From 57209feb97f438217f199c291dcbbd14bb0f4550 Mon Sep 17 00:00:00 2001 From: WillChilds-Klein Date: Wed, 11 Jun 2025 16:17:42 +0000 Subject: [PATCH 01/32] First cut, minimal testing --- .github/workflows/build.yml | 72 ++++++++++++++++++++++++++++- .github/workflows/posix-deps-apt.sh | 1 + Tools/ssl/multissltests.py | 69 +++++++++++++++++++++++---- 3 files changed, 131 insertions(+), 11 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 54ebc914b46821..ae646d3e6a2b29 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -260,7 +260,7 @@ jobs: free-threading: ${{ matrix.free-threading }} os: ${{ matrix.os }} - build-ubuntu-ssltests: + build-ubuntu-ssltests-openssl: name: 'Ubuntu SSL tests with OpenSSL' runs-on: ${{ matrix.os }} timeout-minutes: 60 @@ -322,6 +322,76 @@ jobs: - name: SSL tests run: ./python Lib/test/ssltests.py + build-ubuntu-ssltests-awslc: + name: 'Ubuntu SSL tests with AWS-LC' + runs-on: ${{ matrix.os }} + timeout-minutes: 60 + needs: build-context + if: needs.build-context.outputs.run-tests == 'true' + strategy: + fail-fast: false + matrix: + os: [ubuntu-24.04] + awslc_ver: [1.52.2] + env: + AWSLC_VER: ${{ matrix.awslc_ver}} + MULTISSL_DIR: ${{ github.workspace }}/multissl + OPENSSL_DIR: ${{ github.workspace }}/multissl/awslc/${{ matrix.awslc_ver }} + LD_LIBRARY_PATH: ${{ github.workspace }}/multissl/awslc/${{ matrix.awslc_ver }}/lib + steps: + - uses: actions/checkout@v4 + with: + persist-credentials: false + - name: Runner image version + run: echo "IMAGE_OS_VERSION=${ImageOS}-${ImageVersion}" >> "$GITHUB_ENV" + - name: Restore config.cache + uses: actions/cache@v4 + with: + path: config.cache + key: ${{ github.job }}-${{ env.IMAGE_OS_VERSION }}-${{ needs.build-context.outputs.config-hash }} + - name: Register gcc problem matcher + run: echo "::add-matcher::.github/problem-matchers/gcc.json" + - name: Install dependencies + run: sudo ./.github/workflows/posix-deps-apt.sh + - name: Configure SSL lib env vars + # TODO [childw] do we need to re-specify the env vars here after L330's configuration? + run: | + echo "MULTISSL_DIR=${GITHUB_WORKSPACE}/multissl" >> "$GITHUB_ENV" + echo "OPENSSL_DIR=${GITHUB_WORKSPACE}/multissl/awslc/${AWSLC_VER}" >> "$GITHUB_ENV" + echo "LD_LIBRARY_PATH=${GITHUB_WORKSPACE}/multissl/awslc/${AWSLC_VER}/lib" >> "$GITHUB_ENV" + - name: 'Restore AWS-LC build' + id: cache-awslc + uses: actions/cache@v4 + with: + path: ./multissl/awslc/${{ matrix.awslc_ver }} + key: ${{ matrix.os }}-multissl-awslc-${{ matrix.awslc_ver }} + # TODO [childw] can we use env.* instead of env vars here? + - name: Install AWS-LC + if: steps.cache-awslc.outputs.cache-hit != 'true' + run: python3 Tools/ssl/multissltests.py --steps=library --base-directory "$MULTISSL_DIR" --awslc ${{ matrix.awslc_ver }} --system Linux + - name: Add ccache to PATH + run: | + echo "PATH=/usr/lib/ccache:$PATH" >> "$GITHUB_ENV" + - name: Configure ccache action + uses: hendrikmuhs/ccache-action@v1.2 + with: + save: false + - name: Configure CPython + run: | + ./configure CFLAGS="-fdiagnostics-format=json" + --config-cache + --enable-slower-safety + --with-pydebug + --with-openssl="$OPENSSL_DIR" + --with-builtin-hashlib-hashes=blake2 + --with-ssl-default-suites=openssl + - name: Build CPython + run: make -j + - name: Display build info + run: make pythoninfo + - name: SSL tests + run: ./python Lib/test/ssltests.py + build-wasi: name: 'WASI' needs: build-context diff --git a/.github/workflows/posix-deps-apt.sh b/.github/workflows/posix-deps-apt.sh index 7773222af5d26f..01cb78eaaa9897 100755 --- a/.github/workflows/posix-deps-apt.sh +++ b/.github/workflows/posix-deps-apt.sh @@ -5,6 +5,7 @@ apt-get -yq install \ build-essential \ pkg-config \ ccache \ + cmake \ gdb \ lcov \ libb2-dev \ diff --git a/Tools/ssl/multissltests.py b/Tools/ssl/multissltests.py index b1a5df91901fc6..348071386ddf66 100755 --- a/Tools/ssl/multissltests.py +++ b/Tools/ssl/multissltests.py @@ -1,12 +1,12 @@ #!./python -"""Run Python tests against multiple installations of OpenSSL and LibreSSL +"""Run Python tests against multiple installations of crypto libraries The script - (1) downloads OpenSSL / LibreSSL tar bundle + (1) downloads OpenSSL / LibreSSL / AWS-LC tar bundle (2) extracts it to ./src - (3) compiles OpenSSL / LibreSSL - (4) installs OpenSSL / LibreSSL into ../multissl/$LIB/$VERSION/ + (3) compiles OpenSSL / LibreSSL / AWS-LC + (4) installs the crypto library into ../multissl/$LIB/$VERSION/ (5) forces a recompilation of Python modules using the header and library files from ../multissl/$LIB/$VERSION/ (6) runs Python's test suite @@ -61,6 +61,10 @@ LIBRESSL_RECENT_VERSIONS = [ ] +AWSLC_RECENT_VERSIONS = [ + "1.52.2", +] + # store files in ../multissl HERE = os.path.dirname(os.path.abspath(__file__)) PYTHONROOT = os.path.abspath(os.path.join(HERE, '..', '..')) @@ -70,7 +74,7 @@ parser = argparse.ArgumentParser( prog='multissl', description=( - "Run CPython tests with multiple OpenSSL and LibreSSL " + "Run CPython tests with multiple crypto libraries" "versions." ) ) @@ -102,6 +106,14 @@ "OpenSSL and LibreSSL versions are given." ).format(LIBRESSL_RECENT_VERSIONS, LIBRESSL_OLD_VERSIONS) ) +parser.add_argument( + '--awslc', + nargs='+', + default=(), + help=( + "AWS-LC versions, defaults to '{}'." + ).format(AWSLC_RECENT_VERSIONS) +) parser.add_argument( '--tests', nargs='*', @@ -111,7 +123,7 @@ parser.add_argument( '--base-directory', default=MULTISSL_DIR, - help="Base directory for OpenSSL / LibreSSL sources and builds." + help="Base directory for crypto library sources and builds." ) parser.add_argument( '--no-network', @@ -124,8 +136,8 @@ choices=['library', 'modules', 'tests'], default='tests', help=( - "Which steps to perform. 'library' downloads and compiles OpenSSL " - "or LibreSSL. 'module' also compiles Python modules. 'tests' builds " + "Which steps to perform. 'library' downloads and compiles a crypto" + "library. 'module' also compiles Python modules. 'tests' builds " "all and runs the test suite." ) ) @@ -453,6 +465,34 @@ class BuildLibreSSL(AbstractBuilder): build_template = "libressl-{}" +class BuildAWSLC(AbstractBuilder): + library = "AWS-LC" + url_templates = ( + "https://github.com/aws/aws-lc/archive/refs/tags/v{v}.tar.gz", + ) + src_template = "awslc-{}.tar.gz" + build_template = "awslc-{}" + + def _build_src(self, config_args=()): + cwd = self.build_dir + log.info("Running build in {}".format(cwd)) + env = os.environ.copy() + env["LD_RUN_PATH"] = self.lib_dir # set rpath + if self.system: + env['SYSTEM'] = self.system + cmd = [ + "cmake", + "-DCMAKE_BUILD_TYPE=RelWithDebInfo", + "-DCMAKE_PREFIX_PATH={}".format(self.install_dir), + "-DCMAKE_INSTALL_PREFIX={}".format(self.install_dir), + "-DBUILD_SHARED_LIBS=ON", + "-DFIPS=OFF", + self.src_dir, + ] + self._subprocess_call(cmd, cwd=cwd, env=env) + self._subprocess_call(["make", f"-j{self.jobs}"], cwd=cwd, env=env) + + def configure_make(): if not os.path.isfile('Makefile'): log.info('Running ./configure') @@ -467,9 +507,10 @@ def configure_make(): def main(): args = parser.parse_args() - if not args.openssl and not args.libressl: + if not args.openssl and not args.libressl and not args.awslc: args.openssl = list(OPENSSL_RECENT_VERSIONS) args.libressl = list(LIBRESSL_RECENT_VERSIONS) + args.awslc = list(AWSLC_RECENT_VERSIONS) if not args.disable_ancient: args.openssl.extend(OPENSSL_OLD_VERSIONS) args.libressl.extend(LIBRESSL_OLD_VERSIONS) @@ -513,6 +554,14 @@ def main(): build.install() builds.append(build) + for version in args.awslc: + biuld = BuildAWSLC( + version, + args + ) + build.install() + builds.append(build) + if args.steps in {'modules', 'tests'}: for build in builds: try: @@ -539,7 +588,7 @@ def main(): else: print('Executed all SSL tests.') - print('OpenSSL / LibreSSL versions:') + print('OpenSSL / LibreSSL / AWS-LC versions:') for build in builds: print(" * {0.library} {0.version}".format(build)) From 8fb1016e1f552c0f0c83cd38458d3b0af0911fe4 Mon Sep 17 00:00:00 2001 From: WillChilds-Klein Date: Wed, 11 Jun 2025 16:33:22 +0000 Subject: [PATCH 02/32] Various fixups, multissl.py works to build AWS-LC --- .github/workflows/build.yml | 14 +++++++------- Tools/ssl/multissltests.py | 9 ++++----- 2 files changed, 11 insertions(+), 12 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index ae646d3e6a2b29..79d80c21c7f905 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -332,12 +332,12 @@ jobs: fail-fast: false matrix: os: [ubuntu-24.04] - awslc_ver: [1.52.2] + awslc_ver: [1.52.1] env: AWSLC_VER: ${{ matrix.awslc_ver}} MULTISSL_DIR: ${{ github.workspace }}/multissl - OPENSSL_DIR: ${{ github.workspace }}/multissl/awslc/${{ matrix.awslc_ver }} - LD_LIBRARY_PATH: ${{ github.workspace }}/multissl/awslc/${{ matrix.awslc_ver }}/lib + OPENSSL_DIR: ${{ github.workspace }}/multissl/aws-lc/${{ matrix.awslc_ver }} + LD_LIBRARY_PATH: ${{ github.workspace }}/multissl/aws-lc/${{ matrix.awslc_ver }}/lib steps: - uses: actions/checkout@v4 with: @@ -360,14 +360,14 @@ jobs: echo "OPENSSL_DIR=${GITHUB_WORKSPACE}/multissl/awslc/${AWSLC_VER}" >> "$GITHUB_ENV" echo "LD_LIBRARY_PATH=${GITHUB_WORKSPACE}/multissl/awslc/${AWSLC_VER}/lib" >> "$GITHUB_ENV" - name: 'Restore AWS-LC build' - id: cache-awslc + id: cache-aws-lc uses: actions/cache@v4 with: - path: ./multissl/awslc/${{ matrix.awslc_ver }} - key: ${{ matrix.os }}-multissl-awslc-${{ matrix.awslc_ver }} + path: ./multissl/aws-lc/${{ matrix.awslc_ver }} + key: ${{ matrix.os }}-multissl-aws-lc-${{ matrix.awslc_ver }} # TODO [childw] can we use env.* instead of env vars here? - name: Install AWS-LC - if: steps.cache-awslc.outputs.cache-hit != 'true' + if: steps.cache-aws-lc.outputs.cache-hit != 'true' run: python3 Tools/ssl/multissltests.py --steps=library --base-directory "$MULTISSL_DIR" --awslc ${{ matrix.awslc_ver }} --system Linux - name: Add ccache to PATH run: | diff --git a/Tools/ssl/multissltests.py b/Tools/ssl/multissltests.py index 348071386ddf66..9baf9a76b022be 100755 --- a/Tools/ssl/multissltests.py +++ b/Tools/ssl/multissltests.py @@ -62,7 +62,7 @@ ] AWSLC_RECENT_VERSIONS = [ - "1.52.2", + "1.52.1", ] # store files in ../multissl @@ -470,8 +470,8 @@ class BuildAWSLC(AbstractBuilder): url_templates = ( "https://github.com/aws/aws-lc/archive/refs/tags/v{v}.tar.gz", ) - src_template = "awslc-{}.tar.gz" - build_template = "awslc-{}" + src_template = "aws-lc-{}.tar.gz" + build_template = "aws-lc-{}" def _build_src(self, config_args=()): cwd = self.build_dir @@ -487,7 +487,6 @@ def _build_src(self, config_args=()): "-DCMAKE_INSTALL_PREFIX={}".format(self.install_dir), "-DBUILD_SHARED_LIBS=ON", "-DFIPS=OFF", - self.src_dir, ] self._subprocess_call(cmd, cwd=cwd, env=env) self._subprocess_call(["make", f"-j{self.jobs}"], cwd=cwd, env=env) @@ -555,7 +554,7 @@ def main(): builds.append(build) for version in args.awslc: - biuld = BuildAWSLC( + build = BuildAWSLC( version, args ) From 67fd836ddca2a30ebf87ceeabf05baafc019665b Mon Sep 17 00:00:00 2001 From: WillChilds-Klein Date: Wed, 11 Jun 2025 16:37:30 +0000 Subject: [PATCH 03/32] Add linkage check --- .github/workflows/build.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 79d80c21c7f905..1436eaae0d06bb 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -389,6 +389,9 @@ jobs: run: make -j - name: Display build info run: make pythoninfo + - name: Verify python is linked to AWS-LC + run: | + ./python -c 'import ssl; print(ssl.OPENSSL_VERSION)' | grep AWS-LC - name: SSL tests run: ./python Lib/test/ssltests.py From 4f0928b67a031364336a69609e8fa0cd6ec51498 Mon Sep 17 00:00:00 2001 From: WillChilds-Klein Date: Wed, 11 Jun 2025 16:42:45 +0000 Subject: [PATCH 04/32] Fix line break in configure command --- .github/workflows/build.yml | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 1436eaae0d06bb..716deb142266b8 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -376,15 +376,14 @@ jobs: uses: hendrikmuhs/ccache-action@v1.2 with: save: false - - name: Configure CPython - run: | - ./configure CFLAGS="-fdiagnostics-format=json" - --config-cache - --enable-slower-safety - --with-pydebug - --with-openssl="$OPENSSL_DIR" - --with-builtin-hashlib-hashes=blake2 - --with-ssl-default-suites=openssl + - name: Configure CPython build + run: ./configure CFLAGS="-fdiagnostics-format=json" + --config-cache + --enable-slower-safety + --with-pydebug + --with-openssl="$OPENSSL_DIR" + --with-builtin-hashlib-hashes=blake2 + --with-ssl-default-suites=openssl - name: Build CPython run: make -j - name: Display build info From b65d662f00e33eb19b3faca2569ed94fa56f3707 Mon Sep 17 00:00:00 2001 From: WillChilds-Klein Date: Wed, 11 Jun 2025 16:44:58 +0000 Subject: [PATCH 05/32] Fix more formatting --- .github/workflows/build.yml | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 716deb142266b8..439e2370c4e625 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -368,7 +368,12 @@ jobs: # TODO [childw] can we use env.* instead of env vars here? - name: Install AWS-LC if: steps.cache-aws-lc.outputs.cache-hit != 'true' - run: python3 Tools/ssl/multissltests.py --steps=library --base-directory "$MULTISSL_DIR" --awslc ${{ matrix.awslc_ver }} --system Linux + run: > + python3 Tools/ssl/multissltests.py + --steps=library + --base-directory "$MULTISSL_DIR" + --awslc ${{ matrix.awslc_ver }} + --system Linux - name: Add ccache to PATH run: | echo "PATH=/usr/lib/ccache:$PATH" >> "$GITHUB_ENV" @@ -376,21 +381,21 @@ jobs: uses: hendrikmuhs/ccache-action@v1.2 with: save: false - - name: Configure CPython build - run: ./configure CFLAGS="-fdiagnostics-format=json" - --config-cache - --enable-slower-safety - --with-pydebug - --with-openssl="$OPENSSL_DIR" - --with-builtin-hashlib-hashes=blake2 - --with-ssl-default-suites=openssl + - name: Configure CPython + run: > + ./configure CFLAGS="-fdiagnostics-format=json" + --config-cache + --enable-slower-safety + --with-pydebug + --with-openssl="$OPENSSL_DIR" + --with-builtin-hashlib-hashes=blake2 + --with-ssl-default-suites=openssl - name: Build CPython run: make -j - name: Display build info run: make pythoninfo - name: Verify python is linked to AWS-LC - run: | - ./python -c 'import ssl; print(ssl.OPENSSL_VERSION)' | grep AWS-LC + run: ./python -c 'import ssl; print(ssl.OPENSSL_VERSION)' | grep AWS-LC - name: SSL tests run: ./python Lib/test/ssltests.py From 679147306206b2f58f7d1b6583966b43aaa78ae5 Mon Sep 17 00:00:00 2001 From: WillChilds-Klein Date: Wed, 11 Jun 2025 16:51:07 +0000 Subject: [PATCH 06/32] Fix more formatting --- .github/workflows/build.yml | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 439e2370c4e625..bf2ae151643cb8 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -368,11 +368,11 @@ jobs: # TODO [childw] can we use env.* instead of env vars here? - name: Install AWS-LC if: steps.cache-aws-lc.outputs.cache-hit != 'true' - run: > - python3 Tools/ssl/multissltests.py - --steps=library - --base-directory "$MULTISSL_DIR" - --awslc ${{ matrix.awslc_ver }} + run: | + python3 Tools/ssl/multissltests.py \ + --steps=library \ + --base-directory "$MULTISSL_DIR" \ + --awslc ${{ matrix.awslc_ver }} \ --system Linux - name: Add ccache to PATH run: | @@ -382,13 +382,13 @@ jobs: with: save: false - name: Configure CPython - run: > - ./configure CFLAGS="-fdiagnostics-format=json" - --config-cache - --enable-slower-safety - --with-pydebug - --with-openssl="$OPENSSL_DIR" - --with-builtin-hashlib-hashes=blake2 + run: | + ./configure CFLAGS="-fdiagnostics-format=json" \ + --config-cache \ + --enable-slower-safety \ + --with-pydebug \ + --with-openssl="$OPENSSL_DIR" \ + --with-builtin-hashlib-hashes=blake2 \ --with-ssl-default-suites=openssl - name: Build CPython run: make -j From 269dc10db4aefd41f51a660dde2339363f865688 Mon Sep 17 00:00:00 2001 From: "blurb-it[bot]" <43283697+blurb-it[bot]@users.noreply.github.com> Date: Wed, 11 Jun 2025 16:52:53 +0000 Subject: [PATCH 07/32] =?UTF-8?q?=F0=9F=93=9C=F0=9F=A4=96=20Added=20by=20b?= =?UTF-8?q?lurb=5Fit.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../next/Tests/2025-06-11-16-52-49.gh-issue-135401.ccMXmL.rst | 1 + 1 file changed, 1 insertion(+) create mode 100644 Misc/NEWS.d/next/Tests/2025-06-11-16-52-49.gh-issue-135401.ccMXmL.rst diff --git a/Misc/NEWS.d/next/Tests/2025-06-11-16-52-49.gh-issue-135401.ccMXmL.rst b/Misc/NEWS.d/next/Tests/2025-06-11-16-52-49.gh-issue-135401.ccMXmL.rst new file mode 100644 index 00000000000000..79d2e67ca91e60 --- /dev/null +++ b/Misc/NEWS.d/next/Tests/2025-06-11-16-52-49.gh-issue-135401.ccMXmL.rst @@ -0,0 +1 @@ +Add a new GitHub CI job to test python's ssl module with AWS-LC as the backing cryptography and TLS library. From cd74e2ba29fce8b205ecf9d3ed5270838bbc77f7 Mon Sep 17 00:00:00 2001 From: WillChilds-Klein Date: Wed, 11 Jun 2025 16:57:35 +0000 Subject: [PATCH 08/32] Fix all-required-greed target --- .github/workflows/build.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index bf2ae151643cb8..5691f856bc1ca5 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -697,7 +697,8 @@ jobs: - build-windows-msi - build-macos - build-ubuntu - - build-ubuntu-ssltests + - build-ubuntu-ssltests-awslc + - build-ubuntu-ssltests-openssl - build-wasi - test-hypothesis - build-asan @@ -712,7 +713,8 @@ jobs: with: allowed-failures: >- build-windows-msi, - build-ubuntu-ssltests, + build-ubuntu-ssltests-awslc + build-ubuntu-ssltests-openssl test-hypothesis, cifuzz, allowed-skips: >- @@ -730,7 +732,8 @@ jobs: check-generated-files, build-macos, build-ubuntu, - build-ubuntu-ssltests, + build-ubuntu-ssltests-awslc, + build-ubuntu-ssltests-openssl, build-wasi, test-hypothesis, build-asan, From 24fbecfffc900ba466e06f4905549fd8ac433bd0 Mon Sep 17 00:00:00 2001 From: WillChilds-Klein Date: Wed, 11 Jun 2025 17:14:34 +0000 Subject: [PATCH 09/32] Fix aws-lc build dir path --- .github/workflows/build.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 5691f856bc1ca5..4588883052b91f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -357,8 +357,8 @@ jobs: # TODO [childw] do we need to re-specify the env vars here after L330's configuration? run: | echo "MULTISSL_DIR=${GITHUB_WORKSPACE}/multissl" >> "$GITHUB_ENV" - echo "OPENSSL_DIR=${GITHUB_WORKSPACE}/multissl/awslc/${AWSLC_VER}" >> "$GITHUB_ENV" - echo "LD_LIBRARY_PATH=${GITHUB_WORKSPACE}/multissl/awslc/${AWSLC_VER}/lib" >> "$GITHUB_ENV" + echo "OPENSSL_DIR=${GITHUB_WORKSPACE}/multissl/aws-lc/${AWSLC_VER}" >> "$GITHUB_ENV" + echo "LD_LIBRARY_PATH=${GITHUB_WORKSPACE}/multissl/aws-lc/${AWSLC_VER}/lib" >> "$GITHUB_ENV" - name: 'Restore AWS-LC build' id: cache-aws-lc uses: actions/cache@v4 From fa08737dbcfc69617fa7814313ca6db466ecd852 Mon Sep 17 00:00:00 2001 From: WillChilds-Klein Date: Wed, 11 Jun 2025 17:42:56 +0000 Subject: [PATCH 10/32] Remove NID_blake2b512 from hashlib dependency test in ./configure --- configure | 1 - 1 file changed, 1 deletion(-) diff --git a/configure b/configure index 029bf527da4e3d..3fada482bd40e7 100755 --- a/configure +++ b/configure @@ -30873,7 +30873,6 @@ main (void) OBJ_nid2sn(NID_md5); OBJ_nid2sn(NID_sha1); OBJ_nid2sn(NID_sha3_512); - OBJ_nid2sn(NID_blake2b512); EVP_PBE_scrypt(NULL, 0, NULL, 0, 2, 8, 1, 0, NULL, 0); ; From 3f3a70bf91b5208a8ffc2b06d33320b6b465544c Mon Sep 17 00:00:00 2001 From: WillChilds-Klein Date: Wed, 11 Jun 2025 17:45:27 +0000 Subject: [PATCH 11/32] Remove NID_blake2b512 from configure.ac --- configure.ac | 1 - 1 file changed, 1 deletion(-) diff --git a/configure.ac b/configure.ac index 371b2e8ed73525..d2cac8107840c2 100644 --- a/configure.ac +++ b/configure.ac @@ -7545,7 +7545,6 @@ WITH_SAVE_ENV([ OBJ_nid2sn(NID_md5); OBJ_nid2sn(NID_sha1); OBJ_nid2sn(NID_sha3_512); - OBJ_nid2sn(NID_blake2b512); EVP_PBE_scrypt(NULL, 0, NULL, 0, 2, 8, 1, 0, NULL, 0); ])], [ac_cv_working_openssl_hashlib=yes], [ac_cv_working_openssl_hashlib=no]) ]) From 7d37e6afe3f81ec8749ae85189eb5b32c63b7541 Mon Sep 17 00:00:00 2001 From: WillChilds-Klein Date: Wed, 11 Jun 2025 18:27:15 +0000 Subject: [PATCH 12/32] Tryi setting --with-openssl-rpath in configure invocation --- .github/workflows/build.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 4588883052b91f..afc96260fbdc10 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -388,6 +388,7 @@ jobs: --enable-slower-safety \ --with-pydebug \ --with-openssl="$OPENSSL_DIR" \ + --with-openssl-rpath="$OPENSSL_DIR"/lib \ --with-builtin-hashlib-hashes=blake2 \ --with-ssl-default-suites=openssl - name: Build CPython From 6eb1190cb79f0a2b295b6c805a0e2f087b1d3476 Mon Sep 17 00:00:00 2001 From: WillChilds-Klein Date: Wed, 11 Jun 2025 18:54:04 +0000 Subject: [PATCH 13/32] Revert "Tryi setting --with-openssl-rpath in configure invocation" This reverts commit 7d37e6afe3f81ec8749ae85189eb5b32c63b7541. --- .github/workflows/build.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index afc96260fbdc10..4588883052b91f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -388,7 +388,6 @@ jobs: --enable-slower-safety \ --with-pydebug \ --with-openssl="$OPENSSL_DIR" \ - --with-openssl-rpath="$OPENSSL_DIR"/lib \ --with-builtin-hashlib-hashes=blake2 \ --with-ssl-default-suites=openssl - name: Build CPython From 8f4a0eb739713b5baf28aefa9d561873a70e25ef Mon Sep 17 00:00:00 2001 From: WillChilds-Klein Date: Wed, 11 Jun 2025 21:22:37 +0000 Subject: [PATCH 14/32] Guard new hashlib ctor test --- Lib/test/test_hashlib.py | 5 ++++- Tools/ssl/multissltests.py | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/Lib/test/test_hashlib.py b/Lib/test/test_hashlib.py index b83ae181718b7a..ff52e73100e373 100644 --- a/Lib/test/test_hashlib.py +++ b/Lib/test/test_hashlib.py @@ -274,7 +274,10 @@ def test_clinic_signature(self): with self.assertWarnsRegex(DeprecationWarning, DEPRECATED_STRING_PARAMETER): hashlib.new(digest_name, string=b'') - if self._hashlib: + # when using a combination of libcrypto and interned hash + # implementations, we need to make sure that _hashlib contains + # the constructor we're testing + if self._hashlib and digest_name in self._hashlib._constructors: self._hashlib.new(digest_name, b'') self._hashlib.new(digest_name, data=b'') with self.assertWarnsRegex(DeprecationWarning, diff --git a/Tools/ssl/multissltests.py b/Tools/ssl/multissltests.py index 9baf9a76b022be..21d801ac453947 100755 --- a/Tools/ssl/multissltests.py +++ b/Tools/ssl/multissltests.py @@ -486,6 +486,7 @@ def _build_src(self, config_args=()): "-DCMAKE_PREFIX_PATH={}".format(self.install_dir), "-DCMAKE_INSTALL_PREFIX={}".format(self.install_dir), "-DBUILD_SHARED_LIBS=ON", + "-DBUILD_TESTING=OFF", "-DFIPS=OFF", ] self._subprocess_call(cmd, cwd=cwd, env=env) From 7ebee26d8ef098f142b8677e19d6b391d2a7ac67 Mon Sep 17 00:00:00 2001 From: Will Childs-Klein Date: Wed, 11 Jun 2025 18:15:41 -0400 Subject: [PATCH 15/32] Update Tools/ssl/multissltests.py Co-authored-by: Adam Turner <9087854+AA-Turner@users.noreply.github.com> --- Tools/ssl/multissltests.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Tools/ssl/multissltests.py b/Tools/ssl/multissltests.py index 21d801ac453947..9b517e3dd8b354 100755 --- a/Tools/ssl/multissltests.py +++ b/Tools/ssl/multissltests.py @@ -3,7 +3,7 @@ The script - (1) downloads OpenSSL / LibreSSL / AWS-LC tar bundle + (1) downloads the tar bundle (2) extracts it to ./src (3) compiles OpenSSL / LibreSSL / AWS-LC (4) installs the crypto library into ../multissl/$LIB/$VERSION/ From 840923d09e0861758f71c3e24359664f54ca6d4f Mon Sep 17 00:00:00 2001 From: Will Childs-Klein Date: Wed, 11 Jun 2025 18:15:55 -0400 Subject: [PATCH 16/32] Update Tools/ssl/multissltests.py Co-authored-by: Adam Turner <9087854+AA-Turner@users.noreply.github.com> --- Tools/ssl/multissltests.