When you get back to this, probably the two most useful places for seeing how much existing tls code is required for ktls would be
https://github.com/ktls/af_ktls-tool/blob/master/client.c https://github.com/ktls/af_ktls-tool/blob/master/xlibgnutls.c The af_ktls-tool contains a bunch of testing noise, but also contains a test client. The test client (starting around client.c line 1096) calls the gnutls-based initiator (in xlibgnutls) then uses the ktls feature with the gnutls-initiated session info. It really looks like using ktls will depend on a full openssl or gnutls library. Also, at the moment, ktls only implements one crypto suite (AES GCM), so a client using ktls can't interoperate with all webservers. (on the server side it matters less because the server-operator can choose only to use AES GCM, and all clients will have to support that). On Tue, Sep 5, 2017 at 5:33 AM, Rob Landley <r...@landley.net> wrote: > On 09/04/2017 08:22 PM, Robert Thompson wrote: > > From the toybox point of view, wouldn't this introduce direct link > > dependency on ssl/tls libraries? > > There's already an optional dependency to accelerate hash calculations > (CONFIG_TOYBOX_LIBCRYPTO), and another to accelerate zlib, so I'm ok > with having that as an optional dependency. > > Having functionality you can _only_ get by linking that in is a much > bigger ask. I want a self-contained system bootstrap build and/or > hermetic build with minimal dependencies. > > So ideally I'd want the part of tls negotiation the kernel doesn't do > implemented in toybox code, but I dunno how much that is yet... > > > If that's acceptable, the ktls stuff looks like a simple addition (on > > top of base in-toybox tls) with potential performance improvements, once > > the code settles down. > > Another thing is this adds a kernel version dependency, so I'd want a > compile time probe for "is support there in this build environment" > because http://landley.net/toybox/faq.html#support_horizon > > That said, my plan to spend the evening grinding on the toybox todo list > seamlessly transitioned into hours analyzing GPS code and traces trying > to figure out where the race condition is in the response to the > correlator output (answer: there's two _different_ problems), so... :P > > Rob > _______________________________________________ > Toybox mailing list > Toybox@lists.landley.net > http://lists.landley.net/listinfo.cgi/toybox-landley.net >
_______________________________________________ Toybox mailing list Toybox@lists.landley.net http://lists.landley.net/listinfo.cgi/toybox-landley.net
