doc: update maintaining-openssl.md for openssl

Update the instructions for maintaining OpenSSL in the Node.js source
tree to reflect switching back from the quictls fork of OpenSSL back
to official OpenSSL.

Author: richardlau

.github/workflows/update-openssl.yml

@@ -35,7 +35,7 @@ jobs:
           author: Node.js GitHub Bot <[email protected]>
           body: This is an automated update of OpenSSL to ${{ env.NEW_VERSION }}.
           branch: actions/tools-update-openssl  # Custom branch *just* for this Action.
-          commit-message: 'deps: upgrade openssl sources to quictls/openssl-${{ env.NEW_VERSION }}'
+          commit-message: 'deps: upgrade openssl sources to openssl-${{ env.NEW_VERSION }}'
           labels: dependencies, openssl
           title: 'deps: update OpenSSL to ${{ env.NEW_VERSION }}'
           path: deps/openssl

doc/contributing/maintaining/maintaining-openssl.md

@@ -4,28 +4,6 @@ OpenSSL is automatically updated by the [update-openssl-action][].
 There is also a script in `tools/dep_updaters` that can be used to update it.
 This document describes how to manually update `deps/openssl/`.
 
-If you need to provide updates across all active release lines you will
-currently need to generate four PRs as follows:
-
-* a PR for `main` which is generated following the instructions
-  below for OpenSSL 3.x.x.
-* a PR for 18.x following the instructions in the v18.x-staging version
-  of this guide.
-* a PR for 16.x following the instructions in the v16.x-staging version
-  of this guide.
-
-## Use of the quictls/openssl fork
-
-Node.js currently uses the quictls/openssl fork, which closely tracks
-the main openssl/openssl releases with the addition of APIs to support
-the QUIC protocol.
-
-Details on the fork, as well as the latest sources, can be found at
-<https://github.com/quictls/openssl>.
-
-Branches are used per OpenSSL version (for instance,
-<https://github.com/quictls/openssl/tree/OpenSSL_1_1_1j+quic>).
-
 ## Requirements
 
 * Linux environment.
@@ -52,35 +30,33 @@ NASM version 2.11.08
 
 ## 1. Obtain and extract new OpenSSL sources
 
-Get a new source from <https://github.com/quictls/openssl/tree/openssl-3.0.5+quic>
+Get a new source from <https://github.com/openssl/openssl/tree/openssl-3.0.16>
 and copy all files into `deps/openssl/openssl`. Then add all files and commit
 them. (The link above, and the branch, will change with each new OpenSSL
 release).
 
-### OpenSSL 3.x.x
-
 ```bash
-git clone https://github.com/quictls/openssl
+git clone https://github.com/openssl/openssl
 cd openssl
 cd ../node/deps/openssl
 rm -rf openssl
 cp -R ../../../openssl openssl
-rm -rf openssl/.git* openssl/.travis*
+rm -rf openssl/.git*
 git add --all openssl
 git commit openssl
 ```
 
 ```text
-deps: upgrade openssl sources to quictls/openssl-3.0.5+quic
+deps: upgrade openssl sources to openssl-3.0.16
 
 This updates all sources in deps/openssl/openssl by:
-    $ git clone [email protected]:quictls/openssl.git
+    $ git clone [email protected]:openssl/openssl.git
     $ cd openssl
-    $ git checkout openssl-3.0.5+quic
+    $ git checkout openssl-3.0.16
     $ cd ../node/deps/openssl
     $ rm -rf openssl
     $ cp -R ../../../openssl openssl
-    $ rm -rf openssl/.git* openssl/.travis*
+    $ rm -rf openssl/.git*
     $ git add --all openssl
     $ git commit openssl
 ```
@@ -99,7 +75,8 @@ make -C deps/openssl/config clean
 make -C deps/openssl/config
 ```
 
-**Note**: If the 32-bit Windows is failing to compile run this workflow instead:
+Fix up 32-bit Windows assembler directives. This will allow the commits to be
+cherry-picked to older release lines that still provide binaries on 32-bit Windows.
 
 ```bash
 make -C deps/openssl/config clean
@@ -140,10 +117,8 @@ git commit
 The commit message can be written as (with the openssl version set
 to the relevant value):
 
-### OpenSSL 3.x.x
-
 ```text
-deps: update archs files for quictls/openssl-3.0.5+quic
+deps: update archs files for openssl-3.0.16
 
 After an OpenSSL source update, all the config files need to be
 regenerated and committed by: