Re: CyaSSL Yocto Recipe

[Richard Purdie <richard.purdie@linuxfoundation.org>]

On Tue, 2012-10-09 at 14:26 -0600, Chris Conlon wrote:
> On Sep 6, 2012, at 4:53 PM, Richard Purdie wrote:
> 
> > This looks like an interesting piece of software and a quick read
> > through your webpages suggests there may be some interesting
> > applications of this within OE which I'd love to explore.
> > 
> > We are however quite careful about what goes into OE-Core and you've
> > picked about the worst possible point of the cycle to have this
> > discussion (just after feature freeze which was six days ago).
> > 
> > So I certainly think this could make OE-Core but probably not in the 1.3
> > release timeframe. I would also want to see some kind of demo that we
> > could replace some of our openssl/gnutls usage with this too which so
> > far I've not seen. There is discussion in the OE-Core archives about
> > making the SSL/TLS provider selectable though so there is certainly
> > interest.
> > 
> > So I think this is a good idea, a layer is a great place to start
> > experimenting and if its shown to be successful it would make the core.
> > We've got to be realistic about the development process and this isn't
> > going to happen overnight though (a layer is much easier/faster to start
> > with).
> 
> As suggested, we have created a yaSSL layer (meta-yassl) which
> includes a recipe for the CyaSSL embedded SSL library.  The layer can
> be found on GitHub, here:
> 
> https://github.com/cconlon/meta-yassl
> 
> Any comments or suggestions on improving the layer would be greatly
> appreciated.  Going forward from here, what would make the most sense
> as a next step?

I did finally get around to looking at this, sorry about the delay. The
release and some travel commitments all combined against me time wise. I
must admit I thought the layer was going to do a little more than it
does. The layer in itself is fine and I was able to build it
successfully. I did notice the library is a little larger than your
30-100kb quoted on the website. I also noticed it builds with the
default configuration with lot of pieces disabled.

I think as this stands its interesting but you might not get many people
using it. What would get people much more interested is if you could
build a system where openssl/gnutls was replaced with cyassl.

Initially, I think a proof of concept using .bbappend files to
reconfigure recipes to use cyassl would be a good place to start. Once
proved to work, we could then incorporate generic ssl providers code
into the project core, allowing people to select the ssl provider at
will. Is this a direction you'd be willing/able to take the layer?

Cheers,

Richard