GNOME Bugzilla – Bug 684446
vapi for OpenSSL
Last modified: 2017-04-23 20:01:44 UTC
Created attachment 224821 [details] vapi for OpenSSL library Please find attached a vapi for OpenSSL, I'll post it here in case you or anybody else is willing to help finishing/polishing/committing it. The SSLException stuff is commented because it was segfaulting IIRC so I got away with error return values. Still, this vapi is enough to get working SSL TCP connections both with and without using the BIO API (see attached test programs).
Created attachment 224822 [details] Test program for OpenSSL vapi: TCP/SSL client not using OpenSSL BIO API.
Created attachment 224823 [details] Test program for OpenSSL vapi: TCP/SSL client using OpenSSL BIO API.
I'm adding a portion that I started. It's admittedly very rough and is not very vala-ish. It's really just exposing the direct c api as I lack the vision/knowhow to make it more vala-ish directly in the vapi. I'm attaching an example that does make it a bit more friendly, but pretty static. (not able to exchange ciphers seemlessly, etc) If someone has some guidance on how they thought it should be structured, I'd be happy to update it.
Created attachment 224877 [details] openssl.vapi starting the EVP api
Created attachment 224878 [details] test vala code for the EVP/openssl.vapi
(In reply to comment #3) > I'm adding a portion that I started. It's admittedly very rough and is not very > vala-ish. It's really just exposing the direct c api as I lack the > vision/knowhow to make it more vala-ish directly in the vapi. I'm attaching an > example that does make it a bit more friendly, but pretty static. (not able to > exchange ciphers seemlessly, etc) > > If someone has some guidance on how they thought it should be structured, I'd > be happy to update it. GLib/GIO already has an object-oriented TLS/SSL API that uses GnuTLS underneath. Is there a reason why you can't use that instead of OpenSSL?
(In reply to comment #6) > GLib/GIO already has an object-oriented TLS/SSL API that uses GnuTLS > underneath. Is there a reason why you can't use that instead of OpenSSL? I'm using it in a project that is also using sqlcipher (http://sqlcipher.net) and openssl(libcrypt) is already a requirement. (it does not support GnuTLS) I actually had used GnuTLS, but didn't care to have both implementations, so spent a bit working on getting libcrypt to work instead. It's working.. but it feels ugly. I just can't seem to see the right solution though.
I think a better place for this vapi is https://github.com/nemequ/vala-extra-vapis until it's complete. It will be easier to have updates for that repository than waiting for stricter reviews for inclusion in the vala tree.
It is included in vala-extra-vapis: https://github.com/nemequ/vala-extra-vapis/pull/49 I'm currently including all the AES-releated work. If you have more bindings, I'll be happy to include them as well.