Follow @Openwall on Twitter for new release announcements and other news
[<prev] [day] [month] [year] [list] 
Message-ID: <20200428070357.GK466633@wirbelwind.zhasha.com>
Date: Tue, 28 Apr 2020 09:03:57 +0200
From: Joakim Sindholt <opensource@...sha.com>
To: tlsify@...ts.openwall.com
Subject: Draft implementation

God morgen!

I have been toiling in the code mines for a while in an attempt to write
an implementation that does what I want (somewhat) efficiently.
Here it is:
https://git.zhasha.com/~/zhasha/tlsify-draft/
The first draft of a working tlsify.

I haven't tested all facets of it but to the best of my knowledge the
system CA works, DANE works, and it happily pushes data through
bidirectionally.
As you can see I've written my own X509 engine. While not ideal it does
mean that once I add the requisite OpenSSL backend I can just pipe the
raw certs through and override their verification machinery which, to
the best of my knowledge, can't be configured to do what I want tlsify
to do.

Next I'm going to write a man page that details how it works and finally
have a look at designing a server API.

It's certainly full of bugs so please go ahead and find them.

Also the code is a mess and needs a lot of cleanup.

-- Joakim

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.