[Python-checkins] bpo-38820: Test with OpenSSL 3.0.0-alpha16 (GH-25942)
tiran
webhook-mailer at python.org
Thu May 6 10:30:30 EDT 2021
https://github.com/python/cpython/commit/e8525567dd325527e00b3c4ce7c4ce31ff3f1a8c
commit: e8525567dd325527e00b3c4ce7c4ce31ff3f1a8c
branch: main
author: Christian Heimes <christian at python.org>
committer: tiran <christian at python.org>
date: 2021-05-06T16:30:12+02:00
summary:
bpo-38820: Test with OpenSSL 3.0.0-alpha16 (GH-25942)
Also use new make target to install FIPS provider.
files:
M .github/workflows/build.yml
M Tools/ssl/multissltests.py
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 4be3dc68420f31..d50696d4ff2882 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -177,7 +177,7 @@ jobs:
strategy:
fail-fast: false
matrix:
- openssl_ver: [1.1.1k, 3.0.0-alpha15]
+ openssl_ver: [1.1.1k, 3.0.0-alpha16]
env:
OPENSSL_VER: ${{ matrix.openssl_ver }}
MULTISSL_DIR: ${{ github.workspace }}/multissl
diff --git a/Tools/ssl/multissltests.py b/Tools/ssl/multissltests.py
index 24d70ac6e4015e..8d1132f4a95846 100755
--- a/Tools/ssl/multissltests.py
+++ b/Tools/ssl/multissltests.py
@@ -48,7 +48,7 @@
OPENSSL_RECENT_VERSIONS = [
"1.1.1k",
- "3.0.0-alpha15"
+ "3.0.0-alpha16"
]
LIBRESSL_OLD_VERSIONS = [
@@ -143,23 +143,6 @@
help="Keep original sources for debugging."
)
-OPENSSL_FIPS_CNF = """\
-openssl_conf = openssl_init
-
-.include {self.install_dir}/ssl/fipsinstall.cnf
-# .include {self.install_dir}/ssl/openssl.cnf
-
-[openssl_init]
-providers = provider_sect
-
-[provider_sect]
-fips = fips_sect
-default = default_sect
-
-[default_sect]
-activate = 1
-"""
-
class AbstractBuilder(object):
library = None
@@ -304,12 +287,12 @@ def _unpack_src(self):
log.info("Unpacking files to {}".format(self.build_dir))
tf.extractall(self.build_dir, members)
- def _build_src(self):
+ def _build_src(self, config_args=()):
"""Now build openssl"""
log.info("Running build in {}".format(self.build_dir))
cwd = self.build_dir
cmd = [
- "./config",
+ "./config", *config_args,
"shared", "--debug",
"--prefix={}".format(self.install_dir)
]
@@ -417,35 +400,19 @@ def _post_install(self):
if self.version.startswith("3.0"):
self._post_install_300()
+ def _build_src(self, config_args=()):
+ if self.version.startswith("3.0"):
+ config_args += ("enable-fips",)
+ super()._build_src(config_args)
+
def _post_install_300(self):
# create ssl/ subdir with example configs
- self._subprocess_call(
- ["make", "-j1", "install_ssldirs"],
- cwd=self.build_dir
- )
# Install FIPS module
- # https://wiki.openssl.org/index.php/OpenSSL_3.0#Completing_the_installation_of_the_FIPS_Module
- fipsinstall_cnf = os.path.join(
- self.install_dir, "ssl", "fipsinstall.cnf"
- )
- openssl_fips_cnf = os.path.join(
- self.install_dir, "ssl", "openssl-fips.cnf"
- )
- fips_mod = os.path.join(self.lib_dir, "ossl-modules/fips.so")
self._subprocess_call(
- [
- self.openssl_cli, "fipsinstall",
- "-out", fipsinstall_cnf,
- "-module", fips_mod,
- # "-provider_name", "fips",
- # "-mac_name", "HMAC",
- # "-macopt", "digest:SHA256",
- # "-macopt", "hexkey:00",
- # "-section_name", "fips_sect"
- ]
+ ["make", "-j1", "install_ssldirs", "install_fips"],
+ cwd=self.build_dir
)
- with open(openssl_fips_cnf, "w") as f:
- f.write(OPENSSL_FIPS_CNF.format(self=self))
+
@property
def short_version(self):
"""Short version for OpenSSL download URL"""
More information about the Python-checkins
mailing list