gh-127330: Update for OpenSSL 3.4 #127331
Conversation
Also: - Avoid the deprecated `datetime.datetime.utcnow()` - Fix newline This requires that the OpenSSL source tree is a Git checkout, and that you have Git installed. Both should be fine for a tool run manually by people who can change the tool.
encukou
changed the title
|
!buildbot Arch |
|
🤖 New build scheduled with the buildbot fleet by @encukou for commit ea72022 🤖 The command will test the builders whose names match following regular expression: The builders matched are:
|
|
I think this looks right, but I've never actually done the process myself :-) The only other thing we might want is bumping the version that's used in the Windows and macOS builds. |
|
I believe @gpshead has done these updates most recently. |
Up to now, we've treated that as a separate decision, independent of what version(s) CPython supports. In particular, we have been taking the conservative approach and sticking with OpenSSL 3.0.x which is documented as that project's LTS version. We will eventually have to revisit that, i.e. before 2026-09-07, but it doesn't need to be part of this process. |
Add
git describeoutput to headers generated bymake_ssl_data.pyIMO, this info is more important than the date when the file was generated.
It does mean that the tool now requires a Git checkout of OpenSSL, not for example a release tarball.
I've regenerated the older file to add the info. To the other older file I added a note about manual edits.
Add notes on how to add a new OpenSSL version
I believe that what I wrote is the correct process. ssl experts, do you want to you verify? @jackjansen, @tiran, @dstufft, @alex
Add 3.4 error messages and multissl tests
Hopefully we'll start getting fewer
[SYS] unknown errorin tests! (See #127257)