-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
initial BoringSSL harness #315
base: main
Are you sure you want to change the base?
Conversation
Signed-off-by: William Woodruff <[email protected]>
No regressions found. |
TIL, I'll look into using that (I did it the lazy way to start by just adapting the existing OpenSSL harness). |
I might be missing it, but I don't see a newer validator in BoringSSL's X.509 APIs.
// Legacy X.509 library.
//
// This header is part of OpenSSL's X.509 implementation. It is retained for
// compatibility but should not be used by new code. The functions are difficult
// to use correctly, and have buggy or non-standard behaviors. They are thus
// particularly prone to behavior changes and API removals, as BoringSSL
// iterates on these issues.
//
// In the future, a replacement library will be available. Meanwhile, minimize
// dependencies on this header where possible. |
… On Fri, Aug 2, 2024 at 11:06 AM William Woodruff ***@***.***> wrote:
I might be missing it, but I don't see a newer validator in BoringSSL's
X.509 APIs.
x509.h has this note:
// Legacy X.509 library.//// This header is part of OpenSSL's X.509 implementation. It is retained for// compatibility but should not be used by new code. The functions are difficult// to use correctly, and have buggy or non-standard behaviors. They are thus// particularly prone to behavior changes and API removals, as BoringSSL// iterates on these issues.//// In the future, a replacement library will be available. Meanwhile, minimize// dependencies on this header where possible.
https://github.com/google/boringssl/blob/7a6e828dc53ba9a56bd49915f2a0780d63af97d2/include/openssl/x509.h#L95C1-L104C47
—
Reply to this email directly, view it on GitHub
<#315 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAAAGBE4AH7SGNTTI4IWFITZPON7DAVCNFSM6AAAAABL3HZZDGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDENRVGYYDOMBSGI>
.
You are receiving this because you commented.Message ID:
***@***.***>
--
All that is necessary for evil to succeed is for good people to do nothing.
|
This harness uses BoringSSL's libpki instead, which is markedly different from OpenSSL's X.509 APIs. Signed-off-by: William Woodruff <[email protected]>
This now uses |
Signed-off-by: William Woodruff <[email protected]>
WIP.