[3.10] bpo-38820: Test with OpenSSL 3.0.0-alpha16 (GH-25942) by miss-islington · Pull Request #25943 · python/cpython
OPENSSL_RECENT_VERSIONS = [ "1.1.1k", "3.0.0-alpha15" "3.0.0-alpha16" ]
LIBRESSL_OLD_VERSIONS = [
OPENSSL_FIPS_CNF = """\ openssl_conf = openssl_init
.include {self.install_dir}/ssl/fipsinstall.cnf # .include {self.install_dir}/ssl/openssl.cnf
[openssl_init] providers = provider_sect
[provider_sect] fips = fips_sect default = default_sect
[default_sect] activate = 1 """
class AbstractBuilder(object): library = None
def _build_src(self): def _build_src(self, config_args=()): """Now build openssl""" log.info("Running build in {}".format(self.build_dir)) cwd = self.build_dir cmd = [ "./config", "./config", *config_args, "shared", "--debug", "--prefix={}".format(self.install_dir) ]
def _build_src(self, config_args=()): if self.version.startswith("3.0"): config_args += ("enable-fips",) super()._build_src(config_args)
def _post_install_300(self): # create ssl/ subdir with example configs self._subprocess_call( ["make", "-j1", "install_ssldirs"], cwd=self.build_dir ) # Install FIPS module # https://wiki.openssl.org/index.php/OpenSSL_3.0#Completing_the_installation_of_the_FIPS_Module fipsinstall_cnf = os.path.join( self.install_dir, "ssl", "fipsinstall.cnf" ) openssl_fips_cnf = os.path.join( self.install_dir, "ssl", "openssl-fips.cnf" ) fips_mod = os.path.join(self.lib_dir, "ossl-modules/fips.so") self._subprocess_call( [ self.openssl_cli, "fipsinstall", "-out", fipsinstall_cnf, "-module", fips_mod, # "-provider_name", "fips", # "-mac_name", "HMAC", # "-macopt", "digest:SHA256", # "-macopt", "hexkey:00", # "-section_name", "fips_sect" ] ["make", "-j1", "install_ssldirs", "install_fips"], cwd=self.build_dir ) with open(openssl_fips_cnf, "w") as f: f.write(OPENSSL_FIPS_CNF.format(self=self))
@property def short_version(self): """Short version for OpenSSL download URL"""