Thursday, July 19, 2018
A sane and easy to use TLS library! Will wonders never cease!
I'm still fighting the stupidity at work, but it's becoming aparent that it's a fait accompli and we're looking at a bunch of REST/HTTPS über alles Kool-Aid™ in an area where time is critical.
Sigh.
So I'm looking around at what I can use to support the “S” in HTTPS that doesn't involve diving into the horror show that is OpenSSL. A library that can still encrypt and decrypt data when it isn't managing the network connections on the program's behalf (because the program is already managing the network connections). It can be complicated, but it must be sane to use.
I was pointed to libtls,
which comes with LibreSSL.
Not only is this sane,
but it's easy to use.
I'm simply amazed at how easy.
In just an hour, and only reading the man pages, I was able to write a simple program that fetches a page from a secure website. And most of the code is just there to report any errors that happen. It's a very straight forward program.
Another hour or two, and I had a program where the library does not control the network connection. Which means we can (probably) use this in our existing architecture.
A few more hours, and I was able to replicate the initial C program in Lua:
local tls = require "org.flummux.tls"
-- *****************************************************************
local function okay(v,err)
if not v then
print(">>>",err)
os.exit(1)
end
return v
end
-- *****************************************************************
if #arg == 0 then
io.stderr:write(string.format("usage: %s host resource\n",arg[0]))
os.exit(1)
end
local config = tls.config()
local ctx = tls.client()
okay(config:set_protocols "all")
okay(ctx:configure(config))
okay(ctx:connect(arg[1],"https"))
okay(ctx:write(string.format(
"GET %s HTTP/1.1\r\n"
.. "Host: %s\r\n"
.. "User-Agent: TLSTester/1.0 (TLS Testing Program Lua)\r\n"
.. "Connection: close\r\n"
.. "Accept: */*\r\n"
.. "\r\n",
arg[2],
arg[1]
)))
while true do
local bytes = okay(ctx:read(1024))
if bytes == "" then break end
io.stdout:write(bytes)
end
I had to write my own Lua wrapper for LibreSSL. The existing ones (and I found only two) weren't up to my standards for use, but it wasn't terribly hard to get the above working.
The next step is expanding the Lua module to see if I can get it working with our networking code we use. I am optimistic about this.
But I am not optimistic about having to use this at work.
