Uploaded image for project: 'Core ReactOS'
  1. Core ReactOS
  2. CORE-9065

Use PolarSSL as a lightweight `schannel` TLS/SSL back-end

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Major
    • 0.4.0
    • RosDlls
    • None

    Description

      Right now ReactOS doesn't have built-in SSL/TLS support. Main reason being that the secure channel provider (a library called `schannel.dll`) is from Wine and is intrinsically bound to GnuTLS, which in turn is big, convoluted, and hard to compile in a Win32 environment.

      Talking in IRC there was some agreement on partially forking schannel and switching to a smaller, more manageable SSL provider that could be compiled and included in the mainline .iso image. SSL is increasingly important nowadays for accessing Internet services.

      OpenSSL is even more bloated than GnuTLS and potentially insecure. On the other hand there are smaller, barebones, modular alternatives like PolarSSL.

      Licensed under the GPL, with equivalent functionality, well audited, and with substantially less code.
      It might be a good match for this kind of project, giving ReactOS the SSL it needs.

      References:
      https://polarssl.org/tech-updates/blog/providing-assurance-and-trust-in-polarssl
      https://polarssl.org/tech-updates/blog/polarssl-not-vulnerable-to-poodle-against-tls

      Attachments

        1. CORE-9065_fix_assert_winhttp_and wininet.patch
          0.8 kB
        2. CORE-9065_patchbot_amine_v2.patch
          57 kB
        3. CORE-9065_patchbot_amine_v3.patch
          35 kB
        4. CORE-9065_schannel_use_polarssl.patch
          57 kB
        5. https_client_capabilities_with_mbedtls.PNG
          https_client_capabilities_with_mbedtls.PNG
          119 kB
        6. https_working_in_iexplore_and_rapps_with_mbedtls.PNG
          https_working_in_iexplore_and_rapps_with_mbedtls.PNG
          209 kB
        7. mbedtls-global.diff
          632 kB
        8. mbedtls-with-test-fixes.diff
          40 kB
        9. mbedtls-xp-howsmyssl.htm
          12 kB
        10. mbedtls-xp-minidebug-output.txt
          3 kB
        11. schannel_mbedtls-POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA.diff
          0.5 kB
        12. schannel_sealunseal.diff
          1.0 kB
        13. schannel_wine_sealunsealfixme.diff
          1 kB
        14. swyter-mbedtls-2015-05-21-add-mbedtls-wip.diff
          34 kB
        15. swyter-mbedtls-2015-05-21-caroots.diff
          1003 kB
        16. swyter-mbedtls-2015-05-21-psdk-wincrypt-update.diff
          2 kB
        17. swyter-mbedtls-2015-05-21-remove-gnutls.diff
          593 kB
        18. swyter-mbedtls-2015-05-21-rostests.diff
          4 kB
        19. swyter-mbedtls-2015-08-01-add-rc.diff
          1 kB
        20. swyter-mbedtls-2015-09-13-add-mbedtls-working.diff
          35 kB
        21. swyter-mbedtls-2015-09-14-add-mbedtls-working.diff
          39 kB
        22. swyter-mbedtls-2015-09-23-add-mbedtls-working-with-wine.diff
          41 kB
        23. swyter-mbedtls-2015-09-25-add-mbedtls-working-with-wine.diff
          41 kB
        24. swyter-mbedtls-2015-09-26-add-mbedtls-working-with-wine_v2.diff
          48 kB
        25. swyter-mbedtls-2015-09-26-add-mbedtls-working-with-wine.diff
          43 kB
        26. swyter-mbedtls-2015-09-28-add-rc.diff
          1 kB
        27. swyter-mbedtls-2015-09-30-schannel-update-to-211-and-rework-it.diff
          3.05 MB
        28. swyter-mbedtls-2015-10-04-schannel-update-to-211-and-rework-it.diff
          3.96 MB
        29. swyter-mbedtls-2015-10-05-schannel-fix-lazyload-function-pointers.diff
          5 kB
        30. swyter-mbedtls-passing-secur32-schannel-tests.diff
          1.59 MB

        Issue Links

          blocks

          Bug - A problem which impairs or prevents the functions of the product. CORE-3388 SSL not supported; wininet isn't compiled with SSL support

          • Major - Major loss of function.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. CORE-6170 Facebook Messenger fails to install

          • Major - Major loss of function.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. CORE-9506 Could not load C:\Reactos\system32\gnutls\libgnutls-28.dll

          • Major - Major loss of function.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. CORE-10129 Python Links in RAPPS don't work

          • Major - Major loss of function.
          • Resolved
          relates to

          Bug - A problem which impairs or prevents the functions of the product. CORE-7231 ninite gives an error and halts

          • Trivial - Cosmetic problem like misspelt words or misaligned text.
          • Resolved

          Activity

            People

              AmineKhaldi AmineKhaldi
              Swyter Swyter
              Votes:
              4 Vote for this issue
              Watchers:
              15 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: