On 10/17/21 8:44 AM, Eric Molitor wrote: > Attached is a relatively quick and certainly dirty patch to wget adding TLS > support via libtls.
https://landley.net/toybox/design.html#:~:text=policy%20on%20shared%20libraries > I threw this together on a plane but it's working reasonably > well for me allowing me to remove Curl/libcurl on a few projects. I will > submit > further patches to clean up this toy as it's in pretty dire shape. Which of the libraries in make.sh contained the https stuff? You didn't add anything to: for i in util crypt m resolv rt selinux smack attr crypto z log iconv And yet it built for you? I haven't even got a tls.h in my /usr/include (except the linux/ one), presumably I need to install a -dev for that. > When statically building with bearssl and libtls-bearssl this adds about 175K > which isn't too bad for a TLS 1.1/1.2 implementation. According to make baseline/bloatcheck the one Denys Vlasenko implemented in busybox (CONFIG_FEATURE_WGET_HTTPS) is 22,564 bytes on x86-64. It's the networking/tls* code. > Building with libressl's > tls implementation expands this by about 400K but also gets you TLS 1.3 > support. > By default only TLS 1.1 and 1.2 are enabled. I'll add another configuration > option to enable TLS 1.3. > > Feedback greatly appreciated. I haven't looked at Denys' implementation closely to see what he's done. I downloaded BearSSL, matrixssl, and Rich Felker pointed me at a library called signify (https://github.com/aperezdc/signify) for when I get around to this todo item, but I'm really trying to get through the shell first. > - Eric Rob _______________________________________________ Toybox mailing list Toybox@lists.landley.net http://lists.landley.net/listinfo.cgi/toybox-landley.net