diff --git a/.azure-pipelines/ci.yml b/.azure-pipelines/ci.yml
index 9e9ce2108ed..bf164d19ef2 100644
--- a/.azure-pipelines/ci.yml
+++ b/.azure-pipelines/ci.yml
@@ -57,7 +57,7 @@ jobs:
variables:
testRunTitle: '$(build.sourceBranchName)-linux'
testRunPlatform: linux
- openssl_version: 1.1.1n
+ openssl_version: 1.1.1q
steps:
- template: ./posix-steps.yml
@@ -83,7 +83,7 @@ jobs:
variables:
testRunTitle: '$(Build.SourceBranchName)-linux-coverage'
testRunPlatform: linux-coverage
- openssl_version: 1.1.1n
+ openssl_version: 1.1.1q
steps:
- template: ./posix-steps.yml
diff --git a/.azure-pipelines/pr.yml b/.azure-pipelines/pr.yml
index c3ecc670572..3cbd19fda98 100644
--- a/.azure-pipelines/pr.yml
+++ b/.azure-pipelines/pr.yml
@@ -57,7 +57,7 @@ jobs:
variables:
testRunTitle: '$(system.pullRequest.TargetBranch)-linux'
testRunPlatform: linux
- openssl_version: 1.1.1n
+ openssl_version: 1.1.1q
steps:
- template: ./posix-steps.yml
@@ -83,7 +83,7 @@ jobs:
variables:
testRunTitle: '$(Build.SourceBranchName)-linux-coverage'
testRunPlatform: linux-coverage
- openssl_version: 1.1.1n
+ openssl_version: 1.1.1q
steps:
- template: ./posix-steps.yml
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index d800442ad07..1db5c505149 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -175,7 +175,7 @@ jobs:
needs: check_source
if: needs.check_source.outputs.run_tests == 'true'
env:
- OPENSSL_VER: 1.1.1n
+ OPENSSL_VER: 1.1.1q
PYTHONSTRICTEXTENSIONBUILD: 1
steps:
- uses: actions/checkout@v3
@@ -234,7 +234,7 @@ jobs:
strategy:
fail-fast: false
matrix:
- openssl_ver: [1.1.1n, 3.0.2]
+ openssl_ver: [1.1.1q, 3.0.5]
env:
OPENSSL_VER: ${{ matrix.openssl_ver }}
MULTISSL_DIR: ${{ github.workspace }}/multissl
@@ -281,7 +281,7 @@ jobs:
needs: check_source
if: needs.check_source.outputs.run_tests == 'true'
env:
- OPENSSL_VER: 1.1.1n
+ OPENSSL_VER: 1.1.1q
PYTHONSTRICTEXTENSIONBUILD: 1
ASAN_OPTIONS: detect_leaks=0:allocator_may_return_null=1:handle_segv=0
steps:
diff --git a/Mac/BuildScript/build-installer.py b/Mac/BuildScript/build-installer.py
index a1d31c42381..65fc013999d 100755
--- a/Mac/BuildScript/build-installer.py
+++ b/Mac/BuildScript/build-installer.py
@@ -246,9 +246,9 @@ def library_recipes():
result.extend([
dict(
- name="OpenSSL 1.1.1n",
- url="https://www.openssl.org/source/openssl-1.1.1n.tar.gz",
- checksum='2aad5635f9bb338bc2c6b7d19cbc9676',
+ name="OpenSSL 1.1.1q",
+ url="https://www.openssl.org/source/openssl-1.1.1q.tar.gz",
+ checksum='d7939ce614029cdff0b6c20f0e2e5703158a489a72b2507b8bd51bf8c8fd10ca',
buildrecipe=build_universal_openssl,
configure=None,
install=None,
@@ -797,10 +797,16 @@ def verifyThirdPartyFile(url, checksum, fname):
print("Downloading %s"%(name,))
downloadURL(url, fname)
print("Archive for %s stored as %s"%(name, fname))
+ if len(checksum) == 32:
+ algo = 'md5'
+ elif len(checksum) == 64:
+ algo = 'sha256'
+ else:
+ raise ValueError(checksum)
if os.system(
- 'MD5=$(openssl md5 %s) ; test "${MD5##*= }" = "%s"'
- % (shellQuote(fname), checksum) ):
- fatal('MD5 checksum mismatch for file %s' % fname)
+ 'CHECKSUM=$(openssl %s %s) ; test "${CHECKSUM##*= }" = "%s"'
+ % (algo, shellQuote(fname), checksum) ):
+ fatal('%s checksum mismatch for file %s' % (algo, fname))
def build_universal_openssl(basedir, archList):
"""
diff --git a/Misc/NEWS.d/next/Build/2022-07-08-10-28-23.gh-issue-94682.ZtGt_0.rst b/Misc/NEWS.d/next/Build/2022-07-08-10-28-23.gh-issue-94682.ZtGt_0.rst
new file mode 100644
index 00000000000..60717a15bcc
--- /dev/null
+++ b/Misc/NEWS.d/next/Build/2022-07-08-10-28-23.gh-issue-94682.ZtGt_0.rst
@@ -0,0 +1 @@
+Build and test with OpenSSL 1.1.1q
diff --git a/PCbuild/get_externals.bat b/PCbuild/get_externals.bat
index d2934451798..cd211f13e35 100644
--- a/PCbuild/get_externals.bat
+++ b/PCbuild/get_externals.bat
@@ -53,7 +53,7 @@ echo.Fetching external libraries...
set libraries=
set libraries=%libraries% bzip2-1.0.8
if NOT "%IncludeLibffiSrc%"=="false" set libraries=%libraries% libffi-3.4.2
-if NOT "%IncludeSSLSrc%"=="false" set libraries=%libraries% openssl-1.1.1n
+if NOT "%IncludeSSLSrc%"=="false" set libraries=%libraries% openssl-1.1.1q
set libraries=%libraries% sqlite-3.38.4.0
if NOT "%IncludeTkinterSrc%"=="false" set libraries=%libraries% tcl-core-8.6.12.1
if NOT "%IncludeTkinterSrc%"=="false" set libraries=%libraries% tk-8.6.12.1
@@ -77,7 +77,7 @@ echo.Fetching external binaries...
set binaries=
if NOT "%IncludeLibffi%"=="false" set binaries=%binaries% libffi-3.4.2
-if NOT "%IncludeSSL%"=="false" set binaries=%binaries% openssl-bin-1.1.1n
+if NOT "%IncludeSSL%"=="false" set binaries=%binaries% openssl-bin-1.1.1q
if NOT "%IncludeTkinter%"=="false" set binaries=%binaries% tcltk-8.6.12.1
if NOT "%IncludeSSLSrc%"=="false" set binaries=%binaries% nasm-2.11.06
diff --git a/PCbuild/python.props b/PCbuild/python.props
index 7f10e7c45ef..efcb480976b 100644
--- a/PCbuild/python.props
+++ b/PCbuild/python.props
@@ -67,8 +67,8 @@
$(ExternalsDir)libffi-3.4.2\
$(ExternalsDir)libffi-3.4.2\$(ArchName)\
$(libffiOutDir)include
- $(ExternalsDir)openssl-1.1.1n\
- $(ExternalsDir)openssl-bin-1.1.1n\$(ArchName)\
+ $(ExternalsDir)openssl-1.1.1q\
+ $(ExternalsDir)openssl-bin-1.1.1q\$(ArchName)\
$(opensslOutDir)include
$(ExternalsDir)\nasm-2.11.06\
$(ExternalsDir)\zlib-1.2.12\
diff --git a/PCbuild/readme.txt b/PCbuild/readme.txt
index e4cad75189c..c536fac94cc 100644
--- a/PCbuild/readme.txt
+++ b/PCbuild/readme.txt
@@ -168,7 +168,7 @@ _lzma
Homepage:
https://tukaani.org/xz/
_ssl
- Python wrapper for version 1.1.1k of the OpenSSL secure sockets
+ Python wrapper for version 1.1.1q of the OpenSSL secure sockets
library, which is downloaded from our binaries repository at
https://github.com/python/cpython-bin-deps.
diff --git a/Tools/ssl/multissltests.py b/Tools/ssl/multissltests.py
index 24ddd2a2091..d64b4f66f51 100755
--- a/Tools/ssl/multissltests.py
+++ b/Tools/ssl/multissltests.py
@@ -46,8 +46,8 @@
]
OPENSSL_RECENT_VERSIONS = [
- "1.1.1n",
- "3.0.2"
+ "1.1.1q",
+ "3.0.5"
]
LIBRESSL_OLD_VERSIONS = [