separate TLS code into a library, use in in wget

A new applet, ssl_client, is the TLS debug thing now.
It doubles as wget's NOMMU helper.
In MMU mode, wget still forks, but then directly calls TLS code,
without execing.

This can also be applied to sendmail/popmail (SMTPS / SMTP+starttls support)
and nc --ssl (ncat, nmap's nc clone, has such option).

function                                             old     new   delta
tls_handshake                                          -    1691   +1691
tls_run_copy_loop                                      -     443    +443
ssl_client_main                                        -     128    +128
packed_usage                                       30978   31007     +29
wget_main                                           2508    2535     +27
applet_names                                        2553    2560      +7
...
xwrite_encrypted                                     360     342     -18
tls_main                                            2127       -   -2127
------------------------------------------------------------------------------
(add/remove: 4/1 grow/shrink: 13/8 up/down: 2351/-2195)       Total: 156 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>

1 files changed, 55 insertions, 0 deletions

diff --git a/networking/ssl_client.c b/networking/ssl_client.c
new file mode 100644
index 0000000..cfeae15
--- /dev/null
+++ b/networking/ssl_client.c
@@ -0,0 +1,55 @@
+/*
+ * Copyright (C) 2017 Denys Vlasenko
+ *
+ * Licensed under GPLv2, see file LICENSE in this source tree.
+ */
+//config:config SSL_CLIENT
+//config:	bool "ssl_client"
+//config:	default y
+//config:	select TLS
+//config:	help
+//config:	  This tool pipes data to/from a socket, TLS-encrypting it.
+
+//applet:IF_SSL_CLIENT(APPLET(ssl_client, BB_DIR_USR_BIN, BB_SUID_DROP))
+
+//kbuild:lib-$(CONFIG_SSL_CLIENT) += ssl_client.o
+
+//usage:#define ssl_client_trivial_usage
+//usage:       "-s FD [-r FD] [-n SNI]"
+//usage:#define ssl_client_full_usage ""
+
+#include "libbb.h"
+
+int ssl_client_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
+int ssl_client_main(int argc UNUSED_PARAM, char **argv)
+{
+	tls_state_t *tls;
+	const char *sni = NULL;
+	int opt;
+
+	// INIT_G();
+
+	tls = new_tls_state();
+	opt = getopt32(argv, "s:#r:#n:", &tls->ofd, &tls->ifd, &sni);
+	if (!(opt & 2)) {
+		/* -r N defaults to -s N */
+		tls->ifd = tls->ofd;
+	}
+
+	if (!(opt & 3)) {
+		if (!argv[1])
+			bb_show_usage();
+		/* Undocumented debug feature: without -s and -r, takes HOST arg and connects to it */
+		//
+		// Talk to kernel.org:
+		// printf "GET / HTTP/1.1\r\nHost: kernel.org\r\n\r\n" | ./busybox ssl_client kernel.org
+		if (!sni)
+			sni = argv[1];
+		tls->ifd = tls->ofd = create_and_connect_stream_or_die(argv[1], 443);
+	}
+
+	tls_handshake(tls, sni);
+	tls_run_copy_loop(tls);
+
+	return EXIT_SUCCESS;
+}