Google Git
Sign in
boringssl / boringssl / 273a920f84e8b0b258737cea0f2f24627e8c5ed9
commit273a920f84e8b0b258737cea0f2f24627e8c5ed9[log] [tgz]
authorRoland Shoemaker <bracewell@google.com>Thu May 23 08:50:41 2024 -0700
committerBoringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>Thu May 23 17:35:54 2024 +0000
tree3f36a86beb714804a45fc5a88c628eaf6b4d3bf6
parent9f7f4d033b03ae1b6e7b69c9e3bfb368f06a887d [diff]
More ECH certificates

In the rejection tests, make sure the certificate served matches the
public name in the ECH config, so shims which verify the returned
certificate can make sure they are using the right name.

Previously there was a mismatch where the name to be verified was
public.example, but the certificate returned was valid for "test".

Change-Id: I511415431e01c9a83766c633cf11c34f0fa93058
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/68727
Auto-Submit: Roland Shoemaker <bracewell@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
1 file changed
tree: 3f36a86beb714804a45fc5a88c628eaf6b4d3bf6
  1. .github/
  2. cmake/
  3. crypto/
  4. decrepit/
  5. fuzz/
  6. gen/
  7. include/
  8. pki/
  9. rust/
  10. ssl/
  11. third_party/
  12. tool/
  13. util/
  14. .bazelignore
  15. .bazelrc
  16. .clang-format
  17. .gitignore
  18. API-CONVENTIONS.md
  19. BREAKING-CHANGES.md
  20. BUILD.bazel
  21. build.json
  22. BUILDING.md
  23. CMakeLists.txt
  24. codereview.settings
  25. CONTRIBUTING.md
  26. FUZZING.md
  27. go.mod
  28. go.sum
  29. INCORPORATING.md
  30. LICENSE
  31. MODULE.bazel
  32. MODULE.bazel.lock
  33. PORTING.md
  34. PrivacyInfo.xcprivacy
  35. README.md
  36. SANDBOXING.md
  37. STYLE.md
README.md

BoringSSL

BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.

Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.

Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.

BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.

Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the NDK) and a number of other apps/programs.

Project links:

There are other files in this directory which might be helpful: