Migration to OpenSSL+QUIC / quictls 3.0

As soon as OpenSSL 1.1.1 is approaching to its EOL, the decision is to migrate to 3.0. We already provided openssl 3.0.8 builds for AARCH64. All the nginx and apache builds use it as a dependency. Now we are building 3.0.8 for x86_64. Please note that as of 28.03.2023 nginx and apache are not yet rebuilded and still use 1.1.1 as a dependency, thus dnf upgrade may fail until everything will be rebuilded againgst 3.0.8. This is an expected behavior.

NGINX 1.23.4 will be the first build with OpenSSL 3.0.

Please consider supporting my work.

 

UPDATE. Builds and migration is finished, please report any problems.

14 thoughts on “Migration to OpenSSL+QUIC / quictls 3.0”

  1. Hi there,

    when i run yum update command, this error appear, please help.

    Error: Package: 1:nginx-1.23.1-1.codeit.el7.x86_64 (@CodeIT-mainline)
    Requires: libssl.so.81.1.1()(64bit)
    Removing: openssl-quic-libs-1.1.1t-2.codeit.el7.x86_64 (@CodeIT)
    libssl.so.81.1.1()(64bit)
    Updated By: openssl-quic-libs-3.0.8-1.codeit.el7.x86_64 (CodeIT)
    Not found
    Available: openssl-quic-libs-1.1.1n-1.codeit.el7.x86_64 (CodeIT)
    libssl.so.81.1.1()(64bit)
    Available: openssl-quic-libs-1.1.1n-2.codeit.el7.x86_64 (CodeIT)
    libssl.so.81.1.1()(64bit)
    Available: openssl-quic-libs-1.1.1n-3.codeit.el7.x86_64 (CodeIT)
    libssl.so.81.1.1()(64bit)
    Available: openssl-quic-libs-1.1.1o-1.codeit.el7.x86_64 (CodeIT)
    libssl.so.81.1.1()(64bit)
    Available: openssl-quic-libs-1.1.1p-1.codeit.el7.x86_64 (CodeIT)
    libssl.so.81.1.1()(64bit)
    Available: openssl-quic-libs-1.1.1q-1.codeit.el7.x86_64 (CodeIT)
    libssl.so.81.1.1()(64bit)
    Available: openssl-quic-libs-1.1.1r-1.codeit.el7.x86_64 (CodeIT)
    libssl.so.81.1.1()(64bit)
    Available: openssl-quic-libs-1.1.1s-1.codeit.el7.x86_64 (CodeIT)
    libssl.so.81.1.1()(64bit)
    Available: openssl-quic-libs-1.1.1t-1.codeit.el7.x86_64 (CodeIT)
    libssl.so.81.1.1()(64bit)
    Error: Package: 1:nginx-1.23.1-1.codeit.el7.x86_64 (@CodeIT-mainline)
    Requires: libcrypto.so.81.1.1(OPENSSL_1_1_0)(64bit)
    Removing: openssl-quic-libs-1.1.1t-2.codeit.el7.x86_64 (@CodeIT)
    libcrypto.so.81.1.1(OPENSSL_1_1_0)(64bit)
    Updated By: openssl-quic-libs-3.0.8-1.codeit.el7.x86_64 (CodeIT)
    Not found
    Available: openssl-quic-libs-1.1.1n-1.codeit.el7.x86_64 (CodeIT)
    libcrypto.so.81.1.1(OPENSSL_1_1_0)(64bit)
    Available: openssl-quic-libs-1.1.1n-2.codeit.el7.x86_64 (CodeIT)
    libcrypto.so.81.1.1(OPENSSL_1_1_0)(64bit)
    Available: openssl-quic-libs-1.1.1n-3.codeit.el7.x86_64 (CodeIT)
    libcrypto.so.81.1.1(OPENSSL_1_1_0)(64bit)
    Available: openssl-quic-libs-1.1.1o-1.codeit.el7.x86_64 (CodeIT)
    libcrypto.so.81.1.1(OPENSSL_1_1_0)(64bit)
    Available: openssl-quic-libs-1.1.1p-1.codeit.el7.x86_64 (CodeIT)
    libcrypto.so.81.1.1(OPENSSL_1_1_0)(64bit)
    Available: openssl-quic-libs-1.1.1q-1.codeit.el7.x86_64 (CodeIT)
    libcrypto.so.81.1.1(OPENSSL_1_1_0)(64bit)
    Available: openssl-quic-libs-1.1.1r-1.codeit.el7.x86_64 (CodeIT)
    libcrypto.so.81.1.1(OPENSSL_1_1_0)(64bit)
    Available: openssl-quic-libs-1.1.1s-1.codeit.el7.x86_64 (CodeIT)
    libcrypto.so.81.1.1(OPENSSL_1_1_0)(64bit)
    Available: openssl-quic-libs-1.1.1t-1.codeit.el7.x86_64 (CodeIT)
    libcrypto.so.81.1.1(OPENSSL_1_1_0)(64bit)
    Error: Package: 1:nginx-1.23.1-1.codeit.el7.x86_64 (@CodeIT-mainline)
    Requires: libssl.so.81.1.1(OPENSSL_1_1_1)(64bit)
    Removing: openssl-quic-libs-1.1.1t-2.codeit.el7.x86_64 (@CodeIT)
    libssl.so.81.1.1(OPENSSL_1_1_1)(64bit)
    Updated By: openssl-quic-libs-3.0.8-1.codeit.el7.x86_64 (CodeIT)
    Not found
    Available: openssl-quic-libs-1.1.1n-1.codeit.el7.x86_64 (CodeIT)
    libssl.so.81.1.1(OPENSSL_1_1_1)(64bit)
    Available: openssl-quic-libs-1.1.1n-2.codeit.el7.x86_64 (CodeIT)
    libssl.so.81.1.1(OPENSSL_1_1_1)(64bit)
    Available: openssl-quic-libs-1.1.1n-3.codeit.el7.x86_64 (CodeIT)
    libssl.so.81.1.1(OPENSSL_1_1_1)(64bit)
    Available: openssl-quic-libs-1.1.1o-1.codeit.el7.x86_64 (CodeIT)
    libssl.so.81.1.1(OPENSSL_1_1_1)(64bit)
    Available: openssl-quic-libs-1.1.1p-1.codeit.el7.x86_64 (CodeIT)
    libssl.so.81.1.1(OPENSSL_1_1_1)(64bit)
    Available: openssl-quic-libs-1.1.1q-1.codeit.el7.x86_64 (CodeIT)
    libssl.so.81.1.1(OPENSSL_1_1_1)(64bit)
    Available: openssl-quic-libs-1.1.1r-1.codeit.el7.x86_64 (CodeIT)
    libssl.so.81.1.1(OPENSSL_1_1_1)(64bit)
    Available: openssl-quic-libs-1.1.1s-1.codeit.el7.x86_64 (CodeIT)
    libssl.so.81.1.1(OPENSSL_1_1_1)(64bit)
    Available: openssl-quic-libs-1.1.1t-1.codeit.el7.x86_64 (CodeIT)
    libssl.so.81.1.1(OPENSSL_1_1_1)(64bit)
    Error: Package: 1:nginx-1.23.1-1.codeit.el7.x86_64 (@CodeIT-mainline)
    Requires: libcrypto.so.81.1.1()(64bit)
    Removing: openssl-quic-libs-1.1.1t-2.codeit.el7.x86_64 (@CodeIT)
    libcrypto.so.81.1.1()(64bit)
    Updated By: openssl-quic-libs-3.0.8-1.codeit.el7.x86_64 (CodeIT)
    Not found
    Available: openssl-quic-libs-1.1.1n-1.codeit.el7.x86_64 (CodeIT)
    libcrypto.so.81.1.1()(64bit)
    Available: openssl-quic-libs-1.1.1n-2.codeit.el7.x86_64 (CodeIT)
    libcrypto.so.81.1.1()(64bit)
    Available: openssl-quic-libs-1.1.1n-3.codeit.el7.x86_64 (CodeIT)
    libcrypto.so.81.1.1()(64bit)
    Available: openssl-quic-libs-1.1.1o-1.codeit.el7.x86_64 (CodeIT)
    libcrypto.so.81.1.1()(64bit)
    Available: openssl-quic-libs-1.1.1p-1.codeit.el7.x86_64 (CodeIT)
    libcrypto.so.81.1.1()(64bit)
    Available: openssl-quic-libs-1.1.1q-1.codeit.el7.x86_64 (CodeIT)
    libcrypto.so.81.1.1()(64bit)
    Available: openssl-quic-libs-1.1.1r-1.codeit.el7.x86_64 (CodeIT)
    libcrypto.so.81.1.1()(64bit)
    Available: openssl-quic-libs-1.1.1s-1.codeit.el7.x86_64 (CodeIT)
    libcrypto.so.81.1.1()(64bit)
    Available: openssl-quic-libs-1.1.1t-1.codeit.el7.x86_64 (CodeIT)
    libcrypto.so.81.1.1()(64bit)
    Error: Package: 1:nginx-1.23.1-1.codeit.el7.x86_64 (@CodeIT-mainline)
    Requires: libssl.so.81.1.1(OPENSSL_1_1_0)(64bit)
    Removing: openssl-quic-libs-1.1.1t-2.codeit.el7.x86_64 (@CodeIT)
    libssl.so.81.1.1(OPENSSL_1_1_0)(64bit)
    Updated By: openssl-quic-libs-3.0.8-1.codeit.el7.x86_64 (CodeIT)
    Not found
    Available: openssl-quic-libs-1.1.1n-1.codeit.el7.x86_64 (CodeIT)
    libssl.so.81.1.1(OPENSSL_1_1_0)(64bit)
    Available: openssl-quic-libs-1.1.1n-2.codeit.el7.x86_64 (CodeIT)
    libssl.so.81.1.1(OPENSSL_1_1_0)(64bit)
    Available: openssl-quic-libs-1.1.1n-3.codeit.el7.x86_64 (CodeIT)
    libssl.so.81.1.1(OPENSSL_1_1_0)(64bit)
    Available: openssl-quic-libs-1.1.1o-1.codeit.el7.x86_64 (CodeIT)
    libssl.so.81.1.1(OPENSSL_1_1_0)(64bit)
    Available: openssl-quic-libs-1.1.1p-1.codeit.el7.x86_64 (CodeIT)
    libssl.so.81.1.1(OPENSSL_1_1_0)(64bit)
    Available: openssl-quic-libs-1.1.1q-1.codeit.el7.x86_64 (CodeIT)
    libssl.so.81.1.1(OPENSSL_1_1_0)(64bit)
    Available: openssl-quic-libs-1.1.1r-1.codeit.el7.x86_64 (CodeIT)
    libssl.so.81.1.1(OPENSSL_1_1_0)(64bit)
    Available: openssl-quic-libs-1.1.1s-1.codeit.el7.x86_64 (CodeIT)
    libssl.so.81.1.1(OPENSSL_1_1_0)(64bit)
    Available: openssl-quic-libs-1.1.1t-1.codeit.el7.x86_64 (CodeIT)
    libssl.so.81.1.1(OPENSSL_1_1_0)(64bit)
    You could try using –skip-broken to work around the problem
    You could try running: rpm -Va –nofiles –nodigest

    Regards.

    1. Hi,

      Could you please double check current repo installation instructions:
      yum install -y https://repo.codeit.guru/codeit-repo-release.el7.rpm epel-release && yum-config-manager --enable CodeIT-mainline --save

      This will enable NGINX mainline repo together with OpenSSL+QUIC libs from the main repo.

      1. Thank you! I’ve been looking for this exact answer for several hours ?
        Keep the good work, you’re doing great.

  2. Hi, getting this error in during update
    —-
    Error: Package: mod_http2-2.0.9-1.codeit.el7.x86_64
    Requires: libcrypto.so.81.1.1(OPENSSL_1_1_0)(64bit)
    Removing: openssl-quic-libs-1.1.1s-1.codeit.el7.x86_64
    libcrypto.so.81.1.1(OPENSSL_1_1_0)(64bit)
    Updated By: openssl-quic-libs-3.0.8-1.codeit.el7.x86_64
    Not found
    Available: openssl-quic-libs-1.1.1o-1.codeit.el7.x86_64
    libcrypto.so.81.1.1(OPENSSL_1_1_0)(64bit)

    suggest solution will be the same ( as per above comment ) ? Add “codeit” repo ?

    Thank you

      1. Hi, Alexander

        We using pulp, when we sync our repo with code it one, we getting an error about package size
        ( do not know, how to attach the screenshot )

        Package: openssl-quic-libs
        Error: The size did not match the value specified in the repository metadata

        Could you advise, please ?

        Regards,

          1. Hi, Alexander.
            Thank you, above works well now.

            In case it is important, mainline complaining now about:
            Package:
            http://repo.codeit.guru/packages/mainline/centos/7/x86_64/openssl111-debuginfo-1
            .1.1k-1.codeit.el7.x86_64.rpm
            Error:

            Package:
            http://repo.codeit.guru/packages/mainline/centos/7/x86_64/openssl111-libs-1.1.1k
            -1.codeit.el7.x86_64.rpm
            Error:

            Package:
            http://repo.codeit.guru/packages/mainline/centos/7/x86_64/openssl111-devel-1.1.1
            k-1.codeit.el7.x86_64.rpm
            Error:

            Package:
            http://repo.codeit.guru/packages/mainline/centos/7/x86_64/openssl111-libs-1.1.1l
            -1.codeit.el7.x86_64.rpm
            Error:

            Package:
            http://repo.codeit.guru/packages/mainline/centos/7/x86_64/openssl111-libs-1.1.1m
            -1.codeit.el7.x86_64.rpm
            Error:

            Regards,

          2. vin4, thanks for the confirmation!

            Please clarify what the problem with the packages you mentioned?
            Same problem with different file size and size specified in metadata?
            Thank you for the report.

  3. Hi, Alexander.

    Unfortunately, pulp does not specify the error ( blank field after “Error:”, it as it is, nothing after ). But, I would suggest, that file not exists at its location – when I do try to get the file via browser, I’m getting HTTP 404 ( not found ); nginx/1.23.4

    Kind regards,

    1. Those packages were moved to the archive to simplify dependency resolutions, as we have many variations and versions of the openssl package. To this moment, I keep only two latest variants. I will add more repos to the .repo file soon including archive ones disabled by default and regenerate mainline repo. Thanks!

Leave a Reply

Your email address will not be published. Required fields are marked *