From d98cb9db3d87a78357b711397baa726de2ac6bcf Mon Sep 17 00:00:00 2001 From: Nick Coghlan Date: Sat, 30 Jun 2018 20:14:46 +1000 Subject: [PATCH 1/4] bpo-34009: Expand on platform support changes --- Doc/whatsnew/3.7.rst | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/Doc/whatsnew/3.7.rst b/Doc/whatsnew/3.7.rst index 53fbe185a3ade3..367b0481d85c27 100644 --- a/Doc/whatsnew/3.7.rst +++ b/Doc/whatsnew/3.7.rst @@ -1304,8 +1304,8 @@ Host name validation can be customized with .. note:: The improved host name check requires a *libssl* implementation compatible with OpenSSL 1.0.2 or 1.1. Consequently, OpenSSL 0.9.8 and 1.0.1 are no - longer supported. The ssl module is mostly compatible with LibreSSL 2.7.2 - and newer. + longer supported (see :ref:`37-platform-support-removals` for more details). + The ssl module is mostly compatible with LibreSSL 2.7.2 and newer. The ``ssl`` module no longer sends IP addresses in SNI TLS extension. (Contributed by Christian Heimes in :issue:`32185`.) @@ -2069,10 +2069,24 @@ or higher. (Contributed by Serhiy Storchaka in :issue:`27867`.) (Contributed by Antoine Pitrou in :issue:`16500`.) +.. _37-platform-support-removals: + Platform Support Removals ========================= -FreeBSD 9 and older are no longer officially supported. +* FreeBSD 9 and older are no longer officially supported. +* For full Unicode support, including within extension modules, \*nix platforms + are now expected to provide at least one of ``C.UTF-8`` (full locale), + ``C.utf8`` (full locale) or ``UTF-8`` (``LC_CTYPE``-only locale) as an + alternative to the legacy ``ASCII``-only ``C`` locale. +* OpenSSL 0.9.8 and 1.0.1 are no longer supported, which means building Python + 3.7 on platforms using these versions will require custom build options that + link to a more recent OpenSSL. This affects projects testing on Ubuntu 14.04 + (the "dist: trusty" build environment on Travis CI), where the simplest + resolution may be to update to using Ubuntu 16.04 (the "dist: xenial" build + environment). For cases where that isn't an option, see + :source:`Tools/ssl/multissltests.py` for examples of building custom + versions of SSL/TLS libraries, and linking Python against them. API and Feature Removals From c4fca8bf0ea83fcd26bf3b6bc56904b6bf933396 Mon Sep 17 00:00:00 2001 From: Nick Coghlan Date: Sun, 1 Jul 2018 13:24:07 +1000 Subject: [PATCH 2/4] Better info on the OpenSSL 1.0.1 issue --- Doc/whatsnew/3.7.rst | 30 ++++++++++++++++++++++-------- 1 file changed, 22 insertions(+), 8 deletions(-) diff --git a/Doc/whatsnew/3.7.rst b/Doc/whatsnew/3.7.rst index 367b0481d85c27..6b718d334be5a0 100644 --- a/Doc/whatsnew/3.7.rst +++ b/Doc/whatsnew/3.7.rst @@ -2080,14 +2080,28 @@ Platform Support Removals ``C.utf8`` (full locale) or ``UTF-8`` (``LC_CTYPE``-only locale) as an alternative to the legacy ``ASCII``-only ``C`` locale. * OpenSSL 0.9.8 and 1.0.1 are no longer supported, which means building Python - 3.7 on platforms using these versions will require custom build options that - link to a more recent OpenSSL. This affects projects testing on Ubuntu 14.04 - (the "dist: trusty" build environment on Travis CI), where the simplest - resolution may be to update to using Ubuntu 16.04 (the "dist: xenial" build - environment). For cases where that isn't an option, see - :source:`Tools/ssl/multissltests.py` for examples of building custom - versions of SSL/TLS libraries, and linking Python against them. - + 3.7 with SSL/TLS support on older platforms still using these versions + requires custom build options that link to a more recent version of OpenSSL. + + Notably, this issue affects the Debian 8 and Ubuntu 14.04 LTS Linux + distributions, as they still use OpenSSL 1.0.1 by default. Debian 9 and + Ubuntu 16.04, as well as recent releases of other LTS Linux releases + (e.g. RHEL/CentOS 7.5, SLES 12-SP3), use OpenSSL 1.0.2 or later, and remain + supported in the default build configuration. + + For projects using the Ubuntu 14.04 (``dist: trusty``) environment in + Travis CI, CPython's own :source:`CI configuration file <.travis.yml>` + provides an example of using the SSL + :source:`compatibility testing infrastructure ` in + CPython's test suite to build and link against OpenSSL 1.1.0 rather than the + outdated system provided OpenSSL. + + There is an `open ticket with Travis CI `_ + requesting either an Ubuntu 14.04 compatible build of CPython 3.7, or else + an update on the availability of a reliable ``dist: xenial`` (Ubuntu 16.04) + testing environment. + +.. _travis-ci-openssl-ticket: https://github.com/travis-ci/travis-ci/issues/9069 API and Feature Removals ======================== From 3dc9695db72e99c78e4888b071a74b8b42210cad Mon Sep 17 00:00:00 2001 From: Nick Coghlan Date: Sun, 1 Jul 2018 13:26:28 +1000 Subject: [PATCH 3/4] Small wording fixes --- Doc/whatsnew/3.7.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Doc/whatsnew/3.7.rst b/Doc/whatsnew/3.7.rst index 6b718d334be5a0..26c0fd03858305 100644 --- a/Doc/whatsnew/3.7.rst +++ b/Doc/whatsnew/3.7.rst @@ -2078,8 +2078,8 @@ Platform Support Removals * For full Unicode support, including within extension modules, \*nix platforms are now expected to provide at least one of ``C.UTF-8`` (full locale), ``C.utf8`` (full locale) or ``UTF-8`` (``LC_CTYPE``-only locale) as an - alternative to the legacy ``ASCII``-only ``C`` locale. -* OpenSSL 0.9.8 and 1.0.1 are no longer supported, which means building Python + alternative to the legacy ``ASCII``-based ``C`` locale. +* OpenSSL 0.9.8 and 1.0.1 are no longer supported, which means building CPython 3.7 with SSL/TLS support on older platforms still using these versions requires custom build options that link to a more recent version of OpenSSL. From b7a729a6ea68da3f26b2624a36dcd9f45ba584a1 Mon Sep 17 00:00:00 2001 From: Nick Coghlan Date: Wed, 4 Jul 2018 20:59:32 +1000 Subject: [PATCH 4/4] Remove Travis references, add Debuntu code names --- Doc/whatsnew/3.7.rst | 27 +++++++++++---------------- 1 file changed, 11 insertions(+), 16 deletions(-) diff --git a/Doc/whatsnew/3.7.rst b/Doc/whatsnew/3.7.rst index 26c0fd03858305..ac13890d9794ef 100644 --- a/Doc/whatsnew/3.7.rst +++ b/Doc/whatsnew/3.7.rst @@ -2083,25 +2083,20 @@ Platform Support Removals 3.7 with SSL/TLS support on older platforms still using these versions requires custom build options that link to a more recent version of OpenSSL. - Notably, this issue affects the Debian 8 and Ubuntu 14.04 LTS Linux - distributions, as they still use OpenSSL 1.0.1 by default. Debian 9 and - Ubuntu 16.04, as well as recent releases of other LTS Linux releases - (e.g. RHEL/CentOS 7.5, SLES 12-SP3), use OpenSSL 1.0.2 or later, and remain - supported in the default build configuration. - - For projects using the Ubuntu 14.04 (``dist: trusty``) environment in - Travis CI, CPython's own :source:`CI configuration file <.travis.yml>` - provides an example of using the SSL + Notably, this issue affects the Debian 8 (aka "jessie") and Ubuntu 14.04 + (aka "Trusty") LTS Linux distributions, as they still use OpenSSL 1.0.1 by + default. + + Debian 9 ("stretch") and Ubuntu 16.04 ("xenial"), as well as recent releases + of other LTS Linux releases (e.g. RHEL/CentOS 7.5, SLES 12-SP3), use OpenSSL + 1.0.2 or later, and remain supported in the default build configuration. + + CPython's own :source:`CI configuration file <.travis.yml>` provides an + example of using the SSL :source:`compatibility testing infrastructure ` in - CPython's test suite to build and link against OpenSSL 1.1.0 rather than the + CPython's test suite to build and link against OpenSSL 1.1.0 rather than an outdated system provided OpenSSL. - There is an `open ticket with Travis CI `_ - requesting either an Ubuntu 14.04 compatible build of CPython 3.7, or else - an update on the availability of a reliable ``dist: xenial`` (Ubuntu 16.04) - testing environment. - -.. _travis-ci-openssl-ticket: https://github.com/travis-ci/travis-ci/issues/9069 API and Feature Removals ======================== pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy