[Toybox] [PATCH] wget: add TLS support
Rob Landley
rob at landley.net
Sun Oct 17 12:04:57 PDT 2021
On 10/17/21 8:44 AM, Eric Molitor wrote:
> Attached is a relatively quick and certainly dirty patch to wget adding TLS
> support via libtls.
https://landley.net/toybox/design.html#:~:text=policy%20on%20shared%20libraries
> I threw this together on a plane but it's working reasonably
> well for me allowing me to remove Curl/libcurl on a few projects. I will submit
> further patches to clean up this toy as it's in pretty dire shape.
Which of the libraries in make.sh contained the https stuff? You didn't add
anything to:
for i in util crypt m resolv rt selinux smack attr crypto z log iconv
And yet it built for you? I haven't even got a tls.h in my /usr/include (except
the linux/ one), presumably I need to install a -dev for that.
> When statically building with bearssl and libtls-bearssl this adds about 175K
> which isn't too bad for a TLS 1.1/1.2 implementation.
According to make baseline/bloatcheck the one Denys Vlasenko implemented in
busybox (CONFIG_FEATURE_WGET_HTTPS) is 22,564 bytes on x86-64. It's the
networking/tls* code.
> Building with libressl's
> tls implementation expands this by about 400K but also gets you TLS 1.3 support.
> By default only TLS 1.1 and 1.2 are enabled. I'll add another configuration
> option to enable TLS 1.3.
>
> Feedback greatly appreciated.
I haven't looked at Denys' implementation closely to see what he's done. I
downloaded BearSSL, matrixssl, and Rich Felker pointed me at a library called
signify (https://github.com/aperezdc/signify) for when I get around to this todo
item, but I'm really trying to get through the shell first.
> - Eric
Rob
More information about the Toybox
mailing list