3 December 2011, 10:46

At the moment, I'm working on Hiawatha 8.0. In this release, I will replace OpenSSL with PolarSSL and hope to replace autoconf with cmake.

This website is now running on Hiawatha 8.0 beta, which uses PolarSSL instead of OpenSSL. The only thing left to do is to have PolarSSL as a shared library instead of linked with the Hiawatha binary. The reason for this is that I want to keep the Hiawatha binary small. Hiawatha 7.x is about 160kb, while linking it with PolarSSL (instead of using OpenSSL's shared library) makes it about 370kb. I know, for runtime it doesn't matter. But in the past I have promoted Hiawatha as being small, so I want to keep it the way it was, specially for people who don't understand the difference between shared library and linked into the binary.

Replacing autoconf with cmake is something I still have to do. A friend of mine offered me to help me with this. As soon as I can tell something more about this subject, I will let you know of course.

If everything goes well, I will release Hiawatha 8.0 at the 27th january of 2012, at the 10th anniversary of the Hiawatha webserver!

5 December 2011, 07:31
Really great news, Hugo! Thanks so much for Hiawatha in general, for maintaining and supporting it for so long, for the recent development and .... Happy upcoming anniversary !!
5 December 2011, 13:05
Just wondering what is wrong with OpenSSL? Is there any reason to switch to somethign else?
Hugo Leisink
5 December 2011, 15:09
The OpenSSL code is badly documented and it requires some ugly mutex tricky via callback functions to make it work in multithreaded applications. PolarSSL is much, much easier to understand and to work with.
Chris Wadge
6 December 2011, 01:27
Hugo: I recall that you'd mentioned a security issue with PolarSSL regarding an inability to mitigate DoS attacks, etc. It's safe to assume that issue has been fixed upstream?
Hugo Leisink
6 December 2011, 07:57
Yes, the handshake call is vulnerable for a DoS attack, but so was OpenSSL's handshake function. So, no difference there. I'm working on a workaround in Hiawatha.