Dev news

Commit 22c0515669 for openssl.org

commit 22c05156694bc1dccb3d2b9ea4d4bffac3feddbb
Author: Tomas Mraz <tomas@openssl.org>
Date:   Wed Feb 18 15:09:37 2026 +0100

    ECH: Remove whitespace at EOL or EOF

    Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
    Reviewed-by: Paul Dale <paul.dale@oracle.com>
    Reviewed-by: Matt Caswell <matt@openssl.org>
    MergeDate: Fri Feb 20 10:11:21 2026
    (Merged from https://github.com/openssl/openssl/pull/30066)

diff --git a/doc/man3/SSL_set1_echstore.pod b/doc/man3/SSL_set1_echstore.pod
index 691ddfcf9d..0181b6ea8b 100644
--- a/doc/man3/SSL_set1_echstore.pod
+++ b/doc/man3/SSL_set1_echstore.pod
@@ -137,7 +137,7 @@ base64-encoded ECHConfigList in the I<in> B<BIO>. The latter function reads
 both from an ECH PEM file.  Those can be used (by servers) to enable ECH for an
 B<SSL_CTX> or B<SSL> connection. In addition to loading those values, the
 application can also indicate via I<for_retry> which ECHConfig values are to be
-included in the I<retry_configs> fallback scheme defined by the ECH protocol.
+included in the I<retry_configs> fallback scheme defined by the ECH protocol.

 An ECH PEM file may contain a private key and an ECHConfigList with more than
 one ECHConfig, for example if different public keys, I<public_name> values, or
diff --git a/test/recipes/30-test_ech_corrupt.t b/test/recipes/30-test_ech_corrupt.t
index 9bb11545c2..2c66b7aae1 100644
--- a/test/recipes/30-test_ech_corrupt.t
+++ b/test/recipes/30-test_ech_corrupt.t
@@ -13,7 +13,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file srctop_dir bldtop_dir bldtop_file/;

 setup("test_ech_corrupt");

-# Seeing tls1_2 below may be unexpected but we include a test case
+# Seeing tls1_2 below may be unexpected but we include a test case
 # where the inner CH is TLSv1.2 and the outer is TLSv1.3, but we
 # don't get the expected error in builds where TLSv1.2 is not supported
 # so we'll skip those
diff --git a/test/recipes/95-test_external_ech_bssl_data/ech_bssl_external.sh b/test/recipes/95-test_external_ech_bssl_data/ech_bssl_external.sh
index ba4451a0dd..343a2fce4b 100755
--- a/test/recipes/95-test_external_ech_bssl_data/ech_bssl_external.sh
+++ b/test/recipes/95-test_external_ech_bssl_data/ech_bssl_external.sh
@@ -96,6 +96,6 @@ echo "Running bssl s_client against localhost"
 rm -f $bechfile
 cat $resfile
 success=`grep -c "Encrypted ClientHello: yes" $resfile`
-rm -f $resfile
+rm -f $resfile
 # if success==1 we're good so exit with a zero for test success
 exit $((success != 1))
diff --git a/test/recipes/95-test_external_ech_nss_data/ech_nss_external.sh b/test/recipes/95-test_external_ech_nss_data/ech_nss_external.sh
index cf3648e93c..9dfc583079 100755
--- a/test/recipes/95-test_external_ech_nss_data/ech_nss_external.sh
+++ b/test/recipes/95-test_external_ech_nss_data/ech_nss_external.sh
@@ -98,7 +98,7 @@ fi
 if [ -f $LDIR/certutil ]
 then
     mkdir -p $SRCTOP/nss/ca
-	LD_LIBRARY_PATH=$NLIB $LDIR/certutil -A \
+    LD_LIBRARY_PATH=$NLIB $LDIR/certutil -A \
         -i $SRCTOP/test/certs/rootcert.pem \
         -n "oe" -t "CT,C,C" -d $SRCTOP/nss/ca/
 fi
@@ -126,7 +126,6 @@ ECH=`cat $ECHCONFIGFILE \
         | tail -n+2 | head -n+2 | tr -d '\n'`

 NSSPARAMS="-Q -4 -b -d $SRCTOP/nss/ca"
-LD_LIBRARY_PATH="$NLIB" $LDIR/tstclnt $NSSPARAMS -h localhost -p 8443 -a $httphost -N $ECH
+LD_LIBRARY_PATH="$NLIB" $LDIR/tstclnt $NSSPARAMS -h localhost -p 8443 -a $httphost -N $ECH
 res=$?
 exit $res
-
diff --git a/test/recipes/95-test_external_ech_nss_data/ech_nss_server_external.sh b/test/recipes/95-test_external_ech_nss_data/ech_nss_server_external.sh
index f6d296f4b7..2a9e499010 100755
--- a/test/recipes/95-test_external_ech_nss_data/ech_nss_server_external.sh
+++ b/test/recipes/95-test_external_ech_nss_data/ech_nss_server_external.sh
@@ -102,7 +102,7 @@ fi
 if [ ! -d $SRCTOP/nss/server ]
 then
     mkdir -p $SRCTOP/nss/server
-	LD_LIBRARY_PATH=$LLIB $LDIR/certutil -A \
+    LD_LIBRARY_PATH=$LLIB $LDIR/certutil -A \
         -i $SRCTOP/test/certs/rootcert.pem \
         -n "oe" -t "CT,C,C" -d $SRCTOP/nss/server/
     sillypass="sillypass"
@@ -111,8 +111,8 @@ then
         -in $SRCTOP/test/certs/echserver.pem \
         -password "pass:$sillypass"
     echo -n $sillypass >sillypassfile
-	LD_LIBRARY_PATH=$LLIB $LDIR/pk12util \
-        -i tmp.p12 -d $SRCTOP/nss/server -w sillypassfile
+    LD_LIBRARY_PATH=$LLIB $LDIR/pk12util \
+        -i tmp.p12 -d $SRCTOP/nss/server -w sillypassfile
     cat sillypassfile
     # rm -f sillypassfile tmp.p12
 fi
@@ -120,7 +120,7 @@ fi
 echo "   CWD:                $PWD"

 # Start an NSS server
-# We'll let the server generate the ECH key pair for now (see
+# We'll let the server generate the ECH key pair for now (see
 # below for why).

 # need to use ``stdbuf -o0`` so that we don't get buffering and