SlideShare a Scribd company logo
libcurl, seven SSL 
libraries and one 
    SSH library
      February 5th 2011
Daniel Stenberg
●
    Free Software
●
    Network hacker
●
    Embedded developer
●
    Consultant


    Email:     daniel@haxx.se
    Twitter:   @bagder
    Web:       daniel.haxx.se
    Blog:      daniel.haxx.se/blog
Agenda
●   libcurl
●   SSL/TLS libraries
●   Why so many?
●   Differences
●   How?
●   SSH libraries
●   Why so few?
Questions?
●
    questions?
●
    remarks?
●
    interrupt!
general libcurl
●   cURL since 1998
●   libcurl since 2000
●   today: DICT, FILE, FTP, FTPS, GOPHER, HTTP, 
    HTTPS, IMAP, IMAPS, LDAP, LDAPS, POP3, 
    POP3S, RTMP, RTSP, SCP, SFTP, SMTP, SMTPS, 
    TELNET and TFTP
●   almost 40 bindings
●   widely used
●   MIT licensed
libcurl and SSL
●   HTTPS support added 1998 (later ftp­ssl, smtps, 
    imaps, pop3s)
●   SSLeay …turned into OpenSSL
●   GnuTLS added in 2005
●   YaSSL “support” 2006
●   NSS 2007
●   qssl 2007
●   PolarSSL 2010
●   axTLS 2010
Why so many?
●
    Software wants to use SSL
●
    Different set of requirements and 
    demands
●
    Licensing
●
    What users/devs implement 
    support for!
Let's compare
●
    7 libraries
●
    what makes people select or 
    reject each one?
●
    Caveats: I'm focused on client­
    side, I'm but a user of them
OpenSSL
Pro                  Con

  Established and     License
  proven
                      Documentation
  Many features
                      Quirky API
                      leaves CN and 
                      SAN verification to 
                      apps
                      Big
GnuTLS
Pro                    Con

  License               License
  Documentation         Less used
  Many features         Big
  (TLS1.2, SRP, etc)
  Easy API
NSS
Pro                   Con

  FIPS­140 licensed    DB vs file approach
  Many features        too Firefox­focused
                       Documentation
                       Big
qSSL
Pro                 Con

  Runs on OS/400     Runs only on 
                     OS/400
yaSSL
Pro                 Con

  License            Not fully emulating 
                     OpenSSL
  Has an OpenSSL 
  API                Documentation
  Size?              Less support and 
                     community
PolarSSL
Pro             Con

  License        Documentation
  Size?          Not widely tested
                 Less support and 
                 community
axTLS
Pro               Con

  Very small       TLS only
  License          Not widely tested
                   Less support and 
                   community
Or by feature
●   GPL
●   SRP
●   TLS 1.2
●   SSLv2
●   FIPS­140
●
    Embedded focus
●   Runs on Windows
How support them?
●
    started out as #ifdef maze
●
    turned into an internal API each 
    lib needs to provide
an internal API
 curlssl_init()
 curlssl_cleanup()
 curlssl_connect()
 curlssl_connect_nonblocking()
 curlssl_session_free()
 curlssl_close_all()
 curlssl_close()
 curlssl_shutdown()
 curlssl_set_engine()
 curlssl_set_engine_default()
 curlssl_engines_list()
 curlssl_version(x,y)
 curlssl_data_pending(x,y)
curlssl
curlssl_init()
curlssl_cleanup()
curlssl_connect()
curlssl_connect_nonblocking()   sets the recv() and send()
curlssl_session_free()          functions after successful
curlssl_close_all()             handshake
curlssl_close()
curlssl_shutdown()
curlssl_set_engine()
curlssl_set_engine_default()
curlssl_engines_list()
curlssl_version(x,y)
curlssl_data_pending(x,y)
Maintain functionality
●
    hard
●
    test cases
●
    volunteer­based, non­stop 
    distributed testing
SSH libraries
●
    only 2 (libssh and libssh2)
●
    SSH is a much less popular 
    commodity protocol
picked libssh2
●
    hand over socket to library
●
    non­blocking operations
●
    license
Summary
●
    Lots of SSL libs
●
    Very few SSH libs
●
    Support them all is lots of work
SSL comparison online

A start:
http://curl.haxx.se/docs/ssl-compared.html

More Related Content

What's hot

HTTPプロクシライブラリproxy2の設計と実装
HTTPプロクシライブラリproxy2の設計と実装HTTPプロクシライブラリproxy2の設計と実装
HTTPプロクシライブラリproxy2の設計と実装
inaz2
 
Anton Cherednikov "Modules and Artifacts in NPM"
Anton Cherednikov "Modules and Artifacts in NPM"Anton Cherednikov "Modules and Artifacts in NPM"
Anton Cherednikov "Modules and Artifacts in NPM"
LogeekNightUkraine
 
NeXTBSD aka FreeBSD X
NeXTBSD aka FreeBSD XNeXTBSD aka FreeBSD X
NeXTBSD aka FreeBSD X
iXsystems
 
My talk at Linux Piter 2015
My talk at Linux Piter 2015My talk at Linux Piter 2015
My talk at Linux Piter 2015
Alex Chistyakov
 
How to Make Your Code OSGi Friendly Without Depending on OSGi - Neil Bartlett
How to Make Your Code OSGi Friendly Without Depending on OSGi - Neil BartlettHow to Make Your Code OSGi Friendly Without Depending on OSGi - Neil Bartlett
How to Make Your Code OSGi Friendly Without Depending on OSGi - Neil Bartlett
mfrancis
 
Using Nagios to monitor your WO systems
Using Nagios to monitor your WO systemsUsing Nagios to monitor your WO systems
Using Nagios to monitor your WO systems
WO Community
 
Network Test Automation - Net Ops Coding 2015
Network Test Automation - Net Ops Coding 2015Network Test Automation - Net Ops Coding 2015
Network Test Automation - Net Ops Coding 2015
Hiroshi Ota
 
Linux firmware for iRMC controller on Fujitsu Primergy servers
Linux firmware for iRMC controller on Fujitsu Primergy serversLinux firmware for iRMC controller on Fujitsu Primergy servers
Linux firmware for iRMC controller on Fujitsu Primergy servers
Vladimir Shakhov
 
tDiary開発環境!VMWarePlayer編
tDiary開発環境!VMWarePlayer編tDiary開発環境!VMWarePlayer編
tDiary開発環境!VMWarePlayer編
freedomcat
 
Test::Kantan - Perl and Testing
Test::Kantan - Perl and TestingTest::Kantan - Perl and Testing
Test::Kantan - Perl and Testing
Tokuhiro Matsuno
 
Self Introduction & The Story that I Tried to Make Sayonara ROP Chain in Linux
Self Introduction & The Story that I Tried to Make Sayonara ROP Chain in LinuxSelf Introduction & The Story that I Tried to Make Sayonara ROP Chain in Linux
Self Introduction & The Story that I Tried to Make Sayonara ROP Chain in Linux
inaz2
 
Return on Ignite 2019: Azure, .NET, A.I. & Data
Return on Ignite 2019: Azure, .NET, A.I. & DataReturn on Ignite 2019: Azure, .NET, A.I. & Data
Return on Ignite 2019: Azure, .NET, A.I. & Data
MSDEVMTL
 
Getting Started with PureScript
Getting Started with PureScriptGetting Started with PureScript
Getting Started with PureScript
John De Goes
 
Python on FreeBSD
Python on FreeBSDPython on FreeBSD
Python on FreeBSD
pycontw
 
Webdevcon Keynote hh-2012-09-18
Webdevcon Keynote hh-2012-09-18Webdevcon Keynote hh-2012-09-18
Webdevcon Keynote hh-2012-09-18
Pierre Joye
 
Perl6 meets JVM
Perl6 meets JVMPerl6 meets JVM
Perl6 meets JVM
Tokuhiro Matsuno
 
OpenWRT and Perl
OpenWRT and PerlOpenWRT and Perl
OpenWRT and Perl
Dean Hamstead
 
JerryScript on RIOT
JerryScript on RIOTJerryScript on RIOT
JerryScript on RIOT
Samsung Open Source Group
 
OpenZFS Developer Summit Introduction
OpenZFS Developer Summit IntroductionOpenZFS Developer Summit Introduction
OpenZFS Developer Summit Introduction
Matthew Ahrens
 
What's New in ASP.NET Core 2.0
What's New in ASP.NET Core 2.0What's New in ASP.NET Core 2.0
What's New in ASP.NET Core 2.0
Jon Galloway
 

What's hot (20)

HTTPプロクシライブラリproxy2の設計と実装
HTTPプロクシライブラリproxy2の設計と実装HTTPプロクシライブラリproxy2の設計と実装
HTTPプロクシライブラリproxy2の設計と実装
 
Anton Cherednikov "Modules and Artifacts in NPM"
Anton Cherednikov "Modules and Artifacts in NPM"Anton Cherednikov "Modules and Artifacts in NPM"
Anton Cherednikov "Modules and Artifacts in NPM"
 
NeXTBSD aka FreeBSD X
NeXTBSD aka FreeBSD XNeXTBSD aka FreeBSD X
NeXTBSD aka FreeBSD X
 
My talk at Linux Piter 2015
My talk at Linux Piter 2015My talk at Linux Piter 2015
My talk at Linux Piter 2015
 
How to Make Your Code OSGi Friendly Without Depending on OSGi - Neil Bartlett
How to Make Your Code OSGi Friendly Without Depending on OSGi - Neil BartlettHow to Make Your Code OSGi Friendly Without Depending on OSGi - Neil Bartlett
How to Make Your Code OSGi Friendly Without Depending on OSGi - Neil Bartlett
 
Using Nagios to monitor your WO systems
Using Nagios to monitor your WO systemsUsing Nagios to monitor your WO systems
Using Nagios to monitor your WO systems
 
Network Test Automation - Net Ops Coding 2015
Network Test Automation - Net Ops Coding 2015Network Test Automation - Net Ops Coding 2015
Network Test Automation - Net Ops Coding 2015
 
Linux firmware for iRMC controller on Fujitsu Primergy servers
Linux firmware for iRMC controller on Fujitsu Primergy serversLinux firmware for iRMC controller on Fujitsu Primergy servers
Linux firmware for iRMC controller on Fujitsu Primergy servers
 
tDiary開発環境!VMWarePlayer編
tDiary開発環境!VMWarePlayer編tDiary開発環境!VMWarePlayer編
tDiary開発環境!VMWarePlayer編
 
Test::Kantan - Perl and Testing
Test::Kantan - Perl and TestingTest::Kantan - Perl and Testing
Test::Kantan - Perl and Testing
 
Self Introduction & The Story that I Tried to Make Sayonara ROP Chain in Linux
Self Introduction & The Story that I Tried to Make Sayonara ROP Chain in LinuxSelf Introduction & The Story that I Tried to Make Sayonara ROP Chain in Linux
Self Introduction & The Story that I Tried to Make Sayonara ROP Chain in Linux
 
Return on Ignite 2019: Azure, .NET, A.I. & Data
Return on Ignite 2019: Azure, .NET, A.I. & DataReturn on Ignite 2019: Azure, .NET, A.I. & Data
Return on Ignite 2019: Azure, .NET, A.I. & Data
 
Getting Started with PureScript
Getting Started with PureScriptGetting Started with PureScript
Getting Started with PureScript
 
Python on FreeBSD
Python on FreeBSDPython on FreeBSD
Python on FreeBSD
 
Webdevcon Keynote hh-2012-09-18
Webdevcon Keynote hh-2012-09-18Webdevcon Keynote hh-2012-09-18
Webdevcon Keynote hh-2012-09-18
 
Perl6 meets JVM
Perl6 meets JVMPerl6 meets JVM
Perl6 meets JVM
 
OpenWRT and Perl
OpenWRT and PerlOpenWRT and Perl
OpenWRT and Perl
 
JerryScript on RIOT
JerryScript on RIOTJerryScript on RIOT
JerryScript on RIOT
 
OpenZFS Developer Summit Introduction
OpenZFS Developer Summit IntroductionOpenZFS Developer Summit Introduction
OpenZFS Developer Summit Introduction
 
What's New in ASP.NET Core 2.0
What's New in ASP.NET Core 2.0What's New in ASP.NET Core 2.0
What's New in ASP.NET Core 2.0
 

Similar to libcurl, seven SSL libraries and one SSH library

OpenStack Cinder Best Practices - Meet Up
OpenStack Cinder Best Practices - Meet UpOpenStack Cinder Best Practices - Meet Up
OpenStack Cinder Best Practices - Meet Up
Aaron Delp
 
Hadoop Meetup Jan 2019 - Overview of Ozone
Hadoop Meetup Jan 2019 - Overview of OzoneHadoop Meetup Jan 2019 - Overview of Ozone
Hadoop Meetup Jan 2019 - Overview of Ozone
Erik Krogen
 
curl and new technologies
curl and new technologiescurl and new technologies
curl and new technologies
Daniel Stenberg
 
ORTC Library - Introduction
ORTC Library - IntroductionORTC Library - Introduction
ORTC Library - Introduction
Erik Lagerway
 
XFLTReat: a new dimension in tunnelling
XFLTReat:  a new dimension in tunnellingXFLTReat:  a new dimension in tunnelling
XFLTReat: a new dimension in tunnelling
Shakacon
 
Restinio (actual aug 2018)
Restinio (actual aug 2018)Restinio (actual aug 2018)
Restinio (actual aug 2018)
Nicolai Grodzitski
 
XFLTReaT: A New Dimension in Tunneling (Shakacon 2017)
XFLTReaT: A New Dimension in Tunneling (Shakacon 2017)XFLTReaT: A New Dimension in Tunneling (Shakacon 2017)
XFLTReaT: A New Dimension in Tunneling (Shakacon 2017)
Balazs Bucsay
 
LibreSSL, one year later
LibreSSL, one year laterLibreSSL, one year later
LibreSSL, one year later
Giovanni Bechis
 
Learn PHP Lacture1
Learn PHP Lacture1Learn PHP Lacture1
Learn PHP Lacture1
ADARSH BHATT
 
Varnish SSL / TLS
Varnish SSL / TLSVarnish SSL / TLS
Varnish SSL / TLS
Varnish Software
 
Kubernetes
KubernetesKubernetes
Kubernetes
Dharmit Shah
 
XFLTReaT: A New Dimension in Tunnelling (HITB GSEC 2017)
XFLTReaT: A New Dimension in Tunnelling (HITB GSEC 2017)XFLTReaT: A New Dimension in Tunnelling (HITB GSEC 2017)
XFLTReaT: A New Dimension in Tunnelling (HITB GSEC 2017)
Balazs Bucsay
 
Building a Messaging Solutions for OVHcloud with Apache Pulsar_Pierre Zemb
Building a Messaging Solutions for OVHcloud with Apache Pulsar_Pierre ZembBuilding a Messaging Solutions for OVHcloud with Apache Pulsar_Pierre Zemb
Building a Messaging Solutions for OVHcloud with Apache Pulsar_Pierre Zemb
StreamNative
 
Fluentd meetup
Fluentd meetupFluentd meetup
Fluentd meetup
Sadayuki Furuhashi
 
stackconf 2022: It’s Time to Debloat the Cloud with Unikraft
stackconf 2022: It’s Time to Debloat the Cloud with Unikraftstackconf 2022: It’s Time to Debloat the Cloud with Unikraft
stackconf 2022: It’s Time to Debloat the Cloud with Unikraft
NETWAYS
 
The Source Control Landscape
The Source Control LandscapeThe Source Control Landscape
The Source Control Landscape
Lorna Mitchell
 
Varnish TLS
Varnish TLSVarnish TLS
Varnish TLS
Varnish Software
 
Trick or XFLTReaT a.k.a. Tunnel All The Things
Trick or XFLTReaT a.k.a. Tunnel All The ThingsTrick or XFLTReaT a.k.a. Tunnel All The Things
Trick or XFLTReaT a.k.a. Tunnel All The Things
Balazs Bucsay
 
State of Crypto in Python (OSCON)
State of Crypto in Python (OSCON)State of Crypto in Python (OSCON)
State of Crypto in Python (OSCON)
jarito030506
 
