cURL / Mailing Lists / curl-library / Single Mail

curl-library

Adding support for BoringSSL

From: Leith Bade <leith_at_mapbox.com>
Date: Thu, 22 Jan 2015 23:04:48 +1100

Hi all,

For one of our products we have switched to using BoringSSL instead of
OpenSSL to overcome an Android compatibility issue in OpenSSL.

BoringSSL (https://boringssl.googlesource.com/boringssl/) is Google's
fork of OpenSSL that is used in the Android OS and in Chromium.

We use libcurl in this project so I followed on from Daniel's earlier
work (http://daniel.haxx.se/blog/2014/08/05/libressl-vs-boringssl-for-curl/)
to add support for BoringSSL.

The changes involved removing code that calls functions that are no
longer in BoringSSL. Mainly this is RAND seeding and CONF loading.

The initial patch
(https://github.com/mapbox/mason/blob/libcurl-7.38.0-boringssl/openssl.patch)
I created against version 7.38.0 was a rough hack that got libcurl
compiling and working for our needs.

Since Daniel is interested in my patch
(https://twitter.com/bagder/status/558163868665798657) I tidied it up
with some #if's and patched against current master.

You can find my current patch at
https://github.com/ljbade/curl/commit/ac70e0743d4580ceda875946566b8635ccb0882e

There is still more work to do on this:
* Get someone to review my #if's to make sure they fit the way it is
normall done in libcurl
  - It looks OK to me but I am no expert
* Look at how best to print/report BoringSSL version
  - BoringSSL does not have "versions", I have been using git commit
hashes to track BoringSSL versions in our project
* Integrate BoringSSL detection into configure.ac and correctly handle
the missing openssl/ui.h and openssl/engine.h headers (and set the
relevant #defines)
  - Missing version code also causes issues here
  - I have no experience/knowledge of autoconf so I will need help here
* Fix up NTLM/DES support which has been removed from BoringSSL (see
Daniel's blog post and
https://twitter.com/agl__/status/496448856788172800)
  - We don't use NTML/DES so I wouldn't know what is needed for this
* Update any tests
  - When I ran make test the same tests failed as did against OpenSSL
- I am not sure what is needed for 100% test pass here
* Update documentation to reflect BoringSSL support

Feedback/help is appreciated.

Thanks,
Leith Bade
leith_at_mapbox.com
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2015-01-22

This message: [ Message body ]
Next message: John E. Malmberg: "[patch]: gnv_link_curl.com needs fix for openssl/0.9.8zb"
Previous message: Alessandro Ghedini: "Re: [PATCH v3] OCSP stapling for GnuTLS and NSS"
Next in thread: Daniel Stenberg: "Re: Adding support for BoringSSL"
Reply: Daniel Stenberg: "Re: Adding support for BoringSSL"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]