* * * * *

        A sane and easy to use TLS library! Will wonders never cease!

I'm still fighting the stupidity [1] at work, but it's becoming aparent that
it's a fait accompli and we're looking at a bunch of REST (REpresentational
State Transfer)/HTTPS (HyperText Transfer Protocol-Secure) über alles Kool-
Aid™ in an area where time is critical.

Sigh.

So I'm looking around at what I can use to support the “S” in HTTPS that
doesn't involve diving into the horror show that is OpenSSL (Open Secure
Sockets Layer) [2]. A library that can still encrypt and decrypt data when it
**isn't** managing the network connections on the program's behalf (because
the program is **already** managing the network connections). It can be
complicated, but it must be sane to use.

I was pointed to libtls [3], which comes with LibreSSL [4]. Not only is this
sane, but it's **easy** to use. I'm simply amazed at how easy.

In just an hour, and only reading the man pages [5], I was able to write a
simple program that fetches a page from a secure website [6]. And most of the
code is just there to report any errors that happen. It's a very straight
forward program.

Another hour or two, and I had a program [7] where the library does **not**
control the network connection. Which means we can (probably) use this in our
existing architecture.

A few more hours, and I was able to replicate the initial C program in Lua
[8]:

-----[ Lua ]-----
local tls = require "org.flummux.tls"

-- *****************************************************************

local function okay(v,err)
 if not v then
   print(">>>",err)
   os.exit(1)
 end
 return v
end

-- *****************************************************************

if #arg == 0 then
 io.stderr:write(string.format("usage: %s host resource\n",arg[0]))
 os.exit(1)
end

local config = tls.config()
local ctx    = tls.client()

okay(config:set_protocols "all")
okay(ctx:configure(config))
okay(ctx:connect(arg[1],"https"))
okay(ctx:write(string.format(
    "GET %s HTTP/1.1\r\n"
 .. "Host: %s\r\n"
 .. "User-Agent: TLSTester/1.0 (TLS Testing Program Lua)\r\n"
 .. "Connection: close\r\n"
 .. "Accept: */*\r\n"
 .. "\r\n",
    arg[2],
    arg[1]
)))

while true do
 local bytes = okay(ctx:read(1024))
 if bytes == "" then break end
 io.stdout:write(bytes)
end
-----[ END OF LINE ]-----

I had to write my own Lua wrapper for LibreSSL. The existing ones (and I
found only [9] two [10]) weren't up to my standards for use, but it wasn't
terribly hard to get the above working.

The next step is expanding the Lua module to see if I can get it working with
our networking code we use. I am optimistic about this.

But I am not optimistic about having to use this at work.

[1] gopher://gopher.conman.org/0Phlog:2018/05/29.1
[2] https://www.openbsd.org/papers/bsdcan14-libressl/mgp00005.html
[3] https://man.openbsd.org/tls_init.3
[4] https://www.libressl.org/
[5] https://en.wikipedia.org/wiki/Man_page
[6] https://github.com/spc476/libtls-examples/blob/master/get1.c
[7] https://github.com/spc476/libtls-examples/blob/master/get3.c
[8] https://www.lua.org/
[9] https://github.com/mah0x211/lua-libtls
[10] https://github.com/snimmagadda/luatls

Email author at [email protected]

You are viewing proxied material from gopher.conman.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.