Google Git
Sign in
boringssl / boringssl.git / 439ce287f11c258153b85ebf45bacb6c5eac4911^! / .
commit439ce287f11c258153b85ebf45bacb6c5eac4911[log] [tgz]
authorBob Beck <bbe@google.com>Mon Nov 20 17:41:48 2023 -0700
committerBoringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>Tue Nov 21 22:42:28 2023 +0000
treec59ad1ec8a4358467c7906f1ecbefd2cd2c75c3a
parent71fb2a4e0790d9a092d5344dbf692d1cf136119b [diff]
Update README.md

Change-Id: Ifc0c3cdec56ff9d50b49da3484bb6c34b32b7b97
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/64087
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: Bob Beck <bbe@google.com>

diff --git a/pki/README.md b/pki/README.md
index e7eaec4..7fc7432 100644
--- a/pki/README.md
+++ b/pki/README.md

@@ -3,30 +3,11 @@
 This directory and library should be considered experimental and should not be
 depended upon not to change without notice.  You should not use this.
 
-It contains an extracted and modified copy of chrome's certificate
-verifier core logic.
-
-It is for the moment, intended to be synchronized from a checkout of chrome's
-head with the IMPORT script run in this directory. The eventual goal is to
-make both chrome and google3 consume this.
+It contains chrome's certificate verifier core logic as used by chrome.
 
 ## Current status:
- * Some of the Path Builder tests depending on chrome testing classes and
-   SavedUserData are disabled. These probably need either a mimicing
-   SaveUserData class here, or be pulled out into chrome only.
- * This contains a copy of der as bssl:der - a consideration for
-   re-integrating with chromium. the encode_values part of der does not include
-   the base::time or absl::time based stuff as they are not used within the
-   library, this should probably be split out for chrome, or chrome's der could
-   be modified (along with this one and eventually merged together) to not use
-   base::time for encoding GeneralizedTimes, but rather use boringssl posix
-   times as does the rest of this library.
- * The Name Constraint limitation code is modified to remove clamped_math
-   and mimic BoringSSL's overall limits - Some of the tests that test
-   for specific edge cases for chrome's limits have been disabled. The
-   tests need to be changed to reflect the overall limit, or ignored
-   and we make name constraints subquadratic and stop caring about this.
- * Fuzzer targets are not yet hooked up.
- 
-
-
+ * Currently chrome uses this code via private API from within this directory.
+ * At the moment there is no public API for these functions, as mentioned above
+   if you make use of this you do so at your own risk and your code may be broken
+   by API change at any time.
+ * Public API will be forthcoming.