0f2461ad00
* Add fips-precompiled feature to support newer versions of FIPS (#338)
Newer versions of FIPS don't need any special casing in our bindings,
unlike the submoduled boringssl-fips. In addition, many users currently
use FIPS by precompiling BoringSSL with the proper build tools and
passing that in to the bindings.
Until we adopt the Update Stream pattern for FIPS, there are two main
use cases:
1. Passing an unmodified, precompiled FIPS validated version of
boringssl (fips-precompiled)
2. Passing a custom source directory of boringssl meant to be linked
with a FIPS validated bcm.o. This is mainly useful if you carry
custom patches but still want to use a FIPS validated BoringCrypto.
(fips-link-precompiled)
This commit introduces the `fips-precompiled` feature and removes the
`fips-no-compat` feature.
* Release 4.16.0 (#341)
* feat(x509): Implement `Clone` for `X509Store` (#339)
* boring(x509): impl Clone of X509Store
* expose SSL_set_compliance_policy
* fix clippy error
* Use ubuntu-latest for all ci jobs
ubuntu 20.04 is now deprecated:
https://github.com/actions/runner-images/issues/11101
* add SslCurve::X25519_MLKEM768 constant
* Clippy
* Fix linking SystemFunction036 from advapi32 in Rust 1.87
* rustfmt ;(
* build: Fix the build for 32-bit Linux platform
* Update Cargo.toml
* boring(ssl): use `corresponds` macro in `add_certificate_compression_algorithm`
* Add `X509_STORE_CTX_get0_cert` interface
This method reliably retrieves the certificate the `X509_STORE_CTX` is
verifying, unlike `X509_STORE_CTX_get_current_cert`, which may return
the "problematic" cert when verification fails.
* Update bindgen from 0.70.1 -> 0.71.1.
* Revert "feat(x509): Implement `Clone` for `X509Store` (#339)" (#353)
* Revert "feat(x509): Implement `Clone` for `X509Store` (#339)"
This reverts commit
|
||
|---|---|---|
| .github | ||
| boring | ||
| boring-sys | ||
| scripts | ||
| tokio-boring | ||
| .gitignore | ||
| .gitmodules | ||
| .rusty-hook.toml | ||
| Cargo.toml | ||
| README.md | ||
| RELEASE_NOTES | ||
| THIRD_PARTY | ||
| cliff.toml | ||
README.md
boring2
BoringSSL bindings are available for the Rust programming language, and the HTTP Client is built on top of it.
Non-goals
This package implements only the TLS extensions specification and supports the original boring library with the following features:
- Required TLS extensions for Safari and Firefox
- kDHE, ffdhe2048, and ffdhe3072 implementations
- RPK is not supported
- Support for LoongArch P64 and P32 architectures
Documentation
- Boring API: https://docs.rs/boring2
- tokio TLS adapters: https://docs.rs/tokio-boring2
- FFI bindings: https://docs.rs/boring-sys2
Contribution
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed under the terms of both the Apache License, Version 2.0 and the MIT license without any additional terms or conditions.
Accolades
The project is based on a fork of boring.