Uploaded image for project: 'Core ReactOS'
  1. Core ReactOS
  2. CORE-9065

Use PolarSSL as a lightweight `schannel` TLS/SSL back-end

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Fix Version/s: 0.4.0
    • Component/s: RosDlls
    • Labels:
      None

      Description

      Right now ReactOS doesn't have built-in SSL/TLS support. Main reason being that the secure channel provider (a library called `schannel.dll`) is from Wine and is intrinsically bound to GnuTLS, which in turn is big, convoluted, and hard to compile in a Win32 environment.

      Talking in IRC there was some agreement on partially forking schannel and switching to a smaller, more manageable SSL provider that could be compiled and included in the mainline .iso image. SSL is increasingly important nowadays for accessing Internet services.

      OpenSSL is even more bloated than GnuTLS and potentially insecure. On the other hand there are smaller, barebones, modular alternatives like PolarSSL.

      Licensed under the GPL, with equivalent functionality, well audited, and with substantially less code.
      It might be a good match for this kind of project, giving ReactOS the SSL it needs.

      References:
      https://polarssl.org/tech-updates/blog/providing-assurance-and-trust-in-polarssl
      https://polarssl.org/tech-updates/blog/polarssl-not-vulnerable-to-poodle-against-tls

        Attachments

        1. CORE-9065_fix_assert_winhttp_and wininet.patch
          0.8 kB
        2. CORE-9065_patchbot_amine_v2.patch
          57 kB
        3. CORE-9065_patchbot_amine_v3.patch
          35 kB
        4. CORE-9065_schannel_use_polarssl.patch
          57 kB
        5. https_client_capabilities_with_mbedtls.PNG
          https_client_capabilities_with_mbedtls.PNG
          119 kB
        6. https_working_in_iexplore_and_rapps_with_mbedtls.PNG
          https_working_in_iexplore_and_rapps_with_mbedtls.PNG
          209 kB
        7. mbedtls-global.diff
          632 kB
        8. mbedtls-with-test-fixes.diff
          40 kB
        9. mbedtls-xp-howsmyssl.htm
          12 kB
        10. mbedtls-xp-minidebug-output.txt
          3 kB
        11. schannel_mbedtls-POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA.diff
          0.5 kB
        12. schannel_sealunseal.diff
          1.0 kB
        13. schannel_wine_sealunsealfixme.diff
          1 kB
        14. swyter-mbedtls-2015-05-21-add-mbedtls-wip.diff
          34 kB
        15. swyter-mbedtls-2015-05-21-caroots.diff
          1003 kB
        16. swyter-mbedtls-2015-05-21-psdk-wincrypt-update.diff
          2 kB
        17. swyter-mbedtls-2015-05-21-remove-gnutls.diff
          593 kB
        18. swyter-mbedtls-2015-05-21-rostests.diff
          4 kB
        19. swyter-mbedtls-2015-08-01-add-rc.diff
          1 kB
        20. swyter-mbedtls-2015-09-13-add-mbedtls-working.diff
          35 kB
        21. swyter-mbedtls-2015-09-14-add-mbedtls-working.diff
          39 kB
        22. swyter-mbedtls-2015-09-23-add-mbedtls-working-with-wine.diff
          41 kB
        23. swyter-mbedtls-2015-09-25-add-mbedtls-working-with-wine.diff
          41 kB
        24. swyter-mbedtls-2015-09-26-add-mbedtls-working-with-wine_v2.diff
          48 kB
        25. swyter-mbedtls-2015-09-26-add-mbedtls-working-with-wine.diff
          43 kB
        26. swyter-mbedtls-2015-09-28-add-rc.diff
          1 kB
        27. swyter-mbedtls-2015-09-30-schannel-update-to-211-and-rework-it.diff
          3.05 MB
        28. swyter-mbedtls-2015-10-04-schannel-update-to-211-and-rework-it.diff
          3.96 MB
        29. swyter-mbedtls-2015-10-05-schannel-fix-lazyload-function-pointers.diff
          5 kB
        30. swyter-mbedtls-passing-secur32-schannel-tests.diff
          1.59 MB

          Issue Links

            Activity

              People

              • Assignee:
                AmineKhaldi AmineKhaldi
                Reporter:
                Swyter Swyter
              • Votes:
                4 Vote for this issue
                Watchers:
                15 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: