Skip to content

Remove "pq-experimental" and "underscore-wildcards" features #391

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
cjpatton wants to merge 1 commit into from
Closed

Remove "pq-experimental" and "underscore-wildcards" features #391

cjpatton wants to merge 1 commit into from

Conversation

@cjpatton
Copy link
Collaborator

@cjpatton cjpatton commented Sep 29, 2025

When set, these features cause boring-sys to apply patches to the source before building BoringSSL. Instead, apply these patches unconditionally. This matches the semantcis of pre-compiled BoringSSL, where the library is expected to provide the features implemented by these patches.

We might want to do the same for "rpk", but currenlty our internal build of boringSSL doesn't appear to supply the following APIs:

ffi::SSL_CTX_set_nullchain_and_key
ffi::SSL_CTX_set_server_raw_public_key_certificate

@cjpatton cjpatton added the v5 label Sep 29, 2025
@cjpatton cjpatton marked this pull request as ready for review September 30, 2025 00:25
@cjpatton
Copy link
Collaborator Author

cjpatton commented Sep 30, 2025

Note: The CI failure appears to be due to an unrelated issue: #392

@bwesterb bwesterb mentioned this pull request Sep 30, 2025
Closed
@cjpatton cjpatton force-pushed the cjpatton/drop-pq-experimental branch from 9f00d5c to 379450a Compare September 30, 2025 14:32
@cjpatton
Remove "pq-experimental" and "underscore-wildcards" features
bfdee23 
When set, these features cause boring-sys to apply patches to the source
before building BoringSSL. Instead, apply these patches unconditionally.
This matches the semantcis of pre-compiled BoringSSL, where the library
is expected to provide the features implemented by these patches.

We might want to do the same for "rpk", but currenlty our internal build
of boringSSL doesn't appear to supply the following APIs:

```
ffi::SSL_CTX_set_nullchain_and_key
ffi::SSL_CTX_set_server_raw_public_key_certificate
```
@cjpatton cjpatton force-pushed the cjpatton/drop-pq-experimental branch from 379450a to bfdee23 Compare September 30, 2025 15:18
@cjpatton
Copy link
Collaborator Author

cjpatton commented Sep 30, 2025

Per offline discussion with @ghedo: We're not in a position right now internally to ensure that every build of boringSSL in use implements the same feature set. Dropping the "underscore-wildcards" in particular would cause some grief.

@cjpatton cjpatton closed this Sep 30, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

v5

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@cjpatton