XFLTReaT: a new dimension in tunnelling (BruCON 0x09 2017)
XFLTReaT: a new dimension in tunnelling (BruCON 0x09 2017)XFLTReaT: a new dimension in tunnelling (BruCON 0x09 2017)
XFLTReaT: a new dimension in tunnelling (BruCON 0x09 2017)
Balazs Bucsay
 

Similar to libcurl, seven SSL libraries and one SSH library (20)

OpenStack Cinder Best Practices - Meet Up
OpenStack Cinder Best Practices - Meet UpOpenStack Cinder Best Practices - Meet Up
OpenStack Cinder Best Practices - Meet Up
 
Hadoop Meetup Jan 2019 - Overview of Ozone
Hadoop Meetup Jan 2019 - Overview of OzoneHadoop Meetup Jan 2019 - Overview of Ozone
Hadoop Meetup Jan 2019 - Overview of Ozone
 
curl and new technologies
curl and new technologiescurl and new technologies
curl and new technologies
 
ORTC Library - Introduction
ORTC Library - IntroductionORTC Library - Introduction
ORTC Library - Introduction
 
XFLTReat: a new dimension in tunnelling
XFLTReat:  a new dimension in tunnellingXFLTReat:  a new dimension in tunnelling
XFLTReat: a new dimension in tunnelling
 
Restinio (actual aug 2018)
Restinio (actual aug 2018)Restinio (actual aug 2018)
Restinio (actual aug 2018)
 
XFLTReaT: A New Dimension in Tunneling (Shakacon 2017)
XFLTReaT: A New Dimension in Tunneling (Shakacon 2017)XFLTReaT: A New Dimension in Tunneling (Shakacon 2017)
XFLTReaT: A New Dimension in Tunneling (Shakacon 2017)
 
LibreSSL, one year later
LibreSSL, one year laterLibreSSL, one year later
LibreSSL, one year later
 
Learn PHP Lacture1
Learn PHP Lacture1Learn PHP Lacture1
Learn PHP Lacture1
 
Varnish SSL / TLS
Varnish SSL / TLSVarnish SSL / TLS
Varnish SSL / TLS
 
Kubernetes
KubernetesKubernetes
Kubernetes
 
XFLTReaT: A New Dimension in Tunnelling (HITB GSEC 2017)
XFLTReaT: A New Dimension in Tunnelling (HITB GSEC 2017)XFLTReaT: A New Dimension in Tunnelling (HITB GSEC 2017)
XFLTReaT: A New Dimension in Tunnelling (HITB GSEC 2017)
 
Building a Messaging Solutions for OVHcloud with Apache Pulsar_Pierre Zemb
Building a Messaging Solutions for OVHcloud with Apache Pulsar_Pierre ZembBuilding a Messaging Solutions for OVHcloud with Apache Pulsar_Pierre Zemb
Building a Messaging Solutions for OVHcloud with Apache Pulsar_Pierre Zemb
 
Fluentd meetup
Fluentd meetupFluentd meetup
Fluentd meetup
 
stackconf 2022: It’s Time to Debloat the Cloud with Unikraft
stackconf 2022: It’s Time to Debloat the Cloud with Unikraftstackconf 2022: It’s Time to Debloat the Cloud with Unikraft
stackconf 2022: It’s Time to Debloat the Cloud with Unikraft
 
The Source Control Landscape
The Source Control LandscapeThe Source Control Landscape
The Source Control Landscape
 
Varnish TLS
Varnish TLSVarnish TLS
Varnish TLS
 
Trick or XFLTReaT a.k.a. Tunnel All The Things
Trick or XFLTReaT a.k.a. Tunnel All The ThingsTrick or XFLTReaT a.k.a. Tunnel All The Things
Trick or XFLTReaT a.k.a. Tunnel All The Things
 
State of Crypto in Python (OSCON)
State of Crypto in Python (OSCON)State of Crypto in Python (OSCON)
State of Crypto in Python (OSCON)
 
XFLTReaT: a new dimension in tunnelling (BruCON 0x09 2017)
XFLTReaT: a new dimension in tunnelling (BruCON 0x09 2017)XFLTReaT: a new dimension in tunnelling (BruCON 0x09 2017)
XFLTReaT: a new dimension in tunnelling (BruCON 0x09 2017)
 

More from Daniel Stenberg

curl security by Daniel Stenberg from curl up 2024
curl security by Daniel Stenberg from curl up 2024curl security by Daniel Stenberg from curl up 2024
curl security by Daniel Stenberg from curl up 2024
Daniel Stenberg
 
rust in curl by Daniel Stenberg from- curl up 2024
rust in curl by Daniel Stenberg from- curl up 2024rust in curl by Daniel Stenberg from- curl up 2024
rust in curl by Daniel Stenberg from- curl up 2024
Daniel Stenberg
 
trurl 2024 by Daniel Stenberg from curl up 2024
trurl 2024 by Daniel Stenberg from curl up 2024trurl 2024 by Daniel Stenberg from curl up 2024
trurl 2024 by Daniel Stenberg from curl up 2024
Daniel Stenberg
 
curl future 2024 by Daniel Stenberg from curl up 2024
curl future 2024 by Daniel Stenberg from curl up 2024curl future 2024 by Daniel Stenberg from curl up 2024
curl future 2024 by Daniel Stenberg from curl up 2024
Daniel Stenberg
 
The state of curl 2024 by Daniel Stenberg from curl up 2024
The state of curl 2024 by Daniel Stenberg from curl up 2024The state of curl 2024 by Daniel Stenberg from curl up 2024
The state of curl 2024 by Daniel Stenberg from curl up 2024
Daniel Stenberg
 
mastering libcurl part 2
mastering libcurl part 2mastering libcurl part 2
mastering libcurl part 2
Daniel Stenberg
 
mastering libcurl part 1
mastering libcurl part 1mastering libcurl part 1
mastering libcurl part 1
Daniel Stenberg
 
curl - openfourm europe.pdf
curl - openfourm europe.pdfcurl - openfourm europe.pdf
curl - openfourm europe.pdf
Daniel Stenberg
 
curl experiments - curl up 2022
curl experiments - curl up 2022curl experiments - curl up 2022
curl experiments - curl up 2022
Daniel Stenberg
 
curl security - curl up 2022
curl security - curl up 2022curl security - curl up 2022
curl security - curl up 2022
Daniel Stenberg
 
HTTP/3 in curl - curl up 2022
HTTP/3 in curl - curl up 2022HTTP/3 in curl - curl up 2022
HTTP/3 in curl - curl up 2022
Daniel Stenberg
 
The state of curl 2022
The state of curl 2022The state of curl 2022
The state of curl 2022
Daniel Stenberg
 
Let me tell you about curl
Let me tell you about curlLet me tell you about curl
Let me tell you about curl
Daniel Stenberg
 
Curl with rust
Curl with rustCurl with rust
Curl with rust
Daniel Stenberg
 
Getting started with libcurl
Getting started with libcurlGetting started with libcurl
Getting started with libcurl
Daniel Stenberg
 
HTTP/3 is next generation HTTP
HTTP/3 is next generation HTTPHTTP/3 is next generation HTTP
HTTP/3 is next generation HTTP
Daniel Stenberg
 
Landing code in curl
Landing code in curlLanding code in curl
Landing code in curl
Daniel Stenberg
 
Testing curl for security
Testing curl for securityTesting curl for security
Testing curl for security
Daniel Stenberg
 
common mistakes when using libcurl
common mistakes when using libcurlcommon mistakes when using libcurl
common mistakes when using libcurl
Daniel Stenberg
 
HTTP/3 in curl 2020
HTTP/3 in curl 2020HTTP/3 in curl 2020
HTTP/3 in curl 2020
Daniel Stenberg
 

More from Daniel Stenberg (20)

curl security by Daniel Stenberg from curl up 2024
curl security by Daniel Stenberg from curl up 2024curl security by Daniel Stenberg from curl up 2024
curl security by Daniel Stenberg from curl up 2024
 
rust in curl by Daniel Stenberg from- curl up 2024
rust in curl by Daniel Stenberg from- curl up 2024rust in curl by Daniel Stenberg from- curl up 2024
rust in curl by Daniel Stenberg from- curl up 2024
 
trurl 2024 by Daniel Stenberg from curl up 2024
trurl 2024 by Daniel Stenberg from curl up 2024trurl 2024 by Daniel Stenberg from curl up 2024
trurl 2024 by Daniel Stenberg from curl up 2024
 
curl future 2024 by Daniel Stenberg from curl up 2024
curl future 2024 by Daniel Stenberg from curl up 2024curl future 2024 by Daniel Stenberg from curl up 2024
curl future 2024 by Daniel Stenberg from curl up 2024
 
