Skip to content

Update python patches #322

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
julek-wolfssl wants to merge 6 commits into
base: master
Choose a base branch
from
Open

Update python patches #322

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
c6448a1
Update test_parse_all_sans to match the openssl test case
julek-wolfssl Feb 23, 2026
49d4349
Add python 3.13.4 patch
julek-wolfssl Feb 23, 2026
b89dece
update 3.13.7
julek-wolfssl Feb 24, 2026
1332cd5
update readme
julek-wolfssl Feb 24, 2026
c505c1c
update 3.13.4
julek-wolfssl Feb 24, 2026
ad5c2fa
update 3.12.11
julek-wolfssl Feb 24, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
63 changes: 22 additions & 41 deletions Python/README.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -118,47 +118,21 @@ $ make test TESTOPTS="-v test_ssl"

# 3.12 Patches

These patches are for the Python versions 3.12.6, 3.12.9 and 3.12.11, which can
be downloaded from
These patches are for the Python 3.12.x series. The actively tested version
is 3.12.11, which can be downloaded from

https://www.python.org/ftp/python/3.12.6/Python-3.12.6.tar.xz
https://www.python.org/ftp/python/3.12.9/Python-3.12.9.tar.xz
https://www.python.org/ftp/python/3.12.11/Python-3.12.11.tar.xz

To build wolfSSL for use with one of these versions, see the simple script
build_wolfssl_py312.sh which can be used to build wolfSSL sources, configure,
and compile the library using the current wolfssl master branch code.

build_wolfssl_py312.sh is identical to build_wolfssl.sh, aside from some
variations in the configuration options. In particular, it uses the following
configuration for wolfSSL:
The following wolfSSL configuration is required for Python 3.12.x:

$ cd wolfssl-master
$ ./configure --enable-opensslall --enable-tls13 --enable-tlsx --enable-tlsv10 --enable-postauth --enable-certext --enable-certgen --enable-scrypt --enable-sessioncerts --enable-crl CFLAGS="-DHAVE_EX_DATA -DWOLFSSL_ERROR_CODE_OPENSSL -DHAVE_SECRET_CALLBACK -DWOLFSSL_PYTHON -DWOLFSSL_ALT_NAMES -DWOLFSSL_SIGNER_DER_CERT -DNO_INT128"
$ ./configure --enable-all --enable-tlsv10 CPPFLAGS="-DHAVE_SECRET_CALLBACK -DWOLFSSL_PYTHON"
Comment on lines +126 to +129
Copy link

Copilot AI Feb 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The README previously listed a very explicit set of wolfSSL configure flags/macros, but now switches to --enable-all with a much smaller set of CPPFLAGS while still calling it “required”. To prevent build-to-build ambiguity, it would help to either (a) explicitly state that --enable-all is the tested/recommended superset and note why it replaces the prior flag list, or (b) document the minimal set of flags actually required by these patches/tests.

Copilot uses AI. Check for mistakes.
$ make check

After compiling wolfSSL, install:

$ sudo make install

To build Python-3.12.6 with wolfSSL enabled:

$ tar xvf Python-3.12.6.tar.xz
$ cd Python-3.12.6
$ patch -p1 < wolfssl-python-3.12.6.patch
$ autoreconf -fi
$ ./configure --with-wolfssl=/usr/local
$ make

To build Python-3.12.9 with wolfSSL enabled:

$ tar xvf Python-3.12.9.tar.xz
$ cd Python-3.12.9
$ patch -p1 < wolfssl-python-3.12.9.patch
$ autoreconf -fi
$ ./configure --with-wolfssl=/usr/local
$ make

To build Python-3.12.11 with wolfSSL enabled:

$ tar xvf Python-3.12.11.tar.xz
Expand Down Expand Up @@ -187,29 +161,34 @@ Or, to run a specific test in verbose mode:

$ make test TESTOPTS="-v test_ssl"

# 3.13.7 Patch
# 3.13 Patches

This patch is for Python 3.13.7, which can be downloaded from
These patches are for the Python 3.13.x series. The actively tested versions
are 3.13.4 and 3.13.7, which can be downloaded from

https://www.python.org/ftp/python/3.13.4/Python-3.13.4.tar.xz
https://www.python.org/ftp/python/3.13.7/Python-3.13.7.tar.xz

To build wolfSSL for use with one of these versions, see the simple script
build_wolfssl_py313.sh which can be used to build wolfSSL sources, configure,
and compile the library using the current wolfssl master branch code.

build_wolfssl_py313.sh is identical to build_wolfssl.sh, aside from some
variations in the configuration options. In particular, it uses the following
configuration for wolfSSL:
The following wolfSSL configuration is required for Python 3.13.x:
Copy link

Copilot AI Feb 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The README previously listed a very explicit set of wolfSSL configure flags/macros, but now switches to --enable-all with a much smaller set of CPPFLAGS while still calling it “required”. To prevent build-to-build ambiguity, it would help to either (a) explicitly state that --enable-all is the tested/recommended superset and note why it replaces the prior flag list, or (b) document the minimal set of flags actually required by these patches/tests.

Suggested change
The following wolfSSL configuration is required for Python 3.13.x:
The following wolfSSL configuration is the recommended and actively tested
superset configuration for Python 3.13.x. The use of --enable-all here
replaces the previously documented list of individual wolfSSL feature flags
and ensures that all necessary options for these patches and tests are
enabled in a reproducible way. Other wolfSSL configurations that enable an
equivalent set of features may also work, but they are not routinely tested.

Copilot uses AI. Check for mistakes.

$ cd wolfssl-master
$ ./configure --enable-opensslall --enable-tls13 --enable-tlsx --enable-tlsv10 --enable-postauth --enable-certext --enable-certgen --enable-scrypt --enable-sessioncerts --enable-crl --enable-psk CFLAGS="-DHAVE_EX_DATA -DWOLFSSL_ERROR_CODE_OPENSSL -DHAVE_SECRET_CALLBACK -DWOLFSSL_PYTHON -DWOLFSSL_ALT_NAMES -DWOLFSSL_SIGNER_DER_CERT -DNO_INT128"
$ ./configure --enable-all --enable-tlsv10 CPPFLAGS="-DHAVE_SECRET_CALLBACK -DWOLFSSL_PYTHON"
$ make check

After compiling wolfSSL, install:

$ sudo make install

To build Python-3.13.7 with wolfSSL enabled follow the instructions below.
To build Python-3.13.4 with wolfSSL enabled:

$ tar xvf Python-3.13.4.tar.xz
$ cd Python-3.13.4
$ patch -p1 < wolfssl-python-3.13.4.patch
$ autoreconf -fi
$ ./configure --with-wolfssl=/usr/local
$ make

To build Python-3.13.7 with wolfSSL enabled:

$ tar xvf Python-3.13.7.tar.xz
$ cd Python-3.13.7
Expand All @@ -220,7 +199,9 @@ $ make

If make fails with a shared object error, you may need to update your
LD_LIBRARY_PATH first:

$ export LD_LIBRARY_PATH=/usr/local/lib

Run the ssl tests with:

$ make test TESTOPTS="-v test_ssl"
Loading