Skip to content

sync upstream#74

Merged
0x676e67 merged 20 commits intomasterfrom
sync
May 30, 2025
Merged

sync upstream#74
0x676e67 merged 20 commits intomasterfrom
sync

Conversation

@0x676e67
Copy link
Copy Markdown
Owner

@0x676e67 0x676e67 commented May 30, 2025

continue: #72

rushilmehra and others added 20 commits March 31, 2025 12:34
@rushilmehra
Add fips-precompiled feature to support newer versions of FIPS (#338)
721b6fc 
Newer versions of FIPS don't need any special casing in our bindings,
unlike the submoduled boringssl-fips. In addition, many users currently
use FIPS by precompiling BoringSSL with the proper build tools and
passing that in to the bindings.

Until we adopt the Update Stream pattern for FIPS, there are two main
use cases:

1. Passing an unmodified, precompiled FIPS validated version of
   boringssl (fips-precompiled)

2. Passing a custom source directory of boringssl meant to be linked
   with a FIPS validated bcm.o. This is mainly useful if you carry
   custom patches but still want to use a FIPS validated BoringCrypto.
   (fips-link-precompiled)

This commit introduces the `fips-precompiled` feature and removes the
`fips-no-compat` feature.
@rushilmehra
Release 4.16.0 (#341)
20ad266
@0x676e67
feat(x509): Implement Clone for X509Store (#339)
49a8d09 
* boring(x509): impl Clone of X509Store
@schien @rushilmehra
expose SSL_set_compliance_policy
220bedf
@schien @rushilmehra
fix clippy error
b29537e
@rushilmehra
Use ubuntu-latest for all ci jobs
9c4ea22 
ubuntu 20.04 is now deprecated:
actions/runner-images#11101
@ehaydenr @kornelski
add SslCurve::X25519_MLKEM768 constant
9b34d35
@kornelski
Clippy
23863ff
@kornelski
Fix linking SystemFunction036 from advapi32 in Rust 1.87
0327dd0
@kornelski
rustfmt ;(
3ab8b53
@0x676e67 @rushilmehra
build: Fix the build for 32-bit Linux platform
eb48ab9
@0x676e67 @rushilmehra
Update Cargo.toml
15281c7
@0x676e67 @rushilmehra
boring(ssl): use corresponds macro in `add_certificate_compression_…
6e35abb 
…algorithm`
@semaj-cf @kornelski
Add X509_STORE_CTX_get0_cert interface
eefc7b7 
This method reliably retrieves the certificate the `X509_STORE_CTX` is
verifying, unlike `X509_STORE_CTX_get_current_cert`, which may return
the "problematic" cert when verification fails.
@mstyura @kornelski
Update bindgen from 0.70.1 -> 0.71.1.
4ea82a2
@nox @kornelski
Revert "feat(x509): Implement Clone for X509Store (#339)" (#353)
5609252 
* Revert "feat(x509): Implement `Clone` for `X509Store` (#339)"

This reverts commit 49a8d09.

See <cloudflare/boring#120>.

* Ensure Clone is not added to X509Store

* Add comment about why X509Store must not implement Clone

---------

Co-authored-by: Kornel <kornel@cloudflare.com>
@nox
Release 4.17.0 (#354)
5e8aaf6
@semaj-cf @bwesterb
Add set_verify_param
e99d162
@0x676e67
Merge remote-tracking branch 'upstream/master' into sync
6169bcd
@0x676e67
clippy fix
4fd641f
@0x676e67 0x676e67 merged commit 0f2461a into master May 30, 2025
41 checks passed
@0x676e67 0x676e67 deleted the sync branch June 7, 2025 01:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

8 participants

@0x676e67 @rushilmehra @schien @ehaydenr @kornelski @semaj-cf @mstyura @nox