This is a fork of OpenSSL to enable QUIC. In addition to the website, the official source distribution is at https://github.com/openssl/openssl. The OpenSSL README can be found at README-OpenSSL.md.
This fork adds API that can be used by QUIC implementations for connection handshakes. Quoting the IETF Working group charter, QUIC is a "UDP-based, stream-multiplexing, encrypted transport protocol." If you don't need QUIC, you should use the official OpenSSL distributions.
+This fork adds an API that can be used by QUIC implementations for connection handshakes. Quoting the IETF Working group charter, QUIC is a "UDP-based, stream-multiplexing, encrypted transport protocol." If you don't need QUIC, you should use the official OpenSSL distributions.
The API's here are used by Microsoft's MsQuic, and Google's Chromium QUIC, and others.
We are not in competition with OpenSSL project. We informed them of our plans to fork the code before we went public. @@ -19,11 +19,11 @@
There is a community need for a QUIC capable TLS library, for both the 3.0 and 1.1 streams. -This fork is intended as stopgap solution to enable higher level frameworks and runtimes to use QUIC with the proven and reliable TLS functionality from OpenSSL. This fork will be maintained until OpenSSL officially provides reasonable support for QUIC implementations.
+This fork is intended as a stopgap solution to enable higher level frameworks and runtimes to use QUIC with the proven and reliable TLS functionality from OpenSSL. This fork will be maintained until OpenSSL officially provides reasonable support for QUIC implementations.This fork can be considered a supported version of OpenSSL PR 8797. We will endeavor to track OpenSSL releases within a day or so, and there is an item below about how we'll follow their tagging.
On to the questions and answers.
We don't want to conflict with OpenSSL branch names. Our plan is to append +quic to upstream tag names to create our branches. Release tags will be the upstream tag name with -quic1 appended (where 1 will be the incrementing release number). For example, the OpenSSL tag openssl-3.0.10 would have a branch named openssl-3.0.10+quic and a first release tag of openssl-3.0.10-quic1. Please note that this is not compatible with semantic versioning, as any version with a -value suffix is sorted before the version (i.e. openssl-3.0.10-quic1 < openssl-3.0.10). Using a + can remediate thie, but some release tools don't like the +.
We don't want to conflict with OpenSSL branch names. Our plan is to append +quic to upstream tag names to create our branches. Release tags will be the upstream tag name with -quic1 appended (where 1 will be the incrementing release number). For example, the OpenSSL tag openssl-3.0.10 would have a branch named openssl-3.0.10+quic and a first release tag of openssl-3.0.10-quic1. Please note that this is not compatible with semantic versioning, as any version with a -value suffix is sorted before the version (i.e. openssl-3.0.10-quic1 < openssl-3.0.10). Using a + can remediate this, but some release tools don't like the +.
(In other words, "What about rebasing?")
Our plan is to always rebase on top of an upstream release tag. In particular: