Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: move openssl update to 3.0.x branch #1535

Merged
merged 5 commits into from Sep 24, 2023
Merged

chore: move openssl update to 3.0.x branch #1535

merged 5 commits into from Sep 24, 2023

Conversation

mayeut
Copy link
Member

@mayeut mayeut commented Sep 23, 2023
edited

move openssl update to 3.0.x branch & run nox -s update_native_dependencies update_python_dependencies

Closes #1498
Closes #1536

@mayeut mayeut marked this pull request as draft September 23, 2023 20:57
@mayeut mayeut marked this pull request as ready for review September 24, 2023 09:12
@mayeut mayeut merged commit 36b93e4 into pypa:main Sep 24, 2023
9 checks passed
@mayeut mayeut deleted the openssl-3.0.x branch September 24, 2023 09:18
@pelson
Copy link

pelson commented Sep 28, 2023

A knock on from this is that in older Pythons (e.g. 3.7), we get an older SSL version:

# Image from 2023-09-17
$ docker run -it quay.io/pypa/manylinux2014_x86_64@sha256:1daa7e6160cc707c2db44708b756fe18c163cd8ab70f76d4a23432b3c6a5b45d python3.7 -c "import ssl; print(ssl.OPENSSL_VERSION)"
OpenSSL 1.1.1w  11 Sep 2023

# Image from 2023-09-23
$ docker run -it quay.io/pypa/manylinux2014_x86_64@sha256:4db749f5b44a2d83b2d3b4934cb744361114ae72ecae21e807fbe10175270d79 python3.7 -c "import ssl; print(ssl.OPENSSL_VERSION)"
OpenSSL 1.0.2k-fips  26 Jan 2017

1daa7e6160cc is from 2023-09-17

and

4db749f5b44a is from 2023-09-23

The implication is that urllib3 v2 for Python 3.7 can no longer be used on manylinux2014:

python3.7 -c "import urllib3"
Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "/opt/_internal/cpython-3.7.17/lib/python3.7/site-packages/urllib3/__init__.py", line 39, in <module>
    "urllib3 v2.0 only supports OpenSSL 1.1.1+, currently "
ImportError: urllib3 v2.0 only supports OpenSSL 1.1.1+, currently the 'ssl' module is compiled with OpenSSL 1.0.2k-fips  26 Jan 2017. See: https://github.com/urllib3/urllib3/issues/2168

I am simply reporting this as a knock-on effect.

@pelson pelson mentioned this pull request Oct 2, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@mayeut @pelson