diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 000000000..a7bce3105
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1 @@
+*.toml text eol=lf
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 77c85a4d2..a15565193 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -28,6 +28,8 @@ jobs:
   clippy:
     name: clippy
     runs-on: ubuntu-latest
+    env:
+      CARGO_HOME: ${{ github.workspace }}/.cache/cargo
     steps:
       - uses: actions/checkout@v4
         with:
@@ -36,15 +38,17 @@ jobs:
         run: rustup toolchain add stable --no-self-update --component clippy && rustup default stable
       - name: Get rust version
         id: rust-version
+        shell: bash
         run: |
           echo "version=$(rustc --version)" >> $GITHUB_OUTPUT
       - name: Cache cargo index
         uses: actions/cache@v4
         with:
           path: |
-            ~/.cargo/registry/index
-            ~/.cargo/registry/cache
+            .cache/cargo/registry/index
+            .cache/cargo/registry/cache
           key: index-${{ steps.rust-version.outputs.version }}-${{ hashFiles('Cargo.toml') }}
+          enableCrossOsArchive: true
       - name: Fetch dependencies
         run: cargo fetch
       - name: Cache target directory
@@ -65,6 +69,7 @@ jobs:
       matrix:
         thing:
         - stable
+        - i686-mingw
         - arm-android
         - arm64-android
         - i686-android
@@ -176,6 +181,16 @@ jobs:
             LIBRARY_PATH: "C:\\msys64\\usr\\lib"
           # CI's Windows doesn't have required root certs
           extra_test_args: --workspace --exclude tokio-boring --exclude hyper-boring
+        - thing: i686-mingw
+          target: i686-pc-windows-gnu
+          rust: stable
+          os: windows-latest
+          check_only: true
+          custom_env:
+            CMAKE_GENERATOR: "MinGW Makefiles"
+            COLLECT_GCC: null
+          # CI's Windows doesn't have required root certs
+          extra_test_args: --workspace --exclude tokio-boring --exclude hyper-boring
         - thing: i686-msvc
           target: i686-pc-windows-msvc
           rust: stable-x86_64-msvc
@@ -188,15 +203,29 @@ jobs:
           os: windows-latest
           # CI's Windows doesn't have required root certs
           extra_test_args: --workspace --exclude tokio-boring --exclude hyper-boring
-
+    env:
+      CARGO_HOME: ${{ github.workspace }}/.cache/cargo
     steps:
+    - run: git config --global core.autocrlf input || true
     - uses: actions/checkout@v4
       with:
         submodules: 'recursive'
     - name: Install Rust (rustup)
-      run: rustup update ${{ matrix.rust }} --no-self-update && rustup default ${{ matrix.rust }}
+      run: rustup update ${{ matrix.rust }} --no-self-update && rustup default ${{ matrix.rust }} && rustup target add ${{ matrix.target }}
       shell: bash
-    - run: rustup target add ${{ matrix.target }}
+    - name: Get rust version
+      id: rust-version
+      shell: bash
+      run: |
+        echo "version=$(rustc --version)" >> $GITHUB_OUTPUT
+    - name: Prepopulate cargo index
+      uses: actions/cache/restore@v4
+      with:
+        path: |
+          .cache/cargo/registry/index
+          .cache/cargo/registry/cache
+        key: index-${{ steps.rust-version.outputs.version }}-${{ hashFiles('Cargo.toml') }}
+        enableCrossOsArchive: true
     - name: Install golang
       uses: actions/setup-go@v5
       with:
@@ -209,6 +238,32 @@ jobs:
       if: startsWith(matrix.os, 'windows')
       run: choco install nasm
       shell: cmd
+    - name: Setup 32-bit MSYS2
+      if: matrix.thing == 'i686-mingw'
+      uses: msys2/setup-msys2@v2
+      id: msys2
+      with:
+        msystem: MINGW32
+        path-type: inherit
+        install: >-
+          mingw-w64-i686-gcc
+          mingw-w64-i686-cmake
+    - name: Setup 32-bit MSYS2 Env vars
+      if: matrix.thing == 'i686-mingw'
+      shell: bash
+      run: |
+        MSYS_ROOT='${{ steps.msys2.outputs.msys2-location }}'
+        test -d "$MSYS_ROOT\\mingw32\\bin"
+        echo >> $GITHUB_PATH "$MSYS_ROOT\\mingw32\\bin"
+        echo >> $GITHUB_PATH "$MSYS_ROOT\\usr\\bin"
+        echo >> $GITHUB_ENV CC="$MSYS_ROOT\\mingw32\\bin\\gcc"
+        echo >> $GITHUB_ENV CXX="$MSYS_ROOT\\mingw32\\bin\\g++"
+        echo >> $GITHUB_ENV AR="$MSYS_ROOT\\mingw32\\bin\\ar"
+        echo >> $GITHUB_ENV CFLAGS="-mlong-double-64 -I$MSYS_ROOT\\mingw32\\include"
+        echo >> $GITHUB_ENV CXXFLAGS="-mlong-double-64 -I$MSYS_ROOT\\mingw32\\include"
+        echo >> $GITHUB_ENV BINDGEN_EXTRA_CLANG_ARGS="-mlong-double-64 -I$MSYS_ROOT\\mingw32\\include"
+        echo >> $GITHUB_ENV LIBRARY_PATH="$MSYS_ROOT\\mingw32\\lib"
+        echo >> $GITHUB_ENV LDFLAGS="-L$MSYS_ROOT\\mingw32\\lib"
     - name: Install LLVM and Clang
       if: startsWith(matrix.os, 'windows')
       uses: KyleMayes/install-llvm-action@v1
@@ -221,25 +276,14 @@ jobs:
     - name: Set Android Linker path
       if: endsWith(matrix.thing, '-android')
       run: echo "CARGO_TARGET_$(echo ${{ matrix.target }} | tr \\-a-z _A-Z)_LINKER=$ANDROID_NDK/toolchains/llvm/prebuilt/linux-x86_64/bin/$(echo ${{ matrix.target }} | sed s/armv7/armv7a/)21-clang++" >> "$GITHUB_ENV"
-    - name: Get rust version
-      id: rust-version
-      run: |
-        echo "version=$(rustc --version)" >> $GITHUB_OUTPUT
-    - name: Prepopulate cargo index
-      uses: actions/cache/restore@v4
-      with:
-        path: |
-          ~/.cargo/registry/index
-          ~/.cargo/registry/cache
-        key: index-${{ steps.rust-version.outputs.version }}-${{ hashFiles('Cargo.toml') }}
     - name: Build tests
       # We `build` because we want the linker to verify we are cross-compiling correctly for check-only targets.
-      run: cargo build --target ${{ matrix.target }} --tests ${{ matrix.extra_test_args }}
+      run: cargo build -v --target ${{ matrix.target }} --tests ${{ matrix.extra_test_args }}
       shell: bash
       env: ${{ matrix.custom_env }}
     - name: Run tests (skip=${{ matrix.check_only }})
       if: "!matrix.check_only"
-      run: cargo test --target ${{ matrix.target }} ${{ matrix.extra_test_args }}
+      run: cargo test -v --target ${{ matrix.target }} ${{ matrix.extra_test_args }} -- --no-capture --test-threads=1
       shell: bash
       env: ${{ matrix.custom_env }}
     - name: Test boring-sys cargo publish
@@ -253,7 +297,9 @@ jobs:
       #
       # Both of these may no longer be the case after updating the BoringSSL
       # submodules to a new revision, so it's important to test this on CI.
-      run: cargo publish --dry-run -p boring-sys
+      run: cargo publish --dry-run --target ${{ matrix.target }} -p boring-sys
+      shell: bash
+      env: ${{ matrix.custom_env }}
 
   test-fips:
     name: Test FIPS integration
diff --git a/boring-sys/build/main.rs b/boring-sys/build/main.rs
index 798d5984b..18d8d0ebd 100644
--- a/boring-sys/build/main.rs
+++ b/boring-sys/build/main.rs
@@ -679,6 +679,7 @@ fn generate_bindings(config: &Config) {
         "curve25519.h",
         "des.h",
         "dtls1.h",
+        "err.h",
         "hkdf.h",
         "hpke.h",
         "hmac.h",
@@ -709,7 +710,13 @@ fn generate_bindings(config: &Config) {
         .write(Box::new(&mut source_code))
         .expect("Couldn't serialize bindings!");
     ensure_err_lib_enum_is_named(&mut source_code);
-    fs::write(config.out_dir.join("bindings.rs"), source_code).expect("Couldn't write bindings!");
+    fs::write(config.out_dir.join("bindings.rs"), &source_code).expect("Couldn't write bindings!");
+    assert!(
+        std::str::from_utf8(&source_code)
+            .unwrap()
+            .contains("ERR_set_error_data"),
+        "includes lack definition of ERR_set_error_data: {include_path:?}"
+    );
 }
 
 /// err.h has anonymous `enum { ERR_LIB_NONE = 1 }`, which makes a dodgy `_bindgen_ty_1` name