Revert "Merge pull request #108 from nox/store-clone"#120
Merged
inikulin merged 2 commits intocloudflare:masterfrom Jul 3, 2023
Merged
Revert "Merge pull request #108 from nox/store-clone"#120inikulin merged 2 commits intocloudflare:masterfrom
inikulin merged 2 commits intocloudflare:masterfrom
Conversation
inikulin
approved these changes
May 15, 2023
0x676e67
added a commit
to 0x676e67/btls
that referenced
this pull request
May 30, 2025
* Add fips-precompiled feature to support newer versions of FIPS (#338) Newer versions of FIPS don't need any special casing in our bindings, unlike the submoduled boringssl-fips. In addition, many users currently use FIPS by precompiling BoringSSL with the proper build tools and passing that in to the bindings. Until we adopt the Update Stream pattern for FIPS, there are two main use cases: 1. Passing an unmodified, precompiled FIPS validated version of boringssl (fips-precompiled) 2. Passing a custom source directory of boringssl meant to be linked with a FIPS validated bcm.o. This is mainly useful if you carry custom patches but still want to use a FIPS validated BoringCrypto. (fips-link-precompiled) This commit introduces the `fips-precompiled` feature and removes the `fips-no-compat` feature. * Release 4.16.0 (#341) * feat(x509): Implement `Clone` for `X509Store` (#339) * boring(x509): impl Clone of X509Store * expose SSL_set_compliance_policy * fix clippy error * Use ubuntu-latest for all ci jobs ubuntu 20.04 is now deprecated: actions/runner-images#11101 * add SslCurve::X25519_MLKEM768 constant * Clippy * Fix linking SystemFunction036 from advapi32 in Rust 1.87 * rustfmt ;( * build: Fix the build for 32-bit Linux platform * Update Cargo.toml * boring(ssl): use `corresponds` macro in `add_certificate_compression_algorithm` * Add `X509_STORE_CTX_get0_cert` interface This method reliably retrieves the certificate the `X509_STORE_CTX` is verifying, unlike `X509_STORE_CTX_get_current_cert`, which may return the "problematic" cert when verification fails. * Update bindgen from 0.70.1 -> 0.71.1. * Revert "feat(x509): Implement `Clone` for `X509Store` (#339)" (#353) * Revert "feat(x509): Implement `Clone` for `X509Store` (#339)" This reverts commit 49a8d09. See <cloudflare/boring#120>. * Ensure Clone is not added to X509Store * Add comment about why X509Store must not implement Clone --------- Co-authored-by: Kornel <kornel@cloudflare.com> * Release 4.17.0 (#354) * Add set_verify_param * clippy fix --------- Co-authored-by: Rushil Mehra <84047965+rushilmehra@users.noreply.github.com> Co-authored-by: Shih-Chiang Chien <shih-chiang@cloudflare.com> Co-authored-by: Rushil Mehra <rmehra@cloudflare.com> Co-authored-by: Eric Rosenberg <eric_rosenberg@apple.com> Co-authored-by: Kornel <kornel@cloudflare.com> Co-authored-by: James Larisch <jlarisch@cloudflare.com> Co-authored-by: Yury Yarashevich <yura.yaroshevich@gmail.com> Co-authored-by: Anthony Ramine <123095+nox@users.noreply.github.com>
0x676e67
added a commit
to 0x676e67/btls
that referenced
this pull request
May 30, 2025
* Add fips-precompiled feature to support newer versions of FIPS (#338) Newer versions of FIPS don't need any special casing in our bindings, unlike the submoduled boringssl-fips. In addition, many users currently use FIPS by precompiling BoringSSL with the proper build tools and passing that in to the bindings. Until we adopt the Update Stream pattern for FIPS, there are two main use cases: 1. Passing an unmodified, precompiled FIPS validated version of boringssl (fips-precompiled) 2. Passing a custom source directory of boringssl meant to be linked with a FIPS validated bcm.o. This is mainly useful if you carry custom patches but still want to use a FIPS validated BoringCrypto. (fips-link-precompiled) This commit introduces the `fips-precompiled` feature and removes the `fips-no-compat` feature. * Release 4.16.0 (#341) * feat(x509): Implement `Clone` for `X509Store` (#339) * boring(x509): impl Clone of X509Store * expose SSL_set_compliance_policy * fix clippy error * Use ubuntu-latest for all ci jobs ubuntu 20.04 is now deprecated: actions/runner-images#11101 * add SslCurve::X25519_MLKEM768 constant * Clippy * Fix linking SystemFunction036 from advapi32 in Rust 1.87 * rustfmt ;( * build: Fix the build for 32-bit Linux platform * Update Cargo.toml * boring(ssl): use `corresponds` macro in `add_certificate_compression_algorithm` * Add `X509_STORE_CTX_get0_cert` interface This method reliably retrieves the certificate the `X509_STORE_CTX` is verifying, unlike `X509_STORE_CTX_get_current_cert`, which may return the "problematic" cert when verification fails. * Update bindgen from 0.70.1 -> 0.71.1. * Revert "feat(x509): Implement `Clone` for `X509Store` (#339)" (#353) * Revert "feat(x509): Implement `Clone` for `X509Store` (#339)" This reverts commit 49a8d09. See <cloudflare/boring#120>. * Ensure Clone is not added to X509Store * Add comment about why X509Store must not implement Clone --------- Co-authored-by: Kornel <kornel@cloudflare.com> * Release 4.17.0 (#354) * Add set_verify_param * clippy fix --------- Co-authored-by: Rushil Mehra <84047965+rushilmehra@users.noreply.github.com> Co-authored-by: Shih-Chiang Chien <shih-chiang@cloudflare.com> Co-authored-by: Rushil Mehra <rmehra@cloudflare.com> Co-authored-by: Eric Rosenberg <eric_rosenberg@apple.com> Co-authored-by: Kornel <kornel@cloudflare.com> Co-authored-by: James Larisch <jlarisch@cloudflare.com> Co-authored-by: Yury Yarashevich <yura.yaroshevich@gmail.com> Co-authored-by: Anthony Ramine <123095+nox@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This reverts commit 1c1af4b, reversing changes made to da32be1.
SslContextBuilder::cert_store_mut returns a &mut X509StoreBuilder backed by a X509Store that is already shared with an existing SslContext.