https client library with botan backend?

[lambdafu]

I almost feel like misusing the ticket system, because this feels more like a support question. But I don't know how to reach the community in another way, sorry!
Is there already a https client library (such as curl) that supports Botan as backend? I would feel really stupid linking to curl and then sucking in openssl as a dependency, if I am heavily leaning on Botan for all the other crypto in the application;
If there isn't, I guess am raising my hand to volunteer. Is there an important alternative to libcurl in the C++ world that I am missing? I couldn't immediately find something. @securitykernel told me that the C89 API of Botan does not yet support TLS, so if a C library is used for HTTP, adding that is an obvious starting point. Anything else to watch out for?
Thanks!

[webmaster128]

+1 for working on Botan as a curl TLS backend.

I would feel really stupid linking to curl and then sucking in openssl as a dependency, if I am heavily leaning on Botan for all the other crypto in the application;

This is what we do in Kullo for Linux. No real issue right now but it would be great to have the choice.

[randombit]

Questions or general support issues are fine here. You can also use the mailing list (https://lists.randombit.net/mailman/listinfo/botan-devel) but GH Issues is more active.

There are a couple of relatively widely used C++ HTTP client libraries (for example https://github.com/cpp-netlib/cpp-netlib) but afaik even in C++, curl is far and away the most common for this task. Also the fact that curl already supports a large number of SSL libraries suggests they'd likely accept an additional implementation. Whereas most of the other relevant libs I know of (like cpp-netlib, asio) support exclusively OpenSSL and getting them to take a patch supporting multiple backends might be an uphill slog; for such libs, it may prove easier to just write an OpenSSL compatible stub library.

And besides curl, a C89 TLS interface would be great to have since we could then expose TLS to Python, OCaml, etc. There is a sketch of an interface at the end of ffi.h (its #if 0ed out and definitely incomplete - for instance the _init call don't offer any way to set server certificates, there is no way to get info on ciphersuites, etc). Also certificate verification is not currently exposed to C, and that will certainly be required, at least eventually.

There is a Slack channel used "internally" for developer chat, I'll send you an invite. Optional of course but good if you have a quick question on how to approach something.

[lambdafu]

I took a very quick look at cpp-netlib. It is an admirable effort, but its HTTPS support apparently depends on boost asio, which in turn depends on openssl, so that is a bit of a rabbit hole. Plus, cpp-netlib at this point is more of a toolbox than a kitchen-sink solution for HTTP, and momentum seems to be somewhat lacking (proxy support is missing since 2011, with no progression: cpp-netlib/cpp-netlib#50). There is also overlap with Beast, which has been accepted into boost this year.
All of these, and the things @jack said, make curl the easy first choice for me. Thanks for the pointers into the code!

[webmaster128]

We're also looking at C++ Requests but there is no progress in TLS support for 2 years.

[ksanderon]

I will soon add networking stuff to rili with botan as first crypto backend.

[89trillion-feiyang]

Is there a result?

[hrantzsch]

You could use Botan with Boost Beast. Here's a small example: https://github.com/hrantzsch/beast-botan-https-client

[89trillion-feiyang]

You could use Botan with Boost Beast. Here's a small example: https://github.com/hrantzsch/beast-botan-https-client

If i use this demo in android, do I need to compile the android library for botan?

Or import the header file directly.

[hrantzsch]

You'll need both Botan and Boost Beast compiled for Android I guess, but I have never used this on Android and I don't know what you have to do for this :/

[marty1885]

I know this is an old issue. But it's worth an update. I maintain both drogon and trantor. We merged a big TLS refactoring for trantor that includes supporting Botan as TLS backend. By extension, drgoon will also use Botan if configured.

For anyone still interested. Please try and let us know how well/bad the Botan backend works. I'll do my best to improve it.

❯ ./drogon_ctl/drogon_ctl version
     _
  __| |_ __ ___   __ _  ___  _ __
 / _` | '__/ _ \ / _` |/ _ \| '_ \
| (_| | | | (_) | (_| | (_) | | | |
 \__,_|_|  \___/ \__, |\___/|_| |_|
                 |___/

A utility for drogon
Version: 1.8.4
Git commit: 4aab3c6810200340a7be0c6a824960aabf2c5838
Compilation: 
  Compiler: /usr/bin/g++
  Compiler ID: GNU
  Compilation flags: -g -Og -fsanitize=address -std=c++23 -I/usr/include
Libraries: 
  postgresql: yes  (pipeline mode: yes)
  mariadb: yes
  sqlite3: yes
  ssl/tls backend: Botan
  brotli: yes
  boost: no
  hiredis: yes
  c-ares: yes
  yaml-cpp: yes

[talregev]

Add botan to curl?
I can open a discussion