Support boringssl SSLCredential API#935
Merged
normanmaurer merged 34 commits intonetty:mainfrom Aug 15, 2025
Merged
Conversation
|
@normanmaurer: If you could PTAL. Curious if you have a different design suggestion? This should pave the path for PQC support in |
normanmaurer
requested changes
Jun 27, 2025
Member
normanmaurer
left a comment
There was a problem hiding this comment.
First round of review...
Co-authored-by: Norman Maurer <norman_maurer@apple.com>
Co-authored-by: Norman Maurer <norman_maurer@apple.com>
Co-authored-by: Norman Maurer <norman_maurer@apple.com>
…turn for non-getters
chrisvest
requested changes
Jun 27, 2025
# Conflicts: # openssl-dynamic/src/main/c/sslcontext.c
normanmaurer
requested changes
Jun 28, 2025
openssl-classes/src/main/java/io/netty/internal/tcnative/SSLCredential.java
Show resolved
Hide resolved
openssl-classes/src/main/java/io/netty/internal/tcnative/SSLCredential.java
Show resolved
Hide resolved
openssl-classes/src/main/java/io/netty/internal/tcnative/SSLCredential.java
Outdated
Show resolved
Hide resolved
…edential.java Co-authored-by: Norman Maurer <norman_maurer@apple.com>
…edential.java Co-authored-by: Norman Maurer <norman_maurer@apple.com>
…edential.java Co-authored-by: Norman Maurer <norman_maurer@apple.com>
Co-authored-by: Norman Maurer <norman_maurer@apple.com>
Co-authored-by: Norman Maurer <norman_maurer@apple.com>
Co-authored-by: Norman Maurer <norman_maurer@apple.com>
Co-authored-by: Norman Maurer <norman_maurer@apple.com>
Co-authored-by: Norman Maurer <norman_maurer@apple.com>
Co-authored-by: Norman Maurer <norman_maurer@apple.com>
Co-authored-by: Norman Maurer <norman_maurer@apple.com>
Co-authored-by: Norman Maurer <norman_maurer@apple.com>
Co-authored-by: Norman Maurer <norman_maurer@apple.com>
Co-authored-by: Norman Maurer <norman_maurer@apple.com>
Co-authored-by: Norman Maurer <norman_maurer@apple.com>
Co-authored-by: Norman Maurer <norman_maurer@apple.com>
Co-authored-by: Norman Maurer <norman_maurer@apple.com>
Co-authored-by: Norman Maurer <norman_maurer@apple.com>
Co-authored-by: Norman Maurer <norman_maurer@apple.com>
Contributor
Author
|
@normanmaurer @chrisvest the first rounds of feedback should be addressed; I'm not sure if the centos6 build failure is related to my change. |
chrisvest
approved these changes
Jul 18, 2025
Member
|
I think this looks good. Sorry it took a while to get back to reviewing it again. |
Contributor
Author
|
@chrisvest thank you for the review, I can look into integrating this once it merges. @normanmaurer the requested changes is still showing from the first round review, I'm not sure if that's blocking or not for this repo |
Contributor
Author
|
@normanmaurer would you be able to take another look this week? |
Member
|
@jmcrawford45 I am currently on PTO... will check once back |
This was referenced Nov 20, 2025
normanmaurer
added a commit
to netty/netty
that referenced
this pull request
Feb 18, 2026
Motivation: Historically, BoringSSL lacked a built-in method to select between RSA and ECDSA certificates. The selection process, especially at TLS 1.2, is quite complex, as detailed in [this link](https://boringssl.googlesource.com/boringssl/+/5a3faaa2d50b2540c6973531841723f633f388cd/ssl/test/runner/runner.go#19669). TLS 1.3 simplifies this process significantly. Additionally, within ECDSA, there are different curves to consider, and future developments will introduce post-quantum key types. The SSL Credential API was introduced to BoringSSL to address this and a variety of other certificate negotiation decisions, such as: Different kinds of credentials ([delegate credentials](https://www.rfc-editor.org/rfc/rfc9345.html), [raw public keys](https://www.rfc-editor.org/rfc/rfc7250.html), [external PSKs](https://www.rfc-editor.org/rfc/rfc9258.html), and more [future