cURL / Mailing Lists / curl-library / Single Mail

curl-library

[PATCH] request for review - CyaSSL patches for curl

From: Sajith T S <sajith_at_gmail.com>
Date: Tue, 31 Mar 2009 01:04:24 +0530

People,

I have some patches to make curl work with CyaSSL.

CyaSSL <http://www.yassl.com/> is a small footprint SSL stack, meant
for embedded systems and such. This is not to be confused with yassl,
the C++ version of SSL stack from same folks -- this has a more
complete openssl compatibility layer, and works with curl as of now.
CyaSSL is even smaller.

I've been sitting on these set of patches for a while now, for which I
would like to apologize to Daniel Steinberg, Larry Stefonic and Todd A
Ouska who had offered help much earlier. Sorry about delaying this
for so long!

It is not perfect either, things are likely broken or dysfunctional.
But I figured that posting them anyway and asking for help is better
than putting it off forever. When I started this work, I took and
patched curl 7.18.2; but curl CVS seems to have moved from there
since, especially the SSL interfaces.

In order to build curl with cyassl support, you should:

  * download and build cyassl from yassl.com;
  * apply the attached patches to curl;
  * run "./buildconf"
  * run "./configure --without-ssl --with-cyassl=/path/to/cyassl/build"
  * run "make"

I have tested builing curl only with cyassl build directory, not
install roots. To test without installing things, you will have to
set LD_LIBRARY_PATH to point to directories where libcyassl.so and the
newly built libcurl.so are.

Issues I could think of rightaway:

  * I have only tested buidling it with cyassl build directory.
Consequently configure.ac patch isn't pretty. Please help there.

  * Certificate verification is broken; you have to run "curl -k" for
now. According to documentation, CyaSSL takes a different route to
certificate checking, but I have not figured out that yet. Please
help there as well.

  * I have only tested https. On some tests (https://login.yahoo.com
gives an error, for example), I found that increasing CyaSSL'S
MAX_RECORD_SIZE to a larger value works. Clearly even https needs
further testing.

  * I have tested these specific set of patches only with with 32-bit
x86, Linux and GCC. It was written originally for a small MIPS box
running Linux, I do not have access to those right now. If folks
running other embedded systems architecture are interested, help is
much welcomed.

 * Regarding the copyright notice: can we simply copy and paste it
from elsewhere in curl? cyassl.c is heavily based on example source
code budled with cyassl, so I think cyassl authors also have to be
credited.

Clearly this is not the highest quality patches I should be offering,
all feedback/help/review are much appreciated.

Hope I haven't missed anything... :)

Thanks,
Sajith.

-- 
  9DB8FF06 : CB80 0BA6 7D13 B10A 6FBB  D43E B4D2 28AD 9DB8 FF06








Received on 2009-03-30