|author||David Benjamin <firstname.lastname@example.org>||Wed Jul 29 16:43:25 2020 -0400|
|committer||CQ bot account: email@example.com <firstname.lastname@example.org>||Wed Jul 29 21:19:25 2020 +0000|
Fix the naming of alert error codes. Reason codes 1000+N correspond to receiving an alert N from the peer, rather than observing the corresponding error condition locally. This has generally been a source of confusion for folks. They were originally named like SSL_R_TLSV1_ALERT_DECRYPTION_FAILED, but OpenSSL introduced a few without the "ALERT" token in 739a543ea863682f157e9aa0ee382367eb3d187c. We then inadvertently carried the mistake over in SSL_R_TLSV1_UNKNOWN_PSK_IDENTITY and SSL_R_TLSV1_CERTIFICATE_REQUIRED. Fix all these to include the "ALERT" for consistency and make it slightly less confusing. (Although perhaps it should have been RECEIVED_ALERT or so.) Add compatibility #defines for the original OpenSSL ones and SSL_R_TLSV1_CERTIFICATE_REQUIRED. The latter can be removed when downstream code is fixed. The OpenSSL ones we'll probably just leave around. Update-Note: The renamed alerts will log slightly different strings, but the constants used by external code are still there. Bug: 366 Change-Id: I30c299c4ad4b2bed695bd71d0831fbe6755975a7 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/42384 Reviewed-by: Adam Langley <email@example.com> Commit-Queue: David Benjamin <firstname.lastname@example.org>
BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.
Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.
Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.
BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.
Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the NDK) and a number of other apps/programs.
There are other files in this directory which might be helpful: