zzy/openssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Enable qlog support by default

Browse Source 
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23744)
This commit is contained in:
Hugo Landau 2024-03-04 22:49:54 +00:00
parent cd2cdb6158
commit e98940d6f6
6 changed files with 30 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
.github/workflows/ci.yml vendored
View File

@ -83,7 +83,7 @@ jobs:
run: sudo locale-gen tr_TR.UTF-8
- name: config
# enable-quic is on by default, but we leave it here to check we're testing the explicit enable somewhere
run: CC=gcc ./config --banner=Configured enable-fips enable-quic enable-unstable-qlog --strict-warnings && perl configdata.pm --dump
run: CC=gcc ./config --banner=Configured enable-fips enable-quic --strict-warnings && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
@ -100,7 +100,7 @@ jobs:
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config
run: CC=clang ./config --banner=Configured no-fips enable-unstable-qlog --strict-warnings && perl configdata.pm --dump
run: CC=clang ./config --banner=Configured no-fips --strict-warnings && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
@ -119,7 +119,7 @@ jobs:
steps:
- uses: actions/checkout@v4
- name: config
run: ./config enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace enable-unstable-qlog
run: ./config enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace
- name: config dump
run: ./configdata.pm --dump
- name: make
@ -136,7 +136,7 @@ jobs:
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config
run: ./config --banner=Configured --strict-warnings no-bulk no-pic no-asm enable-unstable-qlog -DOPENSSL_NO_SECURE_MEMORY -DOPENSSL_SMALL_FOOTPRINT && perl configdata.pm --dump
run: ./config --banner=Configured --strict-warnings no-bulk no-pic no-asm -DOPENSSL_NO_SECURE_MEMORY -DOPENSSL_SMALL_FOOTPRINT && perl configdata.pm --dump
- name: make
run: make -j4 # verbose, so no -s here
- name: get cpu info
@ -153,7 +153,7 @@ jobs:
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config
run: ./config --banner=Configured --strict-warnings no-deprecated enable-fips enable-unstable-qlog && perl configdata.pm --dump
run: ./config --banner=Configured --strict-warnings no-deprecated enable-fips && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
@ -170,7 +170,7 @@ jobs:
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config
run: ./config --banner=Configured --strict-warnings no-shared no-fips enable-unstable-qlog && perl configdata.pm --dump
run: ./config --banner=Configured --strict-warnings no-shared no-fips && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
@ -188,7 +188,7 @@ jobs:
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config
run: ./config --banner=Configured --strict-warnings no-shared no-fips enable-unstable-qlog && perl configdata.pm --dump
run: ./config --banner=Configured --strict-warnings no-shared no-fips && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
@ -205,7 +205,7 @@ jobs:
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config
run: ./config --banner=Configured --debug enable-asan enable-ubsan no-cached-fetch no-fips no-dtls no-tls1 no-tls1-method no-tls1_1 no-tls1_1-method no-async enable-unstable-qlog && perl configdata.pm --dump
run: ./config --banner=Configured --debug enable-asan enable-ubsan no-cached-fetch no-fips no-dtls no-tls1 no-tls1-method no-tls1_1 no-tls1_1-method no-async && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
@ -222,7 +222,7 @@ jobs:
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config
run: ./config --banner=Configured --debug enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips enable-unstable-qlog && perl configdata.pm --dump
run: ./config --banner=Configured --debug enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
@ -239,7 +239,7 @@ jobs:
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config
run: ./config --banner=Configured --debug -DPEDANTIC -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-weak-ssl-ciphers enable-ssl3 enable-ssl3-method enable-nextprotoneg enable-unstable-qlog && perl configdata.pm --dump
run: ./config --banner=Configured --debug -DPEDANTIC -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-weak-ssl-ciphers enable-ssl3 enable-ssl3-method enable-nextprotoneg && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
@ -257,7 +257,7 @@ jobs:
run: git submodule update --init --depth 1 fuzz/corpora
- name: config
# --debug -O1 is to produce a debug build that runs in a reasonable amount of time
run: CC=clang ./config --banner=Configured --debug -O1 -fsanitize=memory -DOSSL_SANITIZE_MEMORY -fno-optimize-sibling-calls enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips enable-unstable-qlog && perl configdata.pm --dump
run: CC=clang ./config --banner=Configured --debug -O1 -fsanitize=memory -DOSSL_SANITIZE_MEMORY -fno-optimize-sibling-calls enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
@ -274,7 +274,7 @@ jobs:
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config
run: CC=clang ./config --banner=Configured no-fips enable-unstable-qlog --strict-warnings -fsanitize=thread && perl configdata.pm --dump
run: CC=clang ./config --banner=Configured no-fips --strict-warnings -fsanitize=thread && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
@ -293,7 +293,7 @@ jobs:
- name: modprobe tls
run: sudo modprobe tls
- name: config
run: ./config --banner=Configured --strict-warnings no-ec enable-ssl-trace enable-zlib enable-zlib-dynamic enable-crypto-mdebug enable-egd enable-ktls enable-fips no-threads enable-unstable-qlog && perl configdata.pm --dump
run: ./config --banner=Configured --strict-warnings no-ec enable-ssl-trace enable-zlib enable-zlib-dynamic enable-crypto-mdebug enable-egd enable-ktls enable-fips no-threads && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
@ -318,7 +318,7 @@ jobs:
- name: install extra config support
run: sudo apt-get -y install libsctp-dev abigail-tools libzstd-dev zstd
- name: config
run: ./config --banner=Configured --strict-warnings enable-ktls enable-fips enable-egd enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-sctp enable-ssl3 enable-ssl3-method enable-trace enable-zlib enable-zstd enable-unstable-qlog && perl configdata.pm --dump
run: ./config --banner=Configured --strict-warnings enable-ktls enable-fips enable-egd enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-sctp enable-ssl3 enable-ssl3-method enable-trace enable-zlib enable-zstd && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
@ -335,7 +335,7 @@ jobs:
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config
run: ./config --banner=Configured --strict-warnings no-legacy enable-fips enable-unstable-qlog && perl configdata.pm --dump
run: ./config --banner=Configured --strict-warnings no-legacy enable-fips && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
@ -352,7 +352,7 @@ jobs:
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config
run: ./config --banner=Configured -Werror --debug no-afalgeng no-shared enable-crypto-mdebug enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-fips enable-unstable-qlog && perl configdata.pm --dump
run: ./config --banner=Configured -Werror --debug no-afalgeng no-shared enable-crypto-mdebug enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-fips && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
@ -384,7 +384,7 @@ jobs:
mkdir ./install
- name: config
run: |
../source/config --banner=Configured enable-fips enable-quic enable-unstable-qlog enable-acvp-tests --strict-warnings --prefix=$(cd ../install; pwd)
../source/config --banner=Configured enable-fips enable-quic enable-acvp-tests --strict-warnings --prefix=$(cd ../install; pwd)
perl configdata.pm --dump
working-directory: ./build
- name: make
@ -420,7 +420,7 @@ jobs:
mkdir ./install
- name: config
run: |
../source/config --banner=Configured enable-fips enable-quic enable-unstable-qlog enable-acvp-tests --strict-warnings --prefix=$(cd ../install; pwd)
../source/config --banner=Configured enable-fips enable-quic enable-acvp-tests --strict-warnings --prefix=$(cd ../install; pwd)
perl configdata.pm --dump
working-directory: ./build
- name: make

