Use of Git

From OpenSSLWiki
Revision as of 00:49, 26 April 2014 by Trawick (talk | contribs) (stress git format-patch as the preferred way of creating patches to submit)
Jump to navigationJump to search

Note: This is a superset of the information at

Background information about using the Git distributed version control system

This page provides examples for some of the git commands used when accessing OpenSSL source code, but does not provide complete coverage.

  • Refer to the git man ages and for more complete instructions on using the command.
  • Refer to for more complete instructions on interacting with Github.

Use of Git with OpenSSL source tree

The OpenSSL group hosts its own Git repository at, and this contains the master copy of OpenSSL. You can browse this at;a=tree, or get a clone (checkout) of it with the command git clone git://

Contributors to OpenSSL should make use of the Github copy of this repository at Github makes it easy to maintain your own fork of OpenSSL for developing your contributions, as well as making a "pull request" to share fixes with the OpenSSL team when finished. Changes in the master Git repository are represented in the Github copy within minutes.

You can view existing pull requests against any of the branches at

Getting a copy of the OpenSSL source tree

If you want to quickly make a copy of the OpenSSL source tree and you do not plan to publish any changes for use by others, just create a clone on your own machine.

$ git clone

(Refer to Github documentation for instructions on other means of cloning the source tree.)

If you plan to make changes to the sources that you will share with others, including contributing changes to OpenSSL, it is recommended that you create a fork of the OpenSSL tree using your own Github id. You can use this to share changes with others whether or not you intend to submit changes to the OpenSSL team. Refer to the documentation at, in particular the discussion about how to track changes in the real OpenSSL repository that you forked.


The Git repositories contain multiple branches, representing development levels of OpenSSL as well as current and upcoming stable branches. An easy way to see the available branches is with the branch selector at The branches which are of most interest to most users are

  • master (development)
  • OpenSSL_1_0_2-stable (for the not-yet-released 1.0.2 series)
  • OpenSSL_1_0_1-stable
  • OpenSSL_1_0_0-stable

In order to access the code for a branch other than master, clone the Git repository then use the git checkout branchname command to switch to a different branch. Consider using separate checkouts for each branch you are working in, with appropriate names for each, such as in the following example.

$ git clone OpenSSL-master
$ git clone OpenSSL_1_0_2-stable
$ (cd OpenSSL_1_0_2-stable && git checkout OpenSSL_1_0_2-stable)
$ git clone OpenSSL_1_0_1-stable
$ (cd OpenSSL_1_0_2-stable && git checkout OpenSSL_1_0_1-stable)

If you've created your own fork of OpenSSL, replace the URL on the git clone command with the one for your fork. Also, you'll need to follow the instructions at for picking up changes from the master repository that you forked.

Making patches

Patches posted to OpenSSL development mailing lists or to the OpenSSL Request Tracker should be in Git format-patch format if at all practical, since that is easier for OpenSSL committers to apply since it contains author details.

The git format-patch documentation describes a lot of options. Here is an example of the most basic use.

  • You've been working on a particular OpenSSL branch within a Git clone of the source tree, and have made a couple of commits which you'd like to submit.
  • Print the log for those two commits and one more, the one before your commits:
$ git log -3
commit 46983b73e04b448cb6cd9ea180044753174dec6d
Author: Jeff Trawick <>
Date:   Fri Apr 25 20:25:19 2014 -0400


commit 1e20bdf6bad38d9766e6cf3e64d903a99f1d9a6b
Author: Jeff Trawick <>
Date:   Fri Apr 25 14:07:07 2014 -0400

    silly wording change

commit 3e124d66c8b66a48a824387b10768411a348f518
Author: Steve Marquess <>
Date:   Thu Apr 24 07:13:05 2014 -0400

    Add new sponsors
    (cherry picked from commit 351f0a124bffaa94d2a8abdec2e7dde5ae9c457d)
  • Create a patch from changes after the third commit (3e124d66c8b66a48a824387b10768411a348f518), and pipe it to a file instead of letting git create a bunch of .patch files in the current directory:
$ git format-patch 3e124d66c8b66a48a824387b10768411a348f518 --stdout >/tmp/FixWording.txt
$ cat /tmp/FixWording.txt 
From 1e20bdf6bad38d9766e6cf3e64d903a99f1d9a6b Mon Sep 17 00:00:00 2001
From: Jeff Trawick <>
Date: Fri, 25 Apr 2014 14:07:07 -0400
Subject: [PATCH 1/2] silly wording change

 apps/s_client.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/s_client.c b/apps/s_client.c
index 01f4f34..eeb2e77 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -323,7 +323,7 @@ static void sc_usage(void)
 	BIO_printf(bio_err," -host host     - use -connect instead\n");
 	BIO_printf(bio_err," -port port     - use -connect instead\n");
-	BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);
+	BIO_printf(bio_err," -connect host:port - what to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);
 	BIO_printf(bio_err," -checkhost host - check peer certificate matches \"host\"\n");
 	BIO_printf(bio_err," -checkemail email - check peer certificate matches \"email\"\n");
 	BIO_printf(bio_err," -checkip ipaddr - check peer certificate matches \"ipaddr\"\n");

From 46983b73e04b448cb6cd9ea180044753174dec6d Mon Sep 17 00:00:00 2001
From: Jeff Trawick <>
Date: Fri, 25 Apr 2014 20:25:19 -0400
Subject: [PATCH 2/2] spellcheck

 PROBLEMS | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/PROBLEMS b/PROBLEMS
index 3eaab01..86f1e6e 100644
@@ -41,13 +41,13 @@ passing -Wl,-search_paths_first, but it's unknown if the flag was
 supported from the initial MacOS X release.
-* Parallell make leads to errors
+* Parallel make leads to errors
-While running tests, running a parallell make is a bad idea.  Many test
+While running tests, running a parallel make is a bad idea.  Many test
 scripts use the same name for output and input files, which means different
 will interfere with each other and lead to test failure.
-The solution is simple for now: don't run parallell make when testing.
+The solution is simple for now: don't run parallel make when testing.
 * Bugs in gcc triggered

Plan B, if you can't get git format-patch to work for some reason, is to create another, unmodified clone of the OpenSSL code, switch it to the branch you're working in, then use diff -ru as follows:

$ diff -ru OpenSSL_1_0_2-stable-original OpenSSL_1_0_2-stable > /tmp/FixSClientUsage.txt

(These two directories were created with git clone OpenSSL_1_0_2-stable and git clone OpenSSL_1_0_2-stable-original, and each was switched to the desired branch with git checkout OpenSSL_1_0_2-stable.)

Double check that only the desired changes are in the patch file. Otherwise, you probably weren't testing with the most recent OpenSSL changes.

Sending patches via e-mail

Patches sent via e-mail should be in plain text attachments instead of being pasted into the e-mail body.

Making pull requests

After developing and testing changes to OpenSSL in your checkout (clone), push them to your fork of OpenSSL (git push), then use the Github interface to submit a pull request to the master OpenSSL repository for the particular revision(s).

(need to allude to other instructions about RT, right?)

Use of Git with the OpenSSL web site

The OpenSSL web site is also maintained in git, and can be browsed at;a=tree.

Unlike the source code, the OpenSSL web site repository is not copied to Github. You can only interact with it via, so it is not possible to submit pull requests.

Check it out as follows:

$ git clone git://

In order to submit corrections to the web site, create a patch as described above.

Only the master branch of the web site repository is used.