[Toybox] Apache TLS implementation?
Isaac Dunham
ibid.ag at gmail.com
Mon Jul 20 22:07:56 PDT 2015
On Mon, Jul 20, 2015 at 10:52:48PM -0500, Rob Landley wrote:
> > Since you mention dropbear...I noticed work on an Alpine package for tinyssh;
> > apparently that's actually got useable code, though they don't recommend
> > any use other than testing yet.
>
> Last time we looked at that it _really_ wasn't ripe:
>
> http://www.landley.net/notes-2014.html#31-03-2014
> https://twitter.com/gnomon/status/444978247286026241
> http://lists.landley.net/pipermail/toybox-landley.net/2014-June/003468.html
>
> Dropbear's good enough I haven't looked very hard for a replacement, the
> problem was always it didn't do https...
It only got worthy of mention in the last month or two.
Still pretty limited as far as what it's compatible with.
> >>> FWIW, axtls includes an "axssl" command that's compatible with the commonly
> >>> used portion of openssl's syntax.
> >>
> >> Good to know, but axtls.sourceforge.net went away with the rest of
> >> sourceforge when they had their "hard drive crash" last week.
> >
> > Crud. I hadn't heard of that.
>
> http://www.techrepublic.com/article/its-time-to-go-away-sourceforge/
> http://www.theregister.co.uk/2015/07/17/souceforge_titsup/
> http://www.theregister.co.uk/2015/07/19/sourceforge_storage_fault/
>
> Total coincidence, I'm sure.
I'd read the criticism, but not the crash.
FWIW:
https://www.mirrorservice.org/sites/download.sourceforge.net/pub/sourceforge/
^mirror of the download stuff
> > There is a mirror somewhere on github, and I've done some small patches based
> > off that...
> > Ah, there: github.com/SuperHouse/axtls
> > I need to push mine to github sometime.
> > Upstream wasn't very active; I think that repo has the last commits from it.
>
> A mirror of the webpage would be nice. (And was there a mailing list?)
I don't know what the story with the website was.
The community was extremely inactive, though the original maintainer
had just added a second maintainer (inactive as in "you might get a mail
from the list this month".)
But when I found axTLS, the other TLS stacks were almost entirely
GPL+FOSS-only linking exception; PolarSSL had been relicensed to GPL
and the TropicSSL fork hadn't been fixed yet, libressl hadn't been
released yet--and I think it's still got OpenSSL code, which is all
under a generally incompatible though vaguely BSD-like license that
would have made it a no-go had there been any alternatives at the
time...
I know about tomcrypt and the whole nacl family (by the way, libsodium
is the version that doesn't "hate you, personally").
But the only info I have about anything TLS is that wpa_supplicant
can use a small TLS implementation based on libtomcrypt internally.
...
I just found this:
https://www.mirrorservice.org/sites/download.sourceforge.net/pub/sourceforge/t/ti/tinydtls/r5/tinydtls-0.8.2.tar.gz
which *isn't* TLS, but DTLS (TLS modified to work with UDP).
MIT-style license.
> I was curious what the license of this package was, so I googled and
> found a different tls mirror last email, and the git repo doesn't have
> an obvious license label (possibly I just don't know how to navigate
> github's web stuff). The README says "See www/index.html for the README,
> CHANGELOG, LICENSE and other notes." The www/index.html file is 7000
> lines of javascript (a copy of "tiddlywiki") with no actual content that
> I can spot.
>
> Further googling found http://www.freshports.org/security/axTLS/ which
> claims it's 3BSD, but I can't say my impression of the project was "easy
> to use, well supported by an exisiting community"...
The original site stated that it was 3-clause BSD also.
Said original site is dead.
Thanks,
Isaac Dunham
1437455276.0
More information about the Toybox
mailing list