Skip to content

hendriknielaender/boring

BranchesTags

Repository files navigation

boring

Warning

Still work in progress.

BoringSSL bindings for Zig.

  • boringssl is the raw translate-c module. It owns the BoringSSL source pin, CMake build, generated bindings, include paths, static link inputs, and C/C++ runtime linkage.
  • boring is the Zig wrapper module. It exposes Zig-shaped wrappers around the core BoringSSL surface while keeping internal implementation style small, explicit, and bounded.

Usage

Add this package as a dependency, then import the high-level module:

const boring = @import("boring");

The raw FFI module is also available:

const boringssl = @import("boringssl");

BoringSSL's C names are preserved in the raw module, so consumers may use declarations such as SSL_CTX_new and SSL_new when they need direct FFI.

Build Options

By default, the package builds the pinned submodule at deps/boringssl with CMake and links ssl/libssl.a plus crypto/libcrypto.a.

git submodule update --init --recursive
zig build

Common overrides:

zig build -Dboringssl-source-path=/path/to/boringssl
zig build -Dboringssl-include-path=/path/to/include
zig build -Dboringssl-lib-path=/path/to/boringssl/build
zig build -Dboringssl-cmake-build-type=Debug

-Dboringssl-lib-path expects the BoringSSL CMake build layout: ssl/libssl.a and crypto/libcrypto.a.

Patch-gated BoringSSL variants are opt-in:

zig build -Dboringssl-source-path=/path/to/patched/boringssl \
  -Dboringssl-mlkem-patch=true
zig build -Dboringssl-source-path=/path/to/patched/boringssl \
  -Dboringssl-rpk-patch=true
zig build -Dboringssl-source-path=/path/to/patched/boringssl \
  -Dboringssl-underscore-wildcards-patch=true

The patch flags select Zig wrappers and header expectations. They do not modify deps/boringssl; use a compatible patched source checkout, or pass both -Dboringssl-include-path and -Dboringssl-lib-path for prebuilt artifacts. The build validates the required patched headers and symbols before generating bindings.

Pin

The BoringSSL submodule is pinned to:

7a6e828dc53ba9a56bd49915f2a0780d63af97d2

BoringSSL revision bumps should be treated as package releases.

To update the pin:

git submodule update --remote deps/boringssl

Then update boring_ssl_revision in build.zig, run the full test suite, and commit the submodule pointer with the build-script revision.

About

BoringSSL bindings for the Zig programming language.

Topics

tls ssl zig boringssl ssl-certificate boring tls-proxy zig-library

Resources

Readme

License

MIT license
Activity

Stars

3 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 2

v0.1.1 Latest
Apr 30, 2026
+ 1 release

Contributors

Languages