Hello,
I have seriously slowed down my nuttx contributions because of the
apache turmoil but I am still reading this list and will have to work on
this topic at one point.
See my opinions below.
Sebastien
Le 22/05/2020 à 09:41, Takashi Yamamoto a écrit :
hi,
i'm working on mbedtls Makefile/Kconfig glue for NuttX.
right now, it downloads and uses the mbedtls source code from
the upstream as it is. (similarly to what netutils/cjson does)
questions:
1. if we decide to contribute it, is there a chance to be accepted by NuttX?
No. NuttX does not include alive projects.
2. if yes, which repository is appropriate? apps?
HTTPS implementation should be a lib in apps that uses a common TLS
socket library. which should be replaceable.
At first, make it use mbedts, or other, then later, have this replaced
by real nuttx code.
3. if apps, in which directory? netutils? crypto?
Crypto is a crypto framework for basic crypto operations. I didnt know
that it had been upstreamed.
Yes, this folder could provide resources for a tls implementation. It is
intended to be a modular crypto framework like a compact pkcs#11.
4. how do you think about adding tls support to netutils/webclient?
Please make the TLS implementation replaceable. At one point NuttX will
get a built it TLS.
A customer has formally ordered this feature so I will be paid to
develop it, but my schedule is loaded and I dont know when I will
complete this.
I understand that no one can wait for this to happen before having TLS,
so mbedTLS is a good temporary option.
But please anyone integrating TLS in NuttX, please provide options and
hooks to replace the implementation.
I believe the interface should be a user lib that provides TLS sockets
as in openssl or gnutls.
It looks like a low-level interface with known semantics that could be
started with a downloaded mbedtls and then easily replaced with a native
nuttx solution based on what is in the crypto folder.
Sebastien
