[sr-dev] [kamailio/kamailio] tls_wolfssl: new module TLS stack based on wolfSSL (PR #3144)

space88man notifications at github.com
Tue Jun 14 08:51:13 CEST 2022 

New module: add wolfSSL as alternate TLS stack.

<!-- Kamailio Pull Request Template -->

<!--
IMPORTANT:
  - for detailed contributing guidelines, read:
    https://github.com/kamailio/kamailio/blob/master/.github/CONTRIBUTING.md
  - pull requests must be done to master branch, unless they are backports
    of fixes from master branch to a stable branch
  - backports to stable branches must be done with 'git cherry-pick -x ...'
  - code is contributed under BSD for core and main components (tm, sl, auth, tls)
  - code is contributed GPLv2 or a compatible license for the other components
  - GPL code is contributed with OpenSSL licensing exception
-->

#### Pre-Submission Checklist
<!-- Go over all points below, and after creating the PR, tick all the checkboxes that apply -->
<!-- All points should be verified, otherwise, read the CONTRIBUTING guidelines from above-->
<!-- If you're unsure about any of these, don't hesitate to ask on sr-dev mailing list -->
- [X] Commit message has the format required by CONTRIBUTING guide
- [X] Commits are split per component (core, individual modules, libs, utils, ...)
- [X] Each component has a single commit (if not, squash them into one commit)
- [X] No commits to README files for modules (changes must be done to docbook files
in `doc/` subfolder, the README file is autogenerated)

#### Type Of Change
- [ ] Small bug fix (non-breaking change which fixes an issue)
- [X] New feature (non-breaking change which adds new functionality)
- [ ] Breaking change (fix or feature that would change existing functionality)

#### Checklist:
<!-- Go over all points below, and after creating the PR, tick the checkboxes that apply -->
- [ ] PR should be backported to stable branches
- [X] Tested changes locally
- [ ] Related to issue #XXXX (replace XXXX with an open issue number)

#### Description
This a new module: an alternate TLS implementation based on wolfSSL. The current tls module based on OpenSSL has many multi-process workarounds and can be quite fragile.

This is the initial code dump which is a copy of `tls/` and edited to compile with wolfSSL by using the OpenSSL compatibility layer. The `doc/` directory has not been changed.

The proposal is to get it into the code base as soon as possible so as to sync up with any ongoing changes in the `tls/` module. Any shared features can be extracted out into a common module: like certificate and configuration.

In the short-term the steps are:
* testing
* use native wolfSSL APIs (remove OpenSSL compatibility layer)
* remove OpenSSL multi-process  hacks in this module

This module is inspired by the `tls_wolfssl` module in the sister SIP project.

You can view, comment on, or merge this pull request online at:

  https://github.com/kamailio/kamailio/pull/3144

-- Commit Summary --

  * tls_wolfssl: new module TLS stack based on wolfSSL

-- File Changes --

    A src/modules/tls_wolfssl/Makefile (81)
    A src/modules/tls_wolfssl/README (1713)
    A src/modules/tls_wolfssl/TODO.md (7)
    A src/modules/tls_wolfssl/doc/Makefile (4)
    A src/modules/tls_wolfssl/doc/certs_howto.xml (154)
    A src/modules/tls_wolfssl/doc/functions.xml (63)
    A src/modules/tls_wolfssl/doc/history.xml (38)
    A src/modules/tls_wolfssl/doc/hsm_howto.xml (64)
    A src/modules/tls_wolfssl/doc/params.xml (1410)
    A src/modules/tls_wolfssl/doc/rpc.xml (69)
    A src/modules/tls_wolfssl/doc/tls.xml (367)
    A src/modules/tls_wolfssl/fixed_c_zlib.h (258)
    A src/modules/tls_wolfssl/sbufq.h (283)
    A src/modules/tls_wolfssl/tls.cfg (106)
    A src/modules/tls_wolfssl/tls_bio.c (314)
    A src/modules/tls_wolfssl/tls_bio.h (69)
    A src/modules/tls_wolfssl/tls_cert.sh (201)
    A src/modules/tls_wolfssl/tls_cfg.c (289)
    A src/modules/tls_wolfssl/tls_cfg.h (111)
    A src/modules/tls_wolfssl/tls_config.c (536)
    A src/modules/tls_wolfssl/tls_config.h (53)
    A src/modules/tls_wolfssl/tls_ct_q.h (133)
    A src/modules/tls_wolfssl/tls_ct_wrq.c (205)
    A src/modules/tls_wolfssl/tls_ct_wrq.h (98)
    A src/modules/tls_wolfssl/tls_domain.c (1585)
    A src/modules/tls_wolfssl/tls_domain.h (238)
    A src/modules/tls_wolfssl/tls_dump_vf.c (150)
    A src/modules/tls_wolfssl/tls_dump_vf.h (41)
    A src/modules/tls_wolfssl/tls_init.c (589)
    A src/modules/tls_wolfssl/tls_init.h (85)
    A src/modules/tls_wolfssl/tls_locking.c (59)
    A src/modules/tls_wolfssl/tls_locking.h (34)
    A src/modules/tls_wolfssl/tls_map.c (195)
    A src/modules/tls_wolfssl/tls_map.h (77)
    A src/modules/tls_wolfssl/tls_mod.c (733)
    A src/modules/tls_wolfssl/tls_mod.h (45)
    A src/modules/tls_wolfssl/tls_rand.c (375)
    A src/modules/tls_wolfssl/tls_rand.h (32)
    A src/modules/tls_wolfssl/tls_rpc.c (263)
    A src/modules/tls_wolfssl/tls_rpc.h (33)
    A src/modules/tls_wolfssl/tls_select.c (1707)
    A src/modules/tls_wolfssl/tls_select.h (52)
    A src/modules/tls_wolfssl/tls_server.c (1557)
    A src/modules/tls_wolfssl/tls_server.h (101)
    A src/modules/tls_wolfssl/tls_util.c (99)
    A src/modules/tls_wolfssl/tls_util.h (87)
    A src/modules/tls_wolfssl/tls_verify.c (135)
    A src/modules/tls_wolfssl/tls_verify.h (42)
    A src/modules/tls_wolfssl/todo.txt (4)

-- Patch Links --

https://github.com/kamailio/kamailio/pull/3144.patch
https://github.com/kamailio/kamailio/pull/3144.diff

-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/3144
You are receiving this because you are subscribed to this thread.

Message ID: <kamailio/kamailio/pull/3144 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-dev/attachments/20220613/4b60eb90/attachment.htm>

More information about the sr-dev mailing list