Re: libtls documentation
One last thing. tls_read and tls_write respectively return TLS_READ_AGAIN and TLS_WRITE_AGAIN as well as the documented 0 and -1. You might consider returning a value that represents EOF rather then just putting the string into an error message and returning -1 from tls_read. It would help in efficiently checking for an unexpected EOF. Thanks for taking on the effort of cleaning up OpenSSL. It's an important piece of software that needs the help. I was very pleased that a program I had written for OpenSSL rebuilt and ran without a problem simply by linking to the LibreSSL libraries. I think the simplifications of libtsl are also worthwhile. Regards, Greg Martin
Re: libtls documentation
On Fri, 2015-02-20 at 15:05 -0500, Ted Unangst wrote: > Greg Martin wrote: > > > > I'd have to say no. There are structures used but not documented and the > > one line description of some of the functions could be open to > > interpretation. Sample usage is never amiss in my estimation. > > I'd appreciate knowing what you found missing. I know it's pretty barren as > is, but whatever left you guessing would be a good place for me to start > filling it out. Addendum to my previous email - running ldconfig fixed my link issue. It appears that my application exits in tls_accept_socket. I accept a connection from a browser and pass a pointer to configured tls pointer in the first argument, the address of a tls pointer in the second and a socket file descriptor that has been return from BSD socket accept in the third argument. As mentioned in my previous email the compiler reported that tls_accept_socket returns void rather then an int as in the docs. It seems to be silently exiting rather then returning. -Greg.
Re: libtls documentation
On Fri, 2015-02-20 at 15:05 -0500, Ted Unangst wrote: > Greg Martin wrote: > > > > I'd have to say no. There are structures used but not documented and the > > one line description of some of the functions could be open to > > interpretation. Sample usage is never amiss in my estimation. > > I'd appreciate knowing what you found missing. I know it's pretty barren as > is, but whatever left you guessing would be a good place for me to start > filling it out. I probably should have subscribed to the list since I seem to be abusing it this way. In any event: I searched the code for the definition of tls_accept_socket and it certainly returns an int so I changed my code back and the compiler doesn't argue the case now. I don't know what the issue was earlier. The function still wasn't returning so I checked the source and it is expecting the second argument pointer to be initialized to NULL. Once I did that the method returns successfully. It probably should be mentioned in the man page. I'm not successfully reading the headers but it is Saturday and that is enough of that for now. -Greg.
Re: libtls documentation
Greg Martin wrote:
> On Fri, 2015-02-20 at 15:05 -0500, Ted Unangst wrote:
> > Greg Martin wrote:
> > >
> > > I'd have to say no. There are structures used but not documented and the
> > > one line description of some of the functions could be open to
> > > interpretation. Sample usage is never amiss in my estimation.
> >
> > I'd appreciate knowing what you found missing. I know it's pretty barren as
> > is, but whatever left you guessing would be a good place for me to start
> > filling it out.
>
> It's well written. Initially I thought that struct tls_config and struct
> tls should be documented but it seems the inner details aren't needed.
>
> It wasn't clear to me what the second struct in tls_accept_socket should
> be but from looking at the source of openbsd httpd it is obvious it is a
> client context to be used in read and writes.
>
Yes, that's a good example of something we should clarify.
> My compiler reports:
>
> tls_test.c:40:2: error: void value not ignored as it ought to be
> if (tls_config_set_protocols (cfg, protocols) < 0) {
>
> It is documented as returning int.
oops. Fixed.
>
> In order to build libtls in portable it was neccessary to configure with
> --enable-libtls which doesn't seem to be documented. I had to build a
> few times to get that one figured out.
>
> I wrote a small program yesterday using the SSL libraries (OpenSSL) to
> respond to an https request. This morning I converted it to libtls from
> libressl.
>
> This is the current output:
I think we're still a little shy telling people to depend on it yet, which is
why portable doesn't build by default.
The error below may be because you're missing -lssl and -lcrypto.
>
>
> greg@greg-softsprocket:~/Development/tests/c/ssl$ gcc -Wall -std=c11
> -D_POSIX_SOURCE tls_test.c -o tls_test -L/usr/local/lib -ltls
> greg@greg-softsprocket:~/Development/tests/c/ssl$ sudo ./tls_test
> ./tls_test: error while loading shared libraries: libtls.so.2: cannot open
> shared object file: No such file or directory
> greg@greg-softsprocket:~/Development/tests/c/ssl$ ls -l /usr/local/lib | grep
> tls
> -rw-r--r-- 1 root root352342 Feb 21 09:49 libtls.a
> -rwxr-xr-x 1 root root 987 Feb 21 09:49 libtls.la
> lrwxrwxrwx 1 root root15 Feb 21 09:49 libtls.so -> libtls.so.2.0.2
> lrwxrwxrwx 1 root root15 Feb 21 09:49 libtls.so.2 -> libtls.so.2.0.2
> -rwxr-xr-x 1 root root179047 Feb 21 09:49 libtls.so.2.0.2
>
>
>
Re: libtls documentation
On Fri, 2015-02-20 at 15:05 -0500, Ted Unangst wrote:
> Greg Martin wrote:
> >
> > I'd have to say no. There are structures used but not documented and the
> > one line description of some of the functions could be open to
> > interpretation. Sample usage is never amiss in my estimation.
>
> I'd appreciate knowing what you found missing. I know it's pretty barren as
> is, but whatever left you guessing would be a good place for me to start
> filling it out.
It's well written. Initially I thought that struct tls_config and struct
tls should be documented but it seems the inner details aren't needed.
It wasn't clear to me what the second struct in tls_accept_socket should
be but from looking at the source of openbsd httpd it is obvious it is a
client context to be used in read and writes.
My compiler reports:
tls_test.c:40:2: error: void value not ignored as it ought to be
if (tls_config_set_protocols (cfg, protocols) < 0) {
It is documented as returning int.
In order to build libtls in portable it was neccessary to configure with
--enable-libtls which doesn't seem to be documented. I had to build a
few times to get that one figured out.
I wrote a small program yesterday using the SSL libraries (OpenSSL) to
respond to an https request. This morning I converted it to libtls from
libressl.
This is the current output:
greg@greg-softsprocket:~/Development/tests/c/ssl$ gcc -Wall -std=c11
-D_POSIX_SOURCE tls_test.c -o tls_test -L/usr/local/lib -ltls
greg@greg-softsprocket:~/Development/tests/c/ssl$ sudo ./tls_test
./tls_test: error while loading shared libraries: libtls.so.2: cannot open
shared object file: No such file or directory
greg@greg-softsprocket:~/Development/tests/c/ssl$ ls -l /usr/local/lib | grep
tls
-rw-r--r-- 1 root root352342 Feb 21 09:49 libtls.a
-rwxr-xr-x 1 root root 987 Feb 21 09:49 libtls.la
lrwxrwxrwx 1 root root15 Feb 21 09:49 libtls.so -> libtls.so.2.0.2
lrwxrwxrwx 1 root root15 Feb 21 09:49 libtls.so.2 -> libtls.so.2.0.2
-rwxr-xr-x 1 root root179047 Feb 21 09:49 libtls.so.2.0.2
Re: libtls documentation
> I'd have to say no. There are structures used but not documented and the
> one line description of some of the functions could be open to
> interpretation. Sample usage is never amiss in my estimation.
If we are thinking of the same structures they are not supposed to be
documented. Notice even in tls.h they are just
struct tls;
struct tls_config;
They compiler doesn't even know what's in them. They are pointers. Use
tls_config_new and tls_{client,server} to get one and don't think about
what might be inside them.
-- Martin
Re: libtls documentation
Greg Martin wrote: > > I'd have to say no. There are structures used but not documented and the > one line description of some of the functions could be open to > interpretation. Sample usage is never amiss in my estimation. I'd appreciate knowing what you found missing. I know it's pretty barren as is, but whatever left you guessing would be a good place for me to start filling it out.
Re: libtls documentation
On Fri, 2015-02-20 at 12:25 -0600, Constantine A. Murenin wrote: > On 20 February 2015 at 10:36, Greg Martin wrote: > > Hi, > > I just build libressl on Linux 3.13.0-44-generic. I haven't installed it > > yet but it was a clean build. > > > > I'm interested in trying libssl but the only documentation I've found is > > a single manpage (tls_int). Are there some example programs somewhere or > > more comprehensive documentation? > > > > Thanks, > > Greg Martin. > > Hello, > > Isn't tls_init(3) quite comprehensive as is? > I'd have to say no. There are structures used but not documented and the one line description of some of the functions could be open to interpretation. Sample usage is never amiss in my estimation. > http://mdoc.su/o/tls_init.3 > > If want some concrete examples of how libressl and tls_init(3) can be > used, you might want to check out the source code of OpenBSD -current. > You can use BXR.SU OpenGrok to navigate such source code (updated > daily). > > The most recent example of libressl and tls_init.3 use would perhaps > be OpenNTPD. > > http://bxr.su/OpenBSD/usr.sbin/ntpd/constraint.c > > http://bxr.su/OpenBSD/usr.sbin/ntpd/ntp.c#ntp_main > > A brief search reveals that tls_init is also currently referenced, in > no particular order, from httpd, ftp, spamd and syslogd: > > http://bxr.su/OpenBSD/usr.sbin/httpd/server.c > http://bxr.su/OpenBSD/usr.bin/ftp/fetch.c > http://bxr.su/OpenBSD/libexec/spamd/spamd.c > http://bxr.su/OpenBSD/usr.sbin/syslogd/syslogd.c Excellent. Those should do the job. Thanks. Greg.
Re: libtls documentation
> On Feb 20, 2015, at 10:36 AM, Greg Martin wrote: > > Hi, > I just build libressl on Linux 3.13.0-44-generic. I haven't installed it > yet but it was a clean build. > > I'm interested in trying libssl but the only documentation I've found is > a single manpage (tls_int). Are there some example programs somewhere or > more comprehensive documentation? > > Thanks, > Greg Martin. > Well, this does indicate that I neglected to add the manpage links in portable - thanks for the note.
Re: libtls documentation
libtls? What are you trying to do with it? There are several examples in the OpenBSD source code (relayd, ftp), but if you are compiling for linux, maybe you aren't an obsd user with the code handy. I incorporated it into links+ (links2): https://github.com/trondd555/links-plus/blob/master/connect.c It's pretty easy to use, assuming it does what you would have done with direct openssl calls. Tim.
Re: libtls documentation
On 20 February 2015 at 10:36, Greg Martin wrote: > Hi, > I just build libressl on Linux 3.13.0-44-generic. I haven't installed it > yet but it was a clean build. > > I'm interested in trying libssl but the only documentation I've found is > a single manpage (tls_int). Are there some example programs somewhere or > more comprehensive documentation? > > Thanks, > Greg Martin. Hello, Isn't tls_init(3) quite comprehensive as is? http://mdoc.su/o/tls_init.3 If want some concrete examples of how libressl and tls_init(3) can be used, you might want to check out the source code of OpenBSD -current. You can use BXR.SU OpenGrok to navigate such source code (updated daily). The most recent example of libressl and tls_init.3 use would perhaps be OpenNTPD. http://bxr.su/OpenBSD/usr.sbin/ntpd/constraint.c http://bxr.su/OpenBSD/usr.sbin/ntpd/ntp.c#ntp_main A brief search reveals that tls_init is also currently referenced, in no particular order, from httpd, ftp, spamd and syslogd: http://bxr.su/OpenBSD/usr.sbin/httpd/server.c http://bxr.su/OpenBSD/usr.bin/ftp/fetch.c http://bxr.su/OpenBSD/libexec/spamd/spamd.c http://bxr.su/OpenBSD/usr.sbin/syslogd/syslogd.c Cheers, Constantine.
libtls documentation
Hi, I just build libressl on Linux 3.13.0-44-generic. I haven't installed it yet but it was a clean build. I'm interested in trying libssl but the only documentation I've found is a single manpage (tls_int). Are there some example programs somewhere or more comprehensive documentation? Thanks, Greg Martin.
