I am trying to use BoringSSL in a client that talks to the server which uses OpenSSL. Both the client and server are sitting in internal network and communicate with private ip address (192.168.x.x). One of the two functions exposed by BoringSSL library to create a SSL connection with SSL_CTX_new()
is TLS_with_buffers_method()
. I have tried this function and it failed to establish with my OpenSSL server because the certificate from server is self-signed.
According to BoringSSL's porting guide below, it avoids creating X509 objects.
"The function TLS_with_buffers_method returns an SSL_METHOD that avoids creating X509 objects for certificates. Additionally, SSL_CTX_set0_buffer_pool can be used to install a pool on an SSL_CTX so that certificates can be deduplicated across connections and across SSL_CTXs."
However my server uses OpenSSL is using a certificate created with x509 and is self-signed. I am not familiar with details of SSL certificate. From this post looks like x509 is required for self-signed.
Does it mean if I have to use self-signed certificate BoringSSL might not be an option here?