Google Git
Sign in
boringssl/boringssl.git/cc55e9fe9062dde8277ef675106666e27526d271
commit
cc55e9fe9062dde8277ef675106666e27526d271
[log] [tgz]
author
David Benjamin <davidben@google.com>
Tue Feb 17 14:15:20 2026 -0500
committer
Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>
Wed Mar 04 14:08:43 2026 -0800
tree
bc102ae9d6a2da3a8a7c8aaee840f42d3f58f191
parent
c5fbe07583f571d143fb560fa92cac3f42e9f826 [diff]
Handle an API edge case with PSKs and client certificates

If a client is configured to accept PSKs or server certificates, the
server may authenticate with a certificate and then request a client
certificate.

The client may then wish to decline to send a client certificate. We
normally express this with an empty credential list. But such a client
cannot have an empty credential list because it contains PSKs.

Due to the order of protocol decisions, the client's credential list is
effectively two credential lists: a set of "non-certificate" credentials
(PSKs, PAKEs), which can pick non-certificate modes, and then a set of
"certificate" credentials. We only care if the second one is empty. In
other words, skip over PSK/PAKE credentials when evaluating emptiness.

They're still one combined list because, on the server, the choice is
made at the same time and having one combined list is helpful to express
an ordering.

(For this purpose, a raw public key is a certificate credential.)

Bug: 369963041
Change-Id: If7b06e2bd347a187499a8621eb692c4a87c5dbf6
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/89567
Reviewed-by: Lily Chen <chlily@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
3 files changed
tree: bc102ae9d6a2da3a8a7c8aaee840f42d3f58f191
  1. .bcr/
  2. .github/
  3. bench/
  4. cmake/
  5. crypto/
  6. decrepit/
  7. docs/
  8. fuzz/
  9. gen/
  10. include/
  11. infra/
  12. pki/
  13. rust/
  14. ssl/
  15. third_party/
  16. tool/
  17. util/
  18. .bazelignore
  19. .bazelrc
  20. .bazelversion
  21. .clang-format
  22. .clang-format-ignore
  23. .gitignore
  24. API-CONVENTIONS.md
  25. AUTHORS
  26. BREAKING-CHANGES.md
  27. BUILD.bazel
  28. build.json
  29. BUILDING.md
  30. CMakeLists.txt
  31. codereview.settings
  32. CONTRIBUTING.md
  33. FUZZING.md
  34. go.mod
  35. go.sum
  36. INCORPORATING.md
  37. LICENSE
  38. MODULE.bazel
  39. MODULE.bazel.lock
  40. PORTING.md
  41. PRESUBMIT.py
  42. PrivacyInfo.xcprivacy
  43. README.md
  44. SANDBOXING.md
  45. SECURITY.md
  46. STYLE.md
README.md

BoringSSL

BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.

Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.

Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.

BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.

Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the NDK) and a number of other apps/programs.

Project links:

To file a security issue, use the Chromium process and mention in the report this is for BoringSSL. You can ignore the parts of the process that are specific to Chromium/Chrome.

There are other files in this directory which might be helpful: