Re: [asio-users] Native Windows ssl::stream support
Brought to you by:
chris_kohlhoff
From: Kasper L. <la...@st...> - 2020-08-11 19:34:37
|
On 21/07/2020 22.45, Vinnie Falco wrote: > > Buffer-oriented ("bring your own socket") would be the most > straightforward, and also the area in which my colleagues and I have > the most experience. We can collaborate in the free C++ Language Slack > Workspace (get the invite at https://cppalliance.org/slack). > > And we can help with setting up a GitHub repository for CI and testing > workflow - the benefit of setting up a public repository early is that > stakeholders can look at code and comment on it, submit reviews, even > contribute by writing tests or example programs. > Sorry for taking so long to reply, but I have spent the time I had available on creating a very basic proof-of-concept using Windows SSPI/SChannel with boost::asio on Windows: https://github.com/laudrup/boost-asio-windows-sspi There are tons of things missing. I am not even able to create a TLS connection to boost.org unless I provide a hostname for validation to SSPI/SChannel (which is not currently possible in this implementation), but I think it works pretty well as a proof-of-concept. There are also many things wrong with the code that I'm fully aware of, but as you suggested Vinnie, I think I'd better get something out there sooner than later. Apart from all the things that are wrong, I do actually feel quite confident that I could make this a usable implementation for using SSPI/SChannel with boost::asio on Windows and avoid having to use OpenSSL, but as my time is limited as well, I probably need some help. Before I start moving any further with this, I think the next step is to think about the design, as this current POC isn't really designed at all. I've looked quite a bit at the GnuTLS implementation that Arvid was kind enough to link to as well as the current OpenSSL implementation and while I like the idea of having a "drop in replacement" which seems to be the goal of the GnuTLS implementation, I really think the current OpenSSL implementation in boost::asio is extremely well designed with the actual OpenSSL details being (mostly) abstracted away very nicely. It looks to me as if I could actually reimplement the "engine" class for use with SSPI/SChannel and get all the async behaviour, buffer handling etc. for "free". I would still need to hide some of the OpenSSL specifics currently "leaking" from the implementation, especially in the context class, but that seems comparatively trivial. My ambitious goal is, that it should be possible for the user to choose which implementation to use while getting the same behavior. I'm not really sure what would be the best way to move in that direction. One way would be to simply fork the current asio repository and rewrite the OpenSSL parts to use SSPI/SChannel instead. That would probably be the easiest, as my first goal would then be to simply make it compile without having OpenSSL available and then knowing which stub functions/classes etc. I'd need to implement. It would require a bit of cleanup later on if I actually got it to work though. Anyway, most importantly I would really like to work on this so I wanted to share this sooner than later. This is only something I'm doing in my spare time which is already limited, so don't expect too much from me but I hope you guys will appreciate my efforts as I would be extremely proud if I could actually end up contributing something like this to the boost project. Please let me know what you think. Thanks a lot and kind regards, Kasper Laudrup |