Use openSSL 3.0.x for Python 3.8+ #1498
Conversation
There was a problem hiding this comment.
Thanks for the PR
Mostly waiting for OpenSSL 1.1.1 EOL (2023-09-11) to switch to OpenSSL 3.x
If I'm not mistaken, there were some issues with OpenSSL 3 with older CPython versions. I think CPython 3.7 received some back ports (CPython 3.8 should have full support) but not CPython 3.6 (which is EOL).
I do have a branch locally to test OpenSSL 3.x build.
I went to a dynamic build on that branch so I have a bit more changes than in this PR.
One of the changes missing here is the change to update_native_dependencies.py to get the update workflow checking for OpenSSL 3.0.x updates rather than 1.1.1 updates.
Indeed 3.7 is not fully ready for OpenSSL 3.0 AFAIK, but OTOH, it will become end of life this month. |
|
@mayeut Sorry, I didn't have time to continue this PR. For me personally, it would be interesting to have openssl3 in Python 3.10+, but I see that in CPython, for macOS and Windows they only release installers for 3.11+ (even because they no longer produce installers for version 3.10, which is under security fix).
In CPython there are tests since 3.8: |
|
@mayeut I will make the changes by tomorrow at the latest. |
|
@mayeut Can I squash and rebase the PR? |
|
I will open a PR to use system openssl for python 3.6 & 3.7 (it will downgrade openssl from 1.1.1 to 1.0.2 for python 3.6 & 3.7 but given they will still be functional and are EOL, I think that's completely fine). Please wait a bit to rebase in order to rebase on this PR. |
marcelotduarte
force-pushed
the
openssl3
branch
from
fd74f18
to
7841250
Compare
Just a comment to say that this caught me out last week. I put some details in #1535 (comment). I think calling Python 3.7 EoL is totally reasonable, but it is difficult to call the Python 3.7 shipped as fully "functional". I also appreciate that the case in the attached comment relates to a third-party package (albeit the second-most popular, by download, package on PyPI). |
No description provided.