hostap option to use mbedtls (under development)
krishna t
krish271828 at gmail.com
Fri Sep 23 09:26:29 PDT 2022
On Fri, Sep 23, 2022 at 2:29 PM <gs-lists-hostap at gluelogic.com> wrote:
>
> On Fri, Sep 23, 2022 at 12:51:25AM +0530, krishna t wrote:
> > On Fri, Sep 23, 2022 at 12:47 AM krishna t <krish271828 at gmail.com> wrote:
> > > On Thu, Sep 15, 2022 at 2:48 AM <gs-lists-hostap at gluelogic.com> wrote:
> > > >
> > > > Greetings!
> > > >
> > > > I am a lighttpd developer who has written TLS modules for lighttpd
> > > > to support OpenSSL, mbed TLS, GnuTLS, WolfSSL, and NSS TLS libraries.
> > > >
> > > > I am in the process of porting hostap to have the option to use mbedtls
> > > > in support of https://github.com/openwrt/openwrt/issues/10303
> > > >
> > > > development branch:
> > > > https://github.com/gstrauss/hostap/tree/mbedtls (work in progress)
> > > >
> > > > My branch builds with mbedtls 2.27.0 or later, and also with mbedtls 3.x
> > > >
> > > > Please note: my effort here is independent from
> > > > https://www.spinics.net/lists/hostap/msg09799.html
>
> krishna: Did you read the above from my post? How did you miss that?
Ah sorry, my bad, missed that line.
>
> I saw your prior post and read the thread. There were questions with
> licensing and questions about the code cut-n-paste from stackoverflow.
>
> > > Hi Glenn,
> > >
> > > I have already submitted a patch which is still under review here
> > > https://www.spinics.net/lists/hostap/msg09799.html. I am awaiting
> > > Jouni's response
> > > for my comment before submitting the next version.
> > >
> > > Please have a look
>
> No, thank you, I won't be doing that.
>
> After reading the discussion thread about the code cut-n-paste from
> stackoverflow (and which was not well-written code, IMNSHO), I decided
> that I would not use the patches you posted mixed from elsewhere [1]
> (the license question) and then modified by you (the stackoverflow
> cut-n-paste -- also a license question -- plus other modifications).
Stackoverflow code is purely cosmetic (just to get a cipher string)
and instead of
custom parsing like you did here tls_mbedtls_translate_ciphername, I
thought its better
to use generic helpers, and it's easy to address any concerns with that code.
I am still awaiting Jouni's opinion about using Apache License based
code. The main
intention to reuse from [1] was to avoid re-work, as that is being
used in production IIUC,
Anyways, I will leave it to Jouni to take a call on which version to pick.
>
> Instead, I used my own code from lighttpd [2] (BSD-3-Clause licensed) as
> a starting point and implemented for mbedtls [3] the hostap interfaces
> in hostap/src/crypto/crypto.h and hostap/src/crypto/tls.h so that the
> code is written by me and released by me under the BSD-3-Clause license.
>
> [1] (link from krishna's post)
> https://github.com/espressif/esp-idf/tree/master/components/wpa_supplicant
>
> [2]
> https://github.com/lighttpd/lighttpd1.4/blob/master/src/sys-crypto-md.h
> https://github.com/lighttpd/lighttpd1.4/blob/master/src/mod_mbedtls.c
>
> [3]
> https://github.com/gstrauss/hostap/tree/mbedtls (work in progress)
>
> Cheers, Glenn
More information about the Hostap
mailing list