Date: Tue, 28 Apr 2020 09:03:57 +0200 From: Joakim Sindholt <opensource@...sha.com> To: tlsify@...ts.openwall.com Subject: Draft implementation God morgen! I have been toiling in the code mines for a while in an attempt to write an implementation that does what I want (somewhat) efficiently. Here it is: https://git.zhasha.com/~/zhasha/tlsify-draft/ The first draft of a working tlsify. I haven't tested all facets of it but to the best of my knowledge the system CA works, DANE works, and it happily pushes data through bidirectionally. As you can see I've written my own X509 engine. While not ideal it does mean that once I add the requisite OpenSSL backend I can just pipe the raw certs through and override their verification machinery which, to the best of my knowledge, can't be configured to do what I want tlsify to do. Next I'm going to write a man page that details how it works and finally have a look at designing a server API. It's certainly full of bugs so please go ahead and find them. Also the code is a mess and needs a lot of cleanup. -- Joakim
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.