On Fri, May 22, 2020 at 4:52 PM Sebastien Lorquet <sebast...@lorquet.fr> wrote: > > Hello, > > I have seriously slowed down my nuttx contributions because of the > apache turmoil but I am still reading this list and will have to work on > this topic at one point. > > See my opinions below. > > Sebastien > > Le 22/05/2020 à 09:41, Takashi Yamamoto a écrit : > > hi, > > > > i'm working on mbedtls Makefile/Kconfig glue for NuttX. > > right now, it downloads and uses the mbedtls source code from > > the upstream as it is. (similarly to what netutils/cjson does) > > > > questions: > > > > 1. if we decide to contribute it, is there a chance to be accepted by NuttX? > No. NuttX does not include alive projects.
i'm not suggesting to include the whole mbedtls code in nuttx repo. just a Makefile/Kconfig glue. > > 2. if yes, which repository is appropriate? apps? > > HTTPS implementation should be a lib in apps that uses a common TLS > socket library. which should be replaceable. > > At first, make it use mbedts, or other, then later, have this replaced > by real nuttx code. can you explain what's "real nuttx code"? > > > 3. if apps, in which directory? netutils? crypto? > > Crypto is a crypto framework for basic crypto operations. I didnt know > that it had been upstreamed. > > Yes, this folder could provide resources for a tls implementation. It is > intended to be a modular crypto framework like a compact pkcs#11. by "crypto", i meant a new directory. i guess you are talking about some project i'm not aware of, which happens to use the same directory name. right? > > > 4. how do you think about adding tls support to netutils/webclient? > > Please make the TLS implementation replaceable. At one point NuttX will > get a built it TLS. > > A customer has formally ordered this feature so I will be paid to > develop it, but my schedule is loaded and I dont know when I will > complete this. > > I understand that no one can wait for this to happen before having TLS, > so mbedTLS is a good temporary option. > > But please anyone integrating TLS in NuttX, please provide options and > hooks to replace the implementation. > > I believe the interface should be a user lib that provides TLS sockets > as in openssl or gnutls. do you mean openssl BIO and mbedtls mbedtls_ssl_read/mbedtls_ssl_write/etc? (i don't know gnutls api) > > It looks like a low-level interface with known semantics that could be > started with a downloaded mbedtls and then easily replaced with a native > nuttx solution based on what is in the crypto folder. > > Sebastien > >
