Daniel Gustafsson <daniel@yesql.se> writes:
> On 29 Nov 2023, at 16:21, Tristan Partin <tristan@neon.tech> wrote:
>> Funnily enough, here[0] is BoringSSL adding the BIO_{get,set}_app_data() APIs.
> Still doesn't seem like a good candidate for a postgres TLS library since they
> themselves claim:
> "Although BoringSSL is an open source project, it is not intended for
> general use, as OpenSSL is. We don't recommend that third parties depend
> upon it. Doing so is likely to be frustrating because there are no
> guarantees of API or ABI stability."
Kind of odd that, with that mission statement, they are adding
BIO_{get,set}_app_data on the justification that OpenSSL has it
and Postgres is starting to use it. Nonetheless, that commit
also seems to prove the point about lack of API/ABI stability.
I'm content to take their advice and not try to support BoringSSL.
It's not clear what benefit to us there would be, and we already
have our hands full coping with all the different OpenSSL and LibreSSL
versions.
regards, tom lane
