dimkr / rlsd

A lightweight, retro Linux-libre distro
http://rlsd.dimakrasner.com
MIT License
72 stars 7 forks source link

SSL support #9

Closed dimkr closed 10 years ago

technosaurus commented 10 years ago

Axtls has a demo that is close to stunnel.

dimkr commented 10 years ago

SSL tunneling isn't good enough, because it won't work in some cases (e.g SMTP serves with STARTTLS). Also, tunneling is not transparent - I don't want to add a wrapper for each application, which runs a tunneling tool. Moreover - the user has to configure the application so it uses localhost - e.g the mail server is localhost, not a remote server. Not very user friendly.

dimkr commented 10 years ago

I started working on axTLS support in Dillo - the SSL compatibility layer isn't good enough and Dillo's https module is way too big. I #ifdefed the whole thing and now I'm debugging segfaults. Dillo's over-complicated multi-process design makes it extremely hard to debug.

EDIT: just got it to work - I can surf to Google, but not to GitHub because of some certificate-related issue.

dimkr commented 10 years ago

Working on integration of LibreSSL, which saw its first Linux-compatible release. I patched it so it works against musl and even sent a pull request to upstream, but static linking is very problematic, because pretty much every package that depends on OpenSSL assumes libssl is linked with libcrypto.