This project contains the source and the script for replacing BoringSSL with OpenSSL in Envoy.
To replace BoringSSL with OpenSSL in the Envoy proxy simply run the openssl.sh script with the location of the Envoy source and "OPENSSL" are parameters. For example:
./openssl.sh /home/workspaces/envoy OPENSSL
Envoy abstracts (WIP) the areas where BoringSSL and OpenSSL differ. Envoy provides a BoringSSL implementation of this abstraction layer. An example of the abstraction layer can be seen here.
The script modifies several of the Envoy Bazel configuration files to:
- Remove the BoringSSL dependency
- Add a dependency on OpenSSL
- Replace the local OpenSSL-based libaries, including the implementation of the absraction layer, with external libraries from this project.
- Replace the BoringSSL-based versions of Envoy dependencies with the OpenSSL-based versions (e.g. jwt_verify_lib)
This project assumes the OpenSSL libraries (i.e. libssl.a and libcrypto.a) are located in /usr/local/lib64. This location may be modified in the WORKSPACE file.