Re: About BoringSSL, an OpenSSL fork

From: Geoff Winkless <pgsqladmin(at)geoff(dot)dj>
To: Michael Paquier <michael(dot)paquier(at)gmail(dot)com>
Cc: PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: About BoringSSL, an OpenSSL fork
Date: 2015-10-26 10:01:22
Message-ID: CAEzk6ffo=EszuMpPiYXpjbRK4ugEdEHaS4-A3abcdink_EWy+w@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On 26 October 2015 at 00:59, Michael Paquier <michael(dot)paquier(at)gmail(dot)com>
wrote:

> https://boringssl.googlesource.com/boringssl/+/HEAD/PORTING.md
> Looking at the porting section many routines have changed compared to
> OpenSSL. I can't imagine this fork to become a complete replacement of
> OpenSSL, but it may be worth considering an integration in Postgres
> code depending on the features it will have (Curve25519,
> Ed25519 mentioned). Also since 9.4 the SSL code paths have been
> rearranged to allow more implementations to be done with other SSL
> libraries.
>

​​
​Quote:


Although BoringSSL is an open source project, it is not intended for
general use, as OpenSSL is. We don’t recommend that third parties depend
upon it. Doing so is likely to be frustrating because there are no
guarantees of API or ABI stability.​

​Sounds like a subscription to a world of pain.​

​Geoff​

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Amit Kapila 2015-10-26 10:39:37 Re: questions about PG update performance
Previous Message Michael Paquier 2015-10-26 08:33:14 Re: [PATCH v3] GSSAPI encryption support