Enable QUIC by default

Ensure builds enable QUIC without explicitly having to ask for it. To disable QUIC pass "no-quic" to Configure. As a result we can remove all use of "enable-quic" from the various CI runs. We also add a CHANGES and NEWS entry for QUIC support. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21332)
2025-01-30 14:01:55 +08:00 · 2023-06-30 15:56:13 +01:00 · 2023-06-30 15:56:13 +01:00 · 8a76420238
commit 8a76420238
parent d88a0f5f39
9 changed files with 31 additions and 27 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -33,7 +33,7 @@ jobs:
      with:
        fetch-depth: 0
    - name: config
-      run: ./config --banner=Configured --strict-warnings enable-fips enable-quic && perl configdata.pm --dump
+      run: ./config --banner=Configured --strict-warnings enable-fips && perl configdata.pm --dump
    - name: make build_generated
      run: make -s build_generated
    - name: make update
@ -46,7 +46,7 @@ jobs:
    steps:
    - uses: actions/checkout@v3
    - name: config
-      run: ./config --banner=Configured --strict-warnings enable-fips enable-quic && perl configdata.pm --dump
+      run: ./config --banner=Configured --strict-warnings enable-fips && perl configdata.pm --dump
    - name: make build_generated
      run: make -s build_generated
    - name: make doc-nits
@ -66,7 +66,7 @@ jobs:
    steps:
    - uses: actions/checkout@v3
    - name: config
-      run: CPPFLAGS=-ansi ./config --banner=Configured no-asm no-makedepend enable-buildtest-c++ enable-fips enable-quic --strict-warnings -D_DEFAULT_SOURCE && perl configdata.pm --dump
+      run: CPPFLAGS=-ansi ./config --banner=Configured no-asm no-makedepend enable-buildtest-c++ enable-fips --strict-warnings -D_DEFAULT_SOURCE && perl configdata.pm --dump
    - name: make
      run: make -s -j4
@ -79,6 +79,7 @@ jobs:
    - name: localegen
      run: sudo locale-gen tr_TR.UTF-8
    - name: config
      # enable-quic is on by default, but we leave it here to check we're testing the explicit enable somewhere
      run: CC=gcc ./config --banner=Configured enable-fips enable-quic --strict-warnings && perl configdata.pm --dump
    - name: make
      run: make -s -j4
@ -118,7 +119,7 @@ jobs:
    - name: checkout fuzz/corpora submodule
      run: git submodule update --init --depth 1 fuzz/corpora
    - name: config
-      run: ./config --banner=Configured --strict-warnings no-deprecated enable-fips enable-quic && perl configdata.pm --dump
+      run: ./config --banner=Configured --strict-warnings no-deprecated enable-fips && perl configdata.pm --dump
    - name: make
      run: make -s -j4
    - name: make test
@ -160,7 +161,7 @@ jobs:
    - name: checkout fuzz/corpora submodule
      run: git submodule update --init --depth 1 fuzz/corpora
    - name: config
-      run: ./config --banner=Configured --debug enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips enable-quic -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION && perl configdata.pm --dump
+      run: ./config --banner=Configured --debug enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION && perl configdata.pm --dump
    - name: make
      run: make -s -j4
    - name: make test
@ -174,7 +175,7 @@ jobs:
      run: git submodule update --init --depth 1 fuzz/corpora
    - name: config
      # --debug -O1 is to produce a debug build that runs in a reasonable amount of time
-      run: CC=clang ./config --banner=Configured --debug -O1 -fsanitize=memory -DOSSL_SANITIZE_MEMORY -fno-optimize-sibling-calls enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips enable-quic && perl configdata.pm --dump
+      run: CC=clang ./config --banner=Configured --debug -O1 -fsanitize=memory -DOSSL_SANITIZE_MEMORY -fno-optimize-sibling-calls enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips && perl configdata.pm --dump
    - name: make
      run: make -s -j4
    - name: make test
@ -187,7 +188,7 @@ jobs:
    - name: checkout fuzz/corpora submodule
      run: git submodule update --init --depth 1 fuzz/corpora
    - name: config
-      run: CC=clang ./config --banner=Configured no-fips --strict-warnings -fsanitize=thread enable-quic && perl configdata.pm --dump
+      run: CC=clang ./config --banner=Configured no-fips --strict-warnings -fsanitize=thread && perl configdata.pm --dump
    - name: make
      run: make -s -j4
    - name: make test
@ -202,7 +203,7 @@ jobs:
    - name: modprobe tls
      run: sudo modprobe tls
    - name: config
-      run: ./config --banner=Configured --strict-warnings no-ec enable-ssl-trace enable-zlib enable-zlib-dynamic enable-crypto-mdebug enable-crypto-mdebug-backtrace enable-egd enable-ktls enable-fips enable-quic no-threads && perl configdata.pm --dump
+      run: ./config --banner=Configured --strict-warnings no-ec enable-ssl-trace enable-zlib enable-zlib-dynamic enable-crypto-mdebug enable-crypto-mdebug-backtrace enable-egd enable-ktls enable-fips no-threads && perl configdata.pm --dump
    - name: make
      run: make -s -j4
    - name: make test
@ -217,7 +218,7 @@ jobs:
    - name: modprobe tls
      run: sudo modprobe tls
    - name: config
-      run: ./config --banner=Configured --strict-warnings enable-ktls enable-fips enable-quic && perl configdata.pm --dump
+      run: ./config --banner=Configured --strict-warnings enable-ktls enable-fips && perl configdata.pm --dump
    - name: make
      run: make -s -j4
    - name: make test
@ -321,7 +322,7 @@ jobs:
    - name: checkout fuzz/corpora submodule
      run: git submodule update --init --depth 1 fuzz/corpora
    - name: config
-      run: ./config --banner=Configured --strict-warnings no-legacy enable-fips enable-quic && perl configdata.pm --dump
+      run: ./config --banner=Configured --strict-warnings no-legacy enable-fips && perl configdata.pm --dump
    - name: make
      run: make -s -j4
    - name: make test
@ -350,7 +351,7 @@ jobs:
    - name: checkout fuzz/corpora submodule
      run: git submodule update --init --depth 1 fuzz/corpora
    - name: config
-      run: CC=gcc ./config --banner=Configured enable-tfo enable-quic --strict-warnings && perl configdata.pm --dump
+      run: CC=gcc ./config --banner=Configured enable-tfo --strict-warnings && perl configdata.pm --dump
    - name: make
      run: make -s -j4
    - name: make test
@ -460,7 +461,7 @@ jobs:
      with:
        submodules: recursive
    - name: Configure OpenSSL
-      run: ./config --banner=Configured --strict-warnings enable-external-tests enable-quic && perl configdata.pm --dump
+      run: ./config --banner=Configured --strict-warnings enable-external-tests && perl configdata.pm --dump
    - name: make
      run: make -s -j4
    - uses: actions-rs/toolchain@v1
--- a/.github/workflows/coveralls.yml
+++ b/.github/workflows/coveralls.yml
@ -34,7 +34,7 @@ jobs:
            extra_config: enable-fips
          }, {
            branch: master,
-            extra_config: no-afalgeng enable-fips enable-tfo enable-quic
+            extra_config: no-afalgeng enable-fips enable-tfo
          }
        ]
    runs-on: ubuntu-latest
--- a/.github/workflows/os-zoo.yml
+++ b/.github/workflows/os-zoo.yml
@ -44,7 +44,7 @@ jobs:
        fi
        CC=${{ matrix.cc }} ./config --banner=Configured no-shared \
-            -Wall -Werror enable-fips enable-quic --strict-warnings -DOPENSSL_USE_IPV6=0 ${extra_cflags}
+            -Wall -Werror enable-fips --strict-warnings -DOPENSSL_USE_IPV6=0 ${extra_cflags}
    - name: config dump
      run: ./configdata.pm --dump
@ -71,7 +71,7 @@ jobs:
    - name: config
      run: |
        CC=${{ matrix.zoo.cc }} ./config --banner=Configured \
-            -Wall -Werror --strict-warnings enable-fips enable-quic
+            -Wall -Werror --strict-warnings enable-fips
    - name: config dump
      run: ./configdata.pm --dump
    - name: make
@ -99,7 +99,7 @@ jobs:
    - name: config
      working-directory: _build
      run: |
-        perl ..\Configure --banner=Configured no-makedepend enable-fips enable-quic
+        perl ..\Configure --banner=Configured no-makedepend enable-fips
    - name: config dump
      working-directory: _build
      run: ./configdata.pm --dump
--- a/.github/workflows/run-checker-ci.yml
+++ b/.github/workflows/run-checker-ci.yml
@ -37,6 +37,7 @@ jobs:
          no-tls1_3,
          enable-trace enable-fips,
          no-ui,
          no-quic
        ]
    runs-on: ubuntu-latest
    steps:
--- a/.github/workflows/windows.yml
+++ b/.github/workflows/windows.yml
@ -22,9 +22,9 @@ jobs:
          - windows-2022
        platform:
          - arch: win64
-            config: enable-fips enable-quic
+            config: enable-fips
          - arch: win32
-            config: --strict-warnings no-fips enable-quic
+            config: --strict-warnings no-fips
    runs-on: ${{matrix.os}}
    steps:
    - uses: actions/checkout@v3
@ -101,7 +101,7 @@ jobs:
    - name: config
      working-directory: _build
      run: |
-        perl ..\Configure --banner=Configured no-makedepend no-bulk no-deprecated no-fips no-asm no-threads enable-quic -DOPENSSL_SMALL_FOOTPRINT
+        perl ..\Configure --banner=Configured no-makedepend no-bulk no-deprecated no-fips no-asm no-threads -DOPENSSL_SMALL_FOOTPRINT
        perl configdata.pm --dump
    - name: build
      working-directory: _build
@ -119,10 +119,10 @@ jobs:
 #          - windows-2022
        platform:
          - arch: win64
-            config: -DCMAKE_C_COMPILER=gcc --strict-warnings no-fips enable-quic
+            config: -DCMAKE_C_COMPILER=gcc --strict-warnings no-fips
 # are we really learning sth new from win32? So let's save some CO2 for now disabling this
 #          - arch: win32
-#            config: -DCMAKE_C_COMPILER=gcc --strict-warnings no-fips enable-quic
+#            config: -DCMAKE_C_COMPILER=gcc --strict-warnings no-fips
    runs-on: ${{matrix.os}}
    env:
      CYGWIN_NOWINPATH: 1
--- a/CHANGES.md
+++ b/CHANGES.md
@ -25,6 +25,10 @@ OpenSSL 3.2
 ### Changes between 3.1 and 3.2 [xx XXX xxxx]
 * Added client side support for QUIC
   *Hugo Landau*
 * Added SHA256/192 algorithm support.
   *Fergus Dall*
--- a/4
+++ b/4
@ -94,8 +94,7 @@ EOF
 # zlib-dynamic  Like "zlib", but the zlib library is expected to be a shared
 #               library and will be loaded at run-time by the OpenSSL library.
 # sctp          include SCTP support
-# enable-quic   include QUIC support (currently just for developers as the
+# no-quic       disable QUIC support
 #               implementation is by no means complete and usable)
 # no-uplink     Don't build support for UPLINK interface.
 # enable-weak-ssl-ciphers
 #               Enable weak ciphers that are disabled by default.
@ -570,7 +569,6 @@ our %disabled = ( # "what"         => "comment"
                  "ktls"                => "default",
                  "md2"                 => "default",
                  "msan"                => "default",
                  "quic"                => "default",
                  "rc5"                 => "default",
                  "sctp"                => "default",
                  "ssl3"                => "default",
--- a/INSTALL.md
+++ b/INSTALL.md
@ -971,10 +971,9 @@ Don't build test programs or run any tests.
 Build with support for TCP Fast Open (RFC7413). Supported on Linux, macOS and FreeBSD.
-### enable-quic
+### no-quic
-Build with QUIC support. This is currently just for developers as the
+Don't build with QUIC support.
 implementation is by no means complete and usable.
 ### no-threads
--- a/NEWS.md
+++ b/NEWS.md
@ -22,6 +22,7 @@ OpenSSL 3.2
 ### Major changes between OpenSSL 3.1 and OpenSSL 3.2 [under development]
  * Added client side support for QUIC.
  * Add Raw Public Key (RFC7250) support.
  * Added support for certificate compression (RFC8879), including
    library support for Brotli and Zstandard compression.