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Tools/ssl/multissltests.py b/Tools/ssl/multissltests.py index 9b517e3dd8b354..8c807f81a2ef80 100755 --- a/Tools/ssl/multissltests.py +++ b/Tools/ssl/multissltests.py @@ -5,8 +5,8 @@ (1) downloads the tar bundle (2) extracts it to ./src - (3) compiles OpenSSL / LibreSSL / AWS-LC - (4) installs the crypto library into ../multissl/$LIB/$VERSION/ + (3) compiles the relevant library + (4) installs that library into ../multissl/$LIB/$VERSION/ (5) forces a recompilation of Python modules using the header and library files from ../multissl/$LIB/$VERSION/ (6) runs Python's test suite From 3850ba0003c0c118b2f3e8caef619544f7fbe059 Mon Sep 17 00:00:00 2001 From: Will Childs-Klein Date: Wed, 11 Jun 2025 18:17:47 -0400 Subject: [PATCH 17/32] Update Misc/NEWS.d/next/Tests/2025-06-11-16-52-49.gh-issue-135401.ccMXmL.rst Co-authored-by: Adam Turner <9087854+AA-Turner@users.noreply.github.com> --- .../next/Tests/2025-06-11-16-52-49.gh-issue-135401.ccMXmL.rst | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Misc/NEWS.d/next/Tests/2025-06-11-16-52-49.gh-issue-135401.ccMXmL.rst b/Misc/NEWS.d/next/Tests/2025-06-11-16-52-49.gh-issue-135401.ccMXmL.rst index 79d2e67ca91e60..abc0ae2c26bfa8 100644 --- a/Misc/NEWS.d/next/Tests/2025-06-11-16-52-49.gh-issue-135401.ccMXmL.rst +++ b/Misc/NEWS.d/next/Tests/2025-06-11-16-52-49.gh-issue-135401.ccMXmL.rst @@ -1 +1,3 @@ -Add a new GitHub CI job to test python's ssl module with AWS-LC as the backing cryptography and TLS library. +Add a new GitHub CI job to test the :py:mod:`ssl` module with AWS-LC__ as the backing cryptography and TLS library. + +__ https://github.com/aws/aws-lc From be1b72c13b2d7b7d5d09c5f3a83cfff3f467e302 Mon Sep 17 00:00:00 2001 From: WillChilds-Klein Date: Wed, 11 Jun 2025 22:52:33 +0000 Subject: [PATCH 18/32] Remove TODOs per PR feedback, remove this as required CI job --- .github/workflows/build.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 4588883052b91f..650e45ac03a60a 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -354,7 +354,6 @@ jobs: - name: Install dependencies run: sudo ./.github/workflows/posix-deps-apt.sh - name: Configure SSL lib env vars - # TODO [childw] do we need to re-specify the env vars here after L330's configuration? run: | echo "MULTISSL_DIR=${GITHUB_WORKSPACE}/multissl" >> "$GITHUB_ENV" echo "OPENSSL_DIR=${GITHUB_WORKSPACE}/multissl/aws-lc/${AWSLC_VER}" >> "$GITHUB_ENV" @@ -365,7 +364,6 @@ jobs: with: path: ./multissl/aws-lc/${{ matrix.awslc_ver }} key: ${{ matrix.os }}-multissl-aws-lc-${{ matrix.awslc_ver }} - # TODO [childw] can we use env.* instead of env vars here? - name: Install AWS-LC if: steps.cache-aws-lc.outputs.cache-hit != 'true' run: | @@ -697,7 +695,6 @@ jobs: - build-windows-msi - build-macos - build-ubuntu - - build-ubuntu-ssltests-awslc - build-ubuntu-ssltests-openssl - build-wasi - test-hypothesis @@ -713,7 +710,6 @@ jobs: with: allowed-failures: >- build-windows-msi, - build-ubuntu-ssltests-awslc build-ubuntu-ssltests-openssl test-hypothesis, cifuzz, @@ -732,7 +728,6 @@ jobs: check-generated-files, build-macos, build-ubuntu, - build-ubuntu-ssltests-awslc, build-ubuntu-ssltests-openssl, build-wasi, test-hypothesis, From c65548441fac2a69be24db02b0a80accc68812e5 Mon Sep 17 00:00:00 2001 From: WillChilds-Klein Date: Mon, 16 Jun 2025 19:00:54 +0000 Subject: [PATCH 19/32] Check for SHA-512 instead of BLAKE in configure --- configure | 1 + configure.ac | 1 + 2 files changed, 2 insertions(+) diff --git a/configure b/configure index 3fada482bd40e7..31e0e3beab0d30 100755 --- a/configure +++ b/configure @@ -30872,6 +30872,7 @@ main (void) OBJ_nid2sn(NID_md5); OBJ_nid2sn(NID_sha1); + OBJ_nid2sn(NID_sha512); OBJ_nid2sn(NID_sha3_512); EVP_PBE_scrypt(NULL, 0, NULL, 0, 2, 8, 1, 0, NULL, 0); diff --git a/configure.ac b/configure.ac index d2cac8107840c2..509128224af263 100644 --- a/configure.ac +++ b/configure.ac @@ -7544,6 +7544,7 @@ WITH_SAVE_ENV([ ], [ OBJ_nid2sn(NID_md5); OBJ_nid2sn(NID_sha1); + OBJ_nid2sn(NID_sha512); OBJ_nid2sn(NID_sha3_512); EVP_PBE_scrypt(NULL, 0, NULL, 0, 2, 8, 1, 0, NULL, 0); ])], [ac_cv_working_openssl_hashlib=yes], [ac_cv_working_openssl_hashlib=no]) From 99df7d5aa973d281b52570443edcf4e6d30a1049 Mon Sep 17 00:00:00 2001 From: WillChilds-Klein Date: Mon, 16 Jun 2025 19:05:31 +0000 Subject: [PATCH 20/32] Simplify multissltests.py builders --- Tools/ssl/multissltests.py | 33 +++++++++------------------------ 1 file changed, 9 insertions(+), 24 deletions(-) diff --git a/Tools/ssl/multissltests.py b/Tools/ssl/multissltests.py index 8c807f81a2ef80..2852951345ecf4 100755 --- a/Tools/ssl/multissltests.py +++ b/Tools/ssl/multissltests.py @@ -537,30 +537,15 @@ def main(): # download and register builder builds = [] - - for version in args.openssl: - build = BuildOpenSSL( - version, - args - ) - build.install() - builds.append(build) - - for version in args.libressl: - build = BuildLibreSSL( - version, - args - ) - build.install() - builds.append(build) - - for version in args.awslc: - build = BuildAWSLC( - version, - args - ) - build.install() - builds.append(build) + for build_class, versions in [ + (BuildOpenSSL, args.openssl), + (BuildLibreSSL, args.libressl), + (BuildAWSLC, args.awslc), + ]: + for version in versions: + build = build_class(version, args) + build.install() + builds.append(build) if args.steps in {'modules', 'tests'}: for build in builds: From 8f95caa4dcd530e61c2ffcab5b770790d428c590 Mon Sep 17 00:00:00 2001 From: WillChilds-Klein Date: Tue, 17 Jun 2025 18:05:58 +0000 Subject: [PATCH 21/32] Modify multissltests.py comments per PR feedback --- Tools/ssl/multissltests.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Tools/ssl/multissltests.py b/Tools/ssl/multissltests.py index 2852951345ecf4..af06cf6dfbb595 100755 --- a/Tools/ssl/multissltests.py +++ b/Tools/ssl/multissltests.py @@ -1,5 +1,5 @@ #!./python -"""Run Python tests against multiple installations of crypto libraries +"""Run Python tests against multiple installations of cryptography libraries The script @@ -74,7 +74,7 @@ parser = argparse.ArgumentParser( prog='multissl', description=( - "Run CPython tests with multiple crypto libraries" + "Run CPython tests with multiple cryptography libraries" "versions." ) ) From 3134a9e39b717beb08823f5367e37c9489d0aa98 Mon Sep 17 00:00:00 2001 From: WillChilds-Klein Date: Mon, 30 Jun 2025 20:16:31 +0000 Subject: [PATCH 22/32] Temporarily track AWS-LC commit with HMAC-SHA3 --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 1764497e3344fe..395f501dc6f791 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -332,7 +332,7 @@ jobs: fail-fast: false matrix: os: [ubuntu-24.04] - awslc_ver: [1.52.1] + awslc_ver: [80f986b94] # TODO: change to an AWS-LC release version once AWS-LC PR #2484 is released env: AWSLC_VER: ${{ matrix.awslc_ver}} MULTISSL_DIR: ${{ github.workspace }}/multissl From f8fde3566a4eb1db3fe6420f908ffe038df31cf8 Mon Sep 17 00:00:00 2001 From: WillChilds-Klein Date: Thu, 3 Jul 2025 17:42:23 +0000 Subject: [PATCH 23/32] Test against AWS-LC v1.55.0 --- .github/workflows/build.yml | 2 +- Tools/ssl/multissltests.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 395f501dc6f791..376a93b2701097 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -332,7 +332,7 @@ jobs: fail-fast: false matrix: os: [ubuntu-24.04] - awslc_ver: [80f986b94] # TODO: change to an AWS-LC release version once AWS-LC PR #2484 is released + awslc_ver: [1.55.0] env: AWSLC_VER: ${{ matrix.awslc_ver}} MULTISSL_DIR: ${{ github.workspace }}/multissl diff --git a/Tools/ssl/multissltests.py b/Tools/ssl/multissltests.py index af06cf6dfbb595..f30f03aa31b00e 100755 --- a/Tools/ssl/multissltests.py +++ b/Tools/ssl/multissltests.py @@ -62,7 +62,7 @@ ] AWSLC_RECENT_VERSIONS = [ - "1.52.1", + "1.55.0", ] # store files in ../multissl From eb11bca9f3fc632d4bb0f042179198ab7f2efb58 Mon Sep 17 00:00:00 2001 From: WillChilds-Klein Date: Fri, 4 Jul 2025 16:37:13 +0000 Subject: [PATCH 24/32] Add ssltests-awslc check to cumulative check, allow failure --- .github/workflows/build.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 376a93b2701097..05f20e12f4653d 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -703,6 +703,7 @@ jobs: - build-windows-msi - build-macos - build-ubuntu + - build-ubuntu-ssltests-awslc - build-ubuntu-ssltests-openssl - build-wasi - test-hypothesis @@ -718,7 +719,8 @@ jobs: with: allowed-failures: >- build-windows-msi, - build-ubuntu-ssltests-openssl + build-ubuntu-ssltests-awslc, + build-ubuntu-ssltests-openssl, test-hypothesis, cifuzz, allowed-skips: >- @@ -736,6 +738,7 @@ jobs: check-generated-files, build-macos, build-ubuntu, + build-ubuntu-ssltests-awslc, build-ubuntu-ssltests-openssl, build-wasi, test-hypothesis, From 4d9147c3b4d94cba4d174b399dbd862964c1d7d1 Mon Sep 17 00:00:00 2001 From: Will Childs-Klein Date: Sun, 6 Jul 2025 20:38:01 -0400 Subject: [PATCH 25/32] Update Misc/NEWS.d/next/Tests/2025-06-11-16-52-49.gh-issue-135401.ccMXmL.rst --- .../next/Tests/2025-06-11-16-52-49.gh-issue-135401.ccMXmL.rst | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/Misc/NEWS.d/next/Tests/2025-06-11-16-52-49.gh-issue-135401.ccMXmL.rst b/Misc/NEWS.d/next/Tests/2025-06-11-16-52-49.gh-issue-135401.ccMXmL.rst index abc0ae2c26bfa8..c806a0a8468864 100644 --- a/Misc/NEWS.d/next/Tests/2025-06-11-16-52-49.gh-issue-135401.ccMXmL.rst +++ b/Misc/NEWS.d/next/Tests/2025-06-11-16-52-49.gh-issue-135401.ccMXmL.rst @@ -1,3 +1 @@ -Add a new GitHub CI job to test the :py:mod:`ssl` module with AWS-LC__ as the backing cryptography and TLS library. - -__ https://github.com/aws/aws-lc +Add a new GitHub CI job to test the :py:mod:`ssl` module with `AWS-LC `_ as the backing cryptography and TLS library. From 7311e421af2fbd50907565c0bd58107ceb43eab4 Mon Sep 17 00:00:00 2001 From: Will Childs-Klein Date: Mon, 7 Jul 2025 10:10:49 -0400 Subject: [PATCH 26/32] Update Misc/NEWS.d/next/Tests/2025-06-11-16-52-49.gh-issue-135401.ccMXmL.rst MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com> --- .../next/Tests/2025-06-11-16-52-49.gh-issue-135401.ccMXmL.