Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Changes In Branch autoproxy-twapi-support Excluding Merge-Ins
This is equivalent to a diff from ec7b5576d0 to e172652ba4
2018-05-07
| ||
17:02 | Tkt [e72cf5e815] - Merged feature branch check-in: f14ecf1992 user: aku tags: trunk | |
2018-05-01
| ||
18:03 | Fixed leakage of tls_package between tests. Added setup of twapi for twapi tests. Works for me now. Closed-Leaf check-in: e172652ba4 user: aku tags: autoproxy-twapi-support | |
17:54 | Merged multi-setup of tests into single clause. Does not fix the failures. check-in: 2309be1887 user: aku tags: autoproxy-twapi-support | |
2018-04-17
| ||
10:35 | Create new branch named "autoproxy-twapi-support" check-in: c732c4cffa user: apnadkarni tags: autoproxy-twapi-support | |
2018-03-13
| ||
20:29 | Repair the example - replacing the square brackets by [lb] and [rb] to prevent evaluation check-in: ec7b5576d0 user: arjenmarkus tags: trunk | |
2018-02-17
| ||
05:29 | Bumped release information in the homepage. check-in: 7dc753b7b0 user: aku tags: trunk | |
Changes to modules/common-text/tls-security-notes.inc.
| 1 2 | - - + - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
|
Added modules/common-text/tls-security-text.inc.
|
Added modules/http/autoproxy-tls-security-notes.inc.
|
Changes to modules/http/autoproxy.man.
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 | - + - + |
|
︙ | |||
34 35 36 37 38 39 40 | 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 | - + | variable may be set up. Either a plain host:port or more commonly a URL and sometimes the URL may contain authentication parameters or these may be requested from the user or provided via http_proxy_user and http_proxy_pass. This package attempts to deal with all these schemes. It will do it's best to get the required parameters from the environment or registry and if it fails can be reconfigured. |
︙ | |||
64 65 66 67 68 69 70 | 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 | - + + - + + + | [call [cmd ::autoproxy::tls_connect] [arg args]] Connect to a secure socket through a proxy. HTTP proxy servers permit the use of the CONNECT HTTP command to open a link through the proxy to the target machine. This function hides the details. For use with the http package see [cmd tls_socket]. [para] |
︙ | |||
123 124 125 126 127 128 129 130 131 132 133 134 135 136 | 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 | + + + + + | [opt_def -basic] Following options are for configuring the Basic authentication scheme parameters. See [sectref "Basic Authentication"]. To unset the proxy authentication information retained from a previous call of this function either "--" or no additional parameters can be supplied. This will remove the existing authentication information. [opt_def -tls_package packagename] This option may be used to configure the Tcl package to use for TLS support. Valid package names are [const tls] (default) and [const twapi]. [list_end] [section "Basic Authentication"] Basic is the simplest and most commonly use HTTP proxy authentication scheme. It is described in (1 section 11) and also in (2). It offers |
︙ |
Changes to modules/http/autoproxy.tcl.
︙ | |||
16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 | 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 | + + | # set tok [http::geturl http://wiki.tcl.tk/] # http::data $tok # # To support https add: # package require tls # http::register https 443 ::autoproxy::tls_socket package require Tcl 8.5 ;# ni/in operators package require http; # tcl package require uri; # tcllib package require base64; # tcllib namespace eval ::autoproxy { variable options if {! [info exists options]} { array set options { proxy_host "" proxy_port 80 no_proxy {} basic {} authProc {} tls_package tls } } variable uid if {![info exists uid]} { set uid 0 } variable winregkey |
︙ | |||
58 59 60 61 62 63 64 65 66 67 68 69 70 71 | 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 | + | -host - -proxy_h* { set options(proxy_host) } -port - -proxy_p* { set options(proxy_port) } -no* { set options(no_proxy) } -basic { set options(basic) } -authProc { set options(authProc) } -tls_package { set options(tls_package) } default { set err [join [lsort [array names options]] ", -"] return -code error "bad option \"$option\":\ must be one of -$err" } } } |
︙ | |||
96 97 98 99 100 101 102 103 104 105 106 107 108 109 | 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 | + + + + + + + | -host - -proxy_h* { set options(proxy_host) [Pop args 1]} -port - -proxy_p* { set options(proxy_port) [Pop args 1]} -no* { set options(no_proxy) [Pop args 1] } -basic { Pop args; configure:basic $args ; break } -authProc { set options(authProc) [Pop args 1] } -tls_package { set tls_package [Pop args 1] if {$tls_package ni {tls twapi}} { error "Invalid TLS package option '$tls_package'. Must be 'tls' or 'twapi'" } set options(tls_package) $tls_package } -- { Pop args; break } default { set opts [join [lsort [array names options]] ", -"] return -code error "bad option \"$option\":\ must be one of -$opts" } } |
︙ | |||
380 381 382 383 384 385 386 387 388 389 390 | 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 | + + + + - + + + + + - - + + + + + + - + + | # provided your proxy will permit CONNECT attempts to ports # other than port 443 (many will not). # This command defers to 'tunnel_connect' to link to the target # host and then upgrades the link to SSL/TLS # proc ::autoproxy::tls_connect {args} { variable options set peersubject [lindex $args end-1] if {[string length $options(proxy_host)] > 0} { set s [eval [linsert $args 0 tunnel_connect]] fconfigure $s -blocking 1 -buffering none -translation binary if {[string equal "-async" [lindex $args end-2]]} { if {$options(tls_package) eq "twapi"} { set s [eval [linsert [lrange $args 0 end-3] 0 ::twapi::starttls $s -peersubject $peersubject]] } else { |
︙ | |||
522 523 524 525 526 527 528 | 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 | + + + + + + + + + + + + + + + + + + + + - - + + + - + | set args [lrange $args 0 end-2] lappend args $uhost $uport set s [eval [linsert $args 0 tls_connect]] # record the tls connection status in the http state array. upvar state state if {$options(tls_package) eq "twapi"} { # With twapi::tls_socket, state may not be available on # an async connect until negotiation is completed. set state(tls_status) "" set security_context [fconfigure $s -context] if {$security_context ne ""} { set cert [twapi::sspi_remote_cert $security_context] set cert_info [twapi::cert_info $cert] twapi::cert_release $cert dict set state(tls_status) issuer [dict get $cert_info -issuer] dict set state(tls_status) subject [dict get $cert_info -subject] dict set state(tls_status) notBefore [dict get $cert_info -start] dict set state(tls_status) notAfter [dict get $cert_info -end] # Note: binary encode hex was not available in older Tcl, use twapi::hex dict set state(tls_status) serial [twapi::hex [dict get $cert_info -serialnumber]] # TBD - dict set state(tls_status) cipher # TBD - dict set state(tls_status) sbits } } else { |
Changes to modules/http/autoproxy.test.
1 2 3 4 | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 | - + + + + + + + + + + + + + | source [file join \ [file dirname [file dirname [file join [pwd] [info script]]]] \ devtools testutilities.tcl] |
︙ | |||
142 143 144 145 146 147 148 149 150 151 152 153 154 155 | 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 | + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + | test autoproxy-1.2.3 "autoproxy::configure -basic reset (2)" -setup { packageReset autoproxy::configure -basic -user test -password secret -realm tcllib } -body { autoproxy::configure -basic autoproxy::cget -basic } -result {} test autoproxy-1.2.4.0 "autoproxy::configure -tls_package tls" -setup { packageReset } -body { autoproxy::configure -tls_package tls autoproxy::cget -tls_package } -result tls test autoproxy-1.2.4.1 "autoproxy::configure -tls_package twapi" -setup { packageReset } -body { autoproxy::configure -tls_package twapi autoproxy::cget -tls_package } -result twapi test autoproxy-1.2.4.2 "autoproxy::configure -tls_package dummy" -setup { packageReset } -body { autoproxy::configure -tls_package dummy } -result "Invalid TLS package option 'dummy'. Must be 'tls' or 'twapi'" -returnCodes error test autoproxy-2.0.0 "autoproxy::tls_socket (tls) with proxy" -constraints { have_tls } -setup { packageReset package require http autoproxy::configure -proxy_host $proxy_host -proxy_port $proxy_port } -body { http::register https 443 autoproxy::tls_socket set tok [http::geturl https://www.example.com] http::status $tok } -cleanup { http::cleanup $tok } -result ok test autoproxy-2.0.1 "autoproxy::tls_socket (twapi) with proxy" -constraints { have_twapi } -setup { packageReset package require http autoproxy::configure -proxy_host $proxy_host -proxy_port $proxy_port -tls_package twapi } -body { http::register https 443 autoproxy::tls_socket set tok [http::geturl https://www.example.com] http::status $tok } -cleanup { http::cleanup $tok } -result ok test autoproxy-2.1.0 "autoproxy::tls_socket (tls) without proxy" -constraints { have_tls } -setup { packageReset package require http autoproxy::configure -proxy_host "" -proxy_port $proxy_port } -body { http::register https 443 autoproxy::tls_socket set tok [http::geturl https://www.example.com] http::status $tok } -cleanup { http::cleanup $tok } -result ok test autoproxy-2.1.1 "autoproxy::tls_socket (twapi) without proxy" -constraints { have_twapi } -setup { packageReset package require http autoproxy::configure -proxy_host "" -proxy_port $proxy_port -tls_package twapi } -body { http::register https 443 autoproxy::tls_socket set tok [http::geturl https://www.example.com] http::status $tok } -cleanup { http::cleanup $tok } -result ok testsuiteCleanup # Local variables: # mode: tcl # indent-tabs-mode: nil # End: |
Changes to modules/http/pkgIndex.tcl.
1 | 1 2 | - + | if {![package vsatisfies [package provide Tcl] 8.2]} {return} |