<div dir="ltr">for the ignorant (like me) --- are these libraries like BearSSL an extra abstraction on top of stuff like openssl/boringssl, or are they roughly equivalent?<div><br></div><div>(i'm just thinking ahead to what i'd have to do to get toybox wget working with boringssl because of FIPS. which, yes, makes about as much sense as requiring current vehicles to demonstrate that their hand-cranks are appropriately protected against collisions with horses, but it is what it is, and that's a problem to be solved by politicians and lawyers, not us :-( )</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Oct 20, 2021 at 3:00 AM Eric Molitor <<a href="mailto:emolitor@molitor.org">emolitor@molitor.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>Thanks Rob,</div><div>I'll take a bit deeper dive and send a new set of patches with the following...</div><div><br></div><div>
* Add hooks for TLS support and a simple abstraction to do so
</div><div>* Add content disposition support, making -O optional</div><div>* Fix HTTP response header processing</div><div>* General cleanup of the wget toy<br></div><div>* I'll also take a look at whether it's feasible to hook up BearSSL to the existing crypto abstraction</div><div><br></div><div>- Eric<br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Oct 19, 2021 at 5:35 AM Rob Landley <<a href="mailto:rob@landley.net" target="_blank">rob@landley.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On 10/17/21 2:48 PM, Eric Molitor wrote:<br>
> Let me take a look at signify I'll also send the missing part of the patch with<br>
> -ltls shortly.<br>
> <br>
> Alpine has libtls, either the openssl port in the libretls package or the<br>
> original openbsd lbressl-tls. For my embedded stuff I'm statically linking<br>
> BearSSL and <a href="https://github.com/michaelforney/libtls-bearssl" rel="noreferrer" target="_blank">https://github.com/michaelforney/libtls-bearssl</a><br>
> <<a href="https://github.com/michaelforney/libtls-bearssl" rel="noreferrer" target="_blank">https://github.com/michaelforney/libtls-bearssl</a>><br>
<br>
It's good that there are multiple libraries agreeing on an interface.<br>
<br>
> I've not looked at Denny's implementation. But will take a peak at what he is doing.<br>
<br>
I too am curious, but it's way down my todo heap.<br>
<br>
> And yes, this violates the library policy, although I'd rather leverage a<br>
> relatively known good TLS rather than implement a new one.<br>
<br>
I'm all for having a library version _and_ a builtin version. But merging the<br>
library version in the absence of the builtin version won't move it out of<br>
pending. (That said, a more useful version in pending isn't bad. And it does<br>
need the plumbing upgraded to understand https...)<br>
<br>
Rob<br>
</blockquote></div>
_______________________________________________<br>
Toybox mailing list<br>
<a href="mailto:Toybox@lists.landley.net" target="_blank">Toybox@lists.landley.net</a><br>
<a href="http://lists.landley.net/listinfo.cgi/toybox-landley.net" rel="noreferrer" target="_blank">http://lists.landley.net/listinfo.cgi/toybox-landley.net</a><br>
</blockquote></div>