cURL / Mailing Lists / curl-library / Single Mail


Adding support for BoringSSL

From: Leith Bade <>
Date: Thu, 22 Jan 2015 23:04:48 +1100

Hi all,

For one of our products we have switched to using BoringSSL instead of
OpenSSL to overcome an Android compatibility issue in OpenSSL.

BoringSSL ( is Google's
fork of OpenSSL that is used in the Android OS and in Chromium.

We use libcurl in this project so I followed on from Daniel's earlier
work (
to add support for BoringSSL.

The changes involved removing code that calls functions that are no
longer in BoringSSL. Mainly this is RAND seeding and CONF loading.

The initial patch
I created against version 7.38.0 was a rough hack that got libcurl
compiling and working for our needs.

Since Daniel is interested in my patch
( I tidied it up
with some #if's and patched against current master.

You can find my current patch at

There is still more work to do on this:
* Get someone to review my #if's to make sure they fit the way it is
normall done in libcurl
  - It looks OK to me but I am no expert
* Look at how best to print/report BoringSSL version
  - BoringSSL does not have "versions", I have been using git commit
hashes to track BoringSSL versions in our project
* Integrate BoringSSL detection into and correctly handle
the missing openssl/ui.h and openssl/engine.h headers (and set the
relevant #defines)
  - Missing version code also causes issues here
  - I have no experience/knowledge of autoconf so I will need help here
* Fix up NTLM/DES support which has been removed from BoringSSL (see
Daniel's blog post and
  - We don't use NTML/DES so I wouldn't know what is needed for this
* Update any tests
  - When I ran make test the same tests failed as did against OpenSSL
- I am not sure what is needed for 100% test pass here
* Update documentation to reflect BoringSSL support

Feedback/help is appreciated.

Leith Bade
List admin:
Received on 2015-01-22