libtls-bearssl is an implementation of libtls on top of BearSSL.
BearSSL is an excellent TLS library: it is small, secure by default, flexible, consistent, performs no memory allocation, and the code is as clean and well documented as any I've ever seen.
However, due to some of its constraints, it is not the easiest TLS library to use. Things like loading trust anchors, server-side SNI, and I/O with non-blocking sockets actually involve quite a bit of work.
libtls shares some of the same goals as BearSSL: it is also consistent, secure by default, and well documented. However, it is also a higher-level API that is designed to be easy to use for many common situations.
This project aims to get the best of both worlds by implementing the libtls API on top of BearSSL.
libtls-bearssl implements nearly all features of the libtls API (version 4.3.0). However, there are some that are missing, since they are not supported by BearSSL.
- OCSP stapling. Attempts to configure this will fail.
- Certificate revocation list (CRL). Attempts to configure this will fail.
- Inspecting peer certificate issuer name.
tls_peer_cert_issueralways returnsNULL. - Inspecting peer certificate notBefore and notAfter times requires
a BearSSL version supporting
BR_FEATURE_X509_TIME_CALLBACK. This is currently not available in any released version of BearSSL, and if it is missing,tls_peer_cert_notbeforeandtls_peer_cert_notafteralways return-1. - Encrypted key files. If
tls_load_fileis passed a password string, it will returnNULL. - Session caching. BearSSL does implement this (though not session tickets, RFC 5077), so this may be added in the future.
- Keys and certificates using CRLF as the line ending are not supported. They must first be converted to use unix-style line endings (LF).
- The signer API (currently not public) is not implemented since it is not yet finalized. This shouldn't be too hard to implement with BearSSL; for the client, we need to use a custom br_ssl_client_certificate_class and for the server, we need to extend our br_ssl_server_policy_class to use the sign callback.
libtls-bearssl uses the regress tests from LibreSSL, modified to
work with BearSSL. They can be run with make check.
keypairtest was changed to use a header generated by brssl,
keypairdata.h, containing C structures with the certificate and
private key in test/server1-rsa.pem.
tlstest was changed to disable version negotiation tests involving
TLS 1.3 because it is not supported by BearSSL.
verifytest was ported to use x509cert, a library to create X.509
certificates based on BearSSL. Cases that involve IP addresses in
certificates were disabled since they aren't supported by BearSSL.
Finally, two cases were disabled (empty wildcard and wildcard under
TLD) since BearSSL does not reject these in the br_x509_minimal
engine.
Feel free to use the mailing list at https://lists.sr.ht/~mcf/libtls-bearssl for patches, questions, or general discussion.
Please report any issues to https://todo.sr.ht/~mcf/libtls-bearssl.
