Adding support for BoringSSL
Date: Thu, 22 Jan 2015 23:04:48 +1100
For one of our products we have switched to using BoringSSL instead of
OpenSSL to overcome an Android compatibility issue in OpenSSL.
BoringSSL (https://boringssl.googlesource.com/boringssl/) is Google's
fork of OpenSSL that is used in the Android OS and in Chromium.
We use libcurl in this project so I followed on from Daniel's earlier
to add support for BoringSSL.
The changes involved removing code that calls functions that are no
longer in BoringSSL. Mainly this is RAND seeding and CONF loading.
The initial patch
I created against version 7.38.0 was a rough hack that got libcurl
compiling and working for our needs.
Since Daniel is interested in my patch
(https://twitter.com/bagder/status/558163868665798657) I tidied it up
with some #if's and patched against current master.
You can find my current patch at
There is still more work to do on this:
* Get someone to review my #if's to make sure they fit the way it is
normall done in libcurl
- It looks OK to me but I am no expert
* Look at how best to print/report BoringSSL version
- BoringSSL does not have "versions", I have been using git commit
hashes to track BoringSSL versions in our project
* Integrate BoringSSL detection into configure.ac and correctly handle
the missing openssl/ui.h and openssl/engine.h headers (and set the
- Missing version code also causes issues here
- I have no experience/knowledge of autoconf so I will need help here
* Fix up NTLM/DES support which has been removed from BoringSSL (see
Daniel's blog post and
- We don't use NTML/DES so I wouldn't know what is needed for this
* Update any tests
- When I ran make test the same tests failed as did against OpenSSL
- I am not sure what is needed for 100% test pass here
* Update documentation to reflect BoringSSL support
Feedback/help is appreciated.
List admin: http://cool.haxx.se/list/listinfo/curl-library
Received on 2015-01-22