Anthony Ramine
Anthony Ramine
We actually need an update of BoringsSSL itself in boring-sys, which I think makes this irrelevant?
boring 5 can't work with boring-sys 4 if it uses new APIs that are only present in boring-sys 5.
Because AFAIK we haven't bumped BoringSSL in boring-sys yet.
As an example, the BoringSSL bump I'm working on needs changes to `boring-pq.patch`, and it now includes a new function `SSL_use_second_keyshare`.
#197 breaks FIPS.
thinking twice about this I don’t understand why we want boring 5 to be compatible with boring-sys 4. I think it would be preferable to make boring 4 compatible with...
Ugh ``` /Users/runner/work/boring/boring/target/x86_64-unknown-linux-gnu/debug/build/boring-sys-a316eb4dd2685ac9/out/boringssl/crypto/asn1/a_strex.cc:53:41: note: 'PRIX32' is defined in header ''; did you forget to '#include '? 53 | snprintf(buf, sizeof(buf), "\\U%04" PRIX32, c); | ^~~~~~ ```
`inttypes.h` on some platforms is explicitly designed to not define `PRIX32` and friends for C++ without `__STDC_FORMAT_MACROS`. BoringSSL itself is aware of it but I guess it never gets built...
The Android, MinGW and MSVC builds are all failing at link-time. Android and MinGW missing symbols from the C++ runtime (which is now mandatory). MSVC is missing `__imp___CrtDbgReport`.
Using `CMAKE_MSVC_RUNTIME_LIBRARY` fixed the MSVC builds.