Google Git
Sign in
boringssl / boringssl.git / 751d1a1c22631b506b3e9bab8ca7fd8bcc1f8edb
commit751d1a1c22631b506b3e9bab8ca7fd8bcc1f8edb[log] [tgz]
authorDavid Benjamin <davidben@google.com>Mon Sep 25 13:37:30 2017 -0400
committerCQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>Tue Oct 10 03:07:57 2017 +0000
treec96c634f34c01f06ac5f160075e1ad1fc792e0e6
parente52f4c46421b57c1ff4a378136ba32ae8bd3d5d9 [diff]
Fold ssl_open_record_fatal_alert into ssl_open_record_error.

The only difference is whether there's an alert to send back, but we'll
need to allow an "error without alert" in several cases anyway:

1. If the server sees an HTTP request or garbage instead of a
   ClientHello, it shouldn't send an alert.

2. Resurfaced errors.

Just make zero signal no alert for now. Later on, I'm thinking we might
just want to put the alert into the outgoing buffer and make it further
uniform.

This also gives us only one error state to keep track of rather than
two.

Bug: 206
Change-Id: Ia821d9f89abd2ca6010e8851220d4e070bc42fa1
Reviewed-on: https://boringssl-review.googlesource.com/21286
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Steven Valdez <svaldez@google.com>
5 files changed
tree: c96c634f34c01f06ac5f160075e1ad1fc792e0e6
  1. .github/
  2. crypto/
  3. decrepit/
  4. fipstools/
  5. fuzz/
  6. include/
  7. infra/
  8. ssl/
  9. third_party/
  10. tool/
  11. util/
  12. .clang-format
  13. .gitignore
  14. API-CONVENTIONS.md
  15. BUILDING.md
  16. CMakeLists.txt
  17. codereview.settings
  18. CONTRIBUTING.md
  19. FUZZING.md
  20. INCORPORATING.md
  21. LICENSE
  22. PORTING.md
  23. README.md
  24. sources.cmake
  25. STYLE.md
README.md

BoringSSL

BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.

Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.

Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.

BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.

Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the NDK) and a number of other apps/programs.

There are other files in this directory which might be helpful: