Provide support for ALPN in libtls

[cartazio]

Hello!
I'm In the midst of writing a Haskell binding to libtls / libressl (in their portable build incarnation), and it seems that I can't expose alpn information unless I either violate / use the private struct rep at the libtls layer or do a more direct wrapping of the underlying libressl APIs. I'm totally fine with doing the latter. But seems like an oversight from the perspective of making it easy for a libtls user to write a simple https-v2 client or server library leveraging the libtls Api.

This may or may not have been discussed previously or already be a known issue, but I figure erring on the side of over communication :)

Cheers!

[bob-beck]

Carter we've simply not made a way to expose it - yet. A diff that would
address your needs would be considered.

On Mon, Jul 4, 2016 at 5:45 PM, Carter Tazio Schonwald <
notifications@github.com> wrote:

Hello!
I'm In the midst of writing a Haskell binding to libtls / libressl (in
their portable build incarnation), and it seems that I can't expose alpn
information unless I either violate / use the private struct rep at the
libtls layer or do a more direct wrapping of the underlying libressl APIs.
I'm totally fine with doing the latter. But seems like an oversight from
the perspective of making it easy for a libtls user to write a simple
https-v2 client or server library leveraging the libtls Api.

This may or may not have been discussed previously or already be a known
issue, but I figure erring on the side of over communication :)

Cheers!

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
#65, or mute the
thread
https://github.com/notifications/unsubscribe/AHv2dXIB-Bs1lmBVEQSnieqmxl8MS2Udks5qSZsZgaJpZM4JEsRI
.

[cartazio]

Cool! I'll have a look as I have time this week. What's your preferred mechanism for me to make such a patch / diff available for review ?

[bob-beck]

Depends how serious you are with it.

If you know what you are doing make a diff against the OpenBSD sources for
real, if you aren't used to
that a --no-prefix git diff against portable will probably do - mailed to
tech@openbsd.org for us to peruse.

On Mon, Jul 4, 2016 at 9:23 PM, Carter Tazio Schonwald <
notifications@github.com> wrote:

Cool! I'll have a look as I have time this week. What's your preferred
mechanism for me to make such a patch / diff available for review ?

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
#65 (comment),
or mute the thread
https://github.com/notifications/unsubscribe/AHv2dVrtKAIkdN89gJRTpjVLIifVmZwMks5qSc5CgaJpZM4JEsRI
.

[cartazio]

Cool. I'll see what I can do. I'm not familiar with CVS but I'll see what
I can do.

Do you want the patch set relative to the open BSD libressl repo or a
checkout of the libressl/portable repo if I do the latter git approach ?
On Jul 4, 2016 11:27 PM, "bob-beck" notifications@github.com wrote:

Depends how serious you are with it.

If you know what you are doing make a diff against the OpenBSD sources for
real, if you aren't used to
that a --no-prefix git diff against portable will probably do - mailed to
tech@openbsd.org for us to peruse.

On Mon, Jul 4, 2016 at 9:23 PM, Carter Tazio Schonwald <
notifications@github.com> wrote:

Cool! I'll have a look as I have time this week. What's your preferred
mechanism for me to make such a patch / diff available for review ?

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<
#65 (comment)
,
or mute the thread
<
https://github.com/notifications/unsubscribe/AHv2dVrtKAIkdN89gJRTpjVLIifVmZwMks5qSc5CgaJpZM4JEsRI

.

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
#65 (comment),
or mute the thread
https://github.com/notifications/unsubscribe/AAAQwlvDzMS6_i-AxaiE7qwQoUPFoupqks5qSc8LgaJpZM4JEsRI
.

[busterb]

A git patch relative to the openbsd repo here is just fine. It's a mirror of all of the relevant parts of the CVS repo. I've used git show or git format-patch on tech@openbsd a number of times. Just watch out for email whitespace damage :P

[cartazio]

Hehe. So maybe gzipped with a signnature of my pub key, which has been
signed by other folks?

Gotcha.

Also, I really appreciate how responsive you've been to my question :)

On Tuesday, July 5, 2016, Brent Cook notifications@github.com wrote:

A git patch relative to the openbsd repo here is just fine. It's a mirror
of all of the relevant parts of the CVS repo. I've used git show or git
format-patch on tech@openbsd a number of times. Just watch out for email
whitespace damage :P

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
#65 (comment),
or mute the thread
https://github.com/notifications/unsubscribe/AAAQwuoGl80qYSiRxFGdxJcoTuL6zv-Rks5qSnADgaJpZM4JEsRI
.

[busterb]

inline is preferable please

[4a6f656c]

I started adding ALPN support to libtls a long time back, but never got around to finishing it off - I have a working diff, which I should be able to provide soon.

[4a6f656c]

I've just posted a diff that adds ALPN support to libtls:

https://marc.info/?l=openbsd-tech&m=146963880513549&w=2

[cartazio]

Sweet! Looks like a much better patch than I would have done (my c and
contributing to c code bases skills are rusty :))

What time line is this likely to be reflected in libressl portable? Also
what's the recommended way of detecting has an install that lacks that
feature?

On Wednesday, July 27, 2016, Joel Sing notifications@github.com wrote:

I've just posted a diff that adds ALPN support to libtls:

https://marc.info/?l=openbsd-tech&m=146963880513549&w=2

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
#65 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAAQwsH3djrmrUp0k0Y5GLaxba8X6KEbks5qZ48AgaJpZM4JEsRI
.

[cartazio]

Sweet! Looks like a much better patch than I would have done (my c and
contributing to c code bases skills are rusty :))

What time line is this likely to be reflected in libressl portable? Also
what's the recommended way of detecting thst a user of my ffi binding would
have too old a copy of libressl portable?

On Wednesday, July 27, 2016, Joel Sing notifications@github.com wrote:

I've just posted a diff that adds ALPN support to libtls:

https://marc.info/?l=openbsd-tech&m=146963880513549&w=2

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
#65 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAAQwsH3djrmrUp0k0Y5GLaxba8X6KEbks5qZ48AgaJpZM4JEsRI
.

[4a6f656c]

This has been committed in OpenBSD -current, so should show up in libressl portable git sometime soon (and be in the next unstable release).

Re detecting support, ideally check for the tls_config_set_alpn()/tls_conn_alpn_selected() functions, otherwise TLS_API >= 20160812.

[cartazio]

Thanks for being so incredible responsive and helpful. The level of
positive friendly helpful professionalism has really blown me away (also my
first time interacting with operating systemsy oss folks :) )

On Friday, August 12, 2016, Joel Sing notifications@github.com wrote:

This has been committed in OpenBSD -current, so should show up in libressl
portable git sometime soon (and be in the next unstable release).

Re detecting support, ideally check for the tls_config_set_alpn()/tls_conn_alpn_selected()
functions, otherwise TLS_API >= 20160812.

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
#65 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAAQwkSTI9GyIvuN2GlLRAbCHD5AEOqEks5qfI5DgaJpZM4JEsRI
.