cosmopolitan icon indicating copy to clipboard operation
cosmopolitan copied to clipboard

Published 20 hours ago verified publisher icon jart

Recommended way to open TLS connections from Redbean for non-HTTPS purposes?

Open s0ph0s-2 opened this issue 1 year ago • 4 comments

Hi!

I'm attempting to run an IRC bot with a web control panel inside of Redbean. I've already gotten this partially working by forking from .init.lua and running some IRC-related code. However, the server that I'd like to connect to only allows TLS connections. What is the recommended way to go about establishing a TCP+TLS connection to a host from inside Redbean?

My current best guesses are:

  1. An undocumented MbedTLS Lua API that's hiding inside Redbean
  2. Build LuaSec with the Cosmopolitan toolchain and embed its .so files in my Redbean

I'd really like to avoid doing № 2 because then I'm dragging OpenSSL into this—Redbean already has a perfectly good TLS library!

If № 1 doesn't exist already, I'd be willing to help create and document it! I'm not a particularly skilled C developer, but I believe I could write the necessary plumbing to add MbedTLS Lua APIs to Redbean.

s0ph0s-2 avatar Dec 09 '23 10:12 s0ph0s-2

Someone would have to an MbedTLS API for Redbean. Due to the enormity of that task, its security sensitive nature, and the amount of binary footprint it'd add, I'd discourage efforts to contribute it. (2) would be easier. Superconfigure is able to build OpenSSL with cosmocc. You could probably take the .a file it generates, along with the .h files it creates via make install and then copy those into the cosmo mono repo's tool/net/ folder so they can be linked into redbean along with your LuaSec module.

jart avatar Dec 09 '23 11:12 jart

Another thing you could do is learn the MbedTLS API. It's pretty good. Then contribute a highly focused API for creating TCP streams with the option of having TLS negotiated on them. That highly focused simple TLS connection API would then plug into Redbean's existing TLS configuration system, and would not expose the vast number of knobs and dials to the Lua language that MbedTLS has.

jart avatar Dec 09 '23 11:12 jart

Another thing you could do is learn the MbedTLS API. It's pretty good. Then contribute a highly focused API for creating TCP streams with the option of having TLS negotiated on them. That highly focused simple TLS connection API would then plug into Redbean's existing TLS configuration system, and would not expose the vast number of knobs and dials to the Lua language that MbedTLS has.

I think this is the path I'd like to take! Then other people can just use it, instead of finding this issue and building OpenSSL themselves. When I suggested contributing an API, this is more along the lines that I meant. I'm sorry I didn't make the scope clear in my original issue description.

I'll make some test programs to learn about how to work with MbedTLS for this purpose, and then return when I have more of an idea about what to build :)

s0ph0s-2 avatar Dec 09 '23 21:12 s0ph0s-2

Hooray. Join our Discord and keep us posted if you do this. We can support your volunteer efforts. https://discord.gg/dwmWBfKD

jart avatar Dec 10 '23 02:12 jart