Initial version of the TLS protocol

[raedwulf]

This adds preliminary support for the TLS protocol based on libtls. To enable support for tls, pass --enable-tls to configure.

The new tls directory contains a modified version of libtls which retains the ISC license from OpenBSD (the ISC license is effectively equivalent to the MIT/X11 and BSD 2-clause with reduced wording):

Copyright (c) [year(s)], [copyright holder]

Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.

THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

Further work needed:

• More tests to verify functionality of the rest of the TLS api
• Remove unused functionality from the embedded libtls
• Further integrate libtls so that there's less of a layer between OpenSSL and dsock
• Reduce the number of warnings

The contributed btls.c and other changes to the dsock library are under dsock's MIT/X11 license.

[raedwulf]

Travis build is currently broken because the openssl version on there is 1.0.1, when this needs 1.0.2 or libreSSL. I'm looking at solutions.

[raedwulf]

Travis is driving me nuts...

[sustrik]

Let me double-check: So this is the API mimicking the new TLS API as we've discussed it earlier, right?

[raedwulf]

Yes it is :) It needs some work to finalise the API but it's a start.

[raedwulf]

It'll be a week or two before I think this is ready to be pushed because there's a lot of cases that I've not tested yet. Also, I noticed there's a new _done function, I've not quite understood the semantics of those functions yet as opposed to _stop.

[sustrik]

I plan to update the RFC during the weekend, but the idea is to close the sending half of the connection. For example HTTP client:

send_request_line(); send_field(); send_filed(); done(); recv_status_line(); recv_field(); stop();

[raedwulf]

Oh okay! Thanks.

I'm still trying to figure out what to do with travis, I think the best approach would be to download and compile openssl in the travis build script from source. I'll try and get that working tonight.

[sustrik]

Cloned, ./autogen.sh; configure; make => configure: error: conditional "HAVE_REALLOCARRAY" was never defined.

[sustrik]

I've fixed that by putting the check out of TLS block in configure.ac However, it's not clear to me why it didn't work the way you've written it originally.

[raedwulf]

Oh I removed the macro that did that check because reallocarray is available on all the platforms that we care about (because on older systems various things would break anyway). It seems that I must have had the check still in my cache or something (not sure where autotools stores things).