mirror of
https://github.com/freebsd/freebsd-src
synced 2024-07-21 02:06:37 +00:00
![Pierre Pronchery](/assets/img/avatar_default.png)
Migrate to OpenSSL 3.0 in advance of FreeBSD 14.0. OpenSSL 1.1.1 (the version we were previously using) will be EOL as of 2023-09-11. Most of the base system has already been updated for a seamless switch to OpenSSL 3.0. For many components we've added `-DOPENSSL_API_COMPAT=0x10100000L` to CFLAGS to specify the API version, which avoids deprecation warnings from OpenSSL 3.0. Changes have also been made to avoid OpenSSL APIs that were already deprecated in OpenSSL 1.1.1. The process of updating to contemporary APIs can continue after this merge. Additional changes are still required for libarchive and Kerberos- related libraries or tools; workarounds will immediately follow this commit. Fixes are in progress in the upstream projects and will be incorporated when those are next updated. There are some performance regressions in benchmarks (certain tests in `openssl speed`) and in some OpenSSL consumers in ports (e.g. haproxy). Investigation will continue for these. Netflix's testing showed no functional regression and a rather small, albeit statistically significant, increase in CPU consumption with OpenSSL 3.0. Thanks to ngie@ and des@ for updating base system components, to antoine@ and bofh@ for ports exp-runs and port fixes/workarounds, and to Netflix and everyone who tested prior to commit or contributed to this update in other ways. PR: 271615 PR: 271656 [exp-run] Relnotes: Yes Sponsored by: The FreeBSD Foundation
94 lines
3.8 KiB
Markdown
94 lines
3.8 KiB
Markdown
OpenSSL User Support resources
|
|
==============================
|
|
|
|
See the <https://www.openssl.org/support/contracts.html> for details on how to
|
|
obtain commercial technical support.
|
|
|
|
If you have general questions about using OpenSSL
|
|
-------------------------------------------------
|
|
|
|
In this case the [openssl-users] mailing list is the right place for you.
|
|
The list is not only watched by the OpenSSL team members, but also by many
|
|
other OpenSSL users. Here you will most likely get the answer to your questions.
|
|
An overview over the [mailing lists](#mailing-lists) can be found below.
|
|
|
|
If you think you found a Bug
|
|
----------------------------
|
|
|
|
*NOTE: this section assumes that you want to report it or figure it out and
|
|
fix it. What's written here is not to be taken as a recipe for how to get a
|
|
working production installation*
|
|
|
|
If you have any problems with OpenSSL then please take the following steps
|
|
first:
|
|
|
|
- Search the mailing lists and/or the GitHub issues to find out whether
|
|
the problem has already been reported.
|
|
- Download the latest version from the repository to see if the problem
|
|
has already been addressed.
|
|
- Configure without assembler support (`no-asm`) and check whether the
|
|
problem persists.
|
|
- Remove compiler optimization flags.
|
|
|
|
Please keep in mind: Just because something doesn't work the way you expect
|
|
does not mean it is necessarily a bug in OpenSSL. If you are not sure,
|
|
consider searching the mail archives and posting a question to the
|
|
[openssl-users] mailing list first.
|
|
|
|
### Open an Issue
|
|
|
|
If you wish to report a bug, please open an [issue][github-issues] on GitHub
|
|
and include the following information:
|
|
|
|
- OpenSSL version: output of `openssl version -a`
|
|
- Configuration data: output of `perl configdata.pm --dump`
|
|
- OS Name, Version, Hardware platform
|
|
- Compiler Details (name, version)
|
|
- Application Details (name, version)
|
|
- Problem Description (steps that will reproduce the problem, if known)
|
|
- Stack Traceback (if the application dumps core)
|
|
|
|
Not only errors in the software, also errors in the documentation, in
|
|
particular the manual pages, can be reported as issues.
|
|
|
|
### Submit a Pull Request
|
|
|
|
The fastest way to get a bug fixed is to fix it yourself ;-). If you are
|
|
experienced in programming and know how to fix the bug, you can open a
|
|
pull request. The details are covered in the [Contributing][contributing] section.
|
|
|
|
Don't hesitate to open a pull request, even if it's only a small change
|
|
like a grammatical or typographical error in the documentation.
|
|
|
|
Mailing Lists
|
|
=============
|
|
|
|
The OpenSSL maintains a number of [mailing lists] for various purposes.
|
|
The most important lists are:
|
|
|
|
- [openssl-users] for general questions about using the OpenSSL software
|
|
and discussions between OpenSSL users.
|
|
|
|
- [openssl-announce] for official announcements to the OpenSSL community.
|
|
|
|
- [openssl-project] for discussion about the development roadmap
|
|
and governance.
|
|
|
|
Only subscribers can post to [openssl-users] or [openssl-project]. The
|
|
archives are made public, however. For more information, see the [mailing
|
|
lists] page.
|
|
|
|
There was an [openssl-dev] list that has been discontinued since development
|
|
is now taking place in the form of GitHub pull requests. Although not active
|
|
anymore, the searchable archive may still contain useful information.
|
|
|
|
<!-- Links -->
|
|
|
|
[mailing lists]: https://www.openssl.org/community/mailinglists.html
|
|
[openssl-users]: https://mta.openssl.org/mailman/listinfo/openssl-users
|
|
[openssl-announce]: https://mta.openssl.org/mailman/listinfo/openssl-announce
|
|
[openssl-project]: https://mta.openssl.org/mailman/listinfo/openssl-project
|
|
[openssl-dev]: https://mta.openssl.org/mailman/listinfo/openssl-dev
|
|
[github-issues]: https://github.com/openssl/openssl/issues/new/choose
|
|
[contributing]: https://github.com/openssl/openssl/blob/master/CONTRIBUTING.md
|