[PATCH 0 of 1] Upstream: fix warning when building with BoringSSL

Maxim Dounin mdounin at mdounin.ru
Wed Sep 28 16:00:00 UTC 2016 

Hello!

On Wed, Sep 28, 2016 at 03:37:48PM +0100, Alessandro Ghedini wrote:

> On Wed, Sep 28, 2016 at 05:19:02PM +0300, Maxim Dounin wrote:
> > Hello!
> > 
> > On Wed, Sep 28, 2016 at 03:10:46PM +0100, Alessandro Ghedini wrote:
> > 
> > > Hello,
> > > 
> > > I don't now what your current plans for supporting BoringSSL are, but its
> > > API has been fairly stable for a while and this is the only change required
> > > to make NGINX build with it again (the other issue with error definitions was
> > > fixed in BoringSSL itself).
> > > 
> > > I don't think BoringSSL is going to change the API back, so NGINX migh want
> > > to fix this if support for BoringSSL is desired (again, don't know your
> > > opinion on this).
> > > 
> > > Please have a look and let me know what you think.
> > 
> > Quoting 
> > http://mailman.nginx.org/pipermail/nginx-devel/2016-August/008680.html:
> > 
> > : Ok, this looks like the real reason for the patch.  This looks 
> > : like an API change in BoringSSL, and should be threated 
> > : accordingly.
> > 
> > : Given the number of various API changes BoringSSL introduces here 
> > : and there - we probably don't want to follow, at least till some 
> > : version is actually released.
> 
> Ok, thanks, I missed that. TBH I don't think the BoringSSL team intends to
> release "proper" versions like OpenSSL does, so what you propose to wait for
> might not actually ever happen.

Sure, and I'm fine with it.

> I understand your concern of wanting to target a fixed release, but as I
> mentioned (and Piotr as well) BoringSSL's API seems to have been fairly stable
> for a while (except for fixes like the one for the problem mentioned in the
> patch you linked, which was worked around in BoringSSL itself), and AFAIK there
> aren't other similar compatibility problems left except for this build warning
> (but maybe Piotr could prove me wrong on that), so it might make sense to start
> looking at supporting BoringSSL again.

Last time I looked into BoringSSL code due to ticket #993 several 
months ago (https://trac.nginx.org/nginx/ticket/993), and my 
impression wasn't that positive.

-- 
Maxim Dounin
http://nginx.org/

More information about the nginx-devel mailing list