Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use openSSL 3.0.x for Python 3.8+ #1498

Closed
wants to merge 2 commits into from
Closed

Use openSSL 3.0.x for Python 3.8+ #1498

wants to merge 2 commits into from

Conversation

marcelotduarte
Copy link
Contributor

No description provided.

mayeut
mayeut requested changes Jun 10, 2023
View reviewed changes
Copy link
Member

@mayeut mayeut left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR
Mostly waiting for OpenSSL 1.1.1 EOL (2023-09-11) to switch to OpenSSL 3.x
If I'm not mistaken, there were some issues with OpenSSL 3 with older CPython versions. I think CPython 3.7 received some back ports (CPython 3.8 should have full support) but not CPython 3.6 (which is EOL).
I do have a branch locally to test OpenSSL 3.x build.
I went to a dynamic build on that branch so I have a bit more changes than in this PR.

One of the changes missing here is the change to update_native_dependencies.py to get the update workflow checking for OpenSSL 3.0.x updates rather than 1.1.1 updates.

@h-vetinari
Copy link

I think CPython 3.7 received some back ports (CPython 3.8 should have full support)

Indeed 3.7 is not fully ready for OpenSSL 3.0 AFAIK, but OTOH, it will become end of life this month.

h-vetinari
h-vetinari reviewed Jun 19, 2023
View reviewed changes
docker/Dockerfile Outdated Show resolved Hide resolved
@marcelotduarte
Copy link
Contributor Author

marcelotduarte commented Sep 13, 2023
edited
Loading

@mayeut Sorry, I didn't have time to continue this PR. For me personally, it would be interesting to have openssl3 in Python 3.10+, but I see that in CPython, for macOS and Windows they only release installers for 3.11+ (even because they no longer produce installers for version 3.10, which is under security fix).
python/cpython#107565

I think CPython 3.7 received some back ports (CPython 3.8 should have full support)

Indeed 3.7 is not fully ready for OpenSSL 3.0 AFAIK, but OTOH, it will become end of life this month.

In CPython there are tests since 3.8:
python/cpython#108124

@marcelotduarte
Copy link
Contributor Author

@mayeut I will make the changes by tomorrow at the latest.

@marcelotduarte marcelotduarte changed the title Use openSSL 3.0.x Use openSSL 3.0.x for Python 3.8+ Sep 16, 2023
@marcelotduarte
Copy link
Contributor Author

@mayeut Can I squash and rebase the PR?

@mayeut
Copy link
Member

mayeut commented Sep 16, 2023

@marcelotduarte,

I will open a PR to use system openssl for python 3.6 & 3.7 (it will downgrade openssl from 1.1.1 to 1.0.2 for python 3.6 & 3.7 but given they will still be functional and are EOL, I think that's completely fine).

Please wait a bit to rebase in order to rebase on this PR.
I'll let the PR opened about 1-2 weeks in order to give a chance to downstream users to comment.
The other option would be to build 3.6 & 3.7 with openssl 3.x as well (in case system does not provide 1.1.1) given it seems to pass some basic functionality (i.e., pip install).

mayeut
mayeut reviewed Sep 16, 2023
View reviewed changes
docker/Dockerfile Outdated Show resolved Hide resolved
mayeut
mayeut requested changes Sep 16, 2023
View reviewed changes
Copy link
Member

@mayeut mayeut left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think all commits related to dual openssl versions shall be removed.
The only thing that had an action in the previous review was to restore the minimum version to 1.1.1

mayeut
mayeut reviewed Sep 16, 2023
View reviewed changes
tests/run_tests.sh Outdated Show resolved Hide resolved
@mayeut mayeut mentioned this pull request Sep 23, 2023
Merged
@mayeut mayeut closed this in #1535 Sep 24, 2023
@marcelotduarte marcelotduarte deleted the openssl3 branch September 24, 2023 17:01
@pelson
Copy link

pelson commented Oct 2, 2023

I will open a PR to use system openssl for python 3.6 & 3.7 (it will downgrade openssl from 1.1.1 to 1.0.2 for python 3.6 & 3.7 but given they will still be functional and are EOL, I think that's completely fine).

Just a comment to say that this caught me out last week. I put some details in #1535 (comment).

I think calling Python 3.7 EoL is totally reasonable, but it is difficult to call the Python 3.7 shipped as fully "functional". I also appreciate that the case in the attached comment relates to a third-party package (albeit the second-most popular, by download, package on PyPI).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@h-vetinari h-vetinari h-vetinari left review comments

@mayeut mayeut mayeut requested changes

@auvipy auvipy auvipy left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@marcelotduarte @h-vetinari @mayeut @pelson @auvipy