From 9a647c326a41e8160d53e6cb5470161a44c0e8cf Mon Sep 17 00:00:00 2001 From: Denys Vlasenko Date: Mon, 23 Jan 2017 01:08:16 +0100 Subject: separate TLS code into a library, use in in wget A new applet, ssl_client, is the TLS debug thing now. It doubles as wget's NOMMU helper. In MMU mode, wget still forks, but then directly calls TLS code, without execing. This can also be applied to sendmail/popmail (SMTPS / SMTP+starttls support) and nc --ssl (ncat, nmap's nc clone, has such option). function old new delta tls_handshake - 1691 +1691 tls_run_copy_loop - 443 +443 ssl_client_main - 128 +128 packed_usage 30978 31007 +29 wget_main 2508 2535 +27 applet_names 2553 2560 +7 ... xwrite_encrypted 360 342 -18 tls_main 2127 - -2127 ------------------------------------------------------------------------------ (add/remove: 4/1 grow/shrink: 13/8 up/down: 2351/-2195) Total: 156 bytes Signed-off-by: Denys Vlasenko --- networking/ssl_client.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 networking/ssl_client.c (limited to 'networking/ssl_client.c') diff --git a/networking/ssl_client.c b/networking/ssl_client.c new file mode 100644 index 000000000..cfeae1587 --- /dev/null +++ b/networking/ssl_client.c @@ -0,0 +1,55 @@ +/* + * Copyright (C) 2017 Denys Vlasenko + * + * Licensed under GPLv2, see file LICENSE in this source tree. + */ +//config:config SSL_CLIENT +//config: bool "ssl_client" +//config: default y +//config: select TLS +//config: help +//config: This tool pipes data to/from a socket, TLS-encrypting it. + +//applet:IF_SSL_CLIENT(APPLET(ssl_client, BB_DIR_USR_BIN, BB_SUID_DROP)) + +//kbuild:lib-$(CONFIG_SSL_CLIENT) += ssl_client.o + +//usage:#define ssl_client_trivial_usage +//usage: "-s FD [-r FD] [-n SNI]" +//usage:#define ssl_client_full_usage "" + +#include "libbb.h" + +int ssl_client_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE; +int ssl_client_main(int argc UNUSED_PARAM, char **argv) +{ + tls_state_t *tls; + const char *sni = NULL; + int opt; + + // INIT_G(); + + tls = new_tls_state(); + opt = getopt32(argv, "s:#r:#n:", &tls->ofd, &tls->ifd, &sni); + if (!(opt & 2)) { + /* -r N defaults to -s N */ + tls->ifd = tls->ofd; + } + + if (!(opt & 3)) { + if (!argv[1]) + bb_show_usage(); + /* Undocumented debug feature: without -s and -r, takes HOST arg and connects to it */ + // + // Talk to kernel.org: + // printf "GET / HTTP/1.1\r\nHost: kernel.org\r\n\r\n" | ./busybox ssl_client kernel.org + if (!sni) + sni = argv[1]; + tls->ifd = tls->ofd = create_and_connect_stream_or_die(argv[1], 443); + } + + tls_handshake(tls, sni); + tls_run_copy_loop(tls); + + return EXIT_SUCCESS; +} -- cgit v1.2.3