Forward port 5.0: Support boringssl SSLCredential API#16302
Merged
normanmaurer merged 1 commit into5.0from Feb 19, 2026
Merged
Conversation
Motivation: Historically, BoringSSL lacked a built-in method to select between RSA and ECDSA certificates. The selection process, especially at TLS 1.2, is quite complex, as detailed in [this link](https://boringssl.googlesource.com/boringssl/+/5a3faaa2d50b2540c6973531841723f633f388cd/ssl/test/runner/runner.go#19669). TLS 1.3 simplifies this process significantly. Additionally, within ECDSA, there are different curves to consider, and future developments will introduce post-quantum key types. The SSL Credential API was introduced to BoringSSL to address this and a variety of other certificate negotiation decisions, such as: Different kinds of credentials ([delegate credentials](https://www.rfc-editor.org/rfc/rfc9345.html), [raw public keys](https://www.rfc-editor.org/rfc/rfc7250.html), [external PSKs](https://www.rfc-editor.org/rfc/rfc9258.html), and more [future innovations](https://davidben.github.io/merkle-tree-certs/draft-davidben-tls-merkle-tree-certs.html). [Negotiation for trust anchors](https://github.com/davidben/tls-trust-expressions/blob/main/explainer.md) to aid in PQ transitions and PKI agility. Modification: Introduce high level APIs leveraging the most useful bindings introduced in netty/netty-tcnative#935 ```java OpenSslCredential credential = OpenSslCredentialBuilder.newX509(privateKey, chain) .trustAnchorId(anchorId) .mustMatchIssuer(true) .build(); ``` Result: There are two main immediate use cases to this API First, it is now possible to delegate all the complexity of EC/RSA serving to BoringSSL. ```java OpenSslCredential ecdsaCred = buildEcdsaCredential(); SslContext ctx = SslContextBuilder.forServer(rsaKey, rsaCert) .sslProvider(SslProvider.OPENSSL_REFCNT) .credential(ecdsaCred) .build(); ``` This mechanism will also be useful to allow clients to negotiate trust anchors via https://github.com/tlswg/tls-trust-anchor-ids. For example, a modern client may request for a more efficient or more secure chain while legacy clients can still receive the less secure / less efficient fallback cert. depends on netty/netty-tcnative#949 --------- Co-authored-by: Norman Maurer <norman_maurer@apple.com> Co-authored-by: Chris Vest <christianvest_hansen@apple.com> (cherry picked from commit a40fb71)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Forward port of #15919 to 5.0
Cherry-picked commit: a40fb71
Motivation:
Historically, BoringSSL lacked a built-in method to select between RSA and ECDSA certificates. The selection process, especially at TLS 1.2, is quite complex, as detailed in this link. TLS 1.3 simplifies this process significantly. Additionally, within ECDSA, there are different curves to consider, and future developments will introduce post-quantum key types. The SSL Credential API was introduced to BoringSSL to address this and a variety of other certificate negotiation decisions, such as:
Different kinds of credentials (delegate credentials, raw public keys, external PSKs, and more future innovations.
Negotiation for trust anchors to aid in PQ transitions and PKI agility.
Modification:
Introduce high level APIs leveraging the most useful bindings introduced in netty/netty-tcnative#935
Result:
There are two main immediate use cases to this API
First, it is now possible to delegate all the complexity of EC/RSA serving to BoringSSL.
This mechanism will also be useful to allow clients to negotiate trust anchors via https://github.com/tlswg/tls-trust-anchor-ids. For example, a modern client may request for a more efficient or more secure chain while legacy clients can still receive the less secure / less efficient fallback cert.
depends on netty/netty-tcnative#949