From de3e0f3d5d405ef0f255aaf6d9934f86c72fcca7 Mon Sep 17 00:00:00 2001
From: Matthias Koeppe <mkoeppe@math.ucdavis.edu>
Date: Wed, 3 Aug 2022 17:14:50 -0700
Subject: [PATCH 1/2] build/pkgs/openssl/distros/opensuse.txt: Use
 libopenssl-3-devel

---
 build/pkgs/openssl/distros/opensuse.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build/pkgs/openssl/distros/opensuse.txt b/build/pkgs/openssl/distros/opensuse.txt
index 196ba2d1153..11344b31a10 100644
--- a/build/pkgs/openssl/distros/opensuse.txt
+++ b/build/pkgs/openssl/distros/opensuse.txt
@@ -1 +1 @@
-"pkgconfig(libssl)"
+libopenssl-3-devel

From d46f190b83388be070d53a105c0b8bd5ba31695f Mon Sep 17 00:00:00 2001
From: Matthias Koeppe <mkoeppe@math.ucdavis.edu>
Date: Wed, 3 Aug 2022 17:32:51 -0700
Subject: [PATCH 2/2] build/pkgs/openssl/spkg-configure.m4: Add API check from
 python3 configure.ac

---
 build/pkgs/openssl/spkg-configure.m4 | 27 ++++++++++++++++++++++++---
 1 file changed, 24 insertions(+), 3 deletions(-)

diff --git a/build/pkgs/openssl/spkg-configure.m4 b/build/pkgs/openssl/spkg-configure.m4
index 2862d7ebec0..fd2d257d721 100644
--- a/build/pkgs/openssl/spkg-configure.m4
+++ b/build/pkgs/openssl/spkg-configure.m4
@@ -1,6 +1,6 @@
 SAGE_SPKG_CONFIGURE([openssl], [
   AX_CHECK_OPENSSL([
-    AC_MSG_CHECKING([whether OpenSSL >= 1.1.1, as required by PEP 644])
+    AC_MSG_CHECKING([whether OpenSSL >= 1.1.1, as required by PEP 644, and provides required APIs])
     AC_COMPILE_IFELSE(
         dnl Trac #32580: Need OpenSSL >= 1.1.1 for PEP 644
         dnl From https://www.openssl.org/docs/man3.0/man3/OPENSSL_VERSION_NUMBER.html:
@@ -12,12 +12,33 @@ SAGE_SPKG_CONFIGURE([openssl], [
         dnl    FF is "fix"
         dnl    S  is "status" (f = release)
         dnl -> OPENSSL_VERSION_NUMBER is 0xMNNFFPPSL
+        dnl
+        dnl Trac #34273: Test program from ​https://github.com/python/cpython/blob/3.10/configure.ac#L5845
         [AC_LANG_PROGRAM([[
+            #include <openssl/opensslv.h>
+            #include <openssl/evp.h>
             #include <openssl/ssl.h>
             #if OPENSSL_VERSION_NUMBER < 0x10101000L
-            #  error OpenSSL >= 1.1.1 is required according to PEP 644
+            #error OpenSSL >= 1.1.1 is required according to PEP 644
             #endif
-        ]], [])], [
+            static void keylog_cb(const SSL *ssl, const char *line) {}
+          ]], [[
+            /* SSL APIs */
+            SSL_CTX *ctx = SSL_CTX_new(TLS_client_method());
+            SSL_CTX_set_keylog_callback(ctx, keylog_cb);
+            SSL *ssl = SSL_new(ctx);
+            X509_VERIFY_PARAM *param = SSL_get0_param(ssl);
+            X509_VERIFY_PARAM_set1_host(param, "python.org", 0);
+            SSL_free(ssl);
+            SSL_CTX_free(ctx);
+            /* hashlib APIs */
+            OBJ_nid2sn(NID_md5);
+            OBJ_nid2sn(NID_sha1);
+            OBJ_nid2sn(NID_sha3_512);
+            OBJ_nid2sn(NID_blake2b512);
+            EVP_PBE_scrypt(NULL, 0, NULL, 0, 2, 8, 1, 0, NULL, 0);
+          ]])
+        ], [
             AC_MSG_RESULT([yes])
             sage_spkg_install_openssl=no
         ], [