➜
This issue tracker has been migrated to GitHub,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2018-09-11 17:13 by christian.heimes, last changed 2022-04-11 14:59 by admin. This issue is now closed.
| Pull Requests | |||
|---|---|---|---|
| URL | Status | Linked | Edit |
| PR 12094 | closed | christian.heimes, 2019-02-28 16:11 | |
| PR 14161 | merged | steve.dower, 2019-06-17 15:45 | |
| PR 14163 | merged | steve.dower, 2019-06-17 16:36 | |
| PR 14164 | merged | miss-islington, 2019-06-17 18:36 | |
| PR 14165 | merged | steve.dower, 2019-06-17 19:10 | |
| PR 14187 | merged | ned.deily, 2019-06-18 07:58 | |
| PR 14189 | merged | miss-islington, 2019-06-18 08:18 | |
| PR 14190 | merged | miss-islington, 2019-06-18 08:18 | |
| PR 14198 | merged | ned.deily, 2019-06-18 10:09 | |
| Messages (17) | |||
|---|---|---|---|
| msg325034 - (view) | Author: Christian Heimes (christian.heimes) *  |
Date: 2018-09-11 17:13 | |
OpenSSL 1.1.1 was released today. The blog post https://www.openssl.org/blog/blog/2018/09/11/release111/ lists all major improvements. Highlights: * TLS 1.3 * API and ABI compatible with OpenSSL 1.1.0 * LTS release (support schedule TBD) All tests on master are passing with OpenSSL 1.1.1. I still want to hold off and wait a couple of patch releases, before we start to ship Windows and macOS builds with 1.1.1. Some aspects of the TLS 1.3 handshake are different to TLS 1.2. I might have to implement some additional APIs for post handshake authentication. |
|||
| msg336846 - (view) | Author: Christian Heimes (christian.heimes) * |
Date: 2019-02-28 16:07 | |
Hi macOS and Windows devs, as I explained in https://mail.python.org/pipermail/python-dev/2019-February/156470.html we need to update Python 3.7 to OpenSSL 1.1.1 eventually. 1.1.0 will reach EOL in September. |
|||
| msg338748 - (view) | Author: Ned Deily (ned.deily) * |
Date: 2019-03-24 20:06 | |
[From the cited python-dev email]: "Python 3.7 and master (3.8) are affected. As of now, both branches use OpenSSL 1.1.0 and must be updated to 1.1.1 soonish. Ned has scheduled 3.7.3 release for 2019-03-25. That's still well within the release schedule for 1.1.0. I suggest that we update to 1.1.1 directly after the release of Python 3.7.3 and target 3.7.4 as first builds with TLS 1.3 support. That gives Victor, Steve, and me enough time to sort out the remaining issues." So setting the priority here to "deferred blocker" as a reminder to take care of this prior to 3.8.0b1 (2019-05-26) and 3.7.4rc1 (2019-06-10) at the latest. |
|||
| msg345826 - (view) | Author: Ned Deily (ned.deily) * |
Date: 2019-06-17 08:45 | |
It looks we missed the window for 3.7.4 here. (I assume the Windows installer build is not using 1.1.1. Steve?) Talking with Christian about this in IRC, we agreed, the CI pipelines (Azure and travis) are now using 1.1.1c and I've put a request to the buildbot owners to upgrade to 1.1.1c if possible. So let's retarget 1.1.1c for 3.7.5 then which will be right around the time 1.1.0 support ends. In the meantime, we should update other installers to 1.1.0k and 1.0.2s. |
|||
| msg345836 - (view) | Author: Ned Deily (ned.deily) * |
Date: 2019-06-17 09:55 | |
> (I assume the Windows installer build is not using 1.1.1. Steve?) After doing a little more homework and better understanding PCbuild/get_externals.bat, https://github.com/python/cpython-source-deps, and https://github.com/python/cpython-bin-deps and their twisting branches, it appears we *are* using 1.1.1, in particular, 1.1.1b for 3.7 and 3.8 Windows builds. So: 1. Can/should be try to update to 1.1.1c for 3.7.4 on Windows, and 2. Should I try to update the macOS installer to 1.1.1c for 3.7.4? For the latter, I'll give it a try and see how smoothly it goes before making a final decision. |
|||
| msg345868 - (view) | Author: Steve Dower (steve.dower) * |
Date: 2019-06-17 15:33 | |
The canonical source of versions used on Windows is in PCbuild/python.props I'll pull the 1.1.1c sources into cpython-source-deps and run a build. If all goes smoothly, we can consider it, but I don't have a huge amount of time for CPython this week I'm afraid. |
|||
| msg345875 - (view) | Author: Steve Dower (steve.dower) * |
Date: 2019-06-17 16:33 | |
New changeset d8e3a8af775d683c606f3618d04f2be4e97ac3c0 by Steve Dower in branch '2.7': bpo-34631: Updated OpenSSL to 1.0.2s in Windows installer (GH-14161) https://github.com/python/cpython/commit/d8e3a8af775d683c606f3618d04f2be4e97ac3c0 |
|||
| msg345886 - (view) | Author: Steve Dower (steve.dower) * |
Date: 2019-06-17 18:35 | |
The tests seem to pass fine for 1.1.1c against master, so I'll merge that and see if the backport is also okay. |
|||
| msg345887 - (view) | Author: Steve Dower (steve.dower) * |
Date: 2019-06-17 18:36 | |
New changeset a268edd6a411480281222b1fdb0f78053434d17f by Steve Dower in branch 'master': bpo-34631: Updated OpenSSL to 1.1.1c in Windows installer (GH-14163) https://github.com/python/cpython/commit/a268edd6a411480281222b1fdb0f78053434d17f |
|||
| msg345893 - (view) | Author: Steve Dower (steve.dower) * |
Date: 2019-06-17 19:54 | |
New changeset c28c1358245b9fe42e9559c34eae01befce73a1f by Steve Dower (Miss Islington (bot)) in branch '3.8': bpo-34631: Updated OpenSSL to 1.1.1c in Windows installer (GH-14163) https://github.com/python/cpython/commit/c28c1358245b9fe42e9559c34eae01befce73a1f |
|||
| msg345911 - (view) | Author: Steve Dower (steve.dower) * |
Date: 2019-06-17 21:21 | |
Ned - the 3.7 backport seems to be okay (PR 14165). Do we want it? |
|||
| msg345932 - (view) | Author: Ned Deily (ned.deily) * |
Date: 2019-06-17 22:22 | |
Might as well, thanks! |
|||
| msg345933 - (view) | Author: Steve Dower (steve.dower) * |
Date: 2019-06-17 22:26 | |
New changeset 14bac0088271d0a5c428e3468ef94fe7c73e93f7 by Steve Dower in branch '3.7': bpo-34631: Updated OpenSSL to 1.1.1c in Windows installer (GH-14163) https://github.com/python/cpython/commit/14bac0088271d0a5c428e3468ef94fe7c73e93f7 |
|||
| msg345959 - (view) | Author: Ned Deily (ned.deily) * |
Date: 2019-06-18 08:17 | |
New changeset f3fb8393e3cbbdc0ec79e0fdefaadec6977e1491 by Ned Deily in branch 'master': bpo-34631: Updated OpenSSL to 1.1.1c in macOS installer (GH-14187) https://github.com/python/cpython/commit/f3fb8393e3cbbdc0ec79e0fdefaadec6977e1491 |
|||
| msg345962 - (view) | Author: miss-islington (miss-islington) | Date: 2019-06-18 08:39 | |
New changeset bd75abfefed31316fc627069597cc3c5087a885b by Miss Islington (bot) in branch '3.8': bpo-34631: Updated OpenSSL to 1.1.1c in macOS installer (GH-14187) https://github.com/python/cpython/commit/bd75abfefed31316fc627069597cc3c5087a885b |
