[Toybox] [PATCH] wget: add TLS support

enh enh at google.com
Wed Oct 20 09:51:22 PDT 2021 

for the ignorant (like me) --- are these libraries like BearSSL an extra
abstraction on top of stuff like openssl/boringssl, or are they roughly
equivalent?

(i'm just thinking ahead to what i'd have to do to get toybox wget working
with boringssl because of FIPS. which, yes, makes about as much sense as
requiring current vehicles to demonstrate that their hand-cranks are
appropriately protected against collisions with horses, but it is what it
is, and that's a problem to be solved by politicians and lawyers, not us
:-( )

On Wed, Oct 20, 2021 at 3:00 AM Eric Molitor <emolitor at molitor.org> wrote:

> Thanks Rob,
> I'll take a bit deeper dive and send a new set of patches with the
> following...
>
> * Add hooks for TLS support and a simple abstraction to do so
> * Add content disposition support, making -O optional
> * Fix HTTP response header processing
> * General cleanup of the wget toy
> * I'll also take a look at whether it's feasible to hook up BearSSL to the
> existing crypto abstraction
>
> - Eric
>
> On Tue, Oct 19, 2021 at 5:35 AM Rob Landley <rob at landley.net> wrote:
>
>> On 10/17/21 2:48 PM, Eric Molitor wrote:
>> > Let me take a look at signify I'll also send the missing part of the
>> patch with
>> > -ltls shortly.
>> >
>> > Alpine has libtls, either the openssl port in the libretls package or
>> the
>> > original openbsd lbressl-tls. For my embedded stuff I'm statically
>> linking
>> > BearSSL and https://github.com/michaelforney/libtls-bearssl
>> > <https://github.com/michaelforney/libtls-bearssl>
>>
>> It's good that there are multiple libraries agreeing on an interface.
>>
>> > I've not looked at Denny's implementation. But will take a peak at what
>> he is doing.
>>
>> I too am curious, but it's way down my todo heap.
>>
>> > And yes, this violates the library policy, although I'd rather leverage
>> a
>> > relatively known good TLS rather than implement a new one.
>>
>> I'm all for having a library version _and_ a builtin version. But merging
>> the
>> library version in the absence of the builtin version won't move it out of
>> pending. (That said, a more useful version in pending isn't bad. And it
>> does
>> need the plumbing upgraded to understand https...)
>>
>> Rob
>>
> _______________________________________________
> Toybox mailing list
> Toybox at lists.landley.net
> http://lists.landley.net/listinfo.cgi/toybox-landley.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.landley.net/pipermail/toybox-landley.net/attachments/20211020/bed16a96/attachment-0001.htm>

More information about the Toybox mailing list