innovations](https://davidben.github.io/merkle-tree-certs/draft-davidben-tls-merkle-tree-certs.html). [Negotiation for trust anchors](https://github.com/davidben/tls-trust-expressions/blob/main/explainer.md) to aid in PQ transitions and PKI agility. Modification: Introduce high level APIs leveraging the most useful bindings introduced in netty/netty-tcnative#935 ```java OpenSslCredential credential = OpenSslCredentialBuilder.newX509(privateKey, chain) .trustAnchorId(anchorId) .mustMatchIssuer(true) .build(); ``` Result: There are two main immediate use cases to this API First, it is now possible to delegate all the complexity of EC/RSA serving to BoringSSL. ```java OpenSslCredential ecdsaCred = buildEcdsaCredential(); SslContext ctx = SslContextBuilder.forServer(rsaKey, rsaCert) .sslProvider(SslProvider.OPENSSL_REFCNT) .credential(ecdsaCred) .build(); ``` This mechanism will also be useful to allow clients to negotiate trust anchors via https://github.com/tlswg/tls-trust-anchor-ids. For example, a modern client may request for a more efficient or more secure chain while legacy clients can still receive the less secure / less efficient fallback cert. depends on netty/netty-tcnative#949 --------- Co-authored-by: Norman Maurer <norman_maurer@apple.com> Co-authored-by: Chris Vest <christianvest_hansen@apple.com>
netty-project-bot
pushed a commit
to netty/netty
that referenced
this pull request
Feb 18, 2026
Motivation: Historically, BoringSSL lacked a built-in method to select between RSA and ECDSA certificates. The selection process, especially at TLS 1.2, is quite complex, as detailed in [this link](https://boringssl.googlesource.com/boringssl/+/5a3faaa2d50b2540c6973531841723f633f388cd/ssl/test/runner/runner.go#19669). TLS 1.3 simplifies this process significantly. Additionally, within ECDSA, there are different curves to consider, and future developments will introduce post-quantum key types. The SSL Credential API was introduced to BoringSSL to address this and a variety of other certificate negotiation decisions, such as: Different kinds of credentials ([delegate credentials](https://www.rfc-editor.org/rfc/rfc9345.html), [raw public keys](https://www.rfc-editor.org/rfc/rfc7250.html), [external PSKs](https://www.rfc-editor.org/rfc/rfc9258.html), and more [future innovations](https://davidben.github.io/merkle-tree-certs/draft-davidben-tls-merkle-tree-certs.html). [Negotiation for trust anchors](https://github.com/davidben/tls-trust-expressions/blob/main/explainer.md) to aid in PQ transitions and PKI agility. Modification: Introduce high level APIs leveraging the most useful bindings introduced in netty/netty-tcnative#935 ```java OpenSslCredential credential = OpenSslCredentialBuilder.newX509(privateKey, chain) .trustAnchorId(anchorId) .mustMatchIssuer(true) .build(); ``` Result: There are two main immediate use cases to this API First, it is now possible to delegate all the complexity of EC/RSA serving to BoringSSL. ```java OpenSslCredential ecdsaCred = buildEcdsaCredential(); SslContext ctx = SslContextBuilder.forServer(rsaKey, rsaCert) .sslProvider(SslProvider.OPENSSL_REFCNT) .credential(ecdsaCred) .build(); ``` This mechanism will also be useful to allow clients to negotiate trust anchors via https://github.com/tlswg/tls-trust-anchor-ids. For example, a modern client may request for a more efficient or more secure chain while legacy clients can still receive the less secure / less efficient fallback cert. depends on netty/netty-tcnative#949 --------- Co-authored-by: Norman Maurer <norman_maurer@apple.com> Co-authored-by: Chris Vest <christianvest_hansen@apple.com> (cherry picked from commit a40fb71)
normanmaurer
added a commit
to netty/netty
that referenced
this pull request
Feb 19, 2026
