botan icon indicating copy to clipboard operation
botan copied to clipboard

Published 20 hours ago verified publisher icon randombit

https client library with botan backend?

Open lambdafu opened this issue 6 years ago • 10 comments

I almost feel like misusing the ticket system, because this feels more like a support question. But I don't know how to reach the community in another way, sorry! Is there already a https client library (such as curl) that supports Botan as backend? I would feel really stupid linking to curl and then sucking in openssl as a dependency, if I am heavily leaning on Botan for all the other crypto in the application; If there isn't, I guess am raising my hand to volunteer. Is there an important alternative to libcurl in the C++ world that I am missing? I couldn't immediately find something. @securitykernel told me that the C89 API of Botan does not yet support TLS, so if a C library is used for HTTP, adding that is an obvious starting point. Anything else to watch out for? Thanks!

lambdafu avatar Nov 30 '17 12:11 lambdafu

+1 for working on Botan as a curl TLS backend.

I would feel really stupid linking to curl and then sucking in openssl as a dependency, if I am heavily leaning on Botan for all the other crypto in the application;

This is what we do in Kullo for Linux. No real issue right now but it would be great to have the choice.

webmaster128 avatar Nov 30 '17 12:11 webmaster128

Questions or general support issues are fine here. You can also use the mailing list (https://lists.randombit.net/mailman/listinfo/botan-devel) but GH Issues is more active.

There are a couple of relatively widely used C++ HTTP client libraries (for example https://github.com/cpp-netlib/cpp-netlib) but afaik even in C++, curl is far and away the most common for this task. Also the fact that curl already supports a large number of SSL libraries suggests they'd likely accept an additional implementation. Whereas most of the other relevant libs I know of (like cpp-netlib, asio) support exclusively OpenSSL and getting them to take a patch supporting multiple backends might be an uphill slog; for such libs, it may prove easier to just write an OpenSSL compatible stub library.

And besides curl, a C89 TLS interface would be great to have since we could then expose TLS to Python, OCaml, etc. There is a sketch of an interface at the end of ffi.h (its #if 0ed out and definitely incomplete - for instance the _init call don't offer any way to set server certificates, there is no way to get info on ciphersuites, etc). Also certificate verification is not currently exposed to C, and that will certainly be required, at least eventually.

There is a Slack channel used "internally" for developer chat, I'll send you an invite. Optional of course but good if you have a quick question on how to approach something.

randombit avatar Nov 30 '17 15:11 randombit

I took a very quick look at cpp-netlib. It is an admirable effort, but its HTTPS support apparently depends on boost asio, which in turn depends on openssl, so that is a bit of a rabbit hole. Plus, cpp-netlib at this point is more of a toolbox than a kitchen-sink solution for HTTP, and momentum seems to be somewhat lacking (proxy support is missing since 2011, with no progression: https://github.com/cpp-netlib/cpp-netlib/issues/50). There is also overlap with Beast, which has been accepted into boost this year. All of these, and the things @jack said, make curl the easy first choice for me. Thanks for the pointers into the code!

lambdafu avatar Dec 01 '17 12:12 lambdafu

We're also looking at C++ Requests but there is no progress in TLS support for 2 years.

webmaster128 avatar Dec 01 '17 12:12 webmaster128

I will soon add networking stuff to rili with botan as first crypto backend.

ksanderon avatar Jan 21 '18 20:01 ksanderon

Is there a result?

89trillion-feiyang avatar Apr 14 '22 02:04 89trillion-feiyang

You could use Botan with Boost Beast. Here's a small example: https://github.com/hrantzsch/beast-botan-https-client

hrantzsch avatar Apr 14 '22 07:04 hrantzsch

You could use Botan with Boost Beast. Here's a small example: https://github.com/hrantzsch/beast-botan-https-client

If i use this demo in android, do I need to compile the android library for botan?

Or import the header file directly.

89trillion-feiyang avatar Apr 14 '22 08:04 89trillion-feiyang

You'll need both Botan and Boost Beast compiled for Android I guess, but I have never used this on Android and I don't know what you have to do for this :/

hrantzsch avatar Apr 14 '22 14:04 hrantzsch

I know this is an old issue. But it's worth an update. I maintain both drogon and trantor. We merged a big TLS refactoring for trantor that includes supporting Botan as TLS backend. By extension, drgoon will also use Botan if configured.

For anyone still interested. Please try and let us know how well/bad the Botan backend works. I'll do my best to improve it.

❯ ./drogon_ctl/drogon_ctl version
     _
  __| |_ __ ___   __ _  ___  _ __
 / _` | '__/ _ \ / _` |/ _ \| '_ \
| (_| | | | (_) | (_| | (_) | | | |
 \__,_|_|  \___/ \__, |\___/|_| |_|
                 |___/

A utility for drogon
Version: 1.8.4
Git commit: 4aab3c6810200340a7be0c6a824960aabf2c5838
Compilation: 
  Compiler: /usr/bin/g++
  Compiler ID: GNU
  Compilation flags: -g -Og -fsanitize=address -std=c++23 -I/usr/include
Libraries: 
  postgresql: yes  (pipeline mode: yes)
  mariadb: yes
  sqlite3: yes
  ssl/tls backend: Botan
  brotli: yes
  boost: no
  hiredis: yes
  c-ares: yes
  yaml-cpp: yes

marty1885 avatar Apr 02 '23 08:04 marty1885