mosquitto

Support (smaller) SSL implementations than OpenSSL

Bug #1200290 reported by Damiano Albani
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
mosquitto
New
Wishlist
Unassigned

Bug Description

In environments where CPU and storage is constrained, OpenSSL may not be the most appropriate SSL implementation to use.
For example, the OpenSSL package in OpenWRT 12.09 is 600 kB!
There exists several other SSL libraries, among which some are clearly designed to be lightweight and fast.
For instance: GnuTLS (?), CyaSSL, PolarSSL, axTLS or MatrixSSL.
It would be really nice to have Mosquitto support one or more of these libraries -- in addition to OpenSSL of course.
Thanks!

Revision history for this message
Roger Light (roger.light) wrote :

This is something I'll consider for version 1.3.

Going through the list of TLS implementations there is only one that matches both our requirements.

CyaSSL, MatrixSSL and PolarSSL are GPL/commercial so are not suitable.
GnuTLS is LGPL, but is of a similar size to openssl.
NSS is huge, doesn't seem to have many examples and is poorly documented (at least openssl has wide usage even if the docs are poor)

axTLS is BSD licensed and is small. It doesn't support TLS-PSK which is a shame, but that is a sacrifice that can be made.

Changed in mosquitto:
importance: Undecided → Wishlist
Revision history for this message
Damiano Albani (damiano-albani) wrote :

Why are GPL/commercial implementations not suitable?
I suppose someone might want to buy a commercial license to use with Mosquitto in their own product.

What I'm getting at is that a SSL abstraction layer would be useful, like cURL has for example: http://curl.haxx.se/docs/faq.html#Does_curl_work_build_with_other

As for PolarSSL, their website mention a FOSS license exception, which mentions the BSD license.
That should make it compatible with Mosquitto, right?

Revision history for this message
Roger Light (roger.light) wrote : Re: [Bug 1200290] Re: Support (smaller) SSL implementations than OpenSSL

> Why are GPL/commercial implementations not suitable?

A GPL licensed library would require me to change the mosquitto
license to GPL and I'm not paying for a commercial licence.

> I suppose someone might want to buy a commercial license to use with Mosquitto in their own product.

This is true, but that is up to them.

> What I'm getting at is that a SSL abstraction layer would be useful,
> like cURL has for example:

I'm not going to disagree, but I have only got so much time. I would
prefer to focus on things that are more important for the moment.

> As for PolarSSL, their website mention a FOSS license exception, which mentions the BSD license.
> That should make it compatible with Mosquitto, right?

That is correct, I hadn't seen that - thanks!

Revision history for this message
Damiano Albani (damiano-albani) wrote :

>> I suppose someone might want to buy a commercial license to use with Mosquitto in their own product.
> This is true, but that is up to them.

Indeed, I didn't imply that YOU would buy a commercial license. But that someone else could do that, justifying the usefulness of an abstraction layer.

> I'm not going to disagree, but I have only got so much time. I would prefer to focus on things that are more important for the moment.

Sure, I was only suggesting -- I'm not requesting anything.
By the way, how could I help in the project? In general, how can people support your project?
What about some kind of crowdfunding (bounties, etc) to get new features implemented?

Revision history for this message
Roger Light (roger.light) wrote :

Hi there,

I'm migrating bugs to Eclipse, the new url for this bug is:

https://bugs.eclipse.org/bugs/show_bug.cgi?id=452923

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.