDir>
-    <opensslDir>$(ExternalsDir)openssl-1.1.1n\</opensslDir>
-    <opensslOutDir>$(ExternalsDir)openssl-bin-1.1.1n\$(ArchName)\</opensslOutDir>
+    <opensslDir>$(ExternalsDir)openssl-1.1.1q\</opensslDir>
+    <opensslOutDir>$(ExternalsDir)openssl-bin-1.1.1q\$(ArchName)\</opensslOutDir>
     <opensslIncludeDir>$(opensslOutDir)include</opensslIncludeDir>
     <nasmDir>$(ExternalsDir)\nasm-2.11.06\</nasmDir>
     <zlibDir>$(ExternalsDir)\zlib-1.2.12\</zlibDir>

diff --git a/PCbuild/readme.txt b/PCbuild/readme.txt
index e4cad75189c9722c5614adf3db0b3706c1b63ec9..c536fac94cc68068af06d55cfb0145be4a8b2209 100644 (file)
--- a/PCbuild/readme.txt
+++ b/PCbuild/readme.txt
@@ -168,7 +168,7 @@ _lzma
     Homepage:
         https://tukaani.org/xz/
 _ssl
-    Python wrapper for version 1.1.1k of the OpenSSL secure sockets
+    Python wrapper for version 1.1.1q of the OpenSSL secure sockets
     library, which is downloaded from our binaries repository at
     https://github.com/python/cpython-bin-deps.
 

diff --git a/Tools/ssl/multissltests.py b/Tools/ssl/multissltests.py
index 24ddd2a20913a281f8677cf69f3fcba79c3cd458..d64b4f66f5192bd9d235323abd1d12fa95ba5571 100755 (executable)
--- a/Tools/ssl/multissltests.py
+++ b/Tools/ssl/multissltests.py
@@ -46,8 +46,8 @@ OPENSSL_OLD_VERSIONS = [
 ]
 
 OPENSSL_RECENT_VERSIONS = [
-    "1.1.1n",
-    "3.0.2"
+    "1.1.1q",
+    "3.0.5"
 ]
 
 LIBRESSL_OLD_VERSIONS = [