231010c0cb
Merge remote-tracking branch 'upstream/master'
2025-10-21 12:35:13 +08:00
e23d2d16d4
Update main.rs
2025-10-16 13:31:09 +01:00
5cd912df1d
Remove "pq-experimental", apply PQ patch by default
...
Users can override the new default behavior in the usual way. The
expectation is that the build of BoringSSL they provide the feature set
implemented by the patch.
2025-10-15 10:36:27 +01:00
77f612c16c
Simplify Error::reason()
2025-10-15 10:35:38 +01:00
75ef523230
Safer CryptoBufferBuilder::build
2025-10-02 17:55:21 +01:00
5957ce94cc
ErrorStack ctor for custom errors
2025-10-02 17:55:21 +01:00
e3998212ed
Fix string data conversion in ErrorStack::put()
2025-10-02 17:55:21 +01:00
353ea62c17
Convert CipherCtx fns into a safe abstraction. Additional testing.
2025-10-01 11:00:57 +01:00
8773f0e1fa
Use Ref foreign type instead of forgetting
2025-10-01 11:00:57 +01:00
ab8513ef8f
Expose a safe Rust interface for the session resumption callback
2025-10-01 11:00:57 +01:00
ac1d71cb54
Use MaybeUninit for raw_ticket_key key/iv
2025-10-01 11:00:57 +01:00
5cb35db989
initialize key_name and iv. mark fn as _unsafe to allow for future changes to the api
2025-10-01 11:00:57 +01:00
b9af0ef176
clippy
2025-10-01 11:00:57 +01:00
ba85fbb7ad
simplify tests
2025-10-01 11:00:57 +01:00
f526b57daa
update documentation
2025-10-01 11:00:57 +01:00
ae783f8273
add test case for TicketKeyCallbackResult::Noop
2025-10-01 11:00:57 +01:00
ea1d120912
pr comments: safety, receive multiple nst, return status refactor
2025-10-01 11:00:57 +01:00
c49282f112
Add set_ticket_key_callback (SSL_CTX_set_tlsext_ticket_key_cb)
...
Add a wrapper for the `SSL_CTX_set_tlsext_ticket_key_cb`, which allows
consumers to configure the EVP_CIPHER_CTX and HMAC_CTX used for
encrypting/decrypting session tickets.
See https://docs.openssl.org/1.0.2/man3/SSL_CTX_set_tlsext_ticket_key_cb/
for more details.
2025-10-01 11:00:57 +01:00
b3521e5523
Add SslRef::curve_name()
2025-09-30 16:57:59 +01:00
4ce1308e1c
Make rpk feature flag additive
2025-09-30 16:45:49 +01:00
1c51c7ee3b
Add back the `curve()` method on `SslRef`
...
Instead of returning an `SslCurve`, just return the `u16` returned by
BoringSSL.
2025-09-30 16:14:54 +01:00
7078f61077
Remove outdated comments on FIPS API compatibility
2025-09-30 16:14:54 +01:00
b46d77087e
Remove `SslCurve` API
...
This is incompatible with the latest internal FIPS build. Namely, the
various group identifiers have been renamed since the previous version.
2025-09-30 16:14:54 +01:00
21735accf8
pq: fix MSVC C4146 warning
2025-09-30 16:22:47 +02:00
72dabe1d85
Remove the "kx-*" features
...
The "kx-*" features control default key exchange preferences. Its
implementation requires disabling APIs for manually setting curve
preferences via `set_curves()` or `set_curves_list()`.
In practice, most teams need to be able to override default preferences
at runtime anyway, which means these features were never really used.
This commit gets rid of them, thereby reducing some complexity in the
API.
2025-09-30 09:36:33 +01:00
646ae33c61
X509Builder::append_extension2 -> X509Builder::append_extension
2025-09-26 17:38:53 +01:00
8abba360d3
`Ssl::new_from_ref` -> `Ssl::new()`
2025-09-26 17:38:53 +01:00
0fc992bd76
Align SslStream APIs with upstream
...
SslStream::new() is fallible, but `SslStream::from_raw_parts()` and
`SslStreamBuilder::new()` now unwrap. Upstream has also deprecated the
`SslStreamBuilder`, maybe we should do the same.
2025-09-26 17:38:53 +01:00
4cb7e260a8
Clean-up legacy FIPS options
...
Per BoringSSL's FIPS policy, its `main` branch is the "update branch"
for FedRAMP compliance's purposes.
This means that we can stop using a specific BoringSSL branch when
enabling FIPS, as well as a number of hacks that allowed us to build
more recent BoringSSL versions with an older pre-compiled FIPS modules.
This also required slightly updating the main BoringSSL submodule, as
the previous version had an issue when building with the FIPS option
enabled. This is turn required some changes to the PQ patch as well as
some APIs that don't seem to be exposed publicly, as well as changing
some paths in the other patches.
In order to allow a smooth upgrade of internal projects, the `fips-compat`
feature is reduced in scope and renamed to `legacy-compat-deprecated` so
that we can incrementally upgrade internal BoringSSL forks. In practice
this shouldn't really be something anyone else would need, since in
order to work it requires a specific mix of BoringSSL version and
backported patches.
2025-09-26 17:12:23 +01:00
78b8ceaf10
Add more reliable library_reason()
2025-09-26 14:17:31 +01:00
974c3d2db0
Ensure that ERR_LIB type can be named
2025-09-26 14:17:31 +01:00
b4bf601394
Remove support for Hyper v0
2025-09-26 13:46:44 +01:00
c3f33f0ea1
Upgrade deps
2025-09-26 13:34:13 +01:00
3116032a83
Skip Rust version detection for bindgen
2025-09-26 13:34:13 +01:00
9bad96e48b
Style nits
2025-09-26 13:33:19 +01:00
fa9df8081d
Deprecated GHA feature
2025-09-26 13:20:26 +01:00
4814eb8547
Ensure rustfmt and clippy are available
2025-09-26 13:20:26 +01:00
a50a39fde7
Support TARGET_CC and CC_{target}
2025-09-26 10:57:01 +01:00
21f2885be3
Fix swapped host/target args
2025-09-26 10:57:01 +01:00
79338a99ea
CStr UTF-8 improvements
2025-09-26 10:55:46 +01:00
ee94551993
Fix duplicate entry for RPK support in README
...
Removed duplicate mention of RPK not being supported.
2025-09-22 01:58:11 +08:00
bcc3ccb390
Fix formatting in FUNDING.yml for ko-fi entry
2025-09-22 01:03:48 +08:00
b17dd9d23c
Update FUNDING.yml for sponsorship links
2025-09-22 01:03:17 +08:00
cd2c47eb5b
v5.0.0-alpha.10
2025-09-19 19:00:11 +08:00
2f94005cf0
feat: Add `set_preserve_tls13_cipher_list` method to `SslContextBuilder` ( #97 )
...
* feat: Add set_preserve_tls13_cipher_list method to `SslContextBuilder`
* Update boring/src/ssl/mod.rs
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Update
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2025-09-19 18:59:00 +08:00
37e0cde8c2
Remove CI badge from README
2025-09-12 18:55:15 +08:00
4bc35b3959
v5.0.0-alpha.9
2025-09-08 17:01:26 +08:00
219a6bccea
Merge remote-tracking branch 'upstream/master'
2025-09-08 17:00:51 +08:00
ca9cb3fc66
build(deps): update compio requirement from 0.15.0 to 0.16.0 ( #96 )
...
* build(deps): update compio requirement from 0.15.0 to 0.16.0
Updates the requirements on [compio](https://github.com/compio-rs/compio ) to permit the latest version.
- [Release notes](https://github.com/compio-rs/compio/releases )
- [Commits](https://github.com/compio-rs/compio/compare/v0.15.0...v0.15.0 )
---
updated-dependencies:
- dependency-name: compio
dependency-version: 0.15.0
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
* update
* update
* update
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: 0x676e67 <gngppz@gmail.com>
2025-09-08 16:51:01 +08:00
2c2ea08f44
build(deps): update compio-io requirement from 0.7.0 to 0.8.0 ( #95 )
2025-09-08 16:37:04 +08:00
0x676e67