Google Git
Sign in
boringssl / boringssl / 8a0da669a08b6c6b805fd7ec9d1e67694fda3711
commit8a0da669a08b6c6b805fd7ec9d1e67694fda3711[log] [tgz]
authorDavid Benjamin <davidben@google.com>Fri May 10 10:36:29 2024 -0700
committerBoringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>Fri May 10 18:37:19 2024 +0000
treed770185af86dc55efed0e5e4deffc78caf5bd12e
parent4d50a595b49a2e7b7017060a4d402c4ee9fe28a2 [diff]
Remove X509_STORE_set_get_crl and X509_STORE_set_check_crl

gRPC is no longer using these, so remove them. They were impossible to
use correctly and are the cause of weird statefulness around
ctx->error_depth.

Once this CL sticks, we can follow up and clean up this a code a bit.

Update-Note: Some unused (and unusable) callbacks were removed.
Bug: 674
Change-Id: I8109dd6555d2ca056447c1b4f0aa28abe7af81b9
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/68387
Auto-Submit: David Benjamin <davidben@google.com>
Commit-Queue: Bob Beck <bbe@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
4 files changed
tree: d770185af86dc55efed0e5e4deffc78caf5bd12e
  1. .github/
  2. cmake/
  3. crypto/
  4. decrepit/
  5. fuzz/
  6. gen/
  7. include/
  8. pki/
  9. rust/
  10. ssl/
  11. third_party/
  12. tool/
  13. util/
  14. .bazelignore
  15. .bazelrc
  16. .clang-format
  17. .gitignore
  18. API-CONVENTIONS.md
  19. BREAKING-CHANGES.md
  20. BUILD.bazel
  21. build.json
  22. BUILDING.md
  23. CMakeLists.txt
  24. codereview.settings
  25. CONTRIBUTING.md
  26. FUZZING.md
  27. go.mod
  28. go.sum
  29. INCORPORATING.md
  30. LICENSE
  31. MODULE.bazel
  32. MODULE.bazel.lock
  33. PORTING.md
  34. PrivacyInfo.xcprivacy
  35. README.md
  36. SANDBOXING.md
  37. STYLE.md
README.md

BoringSSL

BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.

Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.

Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.

BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.

Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the NDK) and a number of other apps/programs.

Project links:

There are other files in this directory which might be helpful: