From c14b09d7912fb346604c1a9fc4f7779613853786 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?B=C3=A9n=C3=A9dikt=20Tran?=
 <10796600+picnixz@users.noreply.github.com>
Date: Sun, 24 Aug 2025 11:01:37 +0200
Subject: [PATCH] [3.13] gh-135261: bring back CI job for testing OpenSSL
 1.1.1w (GH-135262)

This partially reverts commit ad944b5e1f304be1a8c2cc03e9f15005bcb97108
by bringing back the CI job for testing OpenSSL 1.1.1w. Despite this
version being upstream EOL, the rationale for keeping it as follows:

- It most resembles other 1.1.1-work-a-like ssl APIs supported by important vendors.
- Python officially requires OpenSSL 1.1.1 or later, although OpenSSL 3.0 or later
  is recommended for cryptographic modules. Since changing the build requirements
  requires a transition period, we need to keep testing the allowed versions.
- The code base still contains calls to OpenSSL functions that are deprecated since
  OpenSSL 3.0 as well as `ifdef` blocks constrained to OpenSSL 1.1.1.

(cherry picked from commit 96b7a2eba423b42320f15fd4974740e3e930bb8b)
---
 .github/workflows/build.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 87db19561325b9..404664fa2dfdb3 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -307,7 +307,10 @@ jobs:
       fail-fast: false
       matrix:
         os: [ubuntu-24.04]
-        openssl_ver: [3.0.15, 3.1.7, 3.2.3, 3.3.2]
+        # Keep 1.1.1w in our list despite it being upstream EOL and otherwise
+        # unsupported as it most resembles other 1.1.1-work-a-like ssl APIs
+        # supported by important vendors such as AWS-LC.
+        openssl_ver: [1.1.1w, 3.0.15, 3.1.7, 3.2.3, 3.3.2]
     env:
       OPENSSL_VER: ${{ matrix.openssl_ver }}
       MULTISSL_DIR: ${{ github.workspace }}/multissl