On Sun, Jul 19, 2015 at 11:47:40PM -0500, Rob Landley wrote: > > > On 07/19/2015 07:13 PM, Isaac Dunham wrote: > > On Sun, Jul 19, 2015 at 06:52:36PM -0500, Rob Landley wrote: > >> I haven't had a chance to follow up on Isaac's wget yet, but has anybody > >> poked at https://lwn.net/Articles/649764/ yet and tried to get _that_ to > >> do a stunnel-like thing (ala the openssl command line he mentioned)? > >> > >> Just wondering. Putting together release notes for 0.6.0 and finding all > >> sorts of loose ends, as you do. :) > > > > Repo: github.com/awslabs/s2n > > I see that "s2n/echo.c" is not quite what we want; it emits a little > > verbiage > > about the connection to stdout. > > But s2n/s2nc.c seems to be roughly what we want, except for the little > > detail > > of how it needs URLs passed (host port, not host:port). > > HOWEVER, be warned that this is not a full TLS stack, but a TLS > > implementation > > built on top of OpenSSL's crypto implementation. > > Sigh. Oh well. > > (I don't suppose there's an obvious way to glue it to dropbear?) if ["$it" == s2n] Not that I'm aware of. elif ["$it" == "$wget_ssl_cmd" ] I wouldn't know.
Since you mention dropbear...I noticed work on an Alpine package for tinyssh; apparently that's actually got useable code, though they don't recommend any use other than testing yet. > > FWIW, axtls includes an "axssl" command that's compatible with the commonly > > used portion of openssl's syntax. > > Good to know, but axtls.sourceforge.net went away with the rest of > sourceforge when they had their "hard drive crash" last week. Crud. I hadn't heard of that. There is a mirror somewhere on github, and I've done some small patches based off that... Ah, there: github.com/SuperHouse/axtls I need to push mine to github sometime. Upstream wasn't very active; I think that repo has the last commits from it. Issues to beware of: -axTLS uses RC4 a lot. (Yes, the cipher that was just removed from SSL.) I've got a patch I sent them not long ago that will allow disabling RC4 as far as network protocol negotiation. -make sure to use /dev/urandom; the fallback PRNG is home-brewed and RC4 based. It's kconfig-based, which I find nice...and they managed to make that fairly simple, rather than copying the complexity that Busybox has. HTH, Isaac _______________________________________________ Toybox mailing list [email protected] http://lists.landley.net/listinfo.cgi/toybox-landley.net
