From a104f8ac4376ced7bd5a252757ab2c6f6b7efa5b Mon Sep 17 00:00:00 2001 From: WillChilds-Klein Date: Mon, 14 Jul 2025 21:19:58 +0000 Subject: [PATCH 01/11] Adapt @hugovk's proof-of-concept CI definition refactor Suggested by @hugovk [1]. [1]: https://github.com/hugovk/cpython/commit/a3f2ba9eb0c9bd1927d9a34faed98234afe88c70 --- .github/workflows/build.yml | 131 +++++++------------------- .github/workflows/reusable-ubuntu.yml | 2 +- 2 files changed, 35 insertions(+), 98 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 05f20e12f4653d..b068aaf96755e5 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -260,8 +260,8 @@ jobs: free-threading: ${{ matrix.free-threading }} os: ${{ matrix.os }} - build-ubuntu-ssltests-openssl: - name: 'Ubuntu SSL tests with OpenSSL' + build-ubuntu-ssltests: + name: 'Ubuntu SSL tests' runs-on: ${{ matrix.os }} timeout-minutes: 60 needs: build-context @@ -269,75 +269,19 @@ jobs: strategy: fail-fast: false matrix: - os: [ubuntu-24.04] - openssl_ver: [3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.1] + include: + - { os: ubuntu-24.04, ssl: openssl, ssl_ver: 3.0.16 } + - { os: ubuntu-24.04, ssl: openssl, ssl_ver: 3.1.8 } + - { os: ubuntu-24.04, ssl: openssl, ssl_ver: 3.2.4 } + - { os: ubuntu-24.04, ssl: openssl, ssl_ver: 3.3.3 } + - { os: ubuntu-24.04, ssl: openssl, ssl_ver: 3.4.1 } + - { os: ubuntu-24.04, ssl: aws-lc, ssl_ver: 1.55.0 } # See Tools/ssl/make_ssl_data.py for notes on adding a new version env: - OPENSSL_VER: ${{ matrix.openssl_ver }} - MULTISSL_DIR: ${{ github.workspace }}/multissl - OPENSSL_DIR: ${{ github.workspace }}/multissl/openssl/${{ matrix.openssl_ver }} - LD_LIBRARY_PATH: ${{ github.workspace }}/multissl/openssl/${{ matrix.openssl_ver }}/lib - steps: - - uses: actions/checkout@v4 - with: - persist-credentials: false - - name: Runner image version - run: echo "IMAGE_OS_VERSION=${ImageOS}-${ImageVersion}" >> "$GITHUB_ENV" - - name: Restore config.cache - uses: actions/cache@v4 - with: - path: config.cache - key: ${{ github.job }}-${{ env.IMAGE_OS_VERSION }}-${{ needs.build-context.outputs.config-hash }} - - name: Register gcc problem matcher - run: echo "::add-matcher::.github/problem-matchers/gcc.json" - - name: Install dependencies - run: sudo ./.github/workflows/posix-deps-apt.sh - - name: Configure OpenSSL env vars - run: | - echo "MULTISSL_DIR=${GITHUB_WORKSPACE}/multissl" >> "$GITHUB_ENV" - echo "OPENSSL_DIR=${GITHUB_WORKSPACE}/multissl/openssl/${OPENSSL_VER}" >> "$GITHUB_ENV" - echo "LD_LIBRARY_PATH=${GITHUB_WORKSPACE}/multissl/openssl/${OPENSSL_VER}/lib" >> "$GITHUB_ENV" - - name: 'Restore OpenSSL build' - id: cache-openssl - uses: actions/cache@v4 - with: - path: ./multissl/openssl/${{ env.OPENSSL_VER }} - key: ${{ matrix.os }}-multissl-openssl-${{ env.OPENSSL_VER }} - - name: Install OpenSSL - if: steps.cache-openssl.outputs.cache-hit != 'true' - run: python3 Tools/ssl/multissltests.py --steps=library --base-directory "$MULTISSL_DIR" --openssl "$OPENSSL_VER" --system Linux - - name: Add ccache to PATH - run: | - echo "PATH=/usr/lib/ccache:$PATH" >> "$GITHUB_ENV" - - name: Configure ccache action - uses: hendrikmuhs/ccache-action@v1.2 - with: - save: false - - name: Configure CPython - run: ./configure CFLAGS="-fdiagnostics-format=json" --config-cache --enable-slower-safety --with-pydebug --with-openssl="$OPENSSL_DIR" - - name: Build CPython - run: make -j4 - - name: Display build info - run: make pythoninfo - - name: SSL tests - run: ./python Lib/test/ssltests.py - - build-ubuntu-ssltests-awslc: - name: 'Ubuntu SSL tests with AWS-LC' - runs-on: ${{ matrix.os }} - timeout-minutes: 60 - needs: build-context - if: needs.build-context.outputs.run-tests == 'true' - strategy: - fail-fast: false - matrix: - os: [ubuntu-24.04] - awslc_ver: [1.55.0] - env: - AWSLC_VER: ${{ matrix.awslc_ver}} + SSL_VER: ${{ matrix.ssl_ver }} MULTISSL_DIR: ${{ github.workspace }}/multissl - OPENSSL_DIR: ${{ github.workspace }}/multissl/aws-lc/${{ matrix.awslc_ver }} - LD_LIBRARY_PATH: ${{ github.workspace }}/multissl/aws-lc/${{ matrix.awslc_ver }}/lib + SSL_DIR: ${{ github.workspace }}/multissl/${{ matrix.ssl }}/${{ matrix.ssl_ver }} + LD_LIBRARY_PATH: ${{ github.workspace }}/multissl/${{ matrix.ssl }}/${{ matrix.ssl_ver }}/lib steps: - uses: actions/checkout@v4 with: @@ -356,22 +300,18 @@ jobs: - name: Configure SSL lib env vars run: | echo "MULTISSL_DIR=${GITHUB_WORKSPACE}/multissl" >> "$GITHUB_ENV" - echo "OPENSSL_DIR=${GITHUB_WORKSPACE}/multissl/aws-lc/${AWSLC_VER}" >> "$GITHUB_ENV" - echo "LD_LIBRARY_PATH=${GITHUB_WORKSPACE}/multissl/aws-lc/${AWSLC_VER}/lib" >> "$GITHUB_ENV" - - name: 'Restore AWS-LC build' - id: cache-aws-lc + echo "SSL_DIR=${GITHUB_WORKSPACE}/multissl/${{ matrix.ssl }}/${SSL_VER}" >> "$GITHUB_ENV" + echo "LD_LIBRARY_PATH=${GITHUB_WORKSPACE}/multissl/${{ matrix.ssl }}/${SSL_VER}/lib" >> "$GITHUB_ENV" + - name: 'Restore SSL build' + id: cache-ssl uses: actions/cache@v4 with: - path: ./multissl/aws-lc/${{ matrix.awslc_ver }} - key: ${{ matrix.os }}-multissl-aws-lc-${{ matrix.awslc_ver }} - - name: Install AWS-LC - if: steps.cache-aws-lc.outputs.cache-hit != 'true' + path: ./multissl/${{ env.SSL }}/${{ env.SSL_VER }} + key: ${{ matrix.os }}-multissl-${{ env.SSL }}-${{ env.SSL_VER }} + - name: Install SSL + if: steps.cache-ssl.outputs.cache-hit != 'true' run: | - python3 Tools/ssl/multissltests.py \ - --steps=library \ - --base-directory "$MULTISSL_DIR" \ - --awslc ${{ matrix.awslc_ver }} \ - --system Linux + python3 Tools/ssl/multissltests.py --steps=library --base-directory "$MULTISSL_DIR" --system Linux --ssl ${{ matrix.ssl }} --ssl-versions ${{ matrix.ssl_ver }} - name: Add ccache to PATH run: | echo "PATH=/usr/lib/ccache:$PATH" >> "$GITHUB_ENV" @@ -381,18 +321,18 @@ jobs: save: false - name: Configure CPython run: | - ./configure CFLAGS="-fdiagnostics-format=json" \ - --config-cache \ - --enable-slower-safety \ - --with-pydebug \ - --with-openssl="$OPENSSL_DIR" \ - --with-builtin-hashlib-hashes=blake2 \ - --with-ssl-default-suites=openssl + CMD=(./configure CFLAGS="-fdiagnostics-format=json" --config-cache --enable-slower-safety --with-pydebug --with-openssl="$SSL_DIR") + if [ "${{ matrix.ssl }}" = "openssl" ]; then + "${CMD[@]}" + else + "${CMD[@]}" --with-builtin-hashlib-hashes=blake2 --with-ssl-default-suites=openssl + fi - name: Build CPython - run: make -j + run: make -j4 - name: Display build info run: make pythoninfo - name: Verify python is linked to AWS-LC + if: matrix.ssl == 'aws-lc' run: ./python -c 'import ssl; print(ssl.OPENSSL_VERSION)' | grep AWS-LC - name: SSL tests run: ./python Lib/test/ssltests.py @@ -435,7 +375,7 @@ jobs: key: ${{ runner.os }}-multissl-openssl-${{ env.OPENSSL_VER }} - name: Install OpenSSL if: steps.cache-openssl.outputs.cache-hit != 'true' - run: python3 Tools/ssl/multissltests.py --steps=library --base-directory "$MULTISSL_DIR" --openssl "$OPENSSL_VER" --system Linux + run: python3 Tools/ssl/multissltests.py --steps=library --base-directory "$MULTISSL_DIR" --ssl 'openssl' --ssl-versions "$OPENSSL_VER" --system Linux - name: Add ccache to PATH run: | echo "PATH=/usr/lib/ccache:$PATH" >> "$GITHUB_ENV" @@ -567,7 +507,7 @@ jobs: key: ${{ matrix.os }}-multissl-openssl-${{ env.OPENSSL_VER }} - name: Install OpenSSL if: steps.cache-openssl.outputs.cache-hit != 'true' - run: python3 Tools/ssl/multissltests.py --steps=library --base-directory "$MULTISSL_DIR" --openssl "$OPENSSL_VER" --system Linux + run: python3 Tools/ssl/multissltests.py --steps=library --base-directory "$MULTISSL_DIR" --ssl 'openssl' --ssl-versions "$OPENSSL_VER" --system Linux - name: Add ccache to PATH run: | echo "PATH=/usr/lib/ccache:$PATH" >> "$GITHUB_ENV" @@ -703,8 +643,7 @@ jobs: - build-windows-msi - build-macos - build-ubuntu - - build-ubuntu-ssltests-awslc - - build-ubuntu-ssltests-openssl + - build-ubuntu-ssltests - build-wasi - test-hypothesis - build-asan @@ -719,8 +658,7 @@ jobs: with: allowed-failures: >- build-windows-msi, - build-ubuntu-ssltests-awslc, - build-ubuntu-ssltests-openssl, + build-ubuntu-ssltests, test-hypothesis, cifuzz, allowed-skips: >- @@ -738,8 +676,7 @@ jobs: check-generated-files, build-macos, build-ubuntu, - build-ubuntu-ssltests-awslc, - build-ubuntu-ssltests-openssl, + build-ubuntu-ssltests, build-wasi, test-hypothesis, build-asan, diff --git a/.github/workflows/reusable-ubuntu.yml b/.github/workflows/reusable-ubuntu.yml index 76b19fd5d1a72e..607e7949161812 100644 --- a/.github/workflows/reusable-ubuntu.yml +++ b/.github/workflows/reusable-ubuntu.yml @@ -60,7 +60,7 @@ jobs: key: ${{ inputs.os }}-multissl-openssl-${{ env.OPENSSL_VER }} - name: Install OpenSSL if: steps.cache-openssl.outputs.cache-hit != 'true' - run: python3 Tools/ssl/multissltests.py --steps=library --base-directory "$MULTISSL_DIR" --openssl "$OPENSSL_VER" --system Linux + run: python3 Tools/ssl/multissltests.py --steps=library --base-directory "$MULTISSL_DIR" --ssl openssl --ssl-versions "$OPENSSL_VER" --system Linux - name: Add ccache to PATH run: | echo "PATH=/usr/lib/ccache:$PATH" >> "$GITHUB_ENV" From 3fcbe0d66363d53223d74d7542cbb6d3f3059959 Mon Sep 17 00:00:00 2001 From: WillChilds-Klein Date: Mon, 14 Jul 2025 21:21:29 +0000 Subject: [PATCH 02/11] Preliminary refactor of multissltests.py, TODO migrate to classes --- Tools/ssl/multissltests.py | 74 ++++++++++++++++++-------------------- 1 file changed, 34 insertions(+), 40 deletions(-) diff --git a/Tools/ssl/multissltests.py b/Tools/ssl/multissltests.py index f4c8fde8346fd9..969d5cc4b91e5d 100755 --- a/Tools/ssl/multissltests.py +++ b/Tools/ssl/multissltests.py @@ -86,33 +86,19 @@ parser.add_argument( '--disable-ancient', action='store_true', - help="Don't test OpenSSL and LibreSSL versions without upstream support", + help="Don't test SSL versions without upstream support", ) parser.add_argument( - '--openssl', - nargs='+', - default=(), - help=( - "OpenSSL versions, defaults to '{}' (ancient: '{}') if no " - "OpenSSL and LibreSSL versions are given." - ).format(OPENSSL_RECENT_VERSIONS, OPENSSL_OLD_VERSIONS) -) -parser.add_argument( - '--libressl', - nargs='+', - default=(), - help=( - "LibreSSL versions, defaults to '{}' (ancient: '{}') if no " - "OpenSSL and LibreSSL versions are given." - ).format(LIBRESSL_RECENT_VERSIONS, LIBRESSL_OLD_VERSIONS) + '--ssl', + choices=['openssl', 'awslc', 'libressl'], + default=None, + help="Which SSL lib to test. If not specified, all are tested.", ) parser.add_argument( - '--awslc', + '--ssl-versions', nargs='+', - default=(), - help=( - "AWS-LC versions, defaults to '{}' if no crypto library versions are given." - ).format(AWSLC_RECENT_VERSIONS) + default=None, + help="SSL lib version(s), default depends on value passed to --ssl", ) parser.add_argument( '--tests', @@ -507,19 +493,6 @@ def configure_make(): def main(): args = parser.parse_args() - if not args.openssl and not args.libressl and not args.awslc: - args.openssl = list(OPENSSL_RECENT_VERSIONS) - args.libressl = list(LIBRESSL_RECENT_VERSIONS) - args.awslc = list(AWSLC_RECENT_VERSIONS) - if not args.disable_ancient: - args.openssl.extend(OPENSSL_OLD_VERSIONS) - args.libressl.extend(LIBRESSL_OLD_VERSIONS) - - logging.basicConfig( - level=logging.DEBUG if args.debug else logging.INFO, - format="*** %(levelname)s %(message)s" - ) - start = datetime.now() if args.steps in {'modules', 'tests'}: @@ -535,13 +508,34 @@ def main(): # check for configure and run make configure_make() + logging.basicConfig( + level=logging.DEBUG if args.debug else logging.INFO, + format="*** %(levelname)s %(message)s" + ) + + ssl_libs = { + "openssl": [ + BuildOpenSSL, OPENSSL_OLD_VERSIONS, OPENSSL_RECENT_VERSIONS, [] + ], + "libressl": [ + BuildLibreSSL, LIBRESSL_OLD_VERSIONS, LIBRESSL_RECENT_VERSIONS, [] + ], + "awslc": [BuildAWSLC, [], AWSLC_RECENT_VERSIONS, []], + } + if args.ssl and args.ssl_versions: + ssl_libs[args.ssl][3] += args.ssl_versions + elif args.ssl: + ssl_libs[args.ssl][3] += ssl_libs[args.ssl][2] + else: + ssl_libs["openssl"][3] += ssl_libs["openssl"][2] + ssl_libs["libressl"][3] += ssl_libs["libressl"][2] + ssl_libs["awslc"][3] += ssl_libs["awslc"][2] + if not args.disable_ancient: + ssl_libs["openssl"][3] += ssl_libs["openssl"][1] + ssl_libs["libressl"][3] += ssl_libs["libressl"][1] # download and register builder builds = [] - for build_class, versions in [ - (BuildOpenSSL, args.openssl), - (BuildLibreSSL, args.libressl), - (BuildAWSLC, args.awslc), - ]: + for build_class, _, _, versions in ssl_libs.values(): for version in versions: build = build_class(version, args) build.install() From 5d8ec9aaea218a1e1f298e9065c9ba63cd9e05d9 Mon Sep 17 00:00:00 2001 From: WillChilds-Klein Date: Mon, 14 Jul 2025 21:27:53 +0000 Subject: [PATCH 03/11] Fix aws-lc/awslc lib name discrepancy --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b068aaf96755e5..665befea8787c7 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -275,7 +275,7 @@ jobs: - { os: ubuntu-24.04, ssl: openssl, ssl_ver: 3.2.4 } - { os: ubuntu-24.04, ssl: openssl, ssl_ver: 3.3.3 } - { os: ubuntu-24.04, ssl: openssl, ssl_ver: 3.4.1 } - - { os: ubuntu-24.04, ssl: aws-lc, ssl_ver: 1.55.0 } + - { os: ubuntu-24.04, ssl: awslc, ssl_ver: 1.55.0 } # See Tools/ssl/make_ssl_data.py for notes on adding a new version env: SSL_VER: ${{ matrix.ssl_ver }} From 991c6b28096b4bfbb6634dcd07d725c7d9141f0d Mon Sep 17 00:00:00 2001 From: WillChilds-Klein Date: Mon, 14 Jul 2025 21:45:13 +0000 Subject: [PATCH 04/11] Migrate AbstractBuilder to abc --- Tools/ssl/multissltests.py | 104 +++++++++++++++++++++++++++---------- 1 file changed, 78 insertions(+), 26 deletions(-) diff --git a/Tools/ssl/multissltests.py b/Tools/ssl/multissltests.py index 969d5cc4b91e5d..916d1fd989ba92 100755 --- a/Tools/ssl/multissltests.py +++ b/Tools/ssl/multissltests.py @@ -24,6 +24,7 @@ """ from __future__ import print_function +import abc import argparse from datetime import datetime import logging @@ -146,11 +147,7 @@ ) -class