[openssl-project] Current status of our release criteria

Matt Caswell matt at openssl.org
Mon Sep 3 16:54:52 UTC 2018

We are currently 1 week away from release, so I've assessed the release
criteria below.

TL;DR summary: Mostly we are green but we have 9 outstanding PRs to get
closed. There are specific questions/actions for the following people below:
All of OMC (for #7014)

All of the following release criteria are either met, or are currently

- Clean builds in Travis and Appveyor for two days

- run-checker.sh to be showing as clean 2 days before release

- No open Coverity issues (not flagged as "False Positive" or "Ignore")

- TLSv1.3 RFC published (with at least one beta release after the

The only criterion not currently met is this one:

- All open github issues/PRs older than 2 weeks at the time of release
to be assessed for relevance to 1.1.1. Any flagged with the 1.1.1
milestone to be closed

I have been through all new Issues/PRs raised that had not been assessed
for relevance to 1.1.1 and have done that assessment. There are
currently 9 outstanding PRs that are considered release blockers.

2 of the 9 PRs have the "ready" label:
#7028 (@levitte) and #6972 (@paulidale)

3 are "active" having been raised in the last 24 hours:
#7095, #7097, #7099

The remaining 4 are all awaiting sign off:

#6757: Add support for setting SM2 id field

Hold label has been applied and there seems to be confusion in the specs
about whether UIDs are required and whether a default UID should be
applied. I'm worried about this one. @t-j-h has been looking into this.

#6944: Ignore EPIPE when sending NewSessionTickets in TLSv1.3

Updates applied following review. Awaiting further feedback from @t-j-h

#7058: Process handshake messages after we've send a shutdown

Awaiting updates from @kroeckx...Kurt will you able to do that soon? Or
alternatively (if you prefer) I can take this one over.

#7073: Support EdDSA in apps/speed

Awaiting review...anyone?

There are also 6 release blocking issues. Of those 6 issues, 5 of them
are fixed by one of the 9 PRs. There is 1 with no associated PR:

#7014: TLSv1.2 SNI hostname works in 1.1.0h, not in 1.1.1 master (as of 18

Ben has asked for input from the OMC on this one


More information about the openssl-project mailing list