Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

first pass at porting to boringssl #276

Closed
wants to merge 1 commit into from
Closed

first pass at porting to boringssl #276

wants to merge 1 commit into from

Conversation

doramatadora
Copy link

No description provided.

@doramatadora doramatadora closed this by deleting the head repository Feb 7, 2023
@Firstyear
Copy link
Member

Hi there, we aren't interested to swap away from openssl to boringssl. We have requirements that make it necessary. boringssl could be an alternate feature version however, but I think it's something that should be raised as an issue an discussed first to work out what your requirements are. Thanks!

@micolous
Copy link
Collaborator

micolous commented Feb 12, 2023

I'll also mention the warning in BoringSSL's readme:

BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.

Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. (emphasis added) Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.

While it looks like this uses Cloudflare's Rust bindings (that pin a specific version of BoringSSL), that's currently a commit of BoringSSL from September 2021 (see also cloudflare/boring#92 and cloudflare/boring#100).

There are also BoringSSL Rust bindings from BoringSSL itself (bssl-sys) which are a slightly newer target, but still subject to the same issue of BoringSSL having no stable API or proper "releases", because of the way Google manages its source repository ("trunk-based development").

BoringSSL is an artefact of how Google internally manages third-party software which just happens to be exported publicly. It's not intended as "because it's from Google it must be better than OpenSSL for non-Google projects".

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants