From 98c18196c22190d255203ab63d1af1e24c49bbda Mon Sep 17 00:00:00 2001
From: "Daniel A. Wozniak" <daniel.wozniak@broadcom.com>
Date: Sun, 13 Jul 2025 15:38:34 -0700
Subject: [PATCH 1/2] Do not load openssl moduls on win32

---
 relenv/runtime.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/relenv/runtime.py b/relenv/runtime.py
index 0740be8f..9b89e2c1 100644
--- a/relenv/runtime.py
+++ b/relenv/runtime.py
@@ -894,6 +894,9 @@ def setup_openssl():
     """
     Configure openssl certificate locations.
     """
+    if sys.platform == "win32":
+        return
+
     openssl_bin = shutil.which("openssl")
     if not openssl_bin:
         debug("Could not find the 'openssl' binary in the path")
@@ -906,7 +909,7 @@ def setup_openssl():
 
         return
 
-    if "OPENSSL_MODULES" not in os.environ and sys.platform != "win32":
+    if "OPENSSL_MODULES" not in os.environ:
         # First try and load the system's fips provider. Then load relenv's
         # legacy and default providers. The fips provider must be loaded first
         # in order OpenSSl to work properly..
@@ -946,7 +949,7 @@ def setup_openssl():
     # Use system openssl dirs
     # XXX Should we also setup SSL_CERT_FILE, OPENSSL_CONF &
     # OPENSSL_CONF_INCLUDE?
-    if "SSL_CERT_DIR" not in os.environ and sys.platform != "win32":
+    if "SSL_CERT_DIR" not in os.environ:
         proc = subprocess.run(
             [openssl_bin, "version", "-d"],
             universal_newlines=True,

From 50392aeafb5bee5786274bb0f3e9add214b51c5d Mon Sep 17 00:00:00 2001
From: "Daniel A. Wozniak" <daniel.wozniak@broadcom.com>
Date: Sun, 13 Jul 2025 23:44:20 -0700
Subject: [PATCH 2/2] Add regression test

---
 tests/test_verify_build.py | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/tests/test_verify_build.py b/tests/test_verify_build.py
index a3416325..a6293715 100644
--- a/tests/test_verify_build.py
+++ b/tests/test_verify_build.py
@@ -1718,3 +1718,12 @@ def test_no_openssl_binary(rockycontainer, pipexec):
 def test_darwin_python_linking(pipexec, pyexec, build, minor_version):
     proc = subprocess.run(["otool", "-L", str(pyexec)], capture_output=True, check=True)
     assert "/usr/local/opt" not in proc.stdout.decode()
+
+
+def test_import_ssl_module(pyexec):
+    proc = subprocess.run(
+        [pyexec, "-c", "import ssl"], capture_output=True, check=False
+    )
+    assert proc.returncode == 0
+    assert proc.stdout.decode() == ""
+    assert proc.stderr.decode() == ""