[3.14] gh-139573: Update OpenSSL in CI (GH-139577) (#139583)

author Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>

Sun, 5 Oct 2025 04:50:26 +0000 (06:50 +0200)

committer GitHub <noreply@github.com>

Sun, 5 Oct 2025 04:50:26 +0000 (07:50 +0300)
author Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
Sun, 5 Oct 2025 04:50:26 +0000 (06:50 +0200)
committer GitHub <noreply@github.com>
Sun, 5 Oct 2025 04:50:26 +0000 (07:50 +0300)
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml

index 83abaf89d126e625adaf8aba5020ab2125456c36..cc79c9175b8cafe95dd952b91b532042a1ae0713 100644 (file)
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -320,7 +320,7 @@ jobs:
          # Keep 1.1.1w in our list despite it being upstream EOL and otherwise
          # unsupported as it most resembles other 1.1.1-work-a-like ssl APIs
          # supported by important vendors such as AWS-LC.
-        openssl_ver: [1.1.1w, 3.0.17, 3.2.5, 3.3.4, 3.4.2, 3.5.2]
+        openssl_ver: [1.1.1w, 3.0.18, 3.2.6, 3.3.5, 3.4.3, 3.5.4]
          # See Tools/ssl/make_ssl_data.py for notes on adding a new version
      env:
        OPENSSL_VER: ${{ matrix.openssl_ver }}
@@ -410,7 +410,7 @@ jobs:
      needs: build-context
      if: needs.build-context.outputs.run-tests == 'true'
      env:
-      OPENSSL_VER: 3.0.16
+      OPENSSL_VER: 3.0.18
        PYTHONSTRICTEXTENSIONBUILD: 1
      steps:
      - uses: actions/checkout@v4
@@ -530,7 +530,7 @@ jobs:
        matrix:
          os: [ubuntu-24.04]
      env:
-      OPENSSL_VER: 3.0.16
+      OPENSSL_VER: 3.0.18
        PYTHONSTRICTEXTENSIONBUILD: 1
        ASAN_OPTIONS: detect_leaks=0:allocator_may_return_null=1:handle_segv=0
      steps:
diff --git a/.github/workflows/reusable-ubuntu.yml b/.github/workflows/reusable-ubuntu.yml

index 76b19fd5d1a72e2a3d07959cdbb9e6a323968307..7f8b9fdf5d66399c29346a53d8730e02803da50a 100644 (file)
--- a/.github/workflows/reusable-ubuntu.yml
+++ b/.github/workflows/reusable-ubuntu.yml
@@ -30,7 +30,7 @@ jobs:
      runs-on: ${{ inputs.os }}
      timeout-minutes: 60
      env:
-      OPENSSL_VER: 3.0.15
+      OPENSSL_VER: 3.0.18
        PYTHONSTRICTEXTENSIONBUILD: 1
        TERM: linux
      steps:
diff --git a/Doc/using/configure.rst b/Doc/using/configure.rst

index 2cda9587975ddcd8a70c7fe3391d966b456be313..d5a329578ad83353ef71bfd8bde356efdc6bb431 100644 (file)
--- a/Doc/using/configure.rst
+++ b/Doc/using/configure.rst
@@ -22,7 +22,7 @@ Features and minimum versions required to build CPython:
  
  * Support for threads.
  
-* OpenSSL 1.1.1 is the minimum version and OpenSSL 3.0.16 is the recommended
+* OpenSSL 1.1.1 is the minimum version and OpenSSL 3.0.18 is the recommended
    minimum version for the :mod:`ssl` and :mod:`hashlib` extension modules.
  
  * SQLite 3.15.2 for the :mod:`sqlite3` extension module.
diff --git a/Modules/_ssl_data_35.h b/Modules/_ssl_data_35.h

index 9e69eaa910f0033f904491ba065fde6f6796d33d..e4919b550e3a890dcb5325423dc4f6d789f3172e 100644 (file)
--- a/Modules/_ssl_data_35.h
+++ b/Modules/_ssl_data_35.h
@@ -1,6 +1,6 @@
  /* File generated by Tools/ssl/make_ssl_data.py */
-/* Generated on 2025-08-13T16:42:33.155822+00:00 */
-/* Generated from Git commit openssl-3.5.2-0-g0893a6235 */
+/* Generated on 2025-10-04T17:49:19.148321+00:00 */
+/* Generated from Git commit openssl-3.5.4-0-gc1eeb9406 */
  
  /* generated from args.lib2errnum */
  static struct py_ssl_library_code library_codes[] = {
@@ -5338,6 +5338,11 @@ static struct py_ssl_error_code error_codes[] = {
    #else
      {"FIPS_MODULE_ENTERING_ERROR_STATE", 57, 224},
    #endif
+  #ifdef PROV_R_FIPS_MODULE_IMPORT_PCT_ERROR
+    {"FIPS_MODULE_IMPORT_PCT_ERROR", ERR_LIB_PROV, PROV_R_FIPS_MODULE_IMPORT_PCT_ERROR},
+  #else
+    {"FIPS_MODULE_IMPORT_PCT_ERROR", 57, 253},
+  #endif
    #ifdef PROV_R_FIPS_MODULE_IN_ERROR_STATE
      {"FIPS_MODULE_IN_ERROR_STATE", ERR_LIB_PROV, PROV_R_FIPS_MODULE_IN_ERROR_STATE},
    #else
diff --git a/Tools/ssl/multissltests.py b/Tools/ssl/multissltests.py

index da21e7d97965d123ff583220e34614b4bc23bbb6..ab9840c1c5252d61e67a1e399d8be23e2ad9ecbf 100755 (executable)
--- a/Tools/ssl/multissltests.py
+++ b/Tools/ssl/multissltests.py
@@ -48,11 +48,11 @@ OPENSSL_OLD_VERSIONS = [
  ]
  
  OPENSSL_RECENT_VERSIONS = [
-    "3.0.16",
-    "3.2.5",
-    "3.3.4",
-    "3.4.2",
-    "3.5.2",
+    "3.0.18",
+    "3.2.6",
+    "3.3.5",
+    "3.4.3",
+    "3.5.4",
      # See make_ssl_data.py for notes on adding a new version.
  ]
author	Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
	Sun, 5 Oct 2025 04:50:26 +0000 (06:50 +0200)
committer	GitHub <noreply@github.com>
	Sun, 5 Oct 2025 04:50:26 +0000 (07:50 +0300)
.github/workflows/build.yml		patch \| blob \| blame \| history
.github/workflows/reusable-ubuntu.yml		patch \| blob \| blame \| history
Doc/using/configure.rst		patch \| blob \| blame \| history
Modules/_ssl_data_35.h		patch \| blob \| blame \| history
Tools/ssl/multissltests.py		patch \| blob \| blame \| history