Google Git
Sign in
boringssl / boringssl / 83824d298cf2272a265c44336a493c76d843b93a
commit83824d298cf2272a265c44336a493c76d843b93a[log] [tgz]
authorDavid Benjamin <davidben@google.com>Sun Sep 22 13:35:09 2024 -0400
committerBoringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>Tue Sep 24 01:55:56 2024 +0000
tree83f4b7311d1838e9ecf1b845e309bafe60958126
parent16ce213a1765f575591c225b67c6b59704a2baec [diff]
Move ssl->version to ssl->s3->version

The version is not user configuration but a property of the connection
that we learn partway during the handshake. That state needs to be
reset on SSL_clear, so it's cleaner to implement this by just making it
naturally reset as part of getting a new ssl->s3. (That really should
just be called SSLConnection or something and be a common interface
between TLS and DTLS, but we'll get to that one later.)

Change-Id: I6eaa4ab1df5cbc6569732ed2aa01d84900410080
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/71530
Reviewed-by: Nick Harper <nharper@chromium.org>
Commit-Queue: David Benjamin <davidben@google.com>
12 files changed
tree: 83f4b7311d1838e9ecf1b845e309bafe60958126
  1. .bcr/
  2. .github/
  3. cmake/
  4. crypto/
  5. decrepit/
  6. docs/
  7. fuzz/
  8. gen/
  9. include/
  10. pki/
  11. rust/
  12. ssl/
  13. third_party/
  14. tool/
  15. util/
  16. .bazelignore
  17. .bazelrc
  18. .clang-format
  19. .gitignore
  20. API-CONVENTIONS.md
  21. BREAKING-CHANGES.md
  22. BUILD.bazel
  23. build.json
  24. BUILDING.md
  25. CMakeLists.txt
  26. codereview.settings
  27. CONTRIBUTING.md
  28. FUZZING.md
  29. go.mod
  30. go.sum
  31. INCORPORATING.md
  32. LICENSE
  33. MODULE.bazel
  34. MODULE.bazel.lock
  35. PORTING.md
  36. PrivacyInfo.xcprivacy
  37. README.md
  38. SANDBOXING.md
  39. STYLE.md
README.md

BoringSSL

BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.

Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.

Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.

BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.

Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the NDK) and a number of other apps/programs.

Project links:

To file a security issue, use the Chromium process and mention in the report this is for BoringSSL. You can ignore the parts of the process that are specific to Chromium/Chrome.

There are other files in this directory which might be helpful: