gh-131423: Update OpenSSL to 3.0.16 (macOS, Windows) and 3.4.1 (Linux) #131618
+9,437
−92
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Since mnemonics from 3.4.1 are different (renumbered) from 3.4.0. To ease future updates, we assume the following: `_ssl_data_<MAJOR><PATCH>.h` contains the latest OpenSSL data. If the previous `_ssl_data_<MAJOR><PATCH>.h` file is incompatible with the newest one (e.g., because some mnemonics were renamed or removed), the old one is renamed to `_ssl_data_<MAJOR><MINOR><PATCH>.h` where <PATCH> is the patch number it was based upon. In this commit, OpenSSL 3.4.1 mnemonics are not compatible with OpenSSL 3.4.0 mnemonics as they were renumbered. Therefore, `_ssl_data_34.h` is renamed to `_ssl_data_340.h` and `_ssl_data_34x.h` now contains OpenSSL 3.4.1 mnemonics. We also refined the mnemonics that are selected, discarding those that are mnemonics-like but should not be used as such (e.g., ERR_LIB_MASK and ERR_LIB_OFFSET for OpenSSL 1.1.1).
4 tasks
picnixz
force-pushed
the
ci/update/ssl-versions-131423
branch
from
05ee142 to
5bbc702
Compare
picnixz
requested review from
a team,
erlend-aasland,
corona10,
ezio-melotti,
hugovk and
AA-Turner
as code owners
encukou
reviewed
Mar 24, 2025
Comment on lines
+146
to
+147
| # FEAT(picnixz): in the future, we may want to also check | ||
| # the consistency of the OpenSSL files with an external tool. |
There was a problem hiding this comment.
Could you track that in an issue instead?
picnixz
commented
Mar 24, 2025
picnixz
commented
Mar 24, 2025
picnixz
commented
Mar 24, 2025
picnixz
commented
Mar 24, 2025
picnixz
commented
Mar 24, 2025
|
arf, I'm not on my Linux so I can't regen :< I'm leaving tomorrow morning so I'm not really sure I'll be able to commit before leaving, but otherwise, just take over the PR and regen the data! |
picnixz
commented
Mar 24, 2025
ned-deily
reviewed
Mar 26, 2025
picnixz
force-pushed
the
ci/update/ssl-versions-131423
branch
from
38bcd15 to
41863fb
Compare
|
I'll wait for #131804 to be merged until bumping the Linux mnemonics and CI |
zooba
reviewed
Mar 28, 2025
Misc/NEWS.d/next/Windows/2025-03-23-11-32-35.gh-issue-131423.lcSz9s.rst
Outdated
Show resolved
Hide resolved
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I've also updated the
make_ssl_data.pyscript that @encukou has recently updated as well. I completed with instructions that I thought usefull for future maintainers.📚 Documentation preview 📚: https://cpython-previews--131618.org.readthedocs.build/