Forward port of #15919 to 5.0 Cherry-picked commit: a40fb71 --- Motivation: Historically, BoringSSL lacked a built-in method to select between RSA and ECDSA certificates. The selection process, especially at TLS 1.2, is quite complex, as detailed in [this link](https://boringssl.googlesource.com/boringssl/+/5a3faaa2d50b2540c6973531841723f633f388cd/ssl/test/runner/runner.go#19669). TLS 1.3 simplifies this process significantly. Additionally, within ECDSA, there are different curves to consider, and future developments will introduce post-quantum key types. The SSL Credential API was introduced to BoringSSL to address this and a variety of other certificate negotiation decisions, such as: Different kinds of credentials ([delegate credentials](https://www.rfc-editor.org/rfc/rfc9345.html), [raw public keys](https://www.rfc-editor.org/rfc/rfc7250.html), [external PSKs](https://www.rfc-editor.org/rfc/rfc9258.html), and more [future innovations](https://davidben.github.io/merkle-tree-certs/draft-davidben-tls-merkle-tree-certs.html). [Negotiation for trust anchors](https://github.com/davidben/tls-trust-expressions/blob/main/explainer.md) to aid in PQ transitions and PKI agility. Modification: Introduce high level APIs leveraging the most useful bindings introduced in netty/netty-tcnative#935 ```java OpenSslCredential credential = OpenSslCredentialBuilder.newX509(privateKey, chain) .trustAnchorId(anchorId) .mustMatchIssuer(true) .build(); ``` Result: There are two main immediate use cases to this API First, it is now possible to delegate all the complexity of EC/RSA serving to BoringSSL. ```java OpenSslCredential ecdsaCred = buildEcdsaCredential(); SslContext ctx = SslContextBuilder.forServer(rsaKey, rsaCert) .sslProvider(SslProvider.OPENSSL_REFCNT) .credential(ecdsaCred) .build(); ``` This mechanism will also be useful to allow clients to negotiate trust anchors via https://github.com/tlswg/tls-trust-anchor-ids. For example, a modern client may request for a more efficient or more secure chain while legacy clients can still receive the less secure / less efficient fallback cert. depends on netty/netty-tcnative#949 Co-authored-by: Jared Crawford <jmcrawford45@gmail.com> Co-authored-by: Norman Maurer <norman_maurer@apple.com> Co-authored-by: Chris Vest <christianvest_hansen@apple.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation:
Historically, BoringSSL lacked a built-in method to select between RSA and ECDSA certificates. The selection process, especially at TLS 1.2, is quite complex, as detailed in this link. TLS 1.3 simplifies this process significantly. Additionally, within ECDSA, there are different curves to consider, and future developments will introduce post-quantum key types. Recently, the SSL Credential API was introduced to BoringSSL to address this and a variety of other certificate negotiation decisions, such as:
Different kinds of credentials (delegate credentials, raw public keys, external PSKs, and more future innovations.
Negotiation for trust anchors to aid in PQ transitions and PKI agility.
Modifications:
Add JNI bindings for all the existing SSL_Credential related functionality in BoringSSL.
Result:
The SSL_CREDENTIAL consolidates everything related to a single "credential" into an object. Credentials can vary in type, such as X.509 certificates or others. Each credential has criteria, based on TLS protocol rules, to determine its applicability to a connection. Users configure an ordered preference list of credentials, and BoringSSL selects the first matching one.
This approach can be used alongside application-specific selection logic, like SNI dispatch. End users would use their criteria to select a list of candidates, such as an ECDSA and RSA certificate for a host, configure them in preference order with BoringSSL, and BoringSSL will evaluate them according to protocol rules.
Implements #918