minish
60ab50e89e
Add barbosshack prefix patch
2025-11-04 17:12:42 -05:00
2f94005cf0
feat: Add `set_preserve_tls13_cipher_list` method to `SslContextBuilder` ( #97 )
...
* feat: Add set_preserve_tls13_cipher_list method to `SslContextBuilder`
* Update boring/src/ssl/mod.rs
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Update
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2025-09-19 18:59:00 +08:00
219a6bccea
Merge remote-tracking branch 'upstream/master'
2025-09-08 17:00:51 +08:00
963425eb82
Add binding for X509_check_ip_asc
...
The binding corresponds to
https://boringssl.googlesource.com/boringssl.git/+/refs/heads/master/include/openssl/x509.h#4690 .
To see the SANs covered by the specified cert, use:
```shell
❯ openssl x509 -in ./boring/test/alt_name_cert.pem -noout -text | grep -A1 "Subject Alternative Name"
X509v3 Subject Alternative Name:
DNS:example.com, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1, email:test@example.com, URI:http://www.example.com
```
2025-09-05 10:23:00 +01:00
197b9fcb5c
Merge remote-tracking branch 'upstream/master'
2025-09-04 16:20:35 +08:00
50fa2e672f
Use ERR_clear_error
2025-09-03 17:24:30 +01:00
a91bfdc67d
Error descriptions and docs
2025-09-03 17:24:30 +01:00
8d77a5d40e
Boring doesn't use function codes
2025-09-03 17:24:30 +01:00
3de1385660
Fix doc links
2025-09-03 17:24:22 +01:00
a264df22fa
Clippy
2025-08-29 10:51:09 -07:00
d0103d9a55
boring-sys: Implement `MLKEM1024` for TLS ( #93 )
...
* boring-sys: Implement MLKEM1024 for TLS
* clippy fix
2025-08-21 08:09:09 +08:00
8ec7576cf4
feat: Add Hash impls for extension types ( #84 )
2025-07-06 17:59:49 +08:00
3a32ea51f7
docs(connector): update documents
2025-06-21 19:54:17 +08:00
590cef9b1f
docs: update prefer chacha20 option docs
2025-06-18 22:16:46 +08:00
afde990c6b
docs: update prefer chacha20 option docs
2025-06-18 22:15:44 +08:00
eaf49e631e
feat(boring): sync updated extension permutation patch ( #80 )
2025-06-18 12:36:34 +08:00
4ba97ba54e
chore(boring): Remove deprecated or outdated APIs ( #79 )
2025-06-17 23:19:52 +08:00
f08c7cf8b7
test(boring): fix ech test ( #77 )
2025-06-17 22:26:23 +08:00
f4419dc416
revert(boring): Restore `src/x509/store.rs` to match upstream
2025-06-17 20:22:42 +08:00
e04066ee46
Merge remote-tracking branch 'upstream/master'
2025-06-17 20:16:49 +08:00
b01510d050
Expose PKey::raw_{private,public}_key ( #364 )
2025-06-13 09:11:51 +01:00
6107475db1
chore: remove dead code
2025-06-07 23:09:11 +08:00
80f9221bbb
Merge remote-tracking branch 'upstream/master'
2025-06-07 23:08:32 +08:00
17d137e33b
Expose SSL_set1_groups to Efficiently Set Curves on SSL Session ( #346 )
2025-06-06 02:25:28 +01:00
5fa9c81c88
Sprinkle #[must_use] ( #368 )
2025-06-05 20:40:35 +01:00
5d57b3a057
Make X509Store shareable between contexts
...
#362
2025-06-05 14:45:40 +01:00
4d178a7f9f
Clippy
2025-06-05 10:16:08 +01:00
bcec9462af
Don't unwrap when Result can be returned instead
2025-06-05 10:14:54 +01:00
29c05d41cd
Avoid panicking in error handling
2025-06-05 10:14:54 +01:00
05f798adc4
Rename to reset_with_context_data
2025-06-05 01:06:09 +01:00
56e9fef055
Add X509StoreContextRef::init_without_cleanup
...
As X509_STORE_CTX_init requires its arguments to outlive
the store context, we take ownership of all of them
and put them in the store context's ex data, ensuring
the soundness of the operation without the mandatory
call to X509_STORE_CTX_cleanup after a closure
is run.
2025-06-05 01:06:09 +01:00
45f8589d48
Add mutable ex_data APIs for X509StoreContext
2025-06-05 01:06:09 +01:00
15975ddde4
Ensure we call X509_STORE_CTX_cleanup on error path too ( #360 )
...
As X509_STORE_CTX_init may fail after setting some values
that should outlive the store context, we must ensure we
clean things up on its error path too.
We also know it's always ok to call X509_STORE_CTX_cleanupas X509_STORE_CTX_init starts with a call to it.
2025-06-02 16:40:44 +02:00
6789a72fc0
Fix X509VerifyContextRef::set_verify_param ( #358 )
...
This method takes ownership of the given verify param.
2025-06-02 16:39:25 +02:00
7a52fbbe99
Add X509VerifyParamRef::copy_from ( #361 )
2025-06-02 16:39:11 +02:00
2bc82e8d1c
Add support for X509_STORE_CTX_get0_untrusted
2025-06-01 19:04:22 +01:00
4fd641f79d
clippy fix
2025-05-30 11:00:23 +08:00
6169bcd543
Merge remote-tracking branch 'upstream/master' into sync
2025-05-30 10:55:52 +08:00
e99d162891
Add set_verify_param
2025-05-30 02:17:53 +02:00
560925293b
Revert "feat(x509): Implement `Clone` for `X509Store` ( #339 )" ( #353 )
...
* Revert "feat(x509): Implement `Clone` for `X509Store` (#339 )"
This reverts commit 49a8d0906ahttps://github.com/cloudflare/boring/pull/120 >.
* Ensure Clone is not added to X509Store
* Add comment about why X509Store must not implement Clone
---------
Co-authored-by: Kornel <kornel@cloudflare.com>
2025-05-27 18:19:35 +02:00
eefc7b7265
Add `X509_STORE_CTX_get0_cert` interface
...
This method reliably retrieves the certificate the `X509_STORE_CTX` is
verifying, unlike `X509_STORE_CTX_get_current_cert`, which may return
the "problematic" cert when verification fails.
2025-05-27 14:41:16 +01:00
6e35abb2cd
boring(ssl): use `corresponds` macro in `add_certificate_compression_algorithm`
2025-05-26 08:51:37 -07:00
23863ffd1b
Clippy
2025-05-26 16:30:09 +01:00
7205960bc1
boring(ssl): add ZSTD to `CertificateCompressionAlgorithm` ( #71 )
2025-05-19 16:46:31 +08:00
9da3b7b44c
boring(ssl): use `corresponds` macro in `add_certificate_compression_algorithm` ( #70 )
2025-05-18 19:21:38 +08:00
9fb6143b11
chore(boring): deprecate legacy `CertCompressionAlgorithm` API ( #69 )
...
* chore(boring): deprecate legacy `CertCompressionAlgorithm` API
* ci: fix windows build
2025-05-18 18:55:08 +08:00
2b497506ef
chore(boring): deprecate `set_verify_cert_store_ref` on `SslContextBuilder` ( #68 )
2025-05-13 18:23:22 +08:00
9b34d3524b
add SslCurve::X25519_MLKEM768 constant
2025-05-03 01:25:12 +09:00
6458b54e6a
docs(boring): fix doc warning ( #65 )
2025-04-23 12:50:43 +08:00
b29537e08f
fix clippy error
2025-04-17 01:18:30 -07:00
minish
0x676e67