In order to add a real applet, I looked for an SSL/TLS client tool
in widespread use to emulate, and did not find one with a suitable API.
"openssl s_client" is not a production tool, it's a debug thing.
Bigger problem is, it can't be handed a fd to perform TLS on,
it takes hostname. Meaning, wget can't launch it saying "here's
a socket I already opened, please wrap it in TLS".
This second problem is shared by stunnel, various flavors of
"enhanced netcats" with --ssl options etc: none of them will wrap
a given fd.
Do you know a tool whose command line is suitable for us?
I have written one a couple months ago:
http://skarnet.org/software/s6-networking/s6-tlsc.html
The goal was to do the exact thing you want, i.e. use an existing fd
instead of connecting to the host.
(There is also the "easy to use" interface that connects to the host,
http://skarnet.org/software/s6-networking/s6-tlsclient.html , but it's
just a wrapper around s6-tlsc.)
So, it certainly doesn't qualify as "in widespread use", but I think
you'll find the interface reasonable.
Since I'm here, let me use the opportunity to fanboy over BearSSL
(https://bearssl.org/), which is a SSL library still being developed
and considered experimental by its author, but already incredibly good.
s6-tlsc can be linked against it and it makes for a very small
executable
- the static binary is seven times smaller than the same program linked
against LibreSSL - and an even smaller memory footprint.
--
Laurent
_______________________________________________
busybox mailing list
[email protected]
http://lists.busybox.net/mailman/listinfo/busybox