AbstractBuilder(object): - library = None - url_templates = None - src_template = None - build_template = None +class AbstractBuilder(object, metaclass=abc.ABCMeta): depend_target = None install_target = 'install' if hasattr(os, 'process_cpu_count'): @@ -158,6 +155,26 @@ class AbstractBuilder(object): else: jobs = os.cpu_count() + @property + @abstractmethod + def library(self): + pass + + @property + @abstractmethod + def url_templates(self): + pass + + @property + @abstractmethod + def src_template(self): + pass + + @property + @abstractmethod + def build_template(self): + pass + module_files = ( os.path.join(PYTHONROOT, "Modules/_ssl.c"), os.path.join(PYTHONROOT, "Modules/_hashopenssl.c"), @@ -167,9 +184,10 @@ class AbstractBuilder(object): def __init__(self, version, args): self.version = version self.args = args + libdir = self.library.lower().replace("-", "") # installation directory self.install_dir = os.path.join( - os.path.join(args.base_directory, self.library.lower()), version + os.path.join(args.base_directory, libdir), version ) # source file self.src_dir = os.path.join(args.base_directory, 'src') @@ -396,18 +414,30 @@ def run_python_tests(self, tests, network=True): class BuildOpenSSL(AbstractBuilder): - library = "OpenSSL" - url_templates = ( - "https://github.com/openssl/openssl/releases/download/openssl-{v}/openssl-{v}.tar.gz", - "https://www.openssl.org/source/openssl-{v}.tar.gz", - "https://www.openssl.org/source/old/{s}/openssl-{v}.tar.gz" - ) - src_template = "openssl-{}.tar.gz" - build_template = "openssl-{}" # only install software, skip docs install_target = 'install_sw' depend_target = 'depend' + @property + def library(self): + return "OpenSSL" + + @property + def url_templates(self): + return ( + "https://github.com/openssl/openssl/releases/download/openssl-{v}/openssl-{v}.tar.gz", + "https://www.openssl.org/source/openssl-{v}.tar.gz", + "https://www.openssl.org/source/old/{s}/openssl-{v}.tar.gz", + ) + + @property + def src_template(self): + return "openssl-{}.tar.gz" + + @property + def build_template(self): + return "openssl-{}" + def _post_install(self): if self.version.startswith("3."): self._post_install_3xx() @@ -443,21 +473,43 @@ def short_version(self): class BuildLibreSSL(AbstractBuilder): - library = "LibreSSL" - url_templates = ( - "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-{v}.tar.gz", - ) - src_template = "libressl-{}.tar.gz" - build_template = "libressl-{}" + @property + def library(self): + return "LibreSSL" + + @property + def url_templates(self): + return ( + "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-{v}.tar.gz", + ) + + @property + def src_template(self): + return "libressl-{}.tar.gz" + + @property + def build_template(self): + "libressl-{}" class BuildAWSLC(AbstractBuilder): - library = "AWS-LC" - url_templates = ( - "https://github.com/aws/aws-lc/archive/refs/tags/v{v}.tar.gz", - ) - src_template = "aws-lc-{}.tar.gz" - build_template = "aws-lc-{}" + @property + def library(self): + return "AWS-LC" + + @property + def url_templates(self): + return ( + "https://github.com/aws/aws-lc/archive/refs/tags/v{v}.tar.gz", + ) + + @property + def src_template(self): + return "aws-lc-{}.tar.gz" + + @property + def build_template(self): + return "aws-lc-{}" def _build_src(self, config_args=()): cwd = self.build_dir From 7b5149941e3a43cd041d9f3a8a9d73c2bbad600b Mon Sep 17 00:00:00 2001 From: WillChilds-Klein Date: Mon, 14 Jul 2025 21:53:45 +0000 Subject: [PATCH 05/11] Fix imports --- Tools/ssl/multissltests.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Tools/ssl/multissltests.py b/Tools/ssl/multissltests.py index 916d1fd989ba92..4a20d41a529189 100755 --- a/Tools/ssl/multissltests.py +++ b/Tools/ssl/multissltests.py @@ -24,7 +24,8 @@ """ from __future__ import print_function -import abc +from abc import abstractmethod +from abc import ABCMeta import argparse from datetime import datetime import logging @@ -147,7 +148,7 @@ ) -class AbstractBuilder(object, metaclass=abc.ABCMeta): +class AbstractBuilder(object, metaclass=ABCMeta): depend_target = None install_target = 'install' if hasattr(os, 'process_cpu_count'): From 66381275b0896a153fc50fbd5f35fa3b0ba48d1e Mon Sep 17 00:00:00 2001 From: WillChilds-Klein Date: Wed, 16 Jul 2025 19:36:43 +0000 Subject: [PATCH 06/11] Complete ABC refactor --- Tools/ssl/multissltests.py | 146 +++++++++++++++++++------------------ 1 file changed, 77 insertions(+), 69 deletions(-) diff --git a/Tools/ssl/multissltests.py b/Tools/ssl/multissltests.py index 4a20d41a529189..69305c638b5acb 100755 --- a/Tools/ssl/multissltests.py +++ b/Tools/ssl/multissltests.py @@ -44,29 +44,6 @@ log = logging.getLogger("multissl") -OPENSSL_OLD_VERSIONS = [ - "1.1.1w", -] - -OPENSSL_RECENT_VERSIONS = [ - "3.0.16", - "3.1.8", - "3.2.4", - "3.3.3", - "3.4.1", - # See make_ssl_data.py for notes on adding a new version. -] - -LIBRESSL_OLD_VERSIONS = [ -] - -LIBRESSL_RECENT_VERSIONS = [ -] - -AWSLC_RECENT_VERSIONS = [ - "1.55.0", -] - # store files in ../multissl HERE = os.path.dirname(os.path.abspath(__file__)) PYTHONROOT = os.path.abspath(os.path.join(HERE, '..', '..')) @@ -155,32 +132,40 @@ class AbstractBuilder(object, metaclass=ABCMeta): jobs = os.process_cpu_count() else: jobs = os.cpu_count() + module_files = ( + os.path.join(PYTHONROOT, "Modules/_ssl.c"), + os.path.join(PYTHONROOT, "Modules/_hashopenssl.c"), + ) + module_libs = ("_ssl", "_hashlib") @property @abstractmethod - def library(self): + def library(self=None): pass @property @abstractmethod - def url_templates(self): + def url_templates(self=None): pass @property @abstractmethod - def src_template(self): + def src_template(self=None): pass @property @abstractmethod - def build_template(self): + def build_template(self=None): pass - module_files = ( - os.path.join(PYTHONROOT, "Modules/_ssl.c"), - os.path.join(PYTHONROOT, "Modules/_hashopenssl.c"), - ) - module_libs = ("_ssl", "_hashlib") + @property + @abstractmethod + def recent_versions(): + pass + + @property + def old_versions(): + return [] def __init__(self, version, args): self.version = version @@ -420,11 +405,11 @@ class BuildOpenSSL(AbstractBuilder): depend_target = 'depend' @property - def library(self): + def library(self=None): return "OpenSSL" @property - def url_templates(self): + def url_templates(self=None): return ( "https://github.com/openssl/openssl/releases/download/openssl-{v}/openssl-{v}.tar.gz", "https://www.openssl.org/source/openssl-{v}.tar.gz", @@ -432,13 +417,28 @@ def url_templates(self): ) @property - def src_template(self): + def src_template(self=None): return "openssl-{}.tar.gz" @property - def build_template(self): + def build_template(self=None): return "openssl-{}" + @property + def recent_versions(): + return [ + "3.0.16", + "3.1.8", + "3.2.4", + "3.3.3", + "3.4.1", + # See make_ssl_data.py for notes on adding a new version. + ] + + @property + def old_versions(): + return [ "1.1.1w" ] + def _post_install(self): if self.version.startswith("3."): self._post_install_3xx() @@ -475,43 +475,53 @@ def short_version(self): class BuildLibreSSL(AbstractBuilder): @property - def library(self): + def library(self=None): return "LibreSSL" @property - def url_templates(self): + def url_templates(self=None): return ( "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-{v}.tar.gz", ) @property - def src_template(self): + def src_template(self=None): return "libressl-{}.tar.gz" @property - def build_template(self): + def build_template(self=None): "libressl-{}" + @property + def recent_versions(): + return [] + class BuildAWSLC(AbstractBuilder): @property - def library(self): + def library(self=None): return "AWS-LC" @property - def url_templates(self): + def url_templates(self=None): return ( "https://github.com/aws/aws-lc/archive/refs/tags/v{v}.tar.gz", ) @property - def src_template(self): + def src_template(self=None): return "aws-lc-{}.tar.gz" @property - def build_template(self): + def build_template(self=None): return "aws-lc-{}" + @property + def recent_versions(): + return [ + "1.55.0", + ] + def _build_src(self, config_args=()): cwd = self.build_dir log.info("Running build in {}".format(cwd)) @@ -566,33 +576,31 @@ def main(): format="*** %(levelname)s %(message)s" ) - ssl_libs = { - "openssl": [ - BuildOpenSSL, OPENSSL_OLD_VERSIONS, OPENSSL_RECENT_VERSIONS, [] - ], - "libressl": [ - BuildLibreSSL, LIBRESSL_OLD_VERSIONS, LIBRESSL_RECENT_VERSIONS, [] - ], - "awslc": [BuildAWSLC, [], AWSLC_RECENT_VERSIONS, []], - } - if args.ssl and args.ssl_versions: - ssl_libs[args.ssl][3] += args.ssl_versions - elif args.ssl: - ssl_libs[args.ssl][3] += ssl_libs[args.ssl][2] + versions = [] + ssl_libs = AbstractBuilder.__subclasses__() + if args.ssl: + lib_name = lambda x: x.library.fget().lower().replace("-", "") + libs = [l for l in ssl_libs if lib_name(l) == args.ssl] + assert len(libs) == 1 + cls = libs.pop() + if args.ssl_versions: + versions += [(cls, v) for v in args.ssl_versions] + else: + versions += [(cls, v) for v in cls.recent_versions.fget()] else: - ssl_libs["openssl"][3] += ssl_libs["openssl"][2] - ssl_libs["libressl"][3] += ssl_libs["libressl"][2] - ssl_libs["awslc"][3] += ssl_libs["awslc"][2] - if not args.disable_ancient: - ssl_libs["openssl"][3] += ssl_libs["openssl"][1] - ssl_libs["libressl"][3] += ssl_libs["libressl"][1] - # download and register builder + if args.ssl_versions: + print("ERROR: SSL versions specified without specifying library") + exit(1) + for cls in ssl_libs: + versions += [(cls, v) for v in cls.recent_versions.fget()] + if not args.disable_ancient: + versions += [(cls, v) for v in cls.old_versions.fget()] + builds = [] - for build_class, _, _, versions in ssl_libs.values(): - for version in versions: - build = build_class(version, args) - build.install() - builds.append(build) + for build_class, version in versions: + build = build_class(version, args) + build.install() + builds.append(build) if args.steps in {'modules', 'tests'}: for build in builds: From 4e0a8caa51ac461604b7a6e7b7d082db02a790d3 Mon Sep 17 00:00:00 2001 From: WillChilds-Klein Date: Wed, 16 Jul 2025 19:52:47 +0000 Subject: [PATCH 07/11] Colorize parser --- Tools/ssl/multissltests.py | 1 + 1 file changed, 1 insertion(+) diff --git a/Tools/ssl/multissltests.py b/Tools/ssl/multissltests.py index 69305c638b5acb..3fa1776d734e0f 100755 --- a/Tools/ssl/multissltests.py +++ b/Tools/ssl/multissltests.py @@ -57,6 +57,7 @@ "versions." ), ) +parser.color = True parser.add_argument( '--debug', action='store_true', From 1a90e0c3414f9c77607658e5a9c5450ea3de05d9 Mon Sep 17 00:00:00 2001 From: WillChilds-Klein Date: Wed, 16 Jul 2025 19:54:46 +0000 Subject: [PATCH 08/11] Adjust compatibility comment --- Tools/ssl/multissltests.