Use new bearssl time callback feature if available
Include compat.h for explicit_bzero
Fix leak of peer chain during tls_reset()
libtls-bearssl is an implementation of libtls on top of BearSSL.
BearSSL is an excellent TLS library: it is small, secure by default, flexible, consistent, performs no memory allocation, and the code is as clean and well documented as any I've ever seen.
However, due to some of its constraints, it is not the easiest TLS library to use. Things like loading trust anchors, server-side SNI, and I/O with non-blocking sockets actually involve quite a bit of work.
libtls shares some of the same goals as BearSSL: it is also consistent, secure by default, and well documented. However, it is also a higher-level API that is designed to be easy to use for many common situations.
This project aims to get the best of both worlds by implementing the libtls API on top of BearSSL.
libtls-bearssl implements nearly all features of the libtls API (version 3.3.3). However, there are some that are missing, since they are not supported by BearSSL.
tls_peer_cert_issuer
always returns NULL
.tls_peer_cert_notbefore
and tls_peer_cert_notafter
always
return -1
.tls_load_file
is passed a password
string, it will return NULL
.Feel free to use the mailing list at https://lists.sr.ht/~mcf/libtls-bearssl for patches, questions, or general discussion.
Please report any issues to https://todo.sr.ht/~mcf/libtls-bearssl.