Google Git
Sign in
boringssl / boringssl.git / d9b81bb43a24b3adb6e8a616a4828e1bad89c486
commitd9b81bb43a24b3adb6e8a616a4828e1bad89c486[log] [tgz]
authorDavid Benjamin <davidben@google.com>Sat Nov 18 19:48:21 2023 -0500
committerBoringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>Mon Nov 27 17:15:37 2023 +0000
tree829b78d1efc024a01693da184f7d24a6558c0dc5
parentc2b7df5850398dc7c73146c07f6eed95dd363a48 [diff]
Unexport various unused X509_OBJECT and X509_LOOKUP functions.

Some things of note:

- Anyone calling X509_OBJECT_up_ref_count is breaking X509_OBJECT's
  internal invariants, or relying on someone else handing back an
  X509_OBJECT with broken invariants.

- X509_LOOKUP_by_subject hands back an X509_OBJECT with broken internal
  invariants. Fortunately, it is never called, so unexport it as a the
  first step to cleaning this up.

Change-Id: Ia67693f802671cf857bf51aec6e20f27d1525212
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/64130
Auto-Submit: David Benjamin <davidben@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
2 files changed
tree: 829b78d1efc024a01693da184f7d24a6558c0dc5
  1. .github/
  2. cmake/
  3. crypto/
  4. decrepit/
  5. fuzz/
  6. include/
  7. pki/
  8. rust/
  9. ssl/
  10. third_party/
  11. tool/
  12. util/
  13. .clang-format
  14. .gitignore
  15. API-CONVENTIONS.md
  16. BREAKING-CHANGES.md
  17. BUILDING.md
  18. CMakeLists.txt
  19. codereview.settings
  20. CONTRIBUTING.md
  21. FUZZING.md
  22. go.mod
  23. go.sum
  24. INCORPORATING.md
  25. LICENSE
  26. PORTING.md
  27. README.md
  28. SANDBOXING.md
  29. sources.cmake
  30. STYLE.md
README.md

BoringSSL

BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.

Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.

Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.

BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.

Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the NDK) and a number of other apps/programs.

Project links:

There are other files in this directory which might be helpful: