TCP/IP stack overhaul (Step 1 of 4)
Our network stack dates back to 1997, and the Internet is a lot bigger and scarier than it was back then. Twenty years on and it’s time to bring it in-line with modern usage and security requirements. This first part is shoring-up some of the biggest holes to buy some time to collect bounties for new features and prepare developers for the larger IPv6 address space.
Details
- Evaluate and port a recent TLS implementation
- May optionally support the deprecated SSL methods too
- Should support and check certificate chains based on a trusted list held on disc in the InetDbase
- Prompt users whether in the desktop or command line if the chain is incomplete
- ROOL has the source code to the previous SSLeay library
- Port the chosen security library to fit within RISC OS
- Update the AcornSSL module to use this new library
- This will allow clients of AcornHTTP to fetch data programmatically using ‘https’ addresses
- Optionally the SecureSockets API can be emulated also
- Actively remove/switch out the vulnerable T/TCP protocol from the Internet module
- Introduce IPv6 library support functions defined in RFC2553 for Berkeley sockets
- In the ‘inetlib’ internet supporting library
- In the TCP/IP library header files
Deliverables
- New (or updated) library source code in C using standard RISC OS tools/shared makefiles
- Updated C source code to AcornSSL
- Database changes to the !Internet component to maintain a trusted root CA
- Developer documentation for inclusion with the library illustrating its use with a minimalist client
- Updated TCP/IP library documentation explaining the IPv6 extensions
| Donations | 30 |
|---|---|
| Total | £1,460.00 |
| State |
Open
|
| Help |
More information about the bounty scheme Bounty scheme discussion forum |
Make a donation
All bounties
