From: Colin Pinnell McAllister <colinmca242@gmail.com>
To: openembedded-core@lists.openembedded.org
Cc: Colin Pinnell McAllister <colinmca242@gmail.com>
Subject: [PATCH v2 1/4] python3: Backport TLS test fix
Date: Fri, 13 Feb 2026 17:01:27 -0600 [thread overview]
Message-ID: <20260213230130.757732-2-colinmca242@gmail.com> (raw)
In-Reply-To: <20260213230130.757732-1-colinmca242@gmail.com>
Backports fix for Python3 that allows TLS 1.2 to be the minimum version.
Signed-off-by: Colin Pinnell McAllister <colinmca242@gmail.com>
---
v2 changes:
* Add this patch to fix python3 ptest build failures
...Allow-TLS-v1.2-to-be-minimum-version.patch | 39 +++++++++++++++++++
.../recipes-devtools/python/python3_3.14.2.bb | 1 +
2 files changed, 40 insertions(+)
create mode 100644 meta/recipes-devtools/python/python3/0001-gh-144787-tests-Allow-TLS-v1.2-to-be-minimum-version.patch
diff --git a/meta/recipes-devtools/python/python3/0001-gh-144787-tests-Allow-TLS-v1.2-to-be-minimum-version.patch b/meta/recipes-devtools/python/python3/0001-gh-144787-tests-Allow-TLS-v1.2-to-be-minimum-version.patch
new file mode 100644
index 0000000000..3b0e98bf51
--- /dev/null
+++ b/meta/recipes-devtools/python/python3/0001-gh-144787-tests-Allow-TLS-v1.2-to-be-minimum-version.patch
@@ -0,0 +1,39 @@
+From bcd6e2535cb0dbf72b677eb6bddb644cb035ed51 Mon Sep 17 00:00:00 2001
+From: Colin McAllister <colinmca242@gmail.com>
+Date: Fri, 13 Feb 2026 11:17:53 -0600
+Subject: [PATCH 1/1] gh-144787: [tests] Allow TLS v1.2 to be minimum version
+ (GH-144790)
+
+Allow TLS v1.2 to be minimum version
+
+Updates test_min_max_version to allow TLS v1.2 to be minimum version if
+TLS 1.0 and 1.1 are disabled in OpenSSL.
+
+Upstream-Status: Backport [https://github.com/python/cpython/commit/f24009feeb78f605a3ee177d9e7cfb63d5890ee1]
+
+Signed-off-by: Colin Pinnell McAllister <colinmca242@gmail.com>
+---
+ Lib/test/test_ssl.py | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
+index 6023c89bca..7e9ba735b3 100644
+--- a/Lib/test/test_ssl.py
++++ b/Lib/test/test_ssl.py
+@@ -1156,7 +1156,12 @@ def test_min_max_version(self):
+ ctx.maximum_version = ssl.TLSVersion.MINIMUM_SUPPORTED
+ self.assertIn(
+ ctx.maximum_version,
+- {ssl.TLSVersion.TLSv1, ssl.TLSVersion.TLSv1_1, ssl.TLSVersion.SSLv3}
++ {
++ ssl.TLSVersion.TLSv1,
++ ssl.TLSVersion.TLSv1_1,
++ ssl.TLSVersion.TLSv1_2,
++ ssl.TLSVersion.SSLv3,
++ }
+ )
+
+ ctx.minimum_version = ssl.TLSVersion.MAXIMUM_SUPPORTED
+--
+2.49.1
+
diff --git a/meta/recipes-devtools/python/python3_3.14.2.bb b/meta/recipes-devtools/python/python3_3.14.2.bb
index 7481e70e13..6324151f4e 100644
--- a/meta/recipes-devtools/python/python3_3.14.2.bb
+++ b/meta/recipes-devtools/python/python3_3.14.2.bb
@@ -33,6 +33,7 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
file://0001-test_pyrepl-skip-test_unix_console.test_cursor_back_.patch \
file://0001-test_sysconfig-skip-test_sysconfig.test_sysconfigdat.patch \
file://0001-Skip-flaky-test_default_timeout-tests.patch \
+ file://0001-gh-144787-tests-Allow-TLS-v1.2-to-be-minimum-version.patch \
"
SRC_URI:append:class-native = " \
file://0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch \
--
2.53.0
next prev parent reply other threads:[~2026-02-13 23:01 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-11 18:49 [PATCH 0/3] Disable OpenSSL and Python3-cryptography legacy features by default Colin Pinnell McAllister
2026-02-11 18:49 ` [PATCH 1/3] openssl: Disable TLS 1.x " Colin Pinnell McAllister
2026-02-11 18:49 ` [PATCH 2/3] openssl: Add legacy packageconfig option Colin Pinnell McAllister
2026-02-13 18:23 ` [OE-core] " Peter Kjellerstedt
2026-02-11 18:49 ` [PATCH 3/3] python3-cryptography: Disable legacy-openssl by default Colin Pinnell McAllister
2026-02-12 16:38 ` [OE-core] [PATCH 0/3] Disable OpenSSL and Python3-cryptography legacy features " Mathieu Dubois-Briand
2026-02-13 15:36 ` Colin
2026-02-13 23:01 ` [PATCH v2 0/4] " Colin Pinnell McAllister
2026-02-13 23:01 ` Colin Pinnell McAllister [this message]
2026-02-13 23:01 ` [PATCH v2 2/4] openssl: Disable TLS 1.0/1.1 " Colin Pinnell McAllister
2026-02-13 23:01 ` [PATCH v2 3/4] openssl: Add legacy packageconfig option Colin Pinnell McAllister
2026-02-13 23:01 ` [PATCH v2 4/4] python3-cryptography: Disable legacy-openssl by default Colin Pinnell McAllister
2026-02-15 16:43 ` [OE-core] [PATCH v2 0/4] Disable OpenSSL and Python3-cryptography legacy features " Mathieu Dubois-Briand
2026-02-15 18:03 ` Mathieu Dubois-Briand
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260213230130.757732-2-colinmca242@gmail.com \
--to=colinmca242@gmail.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox