Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
63 changes: 22 additions & 41 deletions Python/README.txt
Original file line number Diff line number Diff line change
Expand Up @@ -118,47 +118,21 @@ $ make test TESTOPTS="-v test_ssl"

# 3.12 Patches

These patches are for the Python versions 3.12.6, 3.12.9 and 3.12.11, which can
be downloaded from
These patches are for the Python 3.12.x series. The actively tested version
is 3.12.11, which can be downloaded from

https://www.python.org/ftp/python/3.12.6/Python-3.12.6.tar.xz
https://www.python.org/ftp/python/3.12.9/Python-3.12.9.tar.xz
https://www.python.org/ftp/python/3.12.11/Python-3.12.11.tar.xz

To build wolfSSL for use with one of these versions, see the simple script
build_wolfssl_py312.sh which can be used to build wolfSSL sources, configure,
and compile the library using the current wolfssl master branch code.

build_wolfssl_py312.sh is identical to build_wolfssl.sh, aside from some
variations in the configuration options. In particular, it uses the following
configuration for wolfSSL:
The following wolfSSL configuration is required for Python 3.12.x:

$ cd wolfssl-master
$ ./configure --enable-opensslall --enable-tls13 --enable-tlsx --enable-tlsv10 --enable-postauth --enable-certext --enable-certgen --enable-scrypt --enable-sessioncerts --enable-crl CFLAGS="-DHAVE_EX_DATA -DWOLFSSL_ERROR_CODE_OPENSSL -DHAVE_SECRET_CALLBACK -DWOLFSSL_PYTHON -DWOLFSSL_ALT_NAMES -DWOLFSSL_SIGNER_DER_CERT -DNO_INT128"
$ ./configure --enable-all --enable-tlsv10 CPPFLAGS="-DHAVE_SECRET_CALLBACK -DWOLFSSL_PYTHON"
Comment on lines +126 to +129
Copy link

Copilot AI Feb 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The README previously listed a very explicit set of wolfSSL configure flags/macros, but now switches to --enable-all with a much smaller set of CPPFLAGS while still calling it “required”. To prevent build-to-build ambiguity, it would help to either (a) explicitly state that --enable-all is the tested/recommended superset and note why it replaces the prior flag list, or (b) document the minimal set of flags actually required by these patches/tests.

Copilot uses AI. Check for mistakes.
$ make check

After compiling wolfSSL, install:

$ sudo make install

To build Python-3.12.6 with wolfSSL enabled:

$ tar xvf Python-3.12.6.tar.xz
$ cd Python-3.12.6
$ patch -p1 < wolfssl-python-3.12.6.patch
$ autoreconf -fi
$ ./configure --with-wolfssl=/usr/local
$ make

To build Python-3.12.9 with wolfSSL enabled:

$ tar xvf Python-3.12.9.tar.xz
$ cd Python-3.12.9
$ patch -p1 < wolfssl-python-3.12.9.patch
$ autoreconf -fi
$ ./configure --with-wolfssl=/usr/local
$ make

To build Python-3.12.11 with wolfSSL enabled:

$ tar xvf Python-3.12.11.tar.xz
Expand Down Expand Up @@ -187,29 +161,34 @@ Or, to run a specific test in verbose mode:

$ make test TESTOPTS="-v test_ssl"

# 3.13.7 Patch
# 3.13 Patches

This patch is for Python 3.13.7, which can be downloaded from
These patches are for the Python 3.13.x series. The actively tested versions
are 3.13.4 and 3.13.7, which can be downloaded from

https://www.python.org/ftp/python/3.13.4/Python-3.13.4.tar.xz
https://www.python.org/ftp/python/3.13.7/Python-3.13.7.tar.xz

To build wolfSSL for use with one of these versions, see the simple script
build_wolfssl_py313.sh which can be used to build wolfSSL sources, configure,
and compile the library using the current wolfssl master branch code.

build_wolfssl_py313.sh is identical to build_wolfssl.sh, aside from some
variations in the configuration options. In particular, it uses the following
configuration for wolfSSL:
The following wolfSSL configuration is required for Python 3.13.x:
Copy link

Copilot AI Feb 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The README previously listed a very explicit set of wolfSSL configure flags/macros, but now switches to --enable-all with a much smaller set of CPPFLAGS while still calling it “required”. To prevent build-to-build ambiguity, it would help to either (a) explicitly state that --enable-all is the tested/recommended superset and note why it replaces the prior flag list, or (b) document the minimal set of flags actually required by these patches/tests.

Suggested change
The following wolfSSL configuration is required for Python 3.13.x:
The following wolfSSL configuration is the recommended and actively tested
superset configuration for Python 3.13.x. The use of --enable-all here
replaces the previously documented list of individual wolfSSL feature flags
and ensures that all necessary options for these patches and tests are
enabled in a reproducible way. Other wolfSSL configurations that enable an
equivalent set of features may also work, but they are not routinely tested.

Copilot uses AI. Check for mistakes.

$ cd wolfssl-master
$ ./configure --enable-opensslall --enable-tls13 --enable-tlsx --enable-tlsv10 --enable-postauth --enable-certext --enable-certgen --enable-scrypt --enable-sessioncerts --enable-crl --enable-psk CFLAGS="-DHAVE_EX_DATA -DWOLFSSL_ERROR_CODE_OPENSSL -DHAVE_SECRET_CALLBACK -DWOLFSSL_PYTHON -DWOLFSSL_ALT_NAMES -DWOLFSSL_SIGNER_DER_CERT -DNO_INT128"
$ ./configure --enable-all --enable-tlsv10 CPPFLAGS="-DHAVE_SECRET_CALLBACK -DWOLFSSL_PYTHON"
$ make check

After compiling wolfSSL, install:

$ sudo make install

To build Python-3.13.7 with wolfSSL enabled follow the instructions below.
To build Python-3.13.4 with wolfSSL enabled:

$ tar xvf Python-3.13.4.tar.xz
$ cd Python-3.13.4
$ patch -p1 < wolfssl-python-3.13.4.patch
$ autoreconf -fi
$ ./configure --with-wolfssl=/usr/local
$ make

To build Python-3.13.7 with wolfSSL enabled:

$ tar xvf Python-3.13.7.tar.xz
$ cd Python-3.13.7
Expand All @@ -220,7 +199,9 @@ $ make

If make fails with a shared object error, you may need to update your
LD_LIBRARY_PATH first:

$ export LD_LIBRARY_PATH=/usr/local/lib

Run the ssl tests with:

$ make test TESTOPTS="-v test_ssl"
Loading