diff options
| author | Christian Heimes <christian@python.org> | 2021-07-12 15:12:38 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-07-12 15:12:38 (GMT) |
| commit | c92b391dcefe9a7b3e6290bc2e2356eedfcf4bc3 (patch) | |
| tree | a36503b39bad60a4cedff95f1cbe997df078f564 /Tools | |
| parent | 779983ed7f86610be4a7201deeffdcb8608977e0 (diff) | |
| download | cpython-c92b391dcefe9a7b3e6290bc2e2356eedfcf4bc3.zip cpython-c92b391dcefe9a7b3e6290bc2e2356eedfcf4bc3.tar.gz cpython-c92b391dcefe9a7b3e6290bc2e2356eedfcf4bc3.tar.bz2 | |
[3.9] bpo-38820: Test with OpenSSL 3.0.0-alpha16 (GH-25942) (#25944)
Also use new make target to install FIPS provider..
(cherry picked from commit e8525567dd325527e00b3c4ce7c4ce31ff3f1a8c)
Co-authored-by: Christian Heimes <christian@python.org>
Diffstat (limited to 'Tools')
| -rwxr-xr-x | Tools/ssl/multissltests.py | 55 |
1 files changed, 11 insertions, 44 deletions
diff --git a/Tools/ssl/multissltests.py b/Tools/ssl/multissltests.py index 1904f3b..a9c4f6d 100755 --- a/Tools/ssl/multissltests.py +++ b/Tools/ssl/multissltests.py @@ -50,7 +50,7 @@ OPENSSL_OLD_VERSIONS = [ OPENSSL_RECENT_VERSIONS = [ "1.1.1k", - # "3.0.0-alpha14" + "3.0.0-alpha16" ] LIBRESSL_OLD_VERSIONS = [ @@ -147,23 +147,6 @@ parser.add_argument( help="Keep original sources for debugging." ) -OPENSSL_FIPS_CNF = """\ -openssl_conf = openssl_init - -.include {self.install_dir}/ssl/fipsinstall.cnf -# .include {self.install_dir}/ssl/openssl.cnf - -[openssl_init] -providers = provider_sect - -[provider_sect] -fips = fips_sect -default = default_sect - -[default_sect] -activate = 1 -""" - class AbstractBuilder(object): library = None @@ -306,12 +289,12 @@ class AbstractBuilder(object): log.info("Unpacking files to {}".format(self.build_dir)) tf.extractall(self.build_dir, members) - def _build_src(self): + def _build_src(self, config_args=()): """Now build openssl""" log.info("Running build in {}".format(self.build_dir)) cwd = self.build_dir cmd = [ - "./config", + "./config", *config_args, "shared", "--debug", "--prefix={}".format(self.install_dir) ] @@ -415,35 +398,19 @@ class BuildOpenSSL(AbstractBuilder): if self.version.startswith("3.0"): self._post_install_300() + def _build_src(self, config_args=()): + if self.version.startswith("3.0"): + config_args += ("enable-fips",) + super()._build_src(config_args) + def _post_install_300(self): # create ssl/ subdir with example configs - self._subprocess_call( - ["make", "-j1", "install_ssldirs"], - cwd=self.build_dir - ) # Install FIPS module - # https://wiki.openssl.org/index.php/OpenSSL_3.0#Completing_the_installation_of_the_FIPS_Module - fipsinstall_cnf = os.path.join( - self.install_dir, "ssl", "fipsinstall.cnf" - ) - openssl_fips_cnf = os.path.join( - self.install_dir, "ssl", "openssl-fips.cnf" - ) - fips_mod = os.path.join(self.lib_dir, "ossl-modules/fips.so") self._subprocess_call( - [ - self.openssl_cli, "fipsinstall", - "-out", fipsinstall_cnf, - "-module", fips_mod, - # "-provider_name", "fips", - # "-mac_name", "HMAC", - # "-macopt", "digest:SHA256", - # "-macopt", "hexkey:00", - # "-section_name", "fips_sect" - ] + ["make", "-j1", "install_ssldirs", "install_fips"], + cwd=self.build_dir ) - with open(openssl_fips_cnf, "w") as f: - f.write(OPENSSL_FIPS_CNF.format(self=self)) + @property def short_version(self): """Short version for OpenSSL download URL""" |