Hi Roman,
> It looks like this library is not super popular, but the patch is relatively
> large.
Perhaps it's not as widely used as the forks that started ~10 years ago,
but it's basically a version of BoringSSL that's more suitable to use with
NGINX than BoringSSL itself:
- it ships releases and it's versioned,
- it supports OCSP stapling,
- it supports multiple TLS certificates,
- it supports big endian platforms supported by NGINX.
Also, the patch is pretty small.
> Also, compiling nginx with -DOPENSSL_IS_BORINGSSL should probably solve
> the issue.
For the time being, probably, but AWS folks are actively developing it,
so I'd expect it to led to issues sooner rather than later.
Best regards,
Piotr Sikora
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel