Uploaded image for project: 'Core ReactOS'
  1. Core ReactOS
  2. CORE-9065

Use PolarSSL as a lightweight `schannel` TLS/SSL back-end

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Major
    • 0.4.0
    • RosDlls
    • None

    Description

      Right now ReactOS doesn't have built-in SSL/TLS support. Main reason being that the secure channel provider (a library called `schannel.dll`) is from Wine and is intrinsically bound to GnuTLS, which in turn is big, convoluted, and hard to compile in a Win32 environment.

      Talking in IRC there was some agreement on partially forking schannel and switching to a smaller, more manageable SSL provider that could be compiled and included in the mainline .iso image. SSL is increasingly important nowadays for accessing Internet services.

      OpenSSL is even more bloated than GnuTLS and potentially insecure. On the other hand there are smaller, barebones, modular alternatives like PolarSSL.

      Licensed under the GPL, with equivalent functionality, well audited, and with substantially less code.
      It might be a good match for this kind of project, giving ReactOS the SSL it needs.

      References:
      https://polarssl.org/tech-updates/blog/providing-assurance-and-trust-in-polarssl
      https://polarssl.org/tech-updates/blog/polarssl-not-vulnerable-to-poodle-against-tls

      Attachments

        1. CORE-9065_fix_assert_winhttp_and wininet.patch
          0.8 kB
          AmineKhaldi
        2. CORE-9065_patchbot_amine_v2.patch
          57 kB
          AmineKhaldi
        3. CORE-9065_patchbot_amine_v3.patch
          35 kB
          AmineKhaldi
        4. CORE-9065_schannel_use_polarssl.patch
          57 kB
          hater
        5. https_client_capabilities_with_mbedtls.PNG
          119 kB
          Swyter
        6. https_working_in_iexplore_and_rapps_with_mbedtls.PNG
          209 kB
          Swyter
        7. mbedtls-global.diff
          632 kB
          usurp
        8. mbedtls-with-test-fixes.diff
          40 kB
          usurp
        9. mbedtls-xp-howsmyssl.htm
          12 kB
          roytam
        10. mbedtls-xp-minidebug-output.txt
          3 kB
          roytam
        11. schannel_mbedtls-POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA.diff
          0.5 kB
          roytam
        12. schannel_sealunseal.diff
          1.0 kB
          roytam
        13. schannel_wine_sealunsealfixme.diff
          1 kB
          roytam
        14. swyter-mbedtls-2015-05-21-add-mbedtls-wip.diff
          34 kB
          Swyter
        15. swyter-mbedtls-2015-05-21-caroots.diff
          1003 kB
          Swyter
        16. swyter-mbedtls-2015-05-21-psdk-wincrypt-update.diff
          2 kB
          Swyter
        17. swyter-mbedtls-2015-05-21-remove-gnutls.diff
          593 kB
          Swyter
        18. swyter-mbedtls-2015-05-21-rostests.diff
          4 kB
          Swyter
        19. swyter-mbedtls-2015-08-01-add-rc.diff
          1 kB
          Swyter
        20. swyter-mbedtls-2015-09-13-add-mbedtls-working.diff
          35 kB
          Swyter
        21. swyter-mbedtls-2015-09-14-add-mbedtls-working.diff
          39 kB
          Swyter
        22. swyter-mbedtls-2015-09-23-add-mbedtls-working-with-wine.diff
          41 kB
          Swyter
        23. swyter-mbedtls-2015-09-25-add-mbedtls-working-with-wine.diff
          41 kB
          Swyter
        24. swyter-mbedtls-2015-09-26-add-mbedtls-working-with-wine_v2.diff
          48 kB
          AmineKhaldi
        25. swyter-mbedtls-2015-09-26-add-mbedtls-working-with-wine.diff
          43 kB
          Swyter
        26. swyter-mbedtls-2015-09-28-add-rc.diff
          1 kB
          Swyter
        27. swyter-mbedtls-2015-09-30-schannel-update-to-211-and-rework-it.diff
          3.05 MB
          Swyter
        28. swyter-mbedtls-2015-10-04-schannel-update-to-211-and-rework-it.diff
          3.96 MB
          Swyter
        29. swyter-mbedtls-2015-10-05-schannel-fix-lazyload-function-pointers.diff
          5 kB
          Swyter
        30. swyter-mbedtls-passing-secur32-schannel-tests.diff
          1.59 MB
          Swyter

        Issue Links

          blocks

          Bug - A problem which impairs or prevents the functions of the product. CORE-3388 SSL not supported; wininet isn't compiled with SSL support

          • Major - Major loss of function.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. CORE-6170 Facebook Messenger fails to install

          • Major - Major loss of function.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. CORE-9506 Could not load C:\Reactos\system32\gnutls\libgnutls-28.dll

          • Major - Major loss of function.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. CORE-10129 Python Links in RAPPS don't work

          • Major - Major loss of function.
          • Resolved
          relates to

          Bug - A problem which impairs or prevents the functions of the product. CORE-7231 ninite gives an error and halts

          • Trivial - Cosmetic problem like misspelt words or misaligned text.
          • Resolved

          Activity

            People

              AmineKhaldi AmineKhaldi
              Swyter Swyter
              Votes:
              4 Vote for this issue
              Watchers:
              15 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: