This partially reverts commit d83e30cadd
by bringing back the CI job for testing OpenSSL 1.1.1w. Despite this
version being upstream EOL, the rationale for keeping it as follows:
- It most resembles other 1.1.1-work-a-like ssl APIs supported by important vendors.
- Python officially requires OpenSSL 1.1.1 or later, although OpenSSL 3.0 or later
is recommended for cryptographic modules. Since changing the build requirements
requires a transition period, we need to keep testing the allowed versions.
- The code base still contains calls to OpenSSL functions that are deprecated since
OpenSSL 3.0 as well as `ifdef` blocks constrained to OpenSSL 1.1.1.
* Add OpenSSL 3.5.2 definitions to Modules/_ssl_data_35.h (moved from Modules/_ssl_data_34.h)
* Demote OpenSSL 3.1 to "old", remove it from CI
* Update all OpenSSL versions to latest patchlevel in CI config and multissltests defaults
* Add OpenSSL 3.5.2 to CI configuration and multissltests default list
* Fix a typo in the argument parser description of multissltests.py
When inexperienced users create a PR from their default branch, all of the concurrency keys
collide as there is no namespacing. This becomes an issue at events with many new contributors,
where workflow runs are cancelled on other pull requests.
Disambiguate by adding the username of the relevant 'actor' to the concurrency key.
Co-authored-by: Adam Turner <9087854+AA-Turner@users.noreply.github.com>
Co-authored-by: Sviatoslav Sydorenko <sviat@redhat.com>
Co-authored-by: C.A.M. Gerlach <CAM.Gerlach@Gerlach.CAM>
Authored-by: Adam Turner <9087854+AA-Turner@users.noreply.github.com>
OpenSSL 3.4.1 mnemonics are not compatible with OpenSSL 3.4.0 ones since
they were renumbered [1, 2]. Consequently, `_ssl_data_34.h` is renamed to
`_ssl_data_340.h` and `_ssl_data_34.h` now contains OpenSSL 3.4.1 mnemonics.
We also refine the mnemonics that are selected, discarding those that are
mnemonic-like but should not be used as such. More precisely, we remove
the ERR_LIB_MASK and ERR_LIB_OFFSET entries from OpenSSL 1.1.1 data.
[1]: https://github.com/openssl/openssl/issues/26316
[2]: https://github.com/openssl/openssl/issues/26388
GitHub discovered it was an issue with the underlying hardware
and have migrated all the runners to a different arm sku (dpdsv5).
This reverts commit 80b9e79d84.
- Add `git describe` output to headers generated by `make_ssl_data.py`
This info is more important than the date when the file was generated.
It does mean that the tool now requires a Git checkout of OpenSSL,
not for example a release tarball.
- Regenerate the older file to add the info.
To the other older file, add a note about manual edits.
- Add notes on how to add a new OpenSSL version
- Add 3.4 error messages and multissl tests
This change enables custom GHA runners for Ubuntu-24.04 that run on Arm hardware. It also prepares for Windows runners on Arm hardware, but doesn't enable that just yet, because the Arm GHA runner images for Windows need to be updated.