2
.github/workflows/run-checker-ci.yml vendored
View File

@ -28,7 +28,7 @@ jobs:
no-ec,
no-ecx,
no-http,
no-legacy enable-unstable-qlog,
no-legacy,
no-sock,
enable-ssl-trace,
no-stdio,

6
.github/workflows/windows.yml vendored
View File

@ -22,9 +22,9 @@ jobs:
- windows-2022
platform:
- arch: win64
config: enable-fips enable-unstable-qlog
config: enable-fips
- arch: win32
config: --strict-warnings no-fips enable-unstable-qlog
config: --strict-warnings no-fips
runs-on: ${{ github.server_url == 'https://github.com' && matrix.os || format('{0}-self-hosted', matrix.os) }}
steps:
- uses: actions/checkout@v4
@ -155,7 +155,7 @@ jobs:
# - windows-2022
platform:
- arch: win64
config: -DCMAKE_C_COMPILER=gcc --strict-warnings no-fips enable-unstable-qlog
config: -DCMAKE_C_COMPILER=gcc --strict-warnings no-fips
# are we really learning sth new from win32? So let's save some CO2 for now disabling this
# - arch: win32
# config: -DCMAKE_C_COMPILER=gcc --strict-warnings no-fips

4
CHANGES.md
View File

@ -124,8 +124,8 @@ OpenSSL 3.3
The qlog output from OpenSSL currently uses a pre-standard draft version of
qlog. The output from OpenSSL will change in incompatible ways in future
releases, and is not subject to any format stability or compatibility
guarantees at this time; therefore this functionality must currently be
enabled with the build-time option `enable-unstable-qlog`. See the
guarantees at this time. This functionality can be
disabled with the build-time option `no-unstable-qlog`. See the
openssl-qlog(7) manpage for details.
*Hugo Landau*

16
Configure
View File

@ -579,7 +579,6 @@ our %disabled = ( # "what" => "comment"
"ktls" => "default",
"md2" => "default",
"msan" => "default",
"unstable-qlog" => "default",
"rc5" => "default",
"sctp" => "default",
"ssl3" => "default",
@ -2976,21 +2975,6 @@ or position independent code, please let us know (but please first make sure
you have tried with a current version of OpenSSL).
EOF
print <<"EOF" if (!$disabled{qlog});
============================== WARNING ===============================
WARNING: You have enabled qlog. This functionality is unstable and
implements a draft version of the qlog specification. The qlog
output from OpenSSL *will* change in incompatible ways in future,
and is not subject to any format stability or compatibility
guarantees at this time. See the manpage openssl-qlog(7) for
details.
============================== WARNING ===============================
EOF
print $banner;
exit(0);

15
doc/man7/openssl-qlog.pod
View File

@ -22,9 +22,6 @@ for details.
=head1 USAGE
The qlog functionality must be explicitly enabled at OpenSSL build time using
the I<enable-unstable-qlog> configure flag.
When OpenSSL is built with qlog support, qlog is enabled at run time by setting
the standard B<QLOGDIR> environment variable to point to a directory where qlog
files should be written. Once set, any QUIC connection established by OpenSSL
@ -43,6 +40,9 @@ Connection ID used in the header of the first Initial packet sent as part of the
connection process, and B<{vantage_point_type}> is either C<client> or
C<server>, reflecting the perspective of the endpoint producing the qlog output.
The qlog functionality can be disabled at OpenSSL build time using the
I<no-unstable-qlog> configure flag.
=head1 SUPPORTED EVENT TYPES
The following event types are currently supported:
@ -178,12 +178,9 @@ breaking ways in the future, including in non-major releases of OpenSSL. The
qlog output of OpenSSL is considered unstable and not subject to any format
stability or compatibility guarantees at this time.
As such, the qlog functionality is currently guarded behind the build-time
configuration flag B<enable-unstable-qlog>, which is not enabled by default, to
ensure that users are aware of this instability. Users of the OpenSSL qlog
functionality must be aware that the output may change arbitrarily between
releases and that the preservation of compatibility with any given tool between
releases is not guaranteed.
Users of the OpenSSL qlog functionality must be aware that the output may change
arbitrarily between releases and that the preservation of compatibility with any
given tool between releases is not guaranteed.
=head2 Aims