On Fri, May 22, 2020 at 4:12 PM Takashi Yamamoto <yamam...@midokura.com.invalid> wrote: > > On Fri, May 22, 2020 at 4:52 PM Sebastien Lorquet <sebast...@lorquet.fr> > wrote: > > > > Hello, > > > > I have seriously slowed down my nuttx contributions because of the > > apache turmoil but I am still reading this list and will have to work on > > this topic at one point. > >
Yes, the transition phase make chaos, but the first Apache NuttX official release(9.0.0) annaunce at May 15th: https://lists.apache.org/thread.html/rf7678c2a47c71ba9acb2c4a5392cea75d936a44f32d49f4f287b4aa9%40%3Cdev.nuttx.apache.org%3E So it's time to come back and try/improve the Apache workflow. > > See my opinions below. > > > > Sebastien > > > > Le 22/05/2020 à 09:41, Takashi Yamamoto a écrit : > > > hi, > > > > > > i'm working on mbedtls Makefile/Kconfig glue for NuttX. > > > right now, it downloads and uses the mbedtls source code from > > > the upstream as it is. (similarly to what netutils/cjson does) > > > > > > questions: > > > > > > 1. if we decide to contribute it, is there a chance to be accepted by > > > NuttX? > > No. NuttX does not include alive projects. > > i'm not suggesting to include the whole mbedtls code in nuttx repo. > just a Makefile/Kconfig glue. > Yes, the download may be the only method to support the 3rd party code after we join Apache Foundation even the package has the compatible license or stop the active development since Apache Foundation has the more strict license requirement. > > > 2. if yes, which repository is appropriate? apps? > > > > HTTPS implementation should be a lib in apps that uses a common TLS > > socket library. which should be replaceable. > > > > At first, make it use mbedts, or other, then later, have this replaced > > by real nuttx code. > > can you explain what's "real nuttx code"? > > > > > > 3. if apps, in which directory? netutils? crypto? > > > > Crypto is a crypto framework for basic crypto operations. I didnt know > > that it had been upstreamed. > > > > Yes, this folder could provide resources for a tls implementation. It is > > intended to be a modular crypto framework like a compact pkcs#11. > > by "crypto", i meant a new directory. > i guess you are talking about some project i'm not aware of, > which happens to use the same directory name. right? > How about we put all 3rd party library to external folder like Android or TizenRT: https://android.googlesource.com/platform/external/ https://github.com/Samsung/TizenRT/tree/master/external This approach make we can identify the 3rd party code and license more quickly. > > > > > 4. how do you think about adding tls support to netutils/webclient? > > > > Please make the TLS implementation replaceable. At one point NuttX will > > get a built it TLS. > > > > A customer has formally ordered this feature so I will be paid to > > develop it, but my schedule is loaded and I dont know when I will > > complete this. > > > > I understand that no one can wait for this to happen before having TLS, > > so mbedTLS is a good temporary option. > > > > But please anyone integrating TLS in NuttX, please provide options and > > hooks to replace the implementation. > > > > I believe the interface should be a user lib that provides TLS sockets > > as in openssl or gnutls. > > do you mean openssl BIO and mbedtls mbedtls_ssl_read/mbedtls_ssl_write/etc? > (i don't know gnutls api) > > > > > It looks like a low-level interface with known semantics that could be > > started with a downloaded mbedtls and then easily replaced with a native > > nuttx solution based on what is in the crypto folder. > > > > Sebastien > > > >
