From: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> Date: Tue, 26 Aug 2025 05:45:08 +0000 (+0200) Subject: [3.14] gh-135261: bring back CI job for testing OpenSSL 1.1.1w (GH-135262) (#138109) X-Git-Tag: v3.14.0rc3~130 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=01afaccce6d7a91c4292f6b0febde5d5b3b976be;p=thirdparty%2FPython%2Fcpython.git [3.14] gh-135261: bring back CI job for testing OpenSSL 1.1.1w (GH-135262) (#138109) gh-135261: bring back CI job for testing OpenSSL 1.1.1w (GH-135262) This partially reverts commit d83e30caddcbf9482273743d287577517ec735b7 by bringing back the CI job for testing OpenSSL 1.1.1w. Despite this version being upstream EOL, the rationale for keeping it as follows: - It most resembles other 1.1.1-work-a-like ssl APIs supported by important vendors. - Python officially requires OpenSSL 1.1.1 or later, although OpenSSL 3.0 or later is recommended for cryptographic modules. Since changing the build requirements requires a transition period, we need to keep testing the allowed versions. - The code base still contains calls to OpenSSL functions that are deprecated since OpenSSL 3.0 as well as `ifdef` blocks constrained to OpenSSL 1.1.1. (cherry picked from commit 96b7a2eba423b42320f15fd4974740e3e930bb8b) Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com> --- diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 5c4750661e6d..44f015e2bca0 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -317,7 +317,10 @@ jobs: fail-fast: false matrix: os: [ubuntu-24.04] - openssl_ver: [3.0.17, 3.2.5, 3.3.4, 3.4.2, 3.5.2] + # Keep 1.1.1w in our list despite it being upstream EOL and otherwise + # unsupported as it most resembles other 1.1.1-work-a-like ssl APIs + # supported by important vendors such as AWS-LC. + openssl_ver: [1.1.1w, 3.0.17, 3.2.5, 3.3.4, 3.4.2, 3.5.2] # See Tools/ssl/make_ssl_data.py for notes on adding a new version env: OPENSSL_VER: ${{ matrix.openssl_ver }}