OpenSSL 3.0.0 is currently development [1]. I'm expecting a first beta release in December. Final release is scheduled for Q2 2020. OpenSSL 3.0.0 is API and feature compatible to OpenSSL 1.1.0 and 1.1.1. Only minor changes are required:* OpenSSL version number is >= 3.0.0, which breaks test_openssl_version* GENERAL_NAME_print() no longer adds trailing newline to IPv6 address strings. * ERR_func_error_string is deprecated[1]https://www.openssl.org/blog/blog/2019/11/07/3.0-update/

PRGH-17190 fixes test_openssl_version and removes the trailing newline from IPv6 addresses on all OpenSSL versions. I prefer to have the output consistent on all OpenSSL versions. The newline was silly any way.

New changeset2b7de6696bf2f924cd2cd9ff0a539c8aa37c6244 by Miss Islington (bot) (Christian Heimes) in branch 'master':bpo-38820: OpenSSL 3.0.0 compatibility. (GH-17190)https://github.com/python/cpython/commit/2b7de6696bf2f924cd2cd9ff0a539c8aa37c6244

New changeset9d3cacd5901f8fbbc4f8b78fc35abad01a0e6546 by Miss Islington (bot) in branch '3.8':[3.8]bpo-38820: OpenSSL 3.0.0 compatibility. (GH-17190) (GH-17499)https://github.com/python/cpython/commit/9d3cacd5901f8fbbc4f8b78fc35abad01a0e6546

New changeseta197f8aa7493e66bc54c3db8f796d00cef1c3042 by Miss Islington (bot) in branch '3.7':[3.7]bpo-38820: OpenSSL 3.0.0 compatibility. (GH-17190) (GH-17500)https://github.com/python/cpython/commit/a197f8aa7493e66bc54c3db8f796d00cef1c3042

Can this be closed?

No, this is still work in progress.

Python 3.10.0a7 with OpenSSL 3.0 fromhttps://copr.fedorainfracloud.org/coprs/saprasad/openssl-3.0/ inhttps://copr.fedorainfracloud.org/coprs/g/python/openssl-3.0/package/python3.10/ (full logs available there).3 tests failed:    test_imaplib test_ssl test_urllib2_localnetMany:ssl.SSLError: [SSL: KRB5_S_TKT_NYV] unexpected eof while reading (_ssl.c:2628)Also:Traceback (most recent call last):  File "/builddir/build/BUILD/Python-3.10.0a7/Lib/test/test_ssl.py", line 1413, in test_load_cert_chain    ctx.load_cert_chain(CERTFILE_PROTECTED, password=getpass_huge)SystemError: _PyEval_EvalFrameDefault returned a result with an exception setAnd: ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:1122) ssl.SSLError: [SSL: SSLV3_ALERT_BAD_CERTIFICATE] sslv3 alert bad certificate (_ssl.c:1122) ssl.SSLError: [SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:1122)

Miro,I have pushed several fixes for OpenSSL 3.0.0*bpo-43788 addresses wrong library and error reason codes (e.g. KRB5_S_TKT_NYV)*bpo-43789 fixes an issue with exception state in password callbacks (_PyEval_EvalFrameDefault returned a result with an exception set)*bpo-43791 disables TLS 1.0 and 1.1 testing with OpenSSL 3.0.0. I'll have to talk to upstream and figure out a better solution.*bpo-43794 adds OP_IGNORE_UNEXPECTED_EOF and sets it by default. This makes the code behave like OpenSSL 1.1.0 and 1.0.2.I'll look into the other issues next week.

New changeset2d7fdc90731e132f9d6b43852ee112f25831394b by Christian Heimes in branch 'master':bpo-38820: OpenSSL 3.0.0: Use supported hashing algos in doc test (GH-25319)https://github.com/python/cpython/commit/2d7fdc90731e132f9d6b43852ee112f25831394b

New changesetffb05bbb30fa82dbe887981bdabd65af7daffcd1 by Miss Islington (bot) in branch '3.8':bpo-38820: OpenSSL 3.0.0: Use supported hashing algos in doc test (GH-25319)https://github.com/python/cpython/commit/ffb05bbb30fa82dbe887981bdabd65af7daffcd1

New changeset7c8796a750fb108be99e0bc50ca3dba000d77e54 by Miss Islington (bot) in branch '3.9':bpo-38820: OpenSSL 3.0.0: Use supported hashing algos in doc test (GH-25319)https://github.com/python/cpython/commit/7c8796a750fb108be99e0bc50ca3dba000d77e54

New changesetdcf658157df11de198a98e3db2a3050dd4f6b973 by Christian Heimes in branch 'master':bpo-38820: Test with OpenSSL 3.0.0-alpha15 (GH-25537)https://github.com/python/cpython/commit/dcf658157df11de198a98e3db2a3050dd4f6b973

New changeset3c586ca500854476e6eff06713236faff233d035 by Christian Heimes in branch 'master':bpo-38820: Old OpenSSL 3.0.0 releases are in /old/3.0/ (GH-25624)https://github.com/python/cpython/commit/3c586ca500854476e6eff06713236faff233d035

New changeset10ee2662dfeeb3b00d232f8f1c2eecc4d7e65244 by Miss Islington (bot) in branch '3.8':[3.8]bpo-38820: Old OpenSSL 3.0.0 releases are in /old/3.0/ (GH-25624) (GH-25627)https://github.com/python/cpython/commit/10ee2662dfeeb3b00d232f8f1c2eecc4d7e65244

New changeset3b917d177452dcacf41605254fc299d051fbf75a by Miss Islington (bot) in branch '3.9':[3.9]bpo-38820: Old OpenSSL 3.0.0 releases are in /old/3.0/ (GH-25624) (GH-25626)https://github.com/python/cpython/commit/3b917d177452dcacf41605254fc299d051fbf75a

New changesetd8389e3e50864447a74605d7ede3d14246bc633a by Christian Heimes in branch 'master':bpo-38820: Add ssl, hashlib, and hmac changes to whatsnew 3.10 (GH-25817)https://github.com/python/cpython/commit/d8389e3e50864447a74605d7ede3d14246bc633a

New changesetf8778f96e8b2864093bc8b283598e82c0dd00133 by Miss Islington (bot) in branch '3.10':bpo-38820: Test with OpenSSL 3.0.0-alpha16 (GH-25942)https://github.com/python/cpython/commit/f8778f96e8b2864093bc8b283598e82c0dd00133

New changeset36843f716df7cfa67ea7cd858acb0df1fc5e980e by Miss Islington (bot) in branch '3.10':bpo-38820: Test with OpenSSL 3.0.0-alpha17 (GH-26266)https://github.com/python/cpython/commit/36843f716df7cfa67ea7cd858acb0df1fc5e980e

New changeset44fb55149934d8fb095edb6fc3f8167208035b96 by Christian Heimes in branch 'main':bpo-38820: Test with OpenSSL 3.0.0-beta1 (GH-26769)https://github.com/python/cpython/commit/44fb55149934d8fb095edb6fc3f8167208035b96

New changesetc6cd2ecdb64d16f640ff255e5a267b95974a8041 by Miss Islington (bot) in branch '3.10':[3.10]bpo-38820: Test with OpenSSL 3.0.0-beta1 (GH-26769) (GH-26799)https://github.com/python/cpython/commit/c6cd2ecdb64d16f640ff255e5a267b95974a8041

New changesetc92b391dcefe9a7b3e6290bc2e2356eedfcf4bc3 by Christian Heimes in branch '3.9':[3.9]bpo-38820: Test with OpenSSL 3.0.0-alpha16 (GH-25942) (#25944)https://github.com/python/cpython/commit/c92b391dcefe9a7b3e6290bc2e2356eedfcf4bc3

New changesetcc7c6801945c6a7373553b78bd899ce09681ec0a by Christian Heimes in branch 'main':bpo-38820: Test with OpenSSL 3.0.0 final (GH-28205)https://github.com/python/cpython/commit/cc7c6801945c6a7373553b78bd899ce09681ec0a

New changeset2fe15dbaad651707fb198c3477b7db77ab89ade0 by Miss Islington (bot) in branch '3.10':bpo-38820: Test with OpenSSL 3.0.0 final (GH-28205)https://github.com/python/cpython/commit/2fe15dbaad651707fb198c3477b7db77ab89ade0

New changeset7a6178a7cd8514911e9480f826838dc789fb8655 by Łukasz Langa in branch '3.9':[3.9]bpo-38820: Test with OpenSSL 3.0.0 final (GH-28205) (GH-28217)https://github.com/python/cpython/commit/7a6178a7cd8514911e9480f826838dc789fb8655

Christian, Python is now tested with 3.0.0 final in 3.9, 3.10, and 3.11. Looks like we can close this!Thank you for this big body of work ✨ 🍰 ✨

(I'll let you close this yourself when you determine that the two remaining open dependencies can be closed as well.)