The state of curl 2024 by Daniel Stenberg from curl up 2024
The state of curl 2024 by Daniel Stenberg from curl up 2024The state of curl 2024 by Daniel Stenberg from curl up 2024
The state of curl 2024 by Daniel Stenberg from curl up 2024
 
mastering libcurl part 2
mastering libcurl part 2mastering libcurl part 2
mastering libcurl part 2
 
mastering libcurl part 1
mastering libcurl part 1mastering libcurl part 1
mastering libcurl part 1
 
curl - openfourm europe.pdf
curl - openfourm europe.pdfcurl - openfourm europe.pdf
curl - openfourm europe.pdf
 
curl experiments - curl up 2022
curl experiments - curl up 2022curl experiments - curl up 2022
curl experiments - curl up 2022
 
curl security - curl up 2022
curl security - curl up 2022curl security - curl up 2022
curl security - curl up 2022
 
HTTP/3 in curl - curl up 2022
HTTP/3 in curl - curl up 2022HTTP/3 in curl - curl up 2022
HTTP/3 in curl - curl up 2022
 
The state of curl 2022
The state of curl 2022The state of curl 2022
The state of curl 2022
 
Let me tell you about curl
Let me tell you about curlLet me tell you about curl
Let me tell you about curl
 
Curl with rust
Curl with rustCurl with rust
Curl with rust
 
Getting started with libcurl
Getting started with libcurlGetting started with libcurl
Getting started with libcurl
 
HTTP/3 is next generation HTTP
HTTP/3 is next generation HTTPHTTP/3 is next generation HTTP
HTTP/3 is next generation HTTP
 
Landing code in curl
Landing code in curlLanding code in curl
Landing code in curl
 
Testing curl for security
Testing curl for securityTesting curl for security
Testing curl for security
 
common mistakes when using libcurl
common mistakes when using libcurlcommon mistakes when using libcurl
common mistakes when using libcurl
 
HTTP/3 in curl 2020
HTTP/3 in curl 2020HTTP/3 in curl 2020
HTTP/3 in curl 2020
 

Recently uploaded

Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Pitangent Analytics & Technology Solutions Pvt. Ltd
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
Pablo Gómez Abajo
 
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham HillinQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
LizaNolte
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS  at Code Europe 2024Introduction of Cybersecurity with OSS  at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
operationspcvita
 
ScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking ReplicationScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking Replication
ScyllaDB
 
Demystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through StorytellingDemystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through Storytelling
Enterprise Knowledge
 
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid ResearchHarnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Neo4j
 
AppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSFAppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSF
Ajin Abraham
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
Safe Software
 
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
"Scaling RAG Applications to serve millions of users",  Kevin Goedecke"Scaling RAG Applications to serve millions of users",  Kevin Goedecke
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
Fwdays
 
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search",  Taras Kloba"NATO Hackathon Winner: AI-Powered Drug Search",  Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
Fwdays
 
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyFreshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
ScyllaDB
 
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeckPoznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
FilipTomaszewski5
 
Must Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during MigrationMust Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during Migration
Mydbops
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
MichaelKnudsen27
 
Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdfSession 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
UiPathCommunity
 
"What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w..."What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w...
Fwdays
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
Jason Yip
 
Principle of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptxPrinciple of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptx
BibashShahi
 

Recently uploaded (20)

Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
 
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham HillinQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS  at Code Europe 2024Introduction of Cybersecurity with OSS  at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
 
ScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking ReplicationScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking Replication
 
Demystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through StorytellingDemystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through Storytelling
 
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid ResearchHarnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
 
AppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSFAppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSF
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
 
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
"Scaling RAG Applications to serve millions of users",  Kevin Goedecke"Scaling RAG Applications to serve millions of users",  Kevin Goedecke
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
 
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search",  Taras Kloba"NATO Hackathon Winner: AI-Powered Drug Search",  Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
 
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyFreshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
 
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeckPoznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
 
Must Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during MigrationMust Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during Migration
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
 
Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdfSession 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
 
"What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w..."What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w...
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
 
Principle of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptxPrinciple of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptx
 

libcurl, seven SSL libraries and one SSH library

  • 1. libcurl, seven SSL  libraries and one  SSH library February 5th 2011
  • 2. Daniel Stenberg ● Free Software ● Network hacker ● Embedded developer ● Consultant Email: daniel@haxx.se Twitter: @bagder Web: daniel.haxx.se Blog: daniel.haxx.se/blog
  • 3. Agenda ● libcurl ● SSL/TLS libraries ● Why so many? ● Differences ● How? ● SSH libraries ● Why so few?
  • 4. Questions? ● questions? ● remarks? ● interrupt!
  • 5. general libcurl ● cURL since 1998 ● libcurl since 2000 ● today: DICT, FILE, FTP, FTPS, GOPHER, HTTP,  HTTPS, IMAP, IMAPS, LDAP, LDAPS, POP3,  POP3S, RTMP, RTSP, SCP, SFTP, SMTP, SMTPS,  TELNET and TFTP ● almost 40 bindings ● widely used ● MIT licensed
  • 6. libcurl and SSL ● HTTPS support added 1998 (later ftp­ssl, smtps,  imaps, pop3s) ● SSLeay …turned into OpenSSL ● GnuTLS added in 2005 ● YaSSL “support” 2006 ● NSS 2007 ● qssl 2007 ● PolarSSL 2010 ● axTLS 2010
  • 7. Why so many? ● Software wants to use SSL ● Different set of requirements and  demands ● Licensing ● What users/devs implement  support for!
  • 8. Let's compare ● 7 libraries ● what makes people select or  reject each one? ● Caveats: I'm focused on client­ side, I'm but a user of them
  • 9. OpenSSL Pro Con Established and  License proven Documentation Many features Quirky API leaves CN and  SAN verification to  apps Big
  • 10. GnuTLS Pro Con License License Documentation Less used Many features  Big (TLS1.2, SRP, etc) Easy API
  • 11. NSS Pro Con FIPS­140 licensed DB vs file approach Many features too Firefox­focused Documentation Big
  • 12. qSSL Pro Con Runs on OS/400  Runs only on  OS/400
  • 13. yaSSL Pro Con License Not fully emulating  OpenSSL Has an OpenSSL  API Documentation Size? Less support and  community
  • 14. PolarSSL Pro Con License Documentation Size? Not widely tested Less support and  community
  • 15. axTLS Pro Con Very small TLS only License Not widely tested Less support and  community
  • 16. Or by feature ● GPL ● SRP ● TLS 1.2 ● SSLv2 ● FIPS­140 ● Embedded focus ● Runs on Windows
  • 17. How support them? ● started out as #ifdef maze ● turned into an internal API each  lib needs to provide
  • 18. an internal API curlssl_init() curlssl_cleanup() curlssl_connect() curlssl_connect_nonblocking() curlssl_session_free() curlssl_close_all() curlssl_close() curlssl_shutdown() curlssl_set_engine() curlssl_set_engine_default() curlssl_engines_list() curlssl_version(x,y) curlssl_data_pending(x,y)
  • 19. curlssl curlssl_init() curlssl_cleanup() curlssl_connect() curlssl_connect_nonblocking() sets the recv() and send() curlssl_session_free() functions after successful curlssl_close_all() handshake curlssl_close() curlssl_shutdown() curlssl_set_engine() curlssl_set_engine_default() curlssl_engines_list() curlssl_version(x,y) curlssl_data_pending(x,y)
  • 20. Maintain functionality ● hard ● test cases ● volunteer­based, non­stop  distributed testing
  • 21. SSH libraries ● only 2 (libssh and libssh2) ● SSH is a much less popular  commodity protocol
  • 22. picked libssh2 ● hand over socket to library ● non­blocking operations ● license
  • 23. Summary ● Lots of SSL libs ● Very few SSH libs ● Support them all is lots of work