min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
3,324 Commits 2 Branches 0 Tags 16 MiB
Commit Graph

3324 Commits

Author SHA1 Message Date
Kornel 78b8ceaf10 Add more reliable library_reason() 2025-09-26 14:17:31 +01:00
Kornel 974c3d2db0 Ensure that ERR_LIB type can be named 2025-09-26 14:17:31 +01:00
Alessandro Ghedini b4bf601394 Remove support for Hyper v0 2025-09-26 13:46:44 +01:00
Kornel c3f33f0ea1 Upgrade deps 2025-09-26 13:34:13 +01:00
Kornel 3116032a83 Skip Rust version detection for bindgen 2025-09-26 13:34:13 +01:00
Kornel 9bad96e48b Style nits 2025-09-26 13:33:19 +01:00
Kornel fa9df8081d Deprecated GHA feature 2025-09-26 13:20:26 +01:00
Kornel 4814eb8547 Ensure rustfmt and clippy are available 2025-09-26 13:20:26 +01:00
Kornel a50a39fde7 Support TARGET_CC and CC_{target} 2025-09-26 10:57:01 +01:00
Kornel 21f2885be3 Fix swapped host/target args 2025-09-26 10:57:01 +01:00
Kornel 79338a99ea CStr UTF-8 improvements 2025-09-26 10:55:46 +01:00
Evan Rittenhouse 330bf825d4
Release 4.19.0 (#382) 2025-09-05 12:13:20 -07:00
Evan Rittenhouse 963425eb82 Add binding for X509_check_ip_asc 
The binding corresponds to
https://boringssl.googlesource.com/boringssl.git/+/refs/heads/master/include/openssl/x509.h#4690.

To see the SANs covered by the specified cert, use:

```shell
❯ openssl x509 -in ./boring/test/alt_name_cert.pem -noout -text | grep -A1 "Subject Alternative Name"
            X509v3 Subject Alternative Name:
                DNS:example.com, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1, email:test@example.com, URI:http://www.example.com
```
 2025-09-05 10:23:00 +01:00
Kornel 50fa2e672f Use ERR_clear_error 2025-09-03 17:24:30 +01:00
Kornel a91bfdc67d Error descriptions and docs 2025-09-03 17:24:30 +01:00
Kornel 8d77a5d40e Boring doesn't use function codes 2025-09-03 17:24:30 +01:00
Kornel c5045fb6b4 Fix patched docs.rs builds 2025-09-03 17:24:22 +01:00
Kornel 8966ca27b7 Test docs.rs docs 2025-09-03 17:24:22 +01:00
Kornel 3de1385660 Fix doc links 2025-09-03 17:24:22 +01:00
Kornel 404a753921 Bump 2025-08-29 19:45:01 +01:00
Kornel a264df22fa Clippy 2025-08-29 10:51:09 -07:00
Harry Stern 26ac58b2bd Remove some comments referring to OpenSSL 
Signed-off-by: Harry Stern <hstern@cloudflare.com>
 2025-07-21 09:39:25 -07:00
Kornel 0ca11b5680 Use cargo:warning for warnings 2025-06-13 15:06:50 +02:00
Kornel 8d5fba3767 Don't link binaries on docs.rs 2025-06-13 15:06:50 +02:00
Jordan Rose b01510d050
Expose PKey::raw_{private,public}_key (#364) 2025-06-13 09:11:51 +01:00
Alex Bakon c596d7d47c Upgrade bindgen to v0.72.0 
This release includes a fix for a build issue with the latest XCode
release.
 2025-06-10 12:39:19 +01:00
Justin-Kwan 17d137e33b
Expose SSL_set1_groups to Efficiently Set Curves on SSL Session (#346) 2025-06-06 02:25:28 +01:00
Kornel 5fa9c81c88
Sprinkle #[must_use] (#368) 2025-06-05 20:40:35 +01:00
Kornel 5d57b3a057 Make X509Store shareable between contexts 
#362
 2025-06-05 14:45:40 +01:00
Kornel 4d178a7f9f Clippy 2025-06-05 10:16:08 +01:00
Kornel bcec9462af Don't unwrap when Result can be returned instead 2025-06-05 10:14:54 +01:00
Kornel 29c05d41cd Avoid panicking in error handling 2025-06-05 10:14:54 +01:00
Kornel 05f798adc4 Rename to reset_with_context_data 2025-06-05 01:06:09 +01:00
Anthony Ramine 56e9fef055 Add X509StoreContextRef::init_without_cleanup 
As X509_STORE_CTX_init requires its arguments to outlive
the store context, we take ownership of all of them
and put them in the store context's ex data, ensuring
the soundness of the operation without the mandatory
call to X509_STORE_CTX_cleanup after a closure
is run.
 2025-06-05 01:06:09 +01:00
Anthony Ramine 45f8589d48 Add mutable ex_data APIs for X509StoreContext 2025-06-05 01:06:09 +01:00
Anthony Ramine 15975ddde4
Ensure we call X509_STORE_CTX_cleanup on error path too (#360) 
As X509_STORE_CTX_init may fail after setting some values
that should outlive the store context, we must ensure we
clean things up on its error path too.

We also know it's always ok to call X509_STORE_CTX_cleanupas X509_STORE_CTX_init starts with a call to it.
 2025-06-02 16:40:44 +02:00
Anthony Ramine 6789a72fc0
Fix X509VerifyContextRef::set_verify_param (#358) 
This method takes ownership of the given verify param.
 2025-06-02 16:39:25 +02:00
Anthony Ramine 7a52fbbe99
Add X509VerifyParamRef::copy_from (#361) 2025-06-02 16:39:11 +02:00
James Larisch 2bc82e8d1c Add support for X509_STORE_CTX_get0_untrusted 2025-06-01 19:04:22 +01:00
James Larisch e99d162891 Add set_verify_param 2025-05-30 02:17:53 +02:00
Anthony Ramine 5e8aaf63f0
Release 4.17.0 (#354) 2025-05-28 11:53:09 +02:00
Anthony Ramine 560925293b
Revert "feat(x509): Implement `Clone` for `X509Store` (#339)" (#353) 
* Revert "feat(x509): Implement `Clone` for `X509Store` (#339)"

This reverts commit 49a8d0906a.

See <https://github.com/cloudflare/boring/pull/120>.

* Ensure Clone is not added to X509Store

* Add comment about why X509Store must not implement Clone

---------

Co-authored-by: Kornel <kornel@cloudflare.com>
 2025-05-27 18:19:35 +02:00
Yury Yarashevich 4ea82a2e1b Update bindgen from 0.70.1 -> 0.71.1. 2025-05-27 15:04:04 +01:00
James Larisch eefc7b7265 Add `X509_STORE_CTX_get0_cert` interface 
This method reliably retrieves the certificate the `X509_STORE_CTX` is
verifying, unlike `X509_STORE_CTX_get_current_cert`, which may return
the "problematic" cert when verification fails.
 2025-05-27 14:41:16 +01:00
0x676e67 6e35abb2cd boring(ssl): use `corresponds` macro in `add_certificate_compression_algorithm` 2025-05-26 08:51:37 -07:00
0x676e67 15281c77e2 Update Cargo.toml 2025-05-26 08:51:37 -07:00
0x676e67 eb48ab9a26 build: Fix the build for 32-bit Linux platform 2025-05-26 08:51:37 -07:00
Kornel 3ab8b53532 rustfmt ;( 2025-05-26 16:30:09 +01:00
Kornel 0327dd03c6 Fix linking SystemFunction036 from advapi32 in Rust 1.87 2025-05-26 16:30:09 +01:00
Kornel 23863ffd1b Clippy 2025-05-26 16:30:09 +01:00