openssl
/
openssl
mirror of https://github.com/openssl/openssl
1
0
Fork 0
Code Issues Releases Wiki Activity

Enable QUIC by default 

Ensure builds enable QUIC without explicitly having to ask for it. To
disable QUIC pass "no-quic" to Configure.

As a result we can remove all use of "enable-quic" from the various CI
runs.

We also add a CHANGES and NEWS entry for QUIC support.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21332)
This commit is contained in:
Matt Caswell 2023-06-30 15:56:13 +01:00 committed by Pauli
parent d88a0f5f39
commit 8a76420238
9 changed files with 31 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
.github/workflows/ci.yml vendored
View File

@ -33,7 +33,7 @@ jobs:
with:
fetch-depth: 0
- name: config
run: ./config --banner=Configured --strict-warnings enable-fips enable-quic && perl configdata.pm --dump
run: ./config --banner=Configured --strict-warnings enable-fips && perl configdata.pm --dump
- name: make build_generated
run: make -s build_generated
- name: make update
@ -46,7 +46,7 @@ jobs:
steps:
- uses: actions/checkout@v3
- name: config
run: ./config --banner=Configured --strict-warnings enable-fips enable-quic && perl configdata.pm --dump
run: ./config --banner=Configured --strict-warnings enable-fips && perl configdata.pm --dump
- name: make build_generated
run: make -s build_generated
- name: make doc-nits
@ -66,7 +66,7 @@ jobs:
steps:
- uses: actions/checkout@v3
- name: config
run: CPPFLAGS=-ansi ./config --banner=Configured no-asm no-makedepend enable-buildtest-c++ enable-fips enable-quic --strict-warnings -D_DEFAULT_SOURCE && perl configdata.pm --dump
run: CPPFLAGS=-ansi ./config --banner=Configured no-asm no-makedepend enable-buildtest-c++ enable-fips --strict-warnings -D_DEFAULT_SOURCE && perl configdata.pm --dump
- name: make
run: make -s -j4
@ -79,6 +79,7 @@ jobs:
- name: localegen
run: sudo locale-gen tr_TR.UTF-8
- name: config
# enable-quic is on by default, but we leave it here to check we're testing the explicit enable somewhere
run: CC=gcc ./config --banner=Configured enable-fips enable-quic --strict-warnings && perl configdata.pm --dump
- name: make
run: make -s -j4
@ -118,7 +119,7 @@ jobs:
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config
run: ./config --banner=Configured --strict-warnings no-deprecated enable-fips enable-quic && perl configdata.pm --dump
run: ./config --banner=Configured --strict-warnings no-deprecated enable-fips && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: make test
@ -160,7 +161,7 @@ jobs:
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config
run: ./config --banner=Configured --debug enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips enable-quic -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION && perl configdata.pm --dump
run: ./config --banner=Configured --debug enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: make test
@ -174,7 +175,7 @@ jobs:
run: git submodule update --init --depth 1 fuzz/corpora
- name: config
# --debug -O1 is to produce a debug build that runs in a reasonable amount of time
run: CC=clang ./config --banner=Configured --debug -O1 -fsanitize=memory -DOSSL_SANITIZE_MEMORY -fno-optimize-sibling-calls enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips enable-quic && perl configdata.pm --dump
run: CC=clang ./config --banner=Configured --debug -O1 -fsanitize=memory -DOSSL_SANITIZE_MEMORY -fno-optimize-sibling-calls enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: make test
@ -187,7 +188,7 @@ jobs:
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config
run: CC=clang ./config --banner=Configured no-fips --strict-warnings -fsanitize=thread enable-quic && perl configdata.pm --dump
run: CC=clang ./config --banner=Configured no-fips --strict-warnings -fsanitize=thread && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: make test
@ -202,7 +203,7 @@ jobs:
- name: modprobe tls
run: sudo modprobe tls
- name: config
run: ./config --banner=Configured --strict-warnings no-ec enable-ssl-trace enable-zlib enable-zlib-dynamic enable-crypto-mdebug enable-crypto-mdebug-backtrace enable-egd enable-ktls enable-fips enable-quic no-threads && perl configdata.pm --dump
run: ./config --banner=Configured --strict-warnings no-ec enable-ssl-trace enable-zlib enable-zlib-dynamic enable-crypto-mdebug enable-crypto-mdebug-backtrace enable-egd enable-ktls enable-fips no-threads && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: make test
@ -217,7 +218,7 @@ jobs:
- name: modprobe tls
run: sudo modprobe tls
- name: config
run: ./config --banner=Configured --strict-warnings enable-ktls enable-fips enable-quic && perl configdata.pm --dump
run: ./config --banner=Configured --strict-warnings enable-ktls enable-fips && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: make test
@ -321,7 +322,7 @@ jobs:
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config
run: ./config --banner=Configured --strict-warnings no-legacy enable-fips enable-quic && perl configdata.pm --dump
run: ./config --banner=Configured --strict-warnings no-legacy enable-fips && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: make test
@ -350,7 +351,7 @@ jobs:
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config
run: CC=gcc ./config --banner=Configured enable-tfo enable-quic --strict-warnings && perl configdata.pm --dump
run: CC=gcc ./config --banner=Configured enable-tfo --strict-warnings && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: make test
@ -460,7 +461,7 @@ jobs:
with:
submodules: recursive
- name: Configure OpenSSL
run: ./config --banner=Configured --strict-warnings enable-external-tests enable-quic && perl configdata.pm --dump
run: ./config --banner=Configured --strict-warnings enable-external-tests && perl configdata.pm --dump
- name: make
run: make -s -j4
- uses: actions-rs/toolchain@v1

2
.github/workflows/coveralls.yml vendored
View File

@ -34,7 +34,7 @@ jobs:
extra_config: enable-fips
}, {
branch: master,
extra_config: no-afalgeng enable-fips enable-tfo enable-quic
extra_config: no-afalgeng enable-fips enable-tfo
}
]
runs-on: ubuntu-latest

6
.github/workflows/os-zoo.yml vendored
View File

@ -44,7 +44,7 @@ jobs:
fi
CC=${{ matrix.cc }} ./config --banner=Configured no-shared \
-Wall -Werror enable-fips enable-quic --strict-warnings -DOPENSSL_USE_IPV6=0 ${extra_cflags}
-Wall -Werror enable-fips --strict-warnings -DOPENSSL_USE_IPV6=0 ${extra_cflags}
- name: config dump
run: ./configdata.pm --dump
@ -71,7 +71,7 @@ jobs:
- name: config
run: |
CC=${{ matrix.zoo.cc }} ./config --banner=Configured \
-Wall -Werror --strict-warnings enable-fips enable-quic
-Wall -Werror --strict-warnings enable-fips
- name: config dump
run: ./configdata.pm --dump
- name: make
@ -99,7 +99,7 @@ jobs:
- name: config
working-directory: _build
run: |
perl ..\Configure --banner=Configured no-makedepend enable-fips enable-quic
perl ..\Configure --banner=Configured no-makedepend enable-fips
- name: config dump
working-directory: _build
run: ./configdata.pm --dump

1
.github/workflows/run-checker-ci.yml vendored
View File

@ -37,6 +37,7 @@ jobs:
no-tls1_3,
enable-trace enable-fips,
no-ui,
no-quic
]
runs-on: ubuntu-latest
steps:

10
.github/workflows/windows.yml vendored
View File

@ -22,9 +22,9 @@ jobs:
- windows-2022
platform:
- arch: win64
config: enable-fips enable-quic
config: enable-fips
- arch: win32
config: --strict-warnings no-fips enable-quic
config: --strict-warnings no-fips
runs-on: ${{matrix.os}}
steps:
- uses: actions/checkout@v3
@ -101,7 +101,7 @@ jobs:
- name: config
working-directory: _build
run: |
perl ..\Configure --banner=Configured no-makedepend no-bulk no-deprecated no-fips no-asm no-threads enable-quic -DOPENSSL_SMALL_FOOTPRINT
perl ..\Configure --banner=Configured no-makedepend no-bulk no-deprecated no-fips no-asm no-threads -DOPENSSL_SMALL_FOOTPRINT
perl configdata.pm --dump
- name: build
working-directory: _build
@ -119,10 +119,10 @@ jobs:
# - windows-2022
platform:
- arch: win64
config: -DCMAKE_C_COMPILER=gcc --strict-warnings no-fips enable-quic
config: -DCMAKE_C_COMPILER=gcc --strict-warnings no-fips
# are we really learning sth new from win32? So let's save some CO2 for now disabling this
# - arch: win32
# config: -DCMAKE_C_COMPILER=gcc --strict-warnings no-fips enable-quic
# config: -DCMAKE_C_COMPILER=gcc --strict-warnings no-fips
runs-on: ${{matrix.os}}
env:
CYGWIN_NOWINPATH: 1

4
CHANGES.md
View File

@ -25,6 +25,10 @@ OpenSSL 3.2
### Changes between 3.1 and 3.2 [xx XXX xxxx]
* Added client side support for QUIC
*Hugo Landau*
* Added SHA256/192 algorithm support.
*Fergus Dall*

4
Configure
View File

@ -94,8 +94,7 @@ EOF
# zlib-dynamic Like "zlib", but the zlib library is expected to be a shared
# library and will be loaded at run-time by the OpenSSL library.
# sctp include SCTP support
# enable-quic include QUIC support (currently just for developers as the
# implementation is by no means complete and usable)
# no-quic disable QUIC support
# no-uplink Don't build support for UPLINK interface.
# enable-weak-ssl-ciphers
# Enable weak ciphers that are disabled by default.
@ -570,7 +569,6 @@ our %disabled = ( # "what" => "comment"
"ktls" => "default",
"md2" => "default",
"msan" => "default",
"quic" => "default",
"rc5" => "default",
"sctp" => "default",
"ssl3" => "default",

5
INSTALL.md
View File

@ -971,10 +971,9 @@ Don't build test programs or run any tests.
Build with support for TCP Fast Open (RFC7413). Supported on Linux, macOS and FreeBSD.
### enable-quic
### no-quic
Build with QUIC support. This is currently just for developers as the
implementation is by no means complete and usable.
Don't build with QUIC support.
### no-threads

1
NEWS.md
View File

@ -22,6 +22,7 @@ OpenSSL 3.2
### Major changes between OpenSSL 3.1 and OpenSSL 3.2 [under development]
* Added client side support for QUIC.
* Add Raw Public Key (RFC7250) support.
* Added support for certificate compression (RFC8879), including
library support for Brotli and Zstandard compression.