Welcome! Log In Create A New Profile

Advanced

RFC: PolarSSL support.

Previous Message Next Message
Forum List Message List New Topic Print View
Yawning
February 16, 2013 07:18AM
Hello,

In my (regrettably) copious spare time I have been working on adding
support for PolarSSL[0] as an alternative to OpenSSL. I'm getting close
to the point where I am comfortable with the code and would like to see
if there is interest from the community and developers for this option.

What I have so far:
* src/event/ngx_event_polarssl.[h,c] (and some kludges to the build
system so I can test my code).
* Works in so much that a webserver compiled with my code can serve
https (still needs more testing and code review).

What needs to be done before it's usable:
* Need to implement ngx_ssl_trusted_certificate, just haven't gotten
around to it yet.
* Need to write implementations for ngx_ssl_get_session (and
ngx_ssl_free_session) so that ngx_http_upstream_round_robin works
again. This should be relatively easy but I need to figure out how
the module in question expects these to behave (The OpenSSL versions
are #defines to OpenSSL routines and PolarSSL's internal behavior is
reasonably different here).
* Logging related cleanup.
* PolarSSL supports SNI, but in the interest of keeping my changes
self contained (Currently no functional changes to the nginx code
apart from the addition of my module). I haven't implemented that
yet because it requires modifying the http SSL module.
* Need to figure out the nginx build system properly and integrate
building with PolarSSL properly.
* Need to see if the mail protocol support works.

What I'd like to do after the first revision:
* A few of the modules call OpenSSL routines (Eg:
SSL_CTX_set_cipher_list, X509_verify_cert_error_string). Currently
I provide wrappers for those routines in ngx_event_polarssl.c but
they should be abstracted to ngx_ functions (Eg:
ngx_set_cipher_list).
* I haven't gotten around to making ngx_md5 and ngx_sha1 use PolarSSL
yet. Would be trivial once my module is properly integrated into
the build system.

This post is mostly just trying to see if people would find this a
useful addition before I start on ticking items off the list.

Regards,

--
Yawning Angel

[0]: http://www.polarssl.org

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Reply Quote
RSS
Subject Author Views Posted

RFC: PolarSSL support.

Yawning 1121 February 16, 2013 07:18AM

Re: RFC: PolarSSL support.

Yawning 1282 February 17, 2013 08:22AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 246
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready