[3.13] gh-139573: Update OpenSSL in CI (GH-139585)

author Zachary Ware <zach@python.org>

Sun, 5 Oct 2025 01:52:08 +0000 (20:52 -0500)

committer GitHub <noreply@github.com>

Sun, 5 Oct 2025 01:52:08 +0000 (20:52 -0500)
author Zachary Ware <zach@python.org>
Sun, 5 Oct 2025 01:52:08 +0000 (20:52 -0500)
committer GitHub <noreply@github.com>
Sun, 5 Oct 2025 01:52:08 +0000 (20:52 -0500)
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml

index 96bc888b4955ac4e4998b143293d3fcc7f3f9686..083015f8e057b157cd21e2f66dfe529f6f9bd0bd 100644 (file)
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -310,7 +310,7 @@ jobs:
          # Keep 1.1.1w in our list despite it being upstream EOL and otherwise
          # unsupported as it most resembles other 1.1.1-work-a-like ssl APIs
          # supported by important vendors such as AWS-LC.
-        openssl_ver: [1.1.1w, 3.0.15, 3.1.7, 3.2.3, 3.3.2]
+        openssl_ver: [1.1.1w, 3.0.18, 3.1.7, 3.2.6, 3.3.5]
      env:
        OPENSSL_VER: ${{ matrix.openssl_ver }}
        MULTISSL_DIR: ${{ github.workspace }}/multissl
@@ -399,7 +399,7 @@ jobs:
      needs: build-context
      if: needs.build-context.outputs.run-tests == 'true'
      env:
-      OPENSSL_VER: 3.0.15
+      OPENSSL_VER: 3.0.18
        PYTHONSTRICTEXTENSIONBUILD: 1
      steps:
      - uses: actions/checkout@v4
@@ -518,7 +518,7 @@ jobs:
        matrix:
          os: [ubuntu-24.04]
      env:
-      OPENSSL_VER: 3.0.15
+      OPENSSL_VER: 3.0.18
        PYTHONSTRICTEXTENSIONBUILD: 1
        ASAN_OPTIONS: detect_leaks=0:allocator_may_return_null=1:handle_segv=0
      steps:
diff --git a/.github/workflows/reusable-ubuntu.yml b/.github/workflows/reusable-ubuntu.yml

index b2625339d19ab66e3b605891ee6cc9c537cb3227..8d30809738bd7eef07edd1b5965e5ce493446a92 100644 (file)
--- a/.github/workflows/reusable-ubuntu.yml
+++ b/.github/workflows/reusable-ubuntu.yml
@@ -25,7 +25,7 @@ jobs:
        matrix:
          os: [ubuntu-24.04, ubuntu-24.04-arm]
      env:
-      OPENSSL_VER: 3.0.15
+      OPENSSL_VER: 3.0.18
        PYTHONSTRICTEXTENSIONBUILD: 1
        TERM: linux
      steps:
diff --git a/Doc/using/configure.rst b/Doc/using/configure.rst

index 662b5afa88f822799ad52c7e60a9b217147187ae..03039edc71a71e22037db110bc1bfe66deef076f 100644 (file)
--- a/Doc/using/configure.rst
+++ b/Doc/using/configure.rst
@@ -22,7 +22,7 @@ Features and minimum versions required to build CPython:
  
  * Support for threads.
  
-* OpenSSL 1.1.1 is the minimum version and OpenSSL 3.0.9 is the recommended
+* OpenSSL 1.1.1 is the minimum version and OpenSSL 3.0.18 is the recommended
    minimum version for the :mod:`ssl` and :mod:`hashlib` extension modules.
  
  * SQLite 3.15.2 for the :mod:`sqlite3` extension module.
diff --git a/Tools/ssl/multissltests.py b/Tools/ssl/multissltests.py

index ea88a43157bdd31bc866ae8276f139f456c1560e..ef554233e70900c271a5cc33a9bd12c2510710a2 100755 (executable)
--- a/Tools/ssl/multissltests.py
+++ b/Tools/ssl/multissltests.py
@@ -47,10 +47,10 @@ OPENSSL_OLD_VERSIONS = [
  ]
  
  OPENSSL_RECENT_VERSIONS = [
-    "3.0.15",
+    "3.0.18",
      "3.1.7",
-    "3.2.3",
-    "3.3.2",
+    "3.2.6",
+    "3.3.5",
  ]
  
  LIBRESSL_OLD_VERSIONS = [
author	Zachary Ware <zach@python.org>
	Sun, 5 Oct 2025 01:52:08 +0000 (20:52 -0500)
committer	GitHub <noreply@github.com>
	Sun, 5 Oct 2025 01:52:08 +0000 (20:52 -0500)
.github/workflows/build.yml		patch \| blob \| blame \| history
.github/workflows/reusable-ubuntu.yml		patch \| blob \| blame \| history
Doc/using/configure.rst		patch \| blob \| blame \| history
Tools/ssl/multissltests.py		patch \| blob \| blame \| history