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Tools/ssl/multissltests.py b/Tools/ssl/multissltests.py index 3fa1776d734e0f..88e2f0c7c78ad8 100755 --- a/Tools/ssl/multissltests.py +++ b/Tools/ssl/multissltests.py @@ -18,7 +18,8 @@ search paths for header files and shared libraries. It's known to work on Linux with GCC and clang. -Please keep this script compatible with Python 2.7, and 3.4 to 3.7. +Please keep this script compatible with all currently-maintained Python +versions. (c) 2013-2017 Christian Heimes """ From 1fcb49f9d440dd2d8cff58a4902a57e747f3fbea Mon Sep 17 00:00:00 2001 From: "blurb-it[bot]" <43283697+blurb-it[bot]@users.noreply.github.com> Date: Wed, 16 Jul 2025 20:08:58 +0000 Subject: [PATCH 09/11] =?UTF-8?q?=F0=9F=93=9C=F0=9F=A4=96=20Added=20by=20b?= =?UTF-8?q?lurb=5Fit.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../next/Tests/2025-07-16-20-08-54.gh-issue-136728.RG4zP1.rst | 1 + 1 file changed, 1 insertion(+) create mode 100644 Misc/NEWS.d/next/Tests/2025-07-16-20-08-54.gh-issue-136728.RG4zP1.rst diff --git a/Misc/NEWS.d/next/Tests/2025-07-16-20-08-54.gh-issue-136728.RG4zP1.rst b/Misc/NEWS.d/next/Tests/2025-07-16-20-08-54.gh-issue-136728.RG4zP1.rst new file mode 100644 index 00000000000000..2cee0f7c034a06 --- /dev/null +++ b/Misc/NEWS.d/next/Tests/2025-07-16-20-08-54.gh-issue-136728.RG4zP1.rst @@ -0,0 +1 @@ +Refactor multissltests.py and build.yml to better support testing additional cryptography libraries in the future. From dd969fbaf1a84aa0a97c2024ec43c837c3d9a9ef Mon Sep 17 00:00:00 2001 From: WillChilds-Klein Date: Wed, 16 Jul 2025 20:10:08 +0000 Subject: [PATCH 10/11] =?UTF-8?q?Revert=20"=F0=9F=93=9C=F0=9F=A4=96=20Adde?= =?UTF-8?q?d=20by=20blurb=5Fit."?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit 1fcb49f9d440dd2d8cff58a4902a57e747f3fbea. --- .../next/Tests/2025-07-16-20-08-54.gh-issue-136728.RG4zP1.rst | 1 - 1 file changed, 1 deletion(-) delete mode 100644 Misc/NEWS.d/next/Tests/2025-07-16-20-08-54.gh-issue-136728.RG4zP1.rst diff --git a/Misc/NEWS.d/next/Tests/2025-07-16-20-08-54.gh-issue-136728.RG4zP1.rst b/Misc/NEWS.d/next/Tests/2025-07-16-20-08-54.gh-issue-136728.RG4zP1.rst deleted file mode 100644 index 2cee0f7c034a06..00000000000000 --- a/Misc/NEWS.d/next/Tests/2025-07-16-20-08-54.gh-issue-136728.RG4zP1.rst +++ /dev/null @@ -1 +0,0 @@ -Refactor multissltests.py and build.yml to better support testing additional cryptography libraries in the future. From 3343120065d82d492326063e59ef2df381f808f3 Mon Sep 17 00:00:00 2001 From: WillChilds-Klein Date: Wed, 16 Jul 2025 20:12:33 +0000 Subject: [PATCH 11/11] Include old versions when using default versions --- Tools/ssl/multissltests.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Tools/ssl/multissltests.py b/Tools/ssl/multissltests.py index 88e2f0c7c78ad8..2c8264dd09076b 100755 --- a/Tools/ssl/multissltests.py +++ b/Tools/ssl/multissltests.py @@ -589,6 +589,8 @@ def main(): versions += [(cls, v) for v in args.ssl_versions] else: versions += [(cls, v) for v in cls.recent_versions.fget()] + if not args.disable_ancient: + versions += [(cls, v) for v in cls.old_versions.fget()] else: if args.ssl_versions: print("ERROR: SSL versions specified without specifying library")