History

Rushil Mehra 9ba00ea586 Fix lifetimes in ssl::select_next_proto See https://github.com/sfackler/rust-openssl/pull/2360 and https://nvd.nist.gov/vuln/detail/CVE-2025-24898. From the rust-openssl PR: `SSL_select_next_proto` can return a pointer into either the client or server buffers, but the type signature of the function previously only bound the output buffer to the client buffer. This can result in a UAF in situations where the server slice does not point to a long-lived allocation. Thanks to Matt Mastracci for reporting this issue.		2025-02-23 20:19:10 +00:00
..
examples	Change X509VerifyResult to Result<(), X509VerifyError>	2023-10-11 14:42:59 +02:00
src	Fix lifetimes in ssl::select_next_proto	2025-02-23 20:19:10 +00:00
test	Expose client/server-side ECH	2025-02-12 17:07:17 +00:00
Cargo.toml	replace once_cell with LazyLock	2025-01-22 17:52:35 +00:00
LICENSE	Rename stuff	2020-11-11 17:47:30 +00:00
README.md	Rename stuff	2020-11-11 17:47:30 +00:00

README.md

boring

BoringSSL bindings for the Rust programming language and TLS adapters for tokio and hyper built on top of it.

Documentation

Boring API: https://docs.rs/boring
tokio TLS adapters: https://docs.rs/tokio-boring
hyper HTTPS connector: https://docs.rs/hyper-boring
FFI bindings: https://docs.rs/boring-sys

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed under the terms of both the Apache License, Version 2.0 and the MIT license without any additional terms or conditions.

Accolades

The project is based on a fork of rust-openssl.