Google Git
Sign in
boringssl / boringssl.git / 12709db3558352c3de60a3ab0e761b9609d2b4e2
commit12709db3558352c3de60a3ab0e761b9609d2b4e2[log] [tgz]
authorDavid Benjamin <davidben@google.com>Fri Feb 17 13:51:50 2017 -0500
committerCQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>Fri Feb 17 19:49:59 2017 +0000
tree95b5b5c4edfbc0e61ed78ed30386f6a637e23057
parentc92f29dcc5e1e4f74fdcbcff0ca26db84b606b63 [diff]
Stop reporting SSL_R_SHUTDOWN_WHILE_IN_INIT.

This effectively reverts b9824e241746d70d985d1004078b5bad0ad9a75b. This
error seems to have mostly just caused confusion in logs and the
occasional bug around failing to ERR_clear_error. Consumers tend to
blindly call SSL_shutdown when tearing down an SSL (to avoid
invalidating sessions). This means handshake failures trigger two
errors, which is screwy.

Go back to the old behavior where SSL_shutdown while SSL_in_init
silently succeeds.

Change-Id: I1fcfc92d481b97c840847dc39afe59679cd995f2
Reviewed-on: https://boringssl-review.googlesource.com/13909
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
1 file changed
tree: 95b5b5c4edfbc0e61ed78ed30386f6a637e23057
  1. .github/
  2. crypto/
  3. decrepit/
  4. fuzz/
  5. include/
  6. infra/
  7. ssl/
  8. third_party/
  9. tool/
  10. util/
  11. .clang-format
  12. .gitignore
  13. API-CONVENTIONS.md
  14. BUILDING.md
  15. CMakeLists.txt
  16. codereview.settings
  17. CONTRIBUTING.md
  18. FUZZING.md
  19. INCORPORATING.md
  20. LICENSE
  21. PORTING.md
  22. README.md
  23. STYLE.md
README.md

BoringSSL

BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.

Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.

Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.

BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.

Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the NDK) and a number of other apps/programs.

There are other files in this directory which might be helpful: