Thread: About BoringSSL, an OpenSSL fork

Hi all,

Perhaps some of you guys knew about that, but I just found about this
stuff this morning:
https://boringssl.googlesource.com/boringssl/+/HEAD/PORTING.md
Looking at the porting section many routines have changed compared to
OpenSSL. I can't imagine this fork to become a complete replacement of
OpenSSL, but it may be worth considering an integration in Postgres
code depending on the features it will have (Curve25519,
Ed25519 mentioned). Also since 9.4 the SSL code paths have been
rearranged to allow more implementations to be done with other SSL
libraries.

Note that I am wondering also about the long-term stability and
potential backward-incompatibilities of the routines in this fork
though (recall for example v8 major breakage wround 3.14, if I recall
correctly this version number).
Thoughts?
-- 
Michael

<div dir="ltr"><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small"><span
style="font-family:arial,sans-serif">On26 October 2015 at 00:59, Michael Paquier </span><span dir="ltr"
style="font-family:arial,sans-serif"><<ahref="mailto:michael.paquier@gmail.com"
target="_blank">michael.paquier@gmail.com</a>></span><spanstyle="font-family:arial,sans-serif"> wrote:</span><br
/></div><divclass="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><a
href="https://boringssl.googlesource.com/boringssl/+/HEAD/PORTING.md"rel="noreferrer"
target="_blank">https://boringssl.googlesource.com/boringssl/+/HEAD/PORTING.md</a><br/> Looking at the porting section
manyroutines have changed compared to<br /> OpenSSL. I can't imagine this fork to become a complete replacement of<br
/>OpenSSL, but it may be worth considering an integration in Postgres<br /> code depending on the features it will have
(Curve25519,<br/> Ed25519 mentioned). Also since 9.4 the SSL code paths have been<br /> rearranged to allow more
implementationsto be done with other SSL<br /> libraries.<br /></blockquote></div></div><div class="gmail_extra"><br
/></div><divclass="gmail_default" style="font-family:verdana,sans-serif;font-size:small">​​</div><div
class="gmail_extra"><divclass="gmail_default" style="font-family:verdana,sans-serif;font-size:small">​Quote:</div><div
class="gmail_default"style="font-family:verdana,sans-serif;font-size:small"><br /></div><p style="margin:10px
0px;padding:0px;color:rgb(0,0,0);font-family:'OpenSans',sans-serif;font-size:14px;line-height:21.56px"><span
style="line-height:21.56px"></span></div><blockquotestyle="margin:0 0 0 40px;border:none;padding:0px"><div
class="gmail_extra"><divclass="gmail_default"
style="font-family:verdana,sans-serif;font-size:small;display:inline">​</div>AlthoughBoringSSL is an open source
project,it is not intended for general use, <span style="line-height:21.56px">as OpenSSL is. We don’t recommend that
thirdparties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI
stability.</span><span
style="font-family:verdana,sans-serif;font-size:small;line-height:normal;color:rgb(34,34,34)">​</span></div><div
class="gmail_extra"><span
style="font-family:verdana,sans-serif;font-size:small;line-height:normal;color:rgb(34,34,34)"><br
/></span></div></blockquote><divclass="gmail_extra"><div class="gmail_default"
style="font-family:verdana,sans-serif;font-size:small">​Soundslike a subscription to a world of pain.​</div><br
/></div><divclass="gmail_extra"><div class="gmail_default"
style="font-family:verdana,sans-serif;font-size:small">​Geoff​</div></div></div>