Skip to content

Before upgrading to OpenSSL 3.0.17 or newer, look at python/cpython#136881 #722

@geofft

Description

@geofft

I saw this go by on the Debian OpenSSL packagers list (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110254#10).

According to python/cpython#136881, there is a change in the OpenSSL point releases from July 1, including 3.0.17 LTS, that breaks a test case on Python 3.12. There's a fix in Python 3.13, but it will not be backported to older versions. It sounds like you can either locally revert the change in OpenSSL, or locally backport the change to Python.

I haven't looked at what the bug actually is and how much it matters, but we're in a position to apply patches to both OpenSSL and Python as needed, so it's probably good for us to not ship this bug. We're currently on 3.0.16, but we ought to upgrade to the latest point release (or to 3.5.x LTS, perhaps).

I also haven't looked at whether it has been reported as a regression to the OpenSSL team and might be fixed in a later OpenSSL point release, and whether it's present in versions of Python older than 3.12.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions