[PATCH 0 of 1] Upstream: fix warning when building with BoringSSL

Alessandro Ghedini alessandro at cloudflare.com
Wed Sep 28 14:37:48 UTC 2016


On Wed, Sep 28, 2016 at 05:19:02PM +0300, Maxim Dounin wrote:
> Hello!
> 
> On Wed, Sep 28, 2016 at 03:10:46PM +0100, Alessandro Ghedini wrote:
> 
> > Hello,
> > 
> > I don't now what your current plans for supporting BoringSSL are, but its
> > API has been fairly stable for a while and this is the only change required
> > to make NGINX build with it again (the other issue with error definitions was
> > fixed in BoringSSL itself).
> > 
> > I don't think BoringSSL is going to change the API back, so NGINX migh want
> > to fix this if support for BoringSSL is desired (again, don't know your
> > opinion on this).
> > 
> > Please have a look and let me know what you think.
> 
> Quoting 
> http://mailman.nginx.org/pipermail/nginx-devel/2016-August/008680.html:
> 
> : Ok, this looks like the real reason for the patch.  This looks 
> : like an API change in BoringSSL, and should be threated 
> : accordingly.
> 
> : Given the number of various API changes BoringSSL introduces here 
> : and there - we probably don't want to follow, at least till some 
> : version is actually released.

Ok, thanks, I missed that. TBH I don't think the BoringSSL team intends to
release "proper" versions like OpenSSL does, so what you propose to wait for
might not actually ever happen.

I understand your concern of wanting to target a fixed release, but as I
mentioned (and Piotr as well) BoringSSL's API seems to have been fairly stable
for a while (except for fixes like the one for the problem mentioned in the
patch you linked, which was worked around in BoringSSL itself), and AFAIK there
aren't other similar compatibility problems left except for this build warning
(but maybe Piotr could prove me wrong on that), so it might make sense to start
looking at supporting BoringSSL again.

Cheers



More information about the nginx-devel mailing list