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Misc/NEWS.d/next/Tests/2025-06-11-16-52-49.gh-issue-135401.ccMXmL.rst b/Misc/NEWS.d/next/Tests/2025-06-11-16-52-49.gh-issue-135401.ccMXmL.rst index c806a0a8468864..6885fba30dbab0 100644 --- a/Misc/NEWS.d/next/Tests/2025-06-11-16-52-49.gh-issue-135401.ccMXmL.rst +++ b/Misc/NEWS.d/next/Tests/2025-06-11-16-52-49.gh-issue-135401.ccMXmL.rst @@ -1 +1 @@ -Add a new GitHub CI job to test the :py:mod:`ssl` module with `AWS-LC `_ as the backing cryptography and TLS library. +Add a new GitHub CI job to test the :mod:`ssl` module with `AWS-LC `_ as the backing cryptography and TLS library. From 13dfd95712271f5c61dba6477e2cfbc67118b8ea Mon Sep 17 00:00:00 2001 From: Will Childs-Klein Date: Mon, 7 Jul 2025 10:11:00 -0400 Subject: [PATCH 27/32] Update Tools/ssl/multissltests.py MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com> --- Tools/ssl/multissltests.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Tools/ssl/multissltests.py b/Tools/ssl/multissltests.py index f30f03aa31b00e..35acabffe69e89 100755 --- a/Tools/ssl/multissltests.py +++ b/Tools/ssl/multissltests.py @@ -136,7 +136,7 @@ choices=['library', 'modules', 'tests'], default='tests', help=( - "Which steps to perform. 'library' downloads and compiles a crypto" + "Which steps to perform. 'library' downloads and compiles a crypto" "library. 'module' also compiles Python modules. 'tests' builds " "all and runs the test suite." ) From 22470c1e9ff373ea478cf530a0db4646c3a38e49 Mon Sep 17 00:00:00 2001 From: Will Childs-Klein Date: Mon, 7 Jul 2025 11:57:41 -0400 Subject: [PATCH 28/32] Update Tools/ssl/multissltests.py Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com> --- Tools/ssl/multissltests.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Tools/ssl/multissltests.py b/Tools/ssl/multissltests.py index 35acabffe69e89..abf54ac05efe5f 100755 --- a/Tools/ssl/multissltests.py +++ b/Tools/ssl/multissltests.py @@ -76,7 +76,9 @@ description=( "Run CPython tests with multiple cryptography libraries" "versions." - ) + ), + color=True, + suggest_on_error=True, ) parser.add_argument( '--debug', From e24bde5692e224fada5a03dc20d546595e2d4834 Mon Sep 17 00:00:00 2001 From: Will Childs-Klein Date: Mon, 7 Jul 2025 11:57:52 -0400 Subject: [PATCH 29/32] Update Tools/ssl/multissltests.py Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com> --- Tools/ssl/multissltests.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/Tools/ssl/multissltests.py b/Tools/ssl/multissltests.py index abf54ac05efe5f..b65920dbc304f3 100755 --- a/Tools/ssl/multissltests.py +++ b/Tools/ssl/multissltests.py @@ -112,9 +112,7 @@ '--awslc', nargs='+', default=(), - help=( - "AWS-LC versions, defaults to '{}'." - ).format(AWSLC_RECENT_VERSIONS) + help=f"AWS-LC versions, defaults to '{AWSLC_RECENT_VERSIONS}'." ) parser.add_argument( '--tests', From a0d7b5f10172d4f66d24e289730aa3885b006feb Mon Sep 17 00:00:00 2001 From: Will Childs-Klein Date: Fri, 11 Jul 2025 16:38:59 -0400 Subject: [PATCH 30/32] Update Tools/ssl/multissltests.py Co-authored-by: Zachary Ware --- Tools/ssl/multissltests.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/Tools/ssl/multissltests.py b/Tools/ssl/multissltests.py index b65920dbc304f3..18ec250a3c6571 100755 --- a/Tools/ssl/multissltests.py +++ b/Tools/ssl/multissltests.py @@ -77,8 +77,6 @@ "Run CPython tests with multiple cryptography libraries" "versions." ), - color=True, - suggest_on_error=True, ) parser.add_argument( '--debug', From a2efcda8c02a5d059422f72335c25a35f8528855 Mon Sep 17 00:00:00 2001 From: Will Childs-Klein Date: Fri, 11 Jul 2025 16:56:12 -0400 Subject: [PATCH 31/32] Update Tools/ssl/multissltests.py Co-authored-by: Zachary Ware --- Tools/ssl/multissltests.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Tools/ssl/multissltests.py b/Tools/ssl/multissltests.py index 18ec250a3c6571..b6a01f22f33e55 100755 --- a/Tools/ssl/multissltests.py +++ b/Tools/ssl/multissltests.py @@ -110,7 +110,9 @@ '--awslc', nargs='+', default=(), - help=f"AWS-LC versions, defaults to '{AWSLC_RECENT_VERSIONS}'." + help=( + "AWS-LC versions, defaults to '{}' if no crypto library versions are given." + ).format(AWSLC_RECENT_VERSIONS) ) parser.add_argument( '--tests', From 38afe992934b8f87a423d2bb38959bed9299ad62 Mon Sep 17 00:00:00 2001 From: Will Childs-Klein Date: Fri, 11 Jul 2025 16:58:47 -0400 Subject: [PATCH 32/32] Update Tools/ssl/multissltests.py Co-authored-by: Zachary Ware --- Tools/ssl/multissltests.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Tools/ssl/multissltests.py b/Tools/ssl/multissltests.py index b6a01f22f33e55..f4c8fde8346fd9 100755 --- a/Tools/ssl/multissltests.py +++ b/Tools/ssl/multissltests.py @@ -490,7 +490,7 @@ def _build_src(self, config_args=()): "-DFIPS=OFF", ] self._subprocess_call(cmd, cwd=cwd, env=env) - self._subprocess_call(["make", f"-j{self.jobs}"], cwd=cwd, env=env) + self._subprocess_call(["make", "-j{}".format(self.jobs)], cwd=cwd, env=env) def configure_make():