|||
| msg345963 - (view) | Author: miss-islington (miss-islington) | Date: 2019-06-18 08:40 | |
New changeset 0f3abbc29f5750706be1a255784eea5003c25901 by Miss Islington (bot) in branch '3.7': bpo-34631: Updated OpenSSL to 1.1.1c in macOS installer (GH-14187) https://github.com/python/cpython/commit/0f3abbc29f5750706be1a255784eea5003c25901 |
|||
| msg345980 - (view) | Author: Ned Deily (ned.deily) * |
Date: 2019-06-18 10:48 | |
New changeset a5b1b222077870f194ca7c8c0326eeda014f0452 by Ned Deily in branch '2.7': bpo-34631: Updated OpenSSL to 1.0.2s in macOS installer. (GH-14198) https://github.com/python/cpython/commit/a5b1b222077870f194ca7c8c0326eeda014f0452 |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022-04-11 14:59:05 | admin | set | github: 78812 |
| 2019-06-18 10:50:43 | ned.deily | set | status: open -> closed resolution: fixed stage: patch review -> resolved |
| 2019-06-18 10:48:57 | ned.deily | set | messages: + msg345980 |
| 2019-06-18 10:09:34 | ned.deily | set | pull_requests: + pull_request14035 |
| 2019-06-18 08:40:08 | miss-islington | set | messages: + msg345963 |
| 2019-06-18 08:39:56 | miss-islington | set | nosy:
+ miss-islington messages: + msg345962 |
| 2019-06-18 08:18:20 | miss-islington | set | pull_requests: + pull_request14027 |
| 2019-06-18 08:18:10 | miss-islington | set | pull_requests: + pull_request14026 |
| 2019-06-18 08:17:39 | ned.deily | set | messages: + msg345959 |
| 2019-06-18 07:58:18 | ned.deily | set | pull_requests: + pull_request14024 |
| 2019-06-17 22:26:46 | steve.dower | set | messages: + msg345933 |
| 2019-06-17 22:22:05 | ned.deily | set | messages: + msg345932 |
| 2019-06-17 21:21:07 | steve.dower | set | messages: + msg345911 |
| 2019-06-17 19:54:28 | steve.dower | set | messages: + msg345893 |
| 2019-06-17 19:10:31 | steve.dower | set | pull_requests: + pull_request14007 |
| 2019-06-17 18:36:45 | miss-islington | set | pull_requests: + pull_request14006 |
| 2019-06-17 18:36:13 | steve.dower | set | messages: + msg345887 |
| 2019-06-17 18:35:57 | steve.dower | set | messages: + msg345886 |
| 2019-06-17 16:36:05 | steve.dower | set | pull_requests: + pull_request14005 |
| 2019-06-17 16:33:29 | steve.dower | set | messages: + msg345875 |
| 2019-06-17 15:45:21 | steve.dower | set | pull_requests: + pull_request14003 |
| 2019-06-17 15:33:23 | steve.dower | set | messages: + msg345868 |
| 2019-06-17 09:55:12 | ned.deily | set | messages: + msg345836 |
| 2019-06-17 08:45:59 | ned.deily | set | title: Upgrade to OpenSSL 1.1.1b -> Upgrade to OpenSSL 1.1.1c, 1.1.0k, and/or 1.0.2s messages: + msg345826 versions: + Python 2.7, Python 3.9 |
| 2019-03-24 20:06:42 | ned.deily | set | priority: normal -> deferred blocker messages: + msg338748 |
| 2019-02-28 16:11:58 | christian.heimes | set | keywords:
+ patch stage: patch review pull_requests: + pull_request12102 |
| 2019-02-28 16:07:48 | christian.heimes | set | title: Upgrade to OpenSSL 1.1.1 -> Upgrade to OpenSSL 1.1.1b nosy: + paul.moore, ronaldoussoren, tim.golden, ned.deily, zach.ware, steve.dower messages: + msg336846 versions: + Python 3.7 components: + macOS, Windows |
| 2018-09-11 17:13:46 | christian.heimes | create | |