Remove old Strawberry Perl workaround This removal is not because the underlying issue is fixed. Strawberry Perl seems uninterested in fixing this.[1] However, our workaround seems to have had some other consequences (https://crbug.com/525786169), and Perl is less hard of a requirement for us now. You still need Perl to modify parts of BoringSSL, but building BoringSSL no longer needs Perl. Given that, it is probably simplest to just stay out of the business of overwriting CMake, even if CMake gets it wrong as as result of Strawberry Perl's misbehavior. Instead, we update the documentation to: - Remove mention of ActiveState Perl or MSYS Perl. ActiveState Perl seems to require an account to download now[2]. Despite the misbehavior, perl.org points to Strawberry Perl, so let's stick to just one recommended configuration. - Recommend the portable zip of Strawberry Perl, not the MSI installer. That doesn't mess with PATH. Otherwise, leave fixing the environment to the person setting up the environment. Strawberry Perl's misbehavior seems to have all kinds of side effects, so likely our workaround wasn't sufficient for more complicated setups anyway. E.g. see [3] and [4]. Though [3] is a little worrisome. It's possible some folks' CIs will need to start passing CMAKE_IGNORE_PATH. Update-Note: BoringSSL no longer works around Strawberry Perl for you. Let us know if it turns out your setup was relying on it. [1] https://github.com/StrawberryPerl/Perl-Dist-Strawberry/issues/11 [2] https://www.reddit.com/r/perl/comments/d9gctx/activeperl_is_dead_to_me/ [3] https://github.com/actions/runner-images/issues/6627 [4] https://gitlab.kitware.com/cmake/cmake/-/work_items/23975 Fixed: 525786169 Change-Id: Ia3c9e3885e095af6fb9df15bf49a00a163d8dd51 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/97767 Auto-Submit: David Benjamin <davidben@google.com> Presubmit-BoringSSL-Verified: boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com>
BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.
Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.
Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.
BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.
Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the NDK) and a number of other apps/programs.
Project links:
To file a security issue, use the Chromium process and mention in the report this is for BoringSSL. You can ignore the parts of the process that are specific to Chromium/Chrome.
There are other files in this directory which might be helpful: