Google takes OpenSSL and turns it into BoringSSL

Since the revelations surrounding the Heartbleed bug, which put hundreds of thousands of websites at risk earlier this year, a consortium from across the industry launched the Core Infrastructure Initiative to manage the code base of OpenSSL. In addition to an existing fork called LibreSSL being developed outside the initiative, Google is developing its own version of OpenSSL - the BoringSSL - to include patches from the other two code bases without replacing either one.

The project, isn't designed to replace OpenSSL, wrote Adam Langley, a Google software engineer, on his personal blog. Google will contribute its changes to the OpenSSL open-source project and use bug fixes from that team, he wrote.

"We have used a number of patches on top of OpenSSL for many years. Some of them have been accepted into the main OpenSSL repository, but many of them don't mesh with OpenSSL's guarantee of API and ABI stability and many of them are a little too experimental," Langley wrote in a blog post.

Having written more than 70 patches that are used across multiple platforms, the effort to maintain these for Android and Chrome has become too much.

"We are not aiming to replace OpenSSL as an open-source project. We will still be sending them bug fixes when we find them and we will be importing changes from upstream," Langley added.

Read more -here-

• Tesla recalls new Cybertrucks over accelerator hazard
• Comcast rolls out 'Now' prepaid phone and internet plans
• Logitech adds ChatGPT button to hardware
• Boston Dynamics retires its hydraulic humanoid robot Atlas
• Microsoft starts testing ads in the Windows 11 Start menu
• Apple warns of iPhone 'mercenary spyware attack' across 92 countries