What do you think of BearSSL?
Closed this issue · 4 comments
I was wondering if BearSSL might be a better license fit than OpenSSL...
I initially chose OpenSSL as it's the "default" and many users are likely to have it installed. That said by default there is no TLS support in the platform layer (except on Apple platforms where the OS provides TLS), so the OpenSSL license should be currently opt-in.
All TLS code is wrapped in an internal tls_
API so adding new TLS backends should be straightforward. I don't want to bloat the platform header with every possible TLS implementation but adding a couple more wouldn't hurt!
BearSSL itself seems a bit niche and is described to be "beta-quality" so I'm a bit concerned about how secure it is, but the choice would be up to the user. There's also Mbed TLS (Apache 2.0, backed by ARM) that might offer some of the same benefits while being a bit more widely used?
Here's the current TLS implementation bits in the platform code for perspective:
OpenSSL
bq_websocket/bq_websocket_platform.c
Lines 911 to 1102 in 49b2612
No SSL support
bq_websocket/bq_websocket_platform.c
Lines 1102 to 1159 in 49b2612
I think the reason BearSSL is still beta (has been for the past two years...) is because they don't have a a confirmation of large scale battle testing yet. Several small projects are using BearSSL now without known issue. I only suggest BearSSL to keep the resulting binary MIT licensed. MbedTLS is a great choice too...
I'm looking at building a cross platform app using Sokol and was looking at your library as a possible websocket client. (You don't provide a server side do you? Do you suggest one?) I really want something lean but I am creating something that will be both a client and server doing peer connectivity. I'm thinking about separating the server and client apps so I may use separate libs anyway. Any thoughts/suggestions?
Yea adding some alternative SSL implementation would be good at some point for sure! This library does actually offer both client and server WebSockets! Well even though the README.md currently only mentions the client usage, need to fix that :D
Here's a simple server example: https://github.com/bqqbarbhg/bq_websocket/blob/master/examples/echo_server_pt.c?ts=4
Also a game example using Sokol: https://github.com/bqqbarbhg/bq_websocket/blob/master/examples/game/game.c?ts=4
Please also fix the main description to include this morsel. I like your implementation more than many. I think it will work perfect for my needs. Very excited indeed!