diff options
| -rw-r--r-- | .github/workflows/ci.yml | 36 | ||||
| -rw-r--r-- | .github/workflows/run-checker-ci.yml | 2 | ||||
| -rw-r--r-- | .github/workflows/windows.yml | 6 | ||||
| -rw-r--r-- | CHANGES.md | 4 | ||||
| -rwxr-xr-x | Configure | 16 | ||||
| -rw-r--r-- | doc/man7/openssl-qlog.pod | 15 |
6 files changed, 30 insertions, 49 deletions
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index da6c7860ab..d64425ce1b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -83,7 +83,7 @@ jobs: run: sudo locale-gen tr_TR.UTF-8 - name: config # enable-quic is on by default, but we leave it here to check we're testing the explicit enable somewhere - run: CC=gcc ./config --banner=Configured enable-fips enable-quic enable-unstable-qlog --strict-warnings && perl configdata.pm --dump + run: CC=gcc ./config --banner=Configured enable-fips enable-quic --strict-warnings && perl configdata.pm --dump - name: make run: make -s -j4 - name: get cpu info @@ -100,7 +100,7 @@ jobs: - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: config - run: CC=clang ./config --banner=Configured no-fips enable-unstable-qlog --strict-warnings && perl configdata.pm --dump + run: CC=clang ./config --banner=Configured no-fips --strict-warnings && perl configdata.pm --dump - name: make run: make -s -j4 - name: get cpu info @@ -119,7 +119,7 @@ jobs: steps: - uses: actions/checkout@v4 - name: config - run: ./config enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace enable-unstable-qlog + run: ./config enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace - name: config dump run: ./configdata.pm --dump - name: make @@ -136,7 +136,7 @@ jobs: - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: config - run: ./config --banner=Configured --strict-warnings no-bulk no-pic no-asm enable-unstable-qlog -DOPENSSL_NO_SECURE_MEMORY -DOPENSSL_SMALL_FOOTPRINT && perl configdata.pm --dump + run: ./config --banner=Configured --strict-warnings no-bulk no-pic no-asm -DOPENSSL_NO_SECURE_MEMORY -DOPENSSL_SMALL_FOOTPRINT && perl configdata.pm --dump - name: make run: make -j4 # verbose, so no -s here - name: get cpu info @@ -153,7 +153,7 @@ jobs: - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: config - run: ./config --banner=Configured --strict-warnings no-deprecated enable-fips enable-unstable-qlog && perl configdata.pm --dump + run: ./config --banner=Configured --strict-warnings no-deprecated enable-fips && perl configdata.pm --dump - name: make run: make -s -j4 - name: get cpu info @@ -170,7 +170,7 @@ jobs: - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: config - run: ./config --banner=Configured --strict-warnings no-shared no-fips enable-unstable-qlog && perl configdata.pm --dump + run: ./config --banner=Configured --strict-warnings no-shared no-fips && perl configdata.pm --dump - name: make run: make -s -j4 - name: get cpu info @@ -188,7 +188,7 @@ jobs: - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: config - run: ./config --banner=Configured --strict-warnings no-shared no-fips enable-unstable-qlog && perl configdata.pm --dump + run: ./config --banner=Configured --strict-warnings no-shared no-fips && perl configdata.pm --dump - name: make run: make -s -j4 - name: get cpu info @@ -205,7 +205,7 @@ jobs: - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: config - run: ./config --banner=Configured --debug enable-asan enable-ubsan no-cached-fetch no-fips no-dtls no-tls1 no-tls1-method no-tls1_1 no-tls1_1-method no-async enable-unstable-qlog && perl configdata.pm --dump + run: ./config --banner=Configured --debug enable-asan enable-ubsan no-cached-fetch no-fips no-dtls no-tls1 no-tls1-method no-tls1_1 no-tls1_1-method no-async && perl configdata.pm --dump - name: make run: make -s -j4 - name: get cpu info @@ -222,7 +222,7 @@ jobs: - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: config - run: ./config --banner=Configured --debug enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips enable-unstable-qlog && perl configdata.pm --dump + run: ./config --banner=Configured --debug enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips && perl configdata.pm --dump - name: make run: make -s -j4 - name: get cpu info @@ -239,7 +239,7 @@ jobs: - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: config - run: ./config --banner=Configured --debug -DPEDANTIC -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-weak-ssl-ciphers enable-ssl3 enable-ssl3-method enable-nextprotoneg enable-unstable-qlog && perl configdata.pm --dump + run: ./config --banner=Configured --debug -DPEDANTIC -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-weak-ssl-ciphers enable-ssl3 enable-ssl3-method enable-nextprotoneg && perl configdata.pm --dump - name: make run: make -s -j4 - name: get cpu info @@ -257,7 +257,7 @@ jobs: run: git submodule update --init --depth 1 fuzz/corpora - name: config # --debug -O1 is to produce a debug build that runs in a reasonable amount of time - run: CC=clang ./config --banner=Configured --debug -O1 -fsanitize=memory -DOSSL_SANITIZE_MEMORY -fno-optimize-sibling-calls enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips enable-unstable-qlog && perl configdata.pm --dump + run: CC=clang ./config --banner=Configured --debug -O1 -fsanitize=memory -DOSSL_SANITIZE_MEMORY -fno-optimize-sibling-calls enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips && perl configdata.pm --dump - name: make run: make -s -j4 - name: get cpu info @@ -274,7 +274,7 @@ jobs: - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: config - run: CC=clang ./config --banner=Configured no-fips enable-unstable-qlog --strict-warnings -fsanitize=thread && perl configdata.pm --dump + run: CC=clang ./config --banner=Configured no-fips --strict-warnings -fsanitize=thread && perl configdata.pm --dump - name: make run: make -s -j4 - name: get cpu info @@ -293,7 +293,7 @@ jobs: - name: modprobe tls run: sudo modprobe tls - name: config - run: ./config --banner=Configured --strict-warnings no-ec enable-ssl-trace enable-zlib enable-zlib-dynamic enable-crypto-mdebug enable-egd enable-ktls enable-fips no-threads enable-unstable-qlog && perl configdata.pm --dump + run: ./config --banner=Configured --strict-warnings no-ec enable-ssl-trace enable-zlib enable-zlib-dynamic enable-crypto-mdebug enable-egd enable-ktls enable-fips no-threads && perl configdata.pm --dump - name: make run: make -s -j4 - name: get cpu info @@ -318,7 +318,7 @@ jobs: - name: install extra config support run: sudo apt-get -y install libsctp-dev abigail-tools libzstd-dev zstd - name: config - run: ./config --banner=Configured --strict-warnings enable-ktls enable-fips enable-egd enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-sctp enable-ssl3 enable-ssl3-method enable-trace enable-zlib enable-zstd enable-unstable-qlog && perl configdata.pm --dump + run: ./config --banner=Configured --strict-warnings enable-ktls enable-fips enable-egd enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-sctp enable-ssl3 enable-ssl3-method enable-trace enable-zlib enable-zstd && perl configdata.pm --dump - name: make run: make -s -j4 - name: get cpu info @@ -335,7 +335,7 @@ jobs: - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: config - run: ./config --banner=Configured --strict-warnings no-legacy enable-fips enable-unstable-qlog && perl configdata.pm --dump + run: ./config --banner=Configured --strict-warnings no-legacy enable-fips && perl configdata.pm --dump - name: make run: make -s -j4 - name: get cpu info @@ -352,7 +352,7 @@ jobs: - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: config - run: ./config --banner=Configured -Werror --debug no-afalgeng no-shared enable-crypto-mdebug enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-fips enable-unstable-qlog && perl configdata.pm --dump + run: ./config --banner=Configured -Werror --debug no-afalgeng no-shared enable-crypto-mdebug enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-fips && perl configdata.pm --dump - name: make run: make -s -j4 - name: get cpu info @@ -384,7 +384,7 @@ jobs: mkdir ./install - name: config run: | - ../source/config --banner=Configured enable-fips enable-quic enable-unstable-qlog enable-acvp-tests --strict-warnings --prefix=$(cd ../install; pwd) + ../source/config --banner=Configured enable-fips enable-quic enable-acvp-tests --strict-warnings --prefix=$(cd ../install; pwd) perl configdata.pm --dump working-directory: ./build - name: make @@ -420,7 +420,7 @@ jobs: mkdir ./install - name: config run: | - ../source/config --banner=Configured enable-fips enable-quic enable-unstable-qlog enable-acvp-tests --strict-warnings --prefix=$(cd ../install; pwd) + ../source/config --banner=Configured enable-fips enable-quic enable-acvp-tests --strict-warnings --prefix=$(cd ../install; pwd) perl configdata.pm --dump working-directory: ./build - name: make diff --git a/.github/workflows/run-checker-ci.yml b/.github/workflows/run-checker-ci.yml index 1fbc3e708a..025349b6d3 100644 --- a/.github/workflows/run-checker-ci.yml +++ b/.github/workflows/run-checker-ci.yml @@ -28,7 +28,7 @@ jobs: no-ec, no-ecx, no-http, - no-legacy enable-unstable-qlog, + no-legacy, no-sock, enable-ssl-trace, no-stdio, diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index f271ca34fb..5b88d12ca2 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -22,9 +22,9 @@ jobs: - windows-2022 platform: - arch: win64 - config: enable-fips enable-unstable-qlog + config: enable-fips - arch: win32 - config: --strict-warnings no-fips enable-unstable-qlog + config: --strict-warnings no-fips runs-on: ${{ github.server_url == 'https://github.com' && matrix.os || format('{0}-self-hosted', matrix.os) }} steps: - uses: actions/checkout@v4 @@ -155,7 +155,7 @@ jobs: # - windows-2022 platform: - arch: win64 - config: -DCMAKE_C_COMPILER=gcc --strict-warnings no-fips enable-unstable-qlog + config: -DCMAKE_C_COMPILER=gcc --strict-warnings no-fips # are we really learning sth new from win32? So let's save some CO2 for now disabling this # - arch: win32 # config: -DCMAKE_C_COMPILER=gcc --strict-warnings no-fips diff --git a/CHANGES.md b/CHANGES.md index c67d0bd6aa..d857bf846a 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -124,8 +124,8 @@ OpenSSL 3.3 The qlog output from OpenSSL currently uses a pre-standard draft version of qlog. The output from OpenSSL will change in incompatible ways in future releases, and is not subject to any format stability or compatibility - guarantees at this time; therefore this functionality must currently be - enabled with the build-time option `enable-unstable-qlog`. See the + guarantees at this time. This functionality can be + disabled with the build-time option `no-unstable-qlog`. See the openssl-qlog(7) manpage for details. *Hugo Landau* @@ -579,7 +579,6 @@ our %disabled = ( # "what" => "comment" "ktls" => "default", "md2" => "default", "msan" => "default", - "unstable-qlog" => "default", "rc5" => "default", "sctp" => "default", "ssl3" => "default", @@ -2976,21 +2975,6 @@ or position independent code, please let us know (but please first make sure you have tried with a current version of OpenSSL). EOF -print <<"EOF" if (!$disabled{qlog}); - -============================== WARNING =============================== - -WARNING: You have enabled qlog. This functionality is unstable and - implements a draft version of the qlog specification. The qlog - output from OpenSSL *will* change in incompatible ways in future, - and is not subject to any format stability or compatibility - guarantees at this time. See the manpage openssl-qlog(7) for - details. - -============================== WARNING =============================== - -EOF - print $banner; exit(0); diff --git a/doc/man7/openssl-qlog.pod b/doc/man7/openssl-qlog.pod index 17c56f1b07..914083a31c 100644 --- a/doc/man7/openssl-qlog.pod +++ b/doc/man7/openssl-qlog.pod @@ -22,9 +22,6 @@ for details. =head1 USAGE -The qlog functionality must be explicitly enabled at OpenSSL build time using -the I<enable-unstable-qlog> configure flag. - When OpenSSL is built with qlog support, qlog is enabled at run time by setting the standard B<QLOGDIR> environment variable to point to a directory where qlog files should be written. Once set, any QUIC connection established by OpenSSL @@ -43,6 +40,9 @@ Connection ID used in the header of the first Initial packet sent as part of the connection process, and B<{vantage_point_type}> is either C<client> or C<server>, reflecting the perspective of the endpoint producing the qlog output. +The qlog functionality can be disabled at OpenSSL build time using the +I<no-unstable-qlog> configure flag. + =head1 SUPPORTED EVENT TYPES The following event types are currently supported: @@ -178,12 +178,9 @@ breaking ways in the future, including in non-major releases of OpenSSL. The qlog output of OpenSSL is considered unstable and not subject to any format stability or compatibility guarantees at this time. -As such, the qlog functionality is currently guarded behind the build-time -configuration flag B<enable-unstable-qlog>, which is not enabled by default, to -ensure that users are aware of this instability. Users of the OpenSSL qlog -functionality must be aware that the output may change arbitrarily between -releases and that the preservation of compatibility with any given tool between -releases is not guaranteed. +Users of the OpenSSL qlog functionality must be aware that the output may change +arbitrarily between releases and that the preservation of compatibility with any +given tool between releases is not guaranteed. =head2 Aims |