Use of Git

From OpenSSLWiki
Revision as of 18:20, 25 April 2014 by Trawick (talk | contribs) (expand section on creating patches)
Jump to navigationJump to search

Note: This is a superset of the information at

Background information about using the Git distributed version control system

The following information provides examples for some of the git commands used when accessing OpenSSL source code.

  • Refer to the git man ages and for more complete instructions on using the command.
  • Refer to for more complete instructions on interacting with Github.

Use of Git with OpenSSL source tree

The OpenSSL group hosts its own Git repository at, and this contains the master copy of OpenSSL. You can browse this at;a=tree, or get a clone (checkout) of it with the command git clone git://

Contributors to OpenSSL should make use of the Github copy of this repository at Github makes it easy to maintain your own fork of OpenSSL for developing your contributions, as well as making a "pull request" to share fixes with the OpenSSL team when finished. Changes in the master Git repository are represented in the Github copy within minutes.

You can view existing pull requests against any of the branches at

Getting a copy of the OpenSSL source tree

If you want to quickly make a copy of the OpenSSL source tree and you do not plan to publish any changes for use by others, just create a clone on your own machine.

$ git clone

(Refer to Github documentation for instructions on other means of cloning the source tree.)

If you plan to make changes to the sources that you will share with others, including contributing changes to OpenSSL, it is recommended that you create a fork of the OpenSSL tree using your own Github id. You can use this to share changes with others whether or not you intend to submit changes to the OpenSSL team. Refer to the documentation at, in particular the discussion about how to track changes in the real OpenSSL repository that you forked.


The Git repositories contain multiple branches, representing development levels of OpenSSL as well as current and upcoming stable branches. An easy way to see the available branches is with the branch selector at The branches which are of most interest to most users are

  • master (development)
  • OpenSSL_1_0_2-stable (for the not-yet-released 1.0.2 series)
  • OpenSSL_1_0_1-stable
  • OpenSSL_1_0_0-stable

In order to access the code for a branch other than master, clone the Git repository then use the git checkout branchname command to switch to a different branch. Consider using separate checkouts for each branch you are working in, with appropriate names for each, such as in the following example.

$ git clone OpenSSL-master
$ git clone OpenSSL_1_0_2-stable
$ (cd OpenSSL_1_0_2-stable && git checkout OpenSSL_1_0_2-stable)
$ git clone OpenSSL_1_0_1-stable
$ (cd OpenSSL_1_0_2-stable && git checkout OpenSSL_1_0_1-stable)

If you've created your own fork of OpenSSL, replace the URL on the git clone command with the one for your fork. Also, you'll need to follow the instructions at for picking up changes from the master repository that you forked.

Making patches

Patches posted to OpenSSL development mailing lists or to the OpenSSL Request Tracker should be in unified diff format, showing the differences compared with the latest OpenSSL code from that branch.

For an uncommitted change in your up-to-date clone, that could be as simple as

$ git diff -u > /tmp/FixSClientUsage.txt
$ cat /tmp/FixSClientUsage.txt
diff --git a/apps/s_client.c b/apps/s_client.c
index 01f4f34..eeb2e77 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -323,7 +323,7 @@ static void sc_usage(void)
        BIO_printf(bio_err," -host host     - use -connect instead\n");
        BIO_printf(bio_err," -port port     - use -connect instead\n");
-       BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);
+       BIO_printf(bio_err," -connect host:port - what to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);
        BIO_printf(bio_err," -checkhost host - check peer certificate matches \"host\"\n");
        BIO_printf(bio_err," -checkemail email - check peer certificate matches \"email\"\n");
        BIO_printf(bio_err," -checkip ipaddr - check peer certificate matches \"ipaddr\"\n");

If it has been committed already, you can find the change in the output of git log -p.

If multiple commits to your clone comprise a change that you want to submit, it may be easiest to get another, unmodified clone of the OpenSSL code, then use diff -ru as follows:

$ git diff -ru OpenSSL_1_0_2-stable-original OpenSSL_1_0_2-stable > /tmp/FixSClientUsage.txt

(These two directories were created with git clone OpenSSL_1_0_2-stable and git clone OpenSSL_1_0_2-stable-original, and each was switched to the desired branch with git checkout OpenSSL_1_0_2-stable.)

Double check that only the desired changes are in the patch file. Otherwise, you probably weren't testing with the most recent OpenSSL changes.

Sending patches via e-mail

Patches sent via e-mail should be in plain text attachments instead of being pasted into the e-mail body.

Making pull requests

After developing and testing changes to OpenSSL in your checkout (clone), push them to your fork of OpenSSL (git push), then use the Github interface to submit a pull request to the master OpenSSL repository for the particular revision(s).

(need to allude to other instructions about RT, right?)

Use of Git with the OpenSSL web site

The OpenSSL web site is also maintained in git, and can be browsed at;a=tree.

Unlike the source code, the OpenSSL web site repository is not copied to Github. You can only interact with it via, so it is not possible to submit pull requests.

Check it out as follows:

$ git clone git://

In order to submit corrections to the web site, create a patch as described above.

Only the master branch of the web site repository is used.