Navigation

List Index
Month Index
Date Index
Thread Index
Date Prev
Date Next
Thread Prev
Thread Next
Subscription

Unofficial wolfSSL Utility 1.0.0 released
From: Patrick McDermott <patrick DОТ mcdermott АТ libiquity DОТ com>
To: proteanos-dev АТ lists DОТ proteanos DОТ com
Date: Sun, 09 Aug 2020 06:18:02 -0400
Message-id: 20200809061802 DОТ patrick DОТ mcdermott АТ libiquity DОТ com
About
=====

wolfutil is a command-line tool for the wolfSSL embedded (SSL/)TLS
library.  It is similar to the OpenSSL command-line tool, providing only
a limited `s_client` TLS client command.  The primary goal is to provide
enough functionality for use by BusyBox's wget applet.

wolfutil's `s_client` command is designed to be stronger by default than
OpenSSL's, as the latter is only meant to be a "diagnostic tool".  That
is, the following command:

    $ wolfutil s_client -quiet -connect ${host}:${port} \
    > -servername ${servername}

is roughly equivalent to the more complicated:

    $ openssl s_client -quiet -connect ${host}:${port} \
    > -servername ${servername} -verify 9 -verify_return_error \
    > -no_ssl3 -no_tls1 -no_tls1_1

This utility is in no way authored by or affiliated with wolfSSL Inc. or
its contributors.

Downloading
===========

Source archives are available from the files site by HTTP or FTP:

    http://files.proteanos.com/pub/wolfutil/1.0.0/
    ftp://files.proteanos.com/pub/wolfutil/1.0.0/

Here are the MD5 checksums:

    e1ca7f3beb0cd12075230e27ac09b9b4  wolfutil-1.0.0.tar.gz
    e57454d91205d8fb928747d9992c3e88  wolfutil-1.0.0.tar.bz2
    5dc12da398aeb0d29d261f3257244853  wolfutil-1.0.0.tar.xz

Here are the SHA-256 checksums:

    f6d4d263bff74ee036dfc9322c416a9ed8868306d8ac5bbfdf9b8e8d6b4018de  wolfutil-1.0.0.tar.gz
    54b7cbc0f6735a3299fe3a2a0d4ada56c68344bf48b123b7609a47be4dc5e82b  wolfutil-1.0.0.tar.bz2
    66bf1831adec1d9372760bc98785e147e8f499babcd18594fdab68fc196215a1  wolfutil-1.0.0.tar.xz

The sources are maintained in a Git repository:

    http://git.proteanos.com/wolfutil/wolfutil.git/
    git://git.proteanos.com/wolfutil/wolfutil.git/

This release is marked by the "wolfutil/1.0.0" tag.

NEWS for Version 1.0.0
======================

This is the initial release of the Unofficial wolfSSL Utility, in development
since 2019-07-28.

Shortlog of Changes
===================

Patrick McDermott (85):
      Initial commit
      s_client: Stub
      s_client: Add option parsing and wolfSSL init
      main(): Use EXIT_FAILURE instead of 1
      s_client: Open and connect socket
      s_client: Poll, read, and write FDs
      s_client: Slightly refactor socket connection func
      s_client: Vertically align assignments
      s_client: Fix socket FD issues
      build: Add test framework
      tests/badssl.sh: New test script
      tests/badssl.sh: Add "not " to test descriptions
      s_client: Use supported curves
      tests/badssl.sh: Update results
      tests/badssl.sh: Fix Mozilla recommendation results
      s_client: Disable SSLv3, TLSv1.0, and TLSv1.1
      build: Use timing hardening flags
      build: Use -Os flag
      tests/badssl.sh: Print newline before TAP directives
      tests/badssl.sh: Upgrade to HTTP/1.1
      tests/badssl.sh: Mark expected failures
      tests/badssl.sh: Deprecate AES-CBC
      tests/badssl.sh: Deprecate DH with 1024-bit group
      tests/badssl.sh: Drop Certificate Transparency test
      s_client: Verify host
      build: Drop -g and -O2 from CFLAGS
      build: Unconditionally harden timing
      s_client: Simplify error handling
      s_client: Play some golf
      build: Add more size optimization flags
      build: Use -fstack-protector-strong
      build: Use -flto
      s_client: Enable CRL
      s_client: Require HAVE_CRL_IO for CRL
      s_client: Enable OCSP before CRL
      tests/ocsp-stapling.sh: New test script
      Revert "tests/ocsp-stapling.sh: New test script"
      s_client: Enable OCSP stapling
      s_client: Enable secure renegotiation
      Revert "s_client: Enable secure renegotiation"
      build: Drop vestige of Gettext
      NEWS: I forgot article
      README: SSL is disabled by default by wolfSSL
      README: Use name "wolfssl-util" in first sentence
      build: Disable address sanitization by default
      build: Drop GCC version check for warnings
      build: Make CA root certificates path configurable
      build: Search several possible CA certificate paths
      Revert "build: Disable address sanitization by default"
      build: Fix stray printf format specifier
      build: Include debugging symbols in Git builds
      tests/aux/json.sh: New file
      tests/howsmyssl.sh: New test script
      tests/aux/json.sh: Fix continue not in a loop
      build: Save user CFLAGS
      build: Add release target
      build: Support announcing first version
      MD5SUMS, SHA256SUMS: Exclude from Git
      build: Set GIT_DIR earlier in announce script
      build: Add Organization header to announcements
      README: Recommend a strong wolfSSL configuration
      s_client: Use wolfSSL DN check code, not extra API
      README: Stronger by default than openssl s_client
      Rename executable to wolfssl
      README: Wrap at 72 columns, not 80
      s_client: Don't manually enable curves
      s_client: Make a NULL condition explicit
      s_client: Merge more conditionals
      s_client: Merge assignment and conditional
      s_client: Don't save wolfSSL_get_error() value
      Update copyright notices
      Makefile.am: Fix copyright years
      Makefile.am: Generate ChangeLog
      Rename package and executable to wolfutil
      tests/badssl.sh: Organize output
      tests/badssl.sh: badssl.com certs are expiring
      tests/badssl.sh: Drop sha1-intermediate
      scripts/announce-release.sh: Update URL in sig
      NEWS, configure.ac: Set version to 1.0.0
      s_client: Enable wolfSSL debug msgs if not quiet
      build, s_client: Support certificates file
      configure.ac: Update copyright years
      configure.ac: Check for ProteanOS root certs dir
      scripts/announce-release.sh: Exit on error
      NEWS: Release wolfutil 1.0.0

Diffstat of Changes
===================

 .gitignore                  |  35 ++
 AUTHORS                     |   1 +
 COPYING                     | 339 +++++++++++++++++++
 Makefile.am                 | 105 ++++++
 NEWS                        |  17 +
 README                      |  52 +++
 autogen.sh                  |  28 ++
 build-aux/tap-driver.sh     | 651 ++++++++++++++++++++++++++++++++++++
 configure.ac                | 176 ++++++++++
 m4/ax_append_flag.m4        |  71 ++++
 m4/ax_cflags_warn_all.m4    | 122 +++++++
 m4/ax_check_compile_flag.m4 |  74 ++++
 m4/ax_require_defined.m4    |  37 ++
 m4/gcc_version.m4           |  38 +++
 m4/gl_manywarnings.m4       | 329 ++++++++++++++++++
 m4/gl_warnings.m4           | 106 ++++++
 scripts/announce-release.sh | 156 +++++++++
 src/commands.h              |  28 ++
 src/local.mk                |   4 +
 src/main.c                  |  43 +++
 src/s_client.c              | 289 ++++++++++++++++
 tests/.gitignore            |   2 +
 tests/aux/json.sh           | 402 ++++++++++++++++++++++
 tests/aux/tap-functions.sh  | 229 +++++++++++++
 tests/badssl.sh             | 119 +++++++
 tests/howsmyssl.sh          |  67 ++++
 tests/local.mk              |  14 +
 27 files changed, 3534 insertions(+)

-- 
Patrick McDermott, CEO
Libiquity
Putting customers in control of high-quality technologies
https://www.libiquity.com/
Attachment: pgp5HBgN5d827.pgp
Description: OpenPGP digital signature
Unofficial wolfSSL Utility 1.0.0 released, Patrick McDermott