Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OpenSSL 3.0.0: define OPENSSL_API_COMPAT 1.1.1 #87965

Closed
tiran opened this issue Apr 10, 2021 · 7 comments
Closed

OpenSSL 3.0.0: define OPENSSL_API_COMPAT 1.1.1 #87965

tiran opened this issue Apr 10, 2021 · 7 comments
Assignees
@tiran
Labels
3.8 only security fixes 3.9 only security fixes 3.10 only security fixes topic-SSL type-bug An unexpected behavior, bug, or error

Comments

@tiran
Copy link
Member

tiran commented Apr 10, 2021

BPO 43799
Nosy @tiran, @miss-islington, @native-api
PRs
  • bpo-43799: OpenSSL 3.0.0: declare OPENSSL_API_COMPAT 1.1.1 (GH-25329) #25329
  • [3.9] bpo-43799: OpenSSL 3.0.0: declare OPENSSL_API_COMPAT 1.1.1 (GH-25329) #25382
  • [3.8] bpo-43799: OpenSSL 3.0.0: declare OPENSSL_API_COMPAT 1.1.1 (GH-25329) (GH-25383) #25383
  • bpo-43799: Also define SSLv3_method() (GH-25481) #25481
    		•

    Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = 'https://github.com/tiran'
closed_at = <Date 2021-04-13.07:09:39.517>
created_at = <Date 2021-04-10.09:34:20.941>
labels = ['expert-SSL', 'type-bug', '3.8', '3.9', '3.10']
title = 'OpenSSL 3.0.0: define OPENSSL_API_COMPAT 1.1.1'
updated_at = <Date 2021-12-04.03:45:20.537>
user = 'https://github.com/tiran'

    bugs.python.org fields:

    activity = <Date 2021-12-04.03:45:20.537>
actor = 'ivan.pozdeev.gm'
assignee = 'christian.heimes'
closed = True
closed_date = <Date 2021-04-13.07:09:39.517>
closer = 'christian.heimes'
components = ['SSL']
creation = <Date 2021-04-10.09:34:20.941>
creator = 'christian.heimes'
dependencies = []
files = []
hgrepos = []
issue_num = 43799
keywords = ['patch']
message_count = 7.0
messages = ['390706', '390839', '390926', '390927', '390930', '391447', '407631']
nosy_count = 3.0
nosy_names = ['christian.heimes', 'miss-islington', 'ivan.pozdeev.gm']
pr_nums = ['25329', '25382', '25383', '25481']
priority = 'normal'
resolution = 'fixed'
stage = 'resolved'
status = 'closed'
superseder = None
type = 'behavior'
url = 'https://bugs.python.org/issue43799'
versions = ['Python 3.8', 'Python 3.9', 'Python 3.10']
    @tiran
    Copy link
    Member Author

    tiran commented Apr 10, 2021

    OpenSSL 1.1 introduced the macro OPENSSL_API_COMPAT to select which APIs are exposed and which deprecation warnings are shown. https://www.openssl.org/docs/manmaster/man7/OPENSSL_API_COMPAT.html

    "#define OPENSSL_API_COMPAT 0x10101000L" suppresses warnings for APIs that are available in 1.1.1 and deprecated in 3.0.0.

    @tiran tiran added 3.8 only security fixes 3.9 only security fixes 3.10 only security fixes labels Apr 10, 2021
    @tiran tiran self-assigned this Apr 10, 2021
    @tiran tiran added topic-SSL type-bug An unexpected behavior, bug, or error 3.8 only security fixes 3.9 only security fixes 3.10 only security fixes labels Apr 10, 2021
    @tiran tiran self-assigned this Apr 10, 2021
    @tiran tiran added topic-SSL type-bug An unexpected behavior, bug, or error labels Apr 10, 2021
    @tiran
    Copy link
    Member Author

    tiran commented Apr 12, 2021

    OpenSSL 1.0.2, 1.1.0, 1.1.1 and 3.0.0 behave slightly differently. For example I'm still getting a warning with 1.1.0. Only 3.0.0 supports OPENSSL_NO_DEPRECATED.

    After multiple failed attempts I decided to set the API level to 1.1.1 and define the three TLSv*_method() functions explicitly. It's not the most elegant approach but it works. The symbols are available unless OPENSSL_NO_TLS*_METHOD is defined.

    @tiran
    Copy link
    Member Author

    tiran commented Apr 13, 2021

    New changeset a483388 by Christian Heimes in branch 'master':
    bpo-43799: OpenSSL 3.0.0: declare OPENSSL_API_COMPAT 1.1.1 (GH-25329)
    a483388

    @miss-islington
    Copy link
    Contributor

    New changeset 7d9d5bf by Miss Islington (bot) in branch '3.9':
    [3.9] bpo-43799: OpenSSL 3.0.0: declare OPENSSL_API_COMPAT 1.1.1 (GH-25329) (GH-25382)
    7d9d5bf

    @tiran
    Copy link
    Member Author

    tiran commented Apr 13, 2021

    New changeset b71aaa0 by Christian Heimes in branch '3.8':
    [3.8] bpo-43799: OpenSSL 3.0.0: declare OPENSSL_API_COMPAT 1.1.1 (GH-25329) (GH-25383)
    b71aaa0

    @tiran tiran closed this as completed Apr 13, 2021
    @tiran tiran closed this as completed Apr 13, 2021
    @tiran
    Copy link
    Member Author

    tiran commented Apr 20, 2021

    New changeset 3309113 by Christian Heimes in branch 'master':
    bpo-43799: Also define SSLv3_method() (GH-25481)
    3309113

    @native-api
    Copy link
    Mannequin

    native-api mannequin commented Dec 4, 2021

    @christian.heimes #25481 also needs backporting to 3.9 and 3.8.

    A Pyenv user has been affected by the "implicit declaration of function ‘SSLv3_method’" compliation error that it fixes in 3.9.9: pyenv/pyenv#2181

    @ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
    @Bo98 Bo98 mentioned this issue Oct 8, 2023
    Merged
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Assignees

    @tiran tiran

    Labels
    3.8 only security fixes 3.9 only security fixes 3.10 only security fixes topic-SSL type-bug An unexpected behavior, bug, or error
    Projects
    None yet
    Milestone
    No milestone
    Development

    No branches or pull requests
    2 participants
    @tiran @miss-islington