[Toybox] [PATCH] wget: add TLS support

Eric Molitor emolitor at molitor.org
Sun Oct 17 12:48:47 PDT 2021 

Let me take a look at signify I'll also send the missing part of the patch
with -ltls shortly.

Alpine has libtls, either the openssl port in the libretls package or the
original openbsd lbressl-tls. For my embedded stuff I'm statically linking
BearSSL and https://github.com/michaelforney/libtls-bearssl

I've not looked at Denny's implementation. But will take a peak at what he
is doing.

And yes, this violates the library policy, although I'd rather leverage a
relatively known good TLS rather than implement a new one. This is
definitely me scratching an itch that might not be worth integrating for
everyone.

- Eric

On Sun, 17 Oct 2021, 8:04 pm Rob Landley, <rob at landley.net> wrote:

> On 10/17/21 8:44 AM, Eric Molitor wrote:
> > Attached is a relatively quick and certainly dirty patch to wget adding
> TLS
> > support via libtls.
>
>
> https://landley.net/toybox/design.html#:~:text=policy%20on%20shared%20libraries
>
> > I threw this together on a plane but it's working reasonably
> > well for me allowing me to remove Curl/libcurl on a few projects. I will
> submit
> > further patches to clean up this toy as it's in pretty dire shape.
>
> Which of the libraries in make.sh contained the https stuff? You didn't add
> anything to:
>
>   for i in util crypt m resolv rt selinux smack attr crypto z log iconv
>
> And yet it built for you? I haven't even got a tls.h in my /usr/include
> (except
> the linux/ one), presumably I need to install a -dev for that.
>
> > When statically building with bearssl and libtls-bearssl this adds about
> 175K
> > which isn't too bad for a TLS 1.1/1.2 implementation.
>
> According to make baseline/bloatcheck the one Denys Vlasenko implemented in
> busybox (CONFIG_FEATURE_WGET_HTTPS) is 22,564 bytes on x86-64. It's the
> networking/tls* code.
>
> > Building with libressl's
> > tls implementation expands this by about 400K but also gets you TLS 1.3
> support.
> > By default only TLS 1.1 and 1.2 are enabled. I'll add another
> configuration
> > option to enable TLS 1.3.
> >
> > Feedback greatly appreciated.
>
> I haven't looked at Denys' implementation closely to see what he's done. I
> downloaded BearSSL, matrixssl, and Rich Felker pointed me at a library
> called
> signify (https://github.com/aperezdc/signify) for when I get around to
> this todo
> item, but I'm really trying to get through the shell first.
>
> > - Eric
>
> Rob
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.landley.net/pipermail/toybox-landley.net/attachments/20211017/db7cecab/attachment-0001.htm>

More information about the Toybox mailing list