[Toybox] WGET: OpenSSL and BoringSSL Patch

Rob Landley rob at landley.net
Fri Oct 29 10:30:32 PDT 2021


On 10/29/21 7:03 AM, Eric Molitor wrote:
> Attached is a reworked patch which adds OpenSSL and BoringSSL support to wget.
> It avoids the use of OpenSSL's IO abstractions and uses default settings which
> should be sensible on any modern OpenSSL (1.1+) or BoringSSL version.

I'm a little uncomfortable having two different sets of code to do the same
thing. I suppose they could be moved to portability.[ch]. The "link against both
libraries" issue is back, but at least shouldn't conflict...

> I tested it with the latest version of BoringSSL but it should also work with
> the fips branch of BoringSSL, if that is still a thing at Google.

https://www.nist.gov/standardsgov/compliance-faqs-federal-information-processing-standards-fips

It's still a thing at the US Government, and all their suppliers. (Which is
somewhere between 1/4 and 1/3 of the US economy: US GDP is ~$23 trillion and the
2021 estimated federal spending is just under $7 trillion...)

> I also tested
> it with OpenSSL 1.1.1l on Alpine and 1.1.1f on Ubuntu 20.04 LTS.

Sigh. Applied (while grumbling), and I _really_ need to do a cleanup pass this
weekend. (And ask Denys if I can get a license to his tls implementation.)

> - Eric

Rob



More information about the Toybox mailing list