kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
3,457 Commits 12 Branches 0 Tags 38 MiB
C 43.1%
C++ 23.5%
Go 13.6%
Raku 10.8%
Perl 4%
Other 4.9%
75f9914e17
Go to file
David Benjamin 75f9914e17 Align TLS 1.2 and 1.3 server session validity checks. 
Having that logic in two different places is a nuisance when we go to
add new checks like resumption stuff. Along the way, this adds missing
tests for the ClientHello cipher/session consistency check. (We'll
eventually get it for free once the cipher/resumption change is
unblocked, but get this working in the meantime.)

This also fixes a bug where the session validity checks happened in the
wrong order relative to whether tickets_supported or renew_ticket was
looked at. Fix that by lifting that logic closer to the handshake.

Change-Id: I3f4b59cfe01064f9125277dc5834e62a36e64aae
Reviewed-on: https://boringssl-review.googlesource.com/12230
Reviewed-by: Adam Langley <agl@google.com>
2016-11-15 18:18:39 +00:00
.github Add a PULL_REQUEST_TEMPLATE. 2016-03-08 15:23:52 +00:00
crypto Remove bssl::Main wrapper in ec_test. 2016-11-15 18:06:51 +00:00
decrepit Fix up macros. 2016-10-18 18:28:23 +00:00
fuzz Refresh TLS fuzzer corpora. 2016-11-15 07:01:44 +00:00
include/openssl Add low-level p256-x86_64 tests. 2016-11-15 17:05:01 +00:00
infra/config Commit-Queue config: effectively remove Andorid builders. 2016-07-26 13:14:47 +00:00
ssl Align TLS 1.2 and 1.3 server session validity checks. 2016-11-15 18:18:39 +00:00
third_party/android-cmake Move android-cmake README to METADATA file. 2016-09-14 17:18:51 +00:00
tool Correctness fixes for NaCl and other platforms. 2016-11-09 19:06:10 +00:00
util Add low-level p256-x86_64 tests. 2016-11-15 17:05:01 +00:00
.clang-format Import `newhope' (post-quantum key exchange). 2016-04-26 22:53:59 +00:00
.gitignore Fix documentation generation on Windows. 2015-08-19 00:45:42 +00:00
API-CONVENTIONS.md Update API-CONVENTIONS.md for the new scopers. 2016-09-13 18:49:13 +00:00
BUILDING.md Allow .arch directives with Clang. 2016-08-26 17:45:49 +00:00
CMakeLists.txt More flexible detection of arm processors to fix cmake errors on armv6l and armv7l devices 2016-11-15 18:17:41 +00:00
codereview.settings No-op change to trigger the new Bazel bot. 2016-07-07 12:07:04 -07:00
CONTRIBUTING.md Add a CONTRIBUTING.md file. 2016-02-10 21:38:19 +00:00
FUZZING.md Add a script to refresh fuzzer corpora. 2016-11-15 07:01:34 +00:00
INCORPORATING.md Update links to Bazel's site. 2016-10-31 18:16:58 +00:00
LICENSE Add some bug references to the LICENSE file. 2016-02-22 20:16:48 +00:00
PORTING.md Add a note in PORTING to ask us before adding ifdefs. 2016-08-11 15:48:14 +00:00
README.md Add an API-CONVENTIONS.md document. 2016-08-04 23:27:49 +00:00
STYLE.md Clarify CBS/CBB with respect to high tag number form. 2016-08-26 17:48:48 +00:00

README.md

BoringSSL

BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.

Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.

Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.

BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.

Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the NDK) and a number of other apps/programs.

There are other files in this directory which might be helpful: