BoringSSL Stable Version
2,215 views
Skip to first unread message
Anand Sivaram
Jan 22, 2017, 5:40:08 AM1/22/17
to Security-dev
Dear All,
I have an application using OpenSSL and I am planning to use BoringSSL also. As part of it, I built latest BoringSSL (last week master) and my application is working with that.
Now, I need to take a (more) stable version of BorginSSL.
Should I take tip of 2883 or 2704 branches? Could I assume that the tip
of these branches are more stable than the tip of the master branch, as they
represent stable google-chrome version?
Thanks and Regards
Anand
I have an application using OpenSSL and I am planning to use BoringSSL also. As part of it, I built latest BoringSSL (last week master) and my application is working with that.
Now, I need to take a (more) stable version of BorginSSL.
Should I take tip of 2883 or 2704 branches? Could I assume that the tip
of these branches are more stable than the tip of the master branch, as they
represent stable google-chrome version?
Thanks and Regards
Anand
David Benjamin
Jan 23, 2017, 11:20:40 AM1/23/17
to Anand Sivaram, Security-dev
Please see the note in BoringSSL's README.
We do not maintain a long-term stable branch for BoringSSL. Consuming projects use BoringSSL from master, which we regularly update, changing calling code as needed. As those projects branch and release, they ship the BoringSSL revision they had when they branched. As needed, we do merge changes to projects' release branches, but these are not general-purpose long-term stable branches. For instance, a single Chrome/Chromium release branch is fairly short-lived.
This works for us, but it sounds like your needs may not align. In that case, BoringSSL is probably not the library for you.
Anand Sivaram
Jan 26, 2017, 12:37:29 AM1/26/17
to David Benjamin, Security-dev
Hello David,
Thanks for the clarification. I understand it now, and I think I could proceed
with using BoringSSL.
Thanks and Best Regards
Anand
jaymin...@gmail.com
Jul 25, 2018, 5:40:04 AM7/25/18
to Security-dev, asp...@gmail.com
Hi David,
How can one find that which OpenSSL version BoringSSL uses?
I have BoringSSL source which ship with AOSP (Android 7). I want to find out two things.
1 - BoringSSL version
2 - OpenSSL version which BoringSSL uses
I have found a revision file in 'AOSP/external/boringssl', and the revision was mentioned in that file was:
7f8d62160a5ca34463a6cf112efcbed06fc59c6d
But, I cannot determine the version of BoringSSL from this.
Please provide your suggestions, it would be helpful for me.
Regards,
Adam Langley
Jul 25, 2018, 10:56:17 AM7/25/18
to jaymin...@gmail.com, security-dev, asp...@gmail.com
On Wed, Jul 25, 2018 at 2:40 AM <jaymin...@gmail.com> wrote:
How can one find that which OpenSSL version BoringSSL uses?
I have BoringSSL source which ship with AOSP (Android 7). I want to find out two things.
1 - BoringSSL version
2 - OpenSSL version which BoringSSL uses
I have found a revision file in 'AOSP/external/boringssl', and the revision was mentioned in that file was:
7f8d62160a5ca34463a6cf112efcbed06fc59c6d
external/boringssl/BORINGSSL_REVISION contains a git hash. This identifies a specific point in BoringSSL development. For example, the current value can be found here:
and is c596415ec62b501523d80f9afa26b135406da6bf. This refers to this point in BoringSSL development: https://boringssl.googlesource.com/boringssl/+/c596415ec62b501523d80f9afa26b135406da6bf
BoringSSL is a fork of OpenSSL so it doesn't "use" OpenSSL. Rather its development has branched from OpenSSL, although we do still exchange code.
Cheers
AGL
Jaymin D
Jul 26, 2018, 12:27:18 AM7/26/18
to a...@chromium.org, securi...@chromium.org, asp...@gmail.com
Thanks for your informative response. It would helpful.
Regards
- JAYMIN DABHIReply all
Reply to author
Forward
0 new messages