Let me take a look at signify I'll also send the missing part of the patch with -ltls shortly.
Alpine has libtls, either the openssl port in the libretls package or the original openbsd lbressl-tls. For my embedded stuff I'm statically linking BearSSL and https://github.com/michaelforney/libtls-bearssl I've not looked at Denny's implementation. But will take a peak at what he is doing. And yes, this violates the library policy, although I'd rather leverage a relatively known good TLS rather than implement a new one. This is definitely me scratching an itch that might not be worth integrating for everyone. - Eric On Sun, 17 Oct 2021, 8:04 pm Rob Landley, <[email protected]> wrote: > On 10/17/21 8:44 AM, Eric Molitor wrote: > > Attached is a relatively quick and certainly dirty patch to wget adding > TLS > > support via libtls. > > > https://landley.net/toybox/design.html#:~:text=policy%20on%20shared%20libraries > > > I threw this together on a plane but it's working reasonably > > well for me allowing me to remove Curl/libcurl on a few projects. I will > submit > > further patches to clean up this toy as it's in pretty dire shape. > > Which of the libraries in make.sh contained the https stuff? You didn't add > anything to: > > for i in util crypt m resolv rt selinux smack attr crypto z log iconv > > And yet it built for you? I haven't even got a tls.h in my /usr/include > (except > the linux/ one), presumably I need to install a -dev for that. > > > When statically building with bearssl and libtls-bearssl this adds about > 175K > > which isn't too bad for a TLS 1.1/1.2 implementation. > > According to make baseline/bloatcheck the one Denys Vlasenko implemented in > busybox (CONFIG_FEATURE_WGET_HTTPS) is 22,564 bytes on x86-64. It's the > networking/tls* code. > > > Building with libressl's > > tls implementation expands this by about 400K but also gets you TLS 1.3 > support. > > By default only TLS 1.1 and 1.2 are enabled. I'll add another > configuration > > option to enable TLS 1.3. > > > > Feedback greatly appreciated. > > I haven't looked at Denys' implementation closely to see what he's done. I > downloaded BearSSL, matrixssl, and Rich Felker pointed me at a library > called > signify (https://github.com/aperezdc/signify) for when I get around to > this todo > item, but I'm really trying to get through the shell first. > > > - Eric > > Rob >
_______________________________________________ Toybox mailing list [email protected] http://lists.landley.net/listinfo.cgi/toybox-landley.net
