OpenSSL compatibility layer for the Rust SSL/TLS stack

An OpenSSL compatibility layer for the Rust SSL/TLS stack.
MesaLink is an OpenSSL compatibility layer for the Rust SSL/TLS stack, namely rustls, webpki, and ring.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
Release history
- 1.0.0/0.10.0 (Apr 2, 2019)
- 0.8.0 (Jan 25, 2019)
patches
directory
- Experimental SGX Remote Attestation for Untrusted Enclaves (see
SGX_README.md)
See OLD_CHANGES.md for further change history.
Supported ciphersuites
- TLS13-CHACHA20-POLY1305-SHA256
- TLS13-AES-256-GCM-SHA384
- TLS13-AES-128-GCM_SHA256
- TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256
- TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256
- TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
- TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
- TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
- TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256
Building instructions for Autotools
$ sudo apt-get install m4 autoconf automake libtool make gcc curl
$ curl https://sh.rustup.rs -sSf | sh
$ git clone https://github.com/mesalock-linux/mesalink.git $ ./autogen.sh --enable-examples $ make
Building instructions for CMake
$ sudo apt-get install cmake make gcc curl
$ curl https://sh.rustup.rs -sSf | sh
$ git clone https://github.com/mesalock-linux/mesalink.git $ mkdir build && cd build $ cmake .. $ cmake --build .
Examples
MesaLink comes with two examples that demonstrate a TLS client and a TLS server. Both of them are located atexamples/.
The client example connects to a remote HTTPS server and prints the server's response.
$ ./examples/client/client api.ipify.org
[+] Negotiated ciphersuite: TLSECDHERSAWITHAES128GCMSHA256, enclength=16, version=TLS1.2
[+] Subject name: /OU=Domain Control Validated/OU=PositiveSSL Wildcard/CN=*.ipify.org
[+] Subject alternative names:*.ipify.org ipify.org
[+] Sent 85 bytes
GET / HTTP/1.0 Host: api.ipify.org Connection: close Accept-Encoding: identity
HTTP/1.1 200 OK Server: Cowboy Connection: close Content-Type: text/plain Vary: Origin Date: Thu, 09 Aug 2018 21:44:35 GMT Content-Length: 10 Via: 1.1 vegur
1.2.3.4 [+] TLS protocol version: TLS1.2
[+] Received 177 bytes
The server example comes with a pair of certificate and private key. The certificate file is in the PEM format and contains a chain of certificates from the server's certificate to the root CA certificate. The private key file contains a PKCS8-encoded private key in the PEM format. Once the server is up and running, open https://127.0.0.1:8443 and expect to see the hello message.
$ ./examples/server/server
Usage: ./examples/server/server <portnum> <certfile> <privatekey_file>
$ cd examples/server/server
$ ./server 8443 certificates private_key
[+] Listening at 0.0.0.0:8443
[+] Negotiated ciphersuite: TLSECDHERSAWITHAES128GCMSHA256, enclength=16, version=TLS1.2
[+] Received:
GET / HTTP/1.1
Host: 127.0.0.1:8443
Connection: keep-alive
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10132) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Upgrade-Insecure-Requests: 1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Unit tests
MesaLink uses cargo for unit tests. Simply runcargo test.
$ cargo test
BoringSSL SSL tests
BoGo is BoringSSL's protocol level test suite. We have ported BoGo for testing the functionality and compatibility of MesaLink. To run BoGo test cases, run the following:$ cd bogo && ./runme
Maintainer
* Yiming Jing <yjing@apache.org> @ymjing