Hi all, For one of our products we have switched to using BoringSSL instead of OpenSSL to overcome an Android compatibility issue in OpenSSL.
BoringSSL (https://boringssl.googlesource.com/boringssl/) is Google's fork of OpenSSL that is used in the Android OS and in Chromium. We use libcurl in this project so I followed on from Daniel's earlier work (http://daniel.haxx.se/blog/2014/08/05/libressl-vs-boringssl-for-curl/) to add support for BoringSSL. The changes involved removing code that calls functions that are no longer in BoringSSL. Mainly this is RAND seeding and CONF loading. The initial patch (https://github.com/mapbox/mason/blob/libcurl-7.38.0-boringssl/openssl.patch) I created against version 7.38.0 was a rough hack that got libcurl compiling and working for our needs. Since Daniel is interested in my patch (https://twitter.com/bagder/status/558163868665798657) I tidied it up with some #if's and patched against current master. You can find my current patch at https://github.com/ljbade/curl/commit/ac70e0743d4580ceda875946566b8635ccb0882e There is still more work to do on this: * Get someone to review my #if's to make sure they fit the way it is normall done in libcurl - It looks OK to me but I am no expert * Look at how best to print/report BoringSSL version - BoringSSL does not have "versions", I have been using git commit hashes to track BoringSSL versions in our project * Integrate BoringSSL detection into configure.ac and correctly handle the missing openssl/ui.h and openssl/engine.h headers (and set the relevant #defines) - Missing version code also causes issues here - I have no experience/knowledge of autoconf so I will need help here * Fix up NTLM/DES support which has been removed from BoringSSL (see Daniel's blog post and https://twitter.com/agl__/status/496448856788172800) - We don't use NTML/DES so I wouldn't know what is needed for this * Update any tests - When I ran make test the same tests failed as did against OpenSSL - I am not sure what is needed for 100% test pass here * Update documentation to reflect BoringSSL support Feedback/help is appreciated. Thanks, Leith Bade